Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/69984a-29bf-4d76-9561-62ba3a6884c8/1/ZFPsdpNLJ5l0WxKp0MW2ehft5Vc.roa
File: ZFPsdpNLJ5l0WxKp0MW2ehft5Vc.roa (raw, json)
Hash identifier: 9gNaT5xTEshkzEjpFa3J0fv6CbE+hBJqY5VddI2BOX0=
Subject key identifier: 64:53:EC:76:93:4B:27:99:74:5B:12:A9:D0:C5:B6:7A:17:ED:E5:57
Certificate issuer: /CN=e21df6a8aaa7041d725285d0dd0e180a649bc213
Certificate serial: 019D0A94FDEAB262C599FD3D9F8EFD6B241E
Authority key identifier: E2:1D:F6:A8:AA:A7:04:1D:72:52:85:D0:DD:0E:18:0A:64:9B:C2:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4h32qKqnBB1yUoXQ3Q4YCmSbwhM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/69984a-29bf-4d76-9561-62ba3a6884c8/1/ZFPsdpNLJ5l0WxKp0MW2ehft5Vc.roa
Signing time: Fri 20 Mar 2026 09:30:29 +0000
ROA not before: Fri 20 Mar 2026 09:30:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 39087
IP address blocks: 5.8.36.0/22 maxlen: 32
79.174.191.0/24 maxlen: 32
91.223.28.0/24 maxlen: 32
91.223.70.0/24 maxlen: 32
91.223.75.0/24 maxlen: 32
91.223.89.0/24 maxlen: 32
153.80.228.0/22 maxlen: 32
185.44.167.0/24 maxlen: 32
185.97.200.0/22 maxlen: 32
194.37.1.0/24 maxlen: 32
194.37.254.0/24 maxlen: 32
194.39.99.0/24 maxlen: 32
194.39.101.0/24 maxlen: 32
217.78.230.0/24 maxlen: 32
2a00:1b78::/29 maxlen: 64
2a0f:a3c0::/29 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/69984a-29bf-4d76-9561-62ba3a6884c8/1/4h32qKqnBB1yUoXQ3Q4YCmSbwhM.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/69984a-29bf-4d76-9561-62ba3a6884c8/1/4h32qKqnBB1yUoXQ3Q4YCmSbwhM.mft
rsync://rpki.ripe.net/repository/DEFAULT/4h32qKqnBB1yUoXQ3Q4YCmSbwhM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0a:94:fd:ea:b2:62:c5:99:fd:3d:9f:8e:fd:6b:24:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e21df6a8aaa7041d725285d0dd0e180a649bc213
Validity
Not Before: Mar 20 09:30:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6453ec76934b2799745b12a9d0c5b67a17ede557
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:a6:c2:f0:9f:cf:be:f8:b1:09:b7:ad:ae:f7:
11:f6:3a:e9:e3:9c:9e:87:9a:34:81:65:a7:de:d3:
5e:d9:d9:0e:c2:0a:a4:20:17:92:fa:a2:b1:f2:c3:
23:37:04:bc:bc:6e:8b:23:4d:fc:ac:56:3e:2a:ea:
60:fc:ec:41:3a:58:f4:9d:ba:e2:5e:98:27:23:bc:
cd:7d:a6:16:c9:22:1d:b7:36:5a:f0:e6:1f:f3:ae:
3a:5a:01:18:54:ba:25:31:f1:3f:9e:92:84:16:90:
d5:a0:8f:0d:20:ea:d4:35:ca:01:d1:9b:6d:aa:e8:
fd:55:a6:47:dc:a3:3a:3d:af:3b:0f:02:0b:23:73:
d5:f0:f3:f5:bb:33:3b:5f:4f:45:8f:96:c9:f7:51:
eb:4d:a7:fc:66:05:fd:32:a6:08:59:5c:54:7c:1b:
65:c9:da:91:e2:c5:f4:ee:3f:14:20:5a:0c:db:46:
ec:91:9b:36:da:e8:67:22:0b:9f:3b:c0:2d:ee:71:
73:7a:3b:e3:29:57:68:c1:37:44:49:67:21:64:75:
90:73:75:0c:9c:ce:ee:d5:f4:0f:17:b4:69:91:10:
9d:9b:5f:05:fa:00:14:1a:97:b8:7e:e8:0f:32:4d:
6b:59:47:da:1b:09:a9:13:a5:a6:ef:48:9c:94:7c:
83:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:53:EC:76:93:4B:27:99:74:5B:12:A9:D0:C5:B6:7A:17:ED:E5:57
X509v3 Authority Key Identifier:
keyid:E2:1D:F6:A8:AA:A7:04:1D:72:52:85:D0:DD:0E:18:0A:64:9B:C2:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4h32qKqnBB1yUoXQ3Q4YCmSbwhM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/69984a-29bf-4d76-9561-62ba3a6884c8/1/ZFPsdpNLJ5l0WxKp0MW2ehft5Vc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/69984a-29bf-4d76-9561-62ba3a6884c8/1/4h32qKqnBB1yUoXQ3Q4YCmSbwhM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.8.36.0/22
79.174.191.0/24
91.223.28.0/24
91.223.70.0/24
91.223.75.0/24
91.223.89.0/24
153.80.228.0/22
185.44.167.0/24
185.97.200.0/22
194.37.1.0/24
194.37.254.0/24
194.39.99.0/24
194.39.101.0/24
217.78.230.0/24
IPv6:
2a00:1b78::/29
2a0f:a3c0::/29
Signature Algorithm: sha256WithRSAEncryption
74:ca:cb:b2:38:5b:af:d0:fb:bd:7b:a3:91:8f:5b:d3:ed:48:
39:6a:20:c1:c8:24:b0:08:27:2e:c8:1d:b8:7a:65:be:1c:cb:
29:e3:47:45:0f:b9:ab:ce:17:ac:ba:48:71:4f:8b:11:e3:42:
60:e1:10:15:8d:d3:38:d4:4d:0b:35:29:b4:ed:fb:dd:26:af:
19:0e:ec:50:a4:1e:8e:75:00:04:36:24:a4:e4:1e:73:ec:69:
8f:6e:45:21:41:07:f8:6d:a1:31:9d:a4:0e:6d:ae:d0:f1:ab:
df:38:8f:5f:c6:9f:ca:69:c5:a4:f7:57:b6:b3:07:38:dd:d0:
7e:fb:4a:dd:29:8b:1f:eb:1b:76:1c:30:67:9f:d5:88:c4:da:
6a:b5:11:ed:3b:3a:5c:d7:56:e9:04:aa:5d:13:e1:2a:7e:77:
23:44:59:03:88:93:eb:71:18:38:36:8a:a0:ec:2e:a0:f3:96:
2c:41:e4:ea:17:bf:b2:88:c2:8e:e8:1c:e8:97:87:72:ff:ec:
96:dd:12:0e:2e:de:9d:ad:3b:bc:42:6b:79:29:2c:7d:7b:2a:
7a:37:07:37:3c:6c:2e:8e:32:a1:27:12:61:04:51:07:69:26:
02:16:77:9a:23:a6:0c:0f:85:78:7c:13:71:d5:f8:15:4d:90:
e0:00:08:72
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAZ0KlP3qsmLFmf09n479ayQeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMWRmNmE4YWFhNzA0MWQ3MjUyODVkMGRkMGUxODBhNjQ5
YmMyMTMwHhcNMjYwMzIwMDkzMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDUzZWM3NjkzNGIyNzk5NzQ1YjEyYTlkMGM1YjY3YTE3ZWRlNTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6bC8J/PvvixCbetrvcR9jrp45ye
h5o0gWWn3tNe2dkOwgqkIBeS+qKx8sMjNwS8vG6LI038rFY+Kupg/OxBOlj0nbri
XpgnI7zNfaYWySIdtzZa8OYf8646WgEYVLolMfE/npKEFpDVoI8NIOrUNcoB0Ztt
quj9VaZH3KM6Pa87DwILI3PV8PP1uzM7X09Fj5bJ91HrTaf8ZgX9MqYIWVxUfBtl
ydqR4sX07j8UIFoM20bskZs22uhnIgufO8At7nFzejvjKVdowTdESWchZHWQc3UM
nM7u1fQPF7RpkRCdm18F+gAUGpe4fugPMk1rWUfaGwmpE6Wm70iclHyDlwIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFGRT7HaTSyeZdFsSqdDFtnoX7eVXMB8GA1UdIwQY
MBaAFOId9qiqpwQdclKF0N0OGApkm8ITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGgzMnFLcW5CQjF5VW9YUTNRNFlDbVNid2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82OTk4NGEtMjliZi00ZDc2LTk1NjEt
NjJiYTNhNjg4NGM4LzEvWkZQc2RwTkxKNWwwV3hLcDBNVzJlaGZ0NVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82OTk4NGEtMjliZi00ZDc2LTk1NjEtNjJiYTNhNjg4NGM4
LzEvNGgzMnFLcW5CQjF5VW9YUTNRNFlDbVNid2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwWgQCAAEwVAMEAgUIJAME
AE+uvwMEAFvfHAMEAFvfRgMEAFvfSwMEAFvfWQMEAplQ5AMEALkspwMEArlhyAME
AMIlAQMEAMIl/gMEAMInYwMEAMInZQMEANlO5jAUBAIAAjAOAwUDKgAbeAMFAyoP
o8AwDQYJKoZIhvcNAQELBQADggEBAHTKy7I4W6/Q+717o5GPW9PtSDlqIMHIJLAI
Jy7IHbh6Zb4cyynjR0UPuavOF6y6SHFPixHjQmDhEBWN0zjUTQs1KbTt+90mrxkO
7FCkHo51AAQ2JKTkHnPsaY9uRSFBB/htoTGdpA5trtDxq984j1/Gn8ppxaT3V7az
Bzjd0H77St0pix/rG3YcMGef1YjE2mq1Ee07OlzXVukEql0T4Sp+dyNEWQOIk+tx
GDg2iqDsLqDzlixB5OoXv7KIwo7oHOiXh3L/7JbdEg4u3p2tO7xCa3kpLH17Kno3
Bzc8bC6OMqEnEmEEUQdpJgIWd5ojpgwPhXh8E3HV+BVNkOAACHI=
-----END CERTIFICATE-----
Generated at Thu Mar 26 08:44:59 2026 by rpki-client