Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6b8bce-584c-492c-bd7e-d0f31bc93079/1/3zlYESujx6iqyh6hQsCczNEcHfA.roa
File: 3zlYESujx6iqyh6hQsCczNEcHfA.roa (raw, json)
Hash identifier: giiowx0wopsav1ocUyq7di4cnnYmyvwdPI251v0t4Nk=
Subject key identifier: DF:39:58:11:2B:A3:C7:A8:AA:CA:1E:A1:42:C0:9C:CC:D1:1C:1D:F0
Certificate issuer: /CN=ddf1df598f4a8f3a2d074ccb6f6d16b54d1d111c
Certificate serial: 019D1C34D97FC640E68B0DFAC58A679684C6
Authority key identifier: DD:F1:DF:59:8F:4A:8F:3A:2D:07:4C:CB:6F:6D:16:B5:4D:1D:11:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3fHfWY9KjzotB0zLb20WtU0dERw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/6b8bce-584c-492c-bd7e-d0f31bc93079/1/3zlYESujx6iqyh6hQsCczNEcHfA.roa
Signing time: Mon 23 Mar 2026 19:38:38 +0000
ROA not before: Mon 23 Mar 2026 19:38:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 5435
IP address blocks: 91.216.87.0/24 maxlen: 24
185.178.224.0/22 maxlen: 24
192.160.15.0/24 maxlen: 24
212.93.224.0/19 maxlen: 24
2a02:23d0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/6b8bce-584c-492c-bd7e-d0f31bc93079/1/3fHfWY9KjzotB0zLb20WtU0dERw.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/6b8bce-584c-492c-bd7e-d0f31bc93079/1/3fHfWY9KjzotB0zLb20WtU0dERw.mft
rsync://rpki.ripe.net/repository/DEFAULT/3fHfWY9KjzotB0zLb20WtU0dERw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:1c:34:d9:7f:c6:40:e6:8b:0d:fa:c5:8a:67:96:84:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ddf1df598f4a8f3a2d074ccb6f6d16b54d1d111c
Validity
Not Before: Mar 23 19:38:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=df3958112ba3c7a8aaca1ea142c09cccd11c1df0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:51:f3:1c:5e:0d:f8:f4:77:eb:65:fe:23:d8:
7a:41:9f:a2:d6:0f:ed:f4:9b:12:f9:9c:c6:87:04:
fa:e3:d7:52:cc:e8:02:f5:53:73:38:ca:45:26:89:
ca:b7:7c:fb:d2:a5:80:03:66:ca:7c:d2:99:5a:ba:
2a:17:7f:1a:9e:36:05:b6:6f:74:a6:1e:ff:e8:a4:
84:e3:8b:15:c3:60:ea:6f:b7:5c:39:c2:5d:c5:b0:
93:56:5d:ef:dc:f2:98:1c:53:1e:10:2c:fa:ce:d5:
99:ba:25:9a:59:69:ed:c8:4e:60:44:e5:d0:c5:3b:
25:b7:fb:bc:bc:ee:3a:40:7b:f4:34:21:82:9d:b3:
75:28:ad:d0:ce:62:14:e7:db:34:8d:6f:89:99:ef:
80:7d:f4:b4:07:52:72:f0:19:5f:08:27:74:9c:a0:
d4:3f:db:86:0d:b0:67:0c:fc:bf:46:76:b9:3b:1d:
27:6d:4c:1c:d6:cd:1a:b8:52:3c:b4:80:cd:88:c7:
92:1f:2c:06:16:86:9a:60:03:9c:1b:4c:20:36:38:
18:5e:ff:ea:be:a7:73:a0:93:52:6c:1d:3f:54:15:
6c:6d:3a:f0:3a:2d:af:d4:3e:b8:1d:a5:b9:43:2c:
72:1b:5a:09:6c:74:68:81:f0:df:e5:0a:55:82:24:
45:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:39:58:11:2B:A3:C7:A8:AA:CA:1E:A1:42:C0:9C:CC:D1:1C:1D:F0
X509v3 Authority Key Identifier:
keyid:DD:F1:DF:59:8F:4A:8F:3A:2D:07:4C:CB:6F:6D:16:B5:4D:1D:11:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fHfWY9KjzotB0zLb20WtU0dERw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6b8bce-584c-492c-bd7e-d0f31bc93079/1/3zlYESujx6iqyh6hQsCczNEcHfA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6b8bce-584c-492c-bd7e-d0f31bc93079/1/3fHfWY9KjzotB0zLb20WtU0dERw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.216.87.0/24
185.178.224.0/22
192.160.15.0/24
212.93.224.0/19
IPv6:
2a02:23d0::/32
Signature Algorithm: sha256WithRSAEncryption
38:9a:ec:6a:3e:c0:31:11:fb:a3:c0:bb:0a:f4:34:20:75:4a:
3e:64:9c:f1:c6:e4:55:6b:87:cb:c5:4f:cc:7f:ef:b8:e7:92:
a0:57:0a:ef:68:26:53:dd:36:2b:44:12:db:ec:f6:64:42:e1:
32:8e:41:d9:46:63:a2:5f:3a:31:8b:16:97:c4:0f:8e:04:5b:
bd:ed:ab:7d:eb:29:3d:70:69:19:0d:49:21:58:5d:ff:14:82:
9c:9f:ba:58:71:33:29:2e:d1:4e:8c:b1:6f:9c:70:d0:86:df:
75:ef:c6:d7:66:9a:31:d5:e9:45:7a:d2:5c:1b:d9:83:d0:64:
13:c5:8c:ac:38:be:a0:f3:40:15:8b:b3:e6:c9:6d:44:e5:ca:
c9:a2:95:34:2a:89:de:05:21:6c:4b:94:93:c5:b9:70:66:c0:
43:5e:fc:e4:5c:a1:63:63:54:01:23:27:2a:61:2f:1b:32:12:
76:85:7d:33:ce:8d:6e:9b:33:93:23:95:3d:64:22:f6:b1:a3:
82:31:0a:c3:41:46:bd:88:97:f8:6f:72:c0:e6:9b:a9:77:ce:
45:0f:08:5a:5c:44:c4:b7:a6:89:06:f4:e8:98:9b:c5:f8:3c:
48:7d:24:aa:8c:f3:9f:e4:bc:cc:3f:96:11:3f:c2:24:25:2a:
d2:d4:5f:53
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZ0cNNl/xkDmiw36xYpnloTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjFkZjU5OGY0YThmM2EyZDA3NGNjYjZmNmQxNmI1NGQx
ZDExMWMwHhcNMjYwMzIzMTkzODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjM5NTgxMTJiYTNjN2E4YWFjYTFlYTE0MmMwOWNjY2QxMWMxZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61HzHF4N+PR362X+I9h6QZ+i1g/t
9JsS+ZzGhwT649dSzOgC9VNzOMpFJonKt3z70qWAA2bKfNKZWroqF38anjYFtm90
ph7/6KSE44sVw2Dqb7dcOcJdxbCTVl3v3PKYHFMeECz6ztWZuiWaWWntyE5gROXQ
xTslt/u8vO46QHv0NCGCnbN1KK3QzmIU59s0jW+Jme+AffS0B1Jy8BlfCCd0nKDU
P9uGDbBnDPy/Rna5Ox0nbUwc1s0auFI8tIDNiMeSHywGFoaaYAOcG0wgNjgYXv/q
vqdzoJNSbB0/VBVsbTrwOi2v1D64HaW5QyxyG1oJbHRogfDf5QpVgiRFQQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFN85WBEro8eoqsoeoULAnMzRHB3wMB8GA1UdIwQY
MBaAFN3x31mPSo86LQdMy29tFrVNHREcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZIZldZOUtqem90QjB6TGIyMFd0VTBkRVJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82YjhiY2UtNTg0Yy00OTJjLWJkN2Ut
ZDBmMzFiYzkzMDc5LzEvM3psWUVTdWp4NmlxeWg2aFFzQ2N6TkVjSGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82YjhiY2UtNTg0Yy00OTJjLWJkN2UtZDBmMzFiYzkzMDc5
LzEvM2ZIZldZOUtqem90QjB6TGIyMFd0VTBkRVJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAW9hXAwQC
ubLgAwQAwKAPAwQF1F3gMA0EAgACMAcDBQAqAiPQMA0GCSqGSIb3DQEBCwUAA4IB
AQA4muxqPsAxEfujwLsK9DQgdUo+ZJzxxuRVa4fLxU/Mf++455KgVwrvaCZT3TYr
RBLb7PZkQuEyjkHZRmOiXzoxixaXxA+OBFu97at96yk9cGkZDUkhWF3/FIKcn7pY
cTMpLtFOjLFvnHDQht9178bXZpox1elFetJcG9mD0GQTxYysOL6g80AVi7PmyW1E
5crJopU0KoneBSFsS5STxblwZsBDXvzkXKFjY1QBIycqYS8bMhJ2hX0zzo1umzOT
I5U9ZCL2saOCMQrDQUa9iJf4b3LA5pupd85FDwhaXETEt6aJBvTomJvF+DxIfSSq
jPOf5LzMP5YRP8IkJSrS1F9T
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:01:05 2026 by rpki-client