Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/PK-bzrtIQoBqm48y8NO258iLnos.roa
File: PK-bzrtIQoBqm48y8NO258iLnos.roa (raw, json)
Hash identifier: aA8j5N6Zlr7QdjHAkUvyPHOUE/w+nJNmGzUvN0yq064=
Subject key identifier: 3C:AF:9B:CE:BB:48:42:80:6A:9B:8F:32:F0:D3:B6:E7:C8:8B:9E:8B
Certificate issuer: /CN=297ae7592ca52491dc166a30fe1477d712bd465d
Certificate serial: 019D2AF340E78B97CAF4423E04768409E32A
Authority key identifier: 29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/PK-bzrtIQoBqm48y8NO258iLnos.roa
Signing time: Thu 26 Mar 2026 16:21:17 +0000
ROA not before: Thu 26 Mar 2026 16:21:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 49531
IP address blocks: 91.214.204.0/22 maxlen: 22
93.92.32.0/21 maxlen: 21
93.92.32.0/24 maxlen: 24
93.92.33.0/24 maxlen: 24
93.92.34.0/23 maxlen: 23
93.92.36.0/23 maxlen: 23
93.92.38.0/23 maxlen: 23
93.186.48.0/20 maxlen: 20
93.186.48.0/23 maxlen: 23
93.186.50.0/23 maxlen: 23
93.186.52.0/23 maxlen: 23
93.186.54.0/23 maxlen: 23
93.186.56.0/23 maxlen: 23
93.186.58.0/23 maxlen: 23
93.186.60.0/23 maxlen: 23
93.186.62.0/23 maxlen: 23
94.159.0.0/17 maxlen: 17
94.159.0.0/18 maxlen: 18
94.159.0.0/23 maxlen: 23
94.159.2.0/23 maxlen: 23
94.159.4.0/23 maxlen: 23
94.159.6.0/23 maxlen: 23
94.159.8.0/23 maxlen: 23
94.159.10.0/23 maxlen: 23
94.159.12.0/23 maxlen: 23
94.159.14.0/23 maxlen: 23
94.159.16.0/23 maxlen: 23
94.159.18.0/23 maxlen: 23
94.159.20.0/23 maxlen: 23
94.159.22.0/23 maxlen: 23
94.159.24.0/23 maxlen: 23
94.159.26.0/23 maxlen: 23
94.159.28.0/23 maxlen: 23
94.159.30.0/23 maxlen: 23
94.159.32.0/23 maxlen: 23
94.159.34.0/23 maxlen: 23
94.159.36.0/23 maxlen: 23
94.159.38.0/23 maxlen: 23
94.159.40.0/23 maxlen: 23
94.159.42.0/23 maxlen: 23
94.159.44.0/23 maxlen: 23
94.159.46.0/23 maxlen: 23
94.159.48.0/23 maxlen: 23
94.159.50.0/23 maxlen: 23
94.159.52.0/23 maxlen: 23
94.159.54.0/23 maxlen: 23
94.159.56.0/23 maxlen: 23
94.159.58.0/23 maxlen: 23
94.159.60.0/23 maxlen: 23
94.159.62.0/23 maxlen: 23
94.159.64.0/19 maxlen: 19
94.159.64.0/23 maxlen: 23
94.159.66.0/23 maxlen: 23
94.159.68.0/23 maxlen: 23
94.159.70.0/23 maxlen: 23
94.159.70.0/24 maxlen: 24
94.159.72.0/23 maxlen: 23
94.159.74.0/23 maxlen: 23
94.159.76.0/23 maxlen: 23
94.159.78.0/23 maxlen: 23
94.159.80.0/23 maxlen: 23
94.159.82.0/23 maxlen: 23
94.159.84.0/23 maxlen: 23
94.159.85.0/24 maxlen: 24
94.159.88.0/21 maxlen: 21
94.159.88.0/22 maxlen: 22
94.159.92.0/24 maxlen: 24
94.159.107.0/24 maxlen: 24
94.159.108.0/22 maxlen: 22
94.159.112.0/21 maxlen: 21
94.159.118.0/24 maxlen: 24
94.159.119.0/24 maxlen: 24
94.159.120.0/22 maxlen: 22
94.159.124.0/22 maxlen: 22
185.42.108.0/22 maxlen: 22
2a04:8f00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.crl
rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.mft
rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 28 Mar 2026 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2a:f3:40:e7:8b:97:ca:f4:42:3e:04:76:84:09:e3:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=297ae7592ca52491dc166a30fe1477d712bd465d
Validity
Not Before: Mar 26 16:21:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3caf9bcebb4842806a9b8f32f0d3b6e7c88b9e8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:41:6d:e0:d8:1e:04:74:cc:63:d8:58:77:1c:
2f:b8:8f:ee:b0:b8:bd:44:f2:b5:ae:90:2f:e9:1a:
86:bc:9e:5c:83:53:fb:49:c0:1c:9a:3f:fc:34:ec:
5d:88:b1:bd:0a:60:df:ea:18:79:58:b3:0e:55:e4:
bb:46:23:35:6f:d2:e8:49:b6:55:bd:95:0a:1f:25:
02:c2:fa:b1:3a:4d:c3:49:b0:65:2f:48:bb:31:e0:
b6:6a:2c:20:11:04:63:34:b7:e9:51:4a:6a:a2:bb:
e0:34:e9:51:f3:2e:a6:1c:ef:f2:2f:77:eb:c4:b1:
2e:69:2f:dc:19:33:c6:a3:0a:aa:8d:26:5b:d4:33:
54:fe:ae:6f:98:11:5f:10:69:e5:23:cd:4f:b6:01:
fa:80:d7:4b:11:a1:40:85:a8:b0:64:c9:6c:80:c0:
f8:9e:a9:cd:52:07:f3:ad:b3:7d:da:f2:c9:5e:ce:
99:3b:3c:79:5e:45:b6:d4:6b:1c:05:50:f8:e1:8b:
94:ed:ff:91:3e:23:a8:73:fb:39:d2:7f:f1:50:7b:
7e:cf:3d:5d:4a:b8:0d:1f:08:82:c0:f0:07:53:85:
59:cb:b0:4f:86:3f:fd:e6:dd:61:e6:b9:01:65:0c:
70:71:c9:65:03:0f:05:c1:28:91:ef:72:7f:81:c4:
8a:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:AF:9B:CE:BB:48:42:80:6A:9B:8F:32:F0:D3:B6:E7:C8:8B:9E:8B
X509v3 Authority Key Identifier:
keyid:29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/PK-bzrtIQoBqm48y8NO258iLnos.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.214.204.0/22
93.92.32.0/21
93.186.48.0/20
94.159.0.0/17
185.42.108.0/22
IPv6:
2a04:8f00::/29
Signature Algorithm: sha256WithRSAEncryption
50:a3:c8:28:2a:54:c2:88:6f:4a:90:65:b0:83:98:b0:e5:5a:
76:68:7f:96:63:cf:0f:f8:eb:9b:4d:87:23:79:6d:a9:4e:1f:
9d:f2:2a:85:5f:e1:38:8b:7f:c0:81:2c:b2:e1:d4:ab:92:96:
6d:81:b9:21:07:37:b7:d9:4d:76:8d:1b:0e:91:38:5e:ab:72:
0e:6b:cd:6c:e3:e4:fd:4f:84:eb:10:aa:1d:54:7a:89:22:b3:
6c:54:75:45:21:c8:84:c0:2c:ea:e7:fa:e4:39:42:ea:4c:ff:
00:6c:3e:c2:ef:e0:6c:e9:78:7d:6e:11:ac:72:a9:6f:98:01:
c3:b9:a3:72:eb:4b:e7:70:b8:df:4d:dc:82:6e:d5:c6:6b:5e:
91:13:6c:9e:64:ca:02:14:0d:ce:64:8f:13:0d:1f:9d:80:e7:
6e:27:a1:3b:59:95:99:da:0f:0e:9e:2b:05:1c:94:08:9b:ee:
31:74:50:f1:7d:d3:1a:ed:32:e3:6c:b8:bc:ad:47:16:92:e7:
77:ba:d6:de:b8:f8:4c:a7:a9:85:a9:87:86:c4:f5:d1:d3:bc:
81:f1:40:b2:63:4e:a1:a9:87:fd:53:28:c1:e9:07:23:bf:57:
d9:1c:4d:82:f6:98:d4:2d:cf:93:c8:75:46:c1:e0:01:7d:8b:
a3:0c:e6:2c
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZ0q80Dni5fK9EI+BHaECeMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2FlNzU5MmNhNTI0OTFkYzE2NmEzMGZlMTQ3N2Q3MTJi
ZDQ2NWQwHhcNMjYwMzI2MTYyMTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2FmOWJjZWJiNDg0MjgwNmE5YjhmMzJmMGQzYjZlN2M4OGI5ZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA70Ft4NgeBHTMY9hYdxwvuI/usLi9
RPK1rpAv6RqGvJ5cg1P7ScAcmj/8NOxdiLG9CmDf6hh5WLMOVeS7RiM1b9LoSbZV
vZUKHyUCwvqxOk3DSbBlL0i7MeC2aiwgEQRjNLfpUUpqorvgNOlR8y6mHO/yL3fr
xLEuaS/cGTPGowqqjSZb1DNU/q5vmBFfEGnlI81PtgH6gNdLEaFAhaiwZMlsgMD4
nqnNUgfzrbN92vLJXs6ZOzx5XkW21GscBVD44YuU7f+RPiOoc/s50n/xUHt+zz1d
SrgNHwiCwPAHU4VZy7BPhj/95t1h5rkBZQxwccllAw8FwSiR73J/gcSKqQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFDyvm867SEKAapuPMvDTtufIi56LMB8GA1UdIwQY
MBaAFCl651kspSSR3BZqMP4Ud9cSvUZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgt
MzkxMGE1OWExMTIxLzEvUEstYnpydElRb0JxbTQ4eThOTzI1OGlMbm9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgtMzkxMGE1OWExMTIx
LzEvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCW9bMAwQD
XVwgAwQEXbowAwQHXp8AAwQCuSpsMA0EAgACMAcDBQMqBI8AMA0GCSqGSIb3DQEB
CwUAA4IBAQBQo8goKlTCiG9KkGWwg5iw5Vp2aH+WY88P+OubTYcjeW2pTh+d8iqF
X+E4i3/AgSyy4dSrkpZtgbkhBze32U12jRsOkTheq3IOa81s4+T9T4TrEKodVHqJ
IrNsVHVFIciEwCzq5/rkOULqTP8AbD7C7+Bs6Xh9bhGscqlvmAHDuaNy60vncLjf
TdyCbtXGa16RE2yeZMoCFA3OZI8TDR+dgOduJ6E7WZWZ2g8OnisFHJQIm+4xdFDx
fdMa7TLjbLi8rUcWkud3utbeuPhMp6mFqYeGxPXR07yB8UCyY06hqYf9UyjB6Qcj
v1fZHE2C9pjULc+TyHVGweABfYujDOYs
-----END CERTIFICATE-----
Generated at Fri Mar 27 06:39:24 2026 by rpki-client