Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/1zZXziUE1OaAHD9xadf76JqOhOI.roa
File: 1zZXziUE1OaAHD9xadf76JqOhOI.roa (raw, json)
Hash identifier: a6RxCsQcsb1tQvyqFFjKd4532k0DmnlG7BWqFH7qxQ8=
Subject key identifier: D7:36:57:CE:25:04:D4:E6:80:1C:3F:71:69:D7:FB:E8:9A:8E:84:E2
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019E01743B30A0CA2051F7218DADF4F414AF
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/1zZXziUE1OaAHD9xadf76JqOhOI.roa
Signing time: Thu 07 May 2026 08:00:54 +0000
ROA not before: Thu 07 May 2026 08:00:54 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42708
IP address blocks: 192.121.153.0/24 maxlen: 24
192.165.76.0/24 maxlen: 24
193.180.200.0/24 maxlen: 24
193.180.225.0/24 maxlen: 24
193.180.242.0/24 maxlen: 24
194.14.177.0/24 maxlen: 24
194.68.166.0/23 maxlen: 24
2a01:280:108::/48 maxlen: 48
2a01:280:109::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 21:01:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:01:74:3b:30:a0:ca:20:51:f7:21:8d:ad:f4:f4:14:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: May 7 08:00:54 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d73657ce2504d4e6801c3f7169d7fbe89a8e84e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:9e:aa:6d:c2:bc:42:72:13:af:db:8a:d7:f3:
61:90:ac:61:11:e0:34:08:88:36:40:65:1a:89:6d:
b4:f8:ed:3f:93:30:55:0e:bd:d1:51:48:cb:cb:91:
16:cf:4d:38:7e:56:a7:21:a2:9f:da:03:56:cc:bf:
45:33:ac:04:cd:90:f5:ee:e8:2e:08:0e:cb:4a:31:
d8:a2:04:f8:7d:45:3e:e7:e5:13:99:64:b7:7a:1e:
cc:59:26:16:a8:41:f5:cf:e6:86:2d:6e:3b:57:ba:
ec:2d:ae:c9:c8:45:18:2a:27:aa:e1:74:a9:68:39:
20:96:a1:5d:e1:1a:13:b5:1c:46:63:9d:e6:3f:80:
ac:68:16:85:c9:69:9b:14:e9:8b:0c:5c:40:03:08:
4a:ce:52:99:00:64:54:78:75:66:87:81:0d:0e:b7:
8b:1b:98:ea:c4:73:11:8a:82:54:37:c4:7e:c0:a7:
4c:42:1d:10:60:b2:de:6a:97:d3:fd:77:0d:0e:82:
05:a3:c4:a8:ed:7a:4c:6e:a8:c6:9a:29:39:74:18:
8f:d7:eb:af:be:dd:02:6b:5b:66:66:f5:f5:c3:d2:
e5:71:b2:91:f7:a0:2b:62:be:b3:1d:88:5c:00:f5:
68:d1:fe:05:7e:25:c6:89:82:f0:1d:2d:7a:de:a4:
33:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:36:57:CE:25:04:D4:E6:80:1C:3F:71:69:D7:FB:E8:9A:8E:84:E2
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/1zZXziUE1OaAHD9xadf76JqOhOI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.121.153.0/24
192.165.76.0/24
193.180.200.0/24
193.180.225.0/24
193.180.242.0/24
194.14.177.0/24
194.68.166.0/23
IPv6:
2a01:280:108::/47
Signature Algorithm: sha256WithRSAEncryption
71:c6:ff:13:86:83:8c:00:4d:0d:2e:92:ea:73:c6:2a:ec:28:
2c:c9:82:4e:95:28:88:60:05:5c:f6:e7:5b:6e:1f:d9:be:6f:
c1:20:2e:04:e7:b0:34:aa:aa:91:0e:45:54:2c:b6:21:fc:8d:
e7:19:a1:8c:02:99:93:5d:3f:0a:3f:bb:90:80:32:c0:a8:dc:
bd:58:32:ae:c0:d7:e4:7e:4d:d7:3d:28:4d:3d:ae:bc:b0:35:
86:9d:9b:70:40:b5:ad:44:36:7a:da:1c:92:b1:13:a6:61:9a:
05:cf:17:e2:5d:54:0c:0a:9a:f8:9d:47:21:d1:fe:f2:92:ab:
80:f0:db:2b:5a:93:b9:c2:27:b6:e1:4d:87:5b:93:43:28:75:
9e:a1:c9:b1:8f:78:08:b5:6f:8b:6c:26:75:48:7b:31:54:1d:
98:1e:b9:2b:d0:8a:4f:38:b3:ae:27:41:2e:6d:dc:20:ac:96:
b1:92:f5:31:a0:1f:57:5d:39:f5:d9:fe:95:5e:4f:d1:7c:87:
5e:92:8e:5c:47:3b:6b:22:7a:41:36:de:6f:26:a5:9a:4c:e0:
1f:04:d9:79:6e:81:6f:70:33:7c:34:29:1d:89:da:25:e0:f9:
d2:2e:69:4c:81:9b:10:58:d0:e5:b6:71:f3:1c:3f:86:3b:08:
78:4e:2e:66
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZ4BdDswoMogUfchja309BSvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwNTA3MDgwMDU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzM2NTdjZTI1MDRkNGU2ODAxYzNmNzE2OWQ3ZmJlODlhOGU4NGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZ6qbcK8QnITr9uK1/NhkKxhEeA0
CIg2QGUaiW20+O0/kzBVDr3RUUjLy5EWz004flanIaKf2gNWzL9FM6wEzZD17ugu
CA7LSjHYogT4fUU+5+UTmWS3eh7MWSYWqEH1z+aGLW47V7rsLa7JyEUYKieq4XSp
aDkglqFd4RoTtRxGY53mP4CsaBaFyWmbFOmLDFxAAwhKzlKZAGRUeHVmh4ENDreL
G5jqxHMRioJUN8R+wKdMQh0QYLLeapfT/XcNDoIFo8So7XpMbqjGmik5dBiP1+uv
vt0Ca1tmZvX1w9LlcbKR96ArYr6zHYhcAPVo0f4FfiXGiYLwHS163qQzOQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFNc2V84lBNTmgBw/cWnX++iajoTiMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvMXpaWHppVUUxT2FBSEQ5eGFkZjc2SnFPaE9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAwBAIAATAqAwQAwHmZAwQA
wKVMAwQAwbTIAwQAwbThAwQAwbTyAwQAwg6xAwQBwkSmMA8EAgACMAkDBwEqAQKA
AQgwDQYJKoZIhvcNAQELBQADggEBAHHG/xOGg4wATQ0ukupzxirsKCzJgk6VKIhg
BVz251tuH9m+b8EgLgTnsDSqqpEORVQstiH8jecZoYwCmZNdPwo/u5CAMsCo3L1Y
Mq7A1+R+Tdc9KE09rrywNYadm3BAta1ENnraHJKxE6ZhmgXPF+JdVAwKmvidRyHR
/vKSq4Dw2ytak7nCJ7bhTYdbk0ModZ6hybGPeAi1b4tsJnVIezFUHZgeuSvQik84
s64nQS5t3CCslrGS9TGgH1ddOfXZ/pVeT9F8h16SjlxHO2siekE23m8mpZpM4B8E
2XlugW9wM3w0KR2J2iXg+dIuaUyBmxBY0OW2cfMcP4Y7CHhOLmY=
-----END CERTIFICATE-----
Generated at Wed May 13 07:46:18 2026 by rpki-client