Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c399a4-53b6-4271-9b90-32bf1641fb3b/1/Sz0NLTrsK1zvfocWZIMOcuuroT4.roa
File: Sz0NLTrsK1zvfocWZIMOcuuroT4.roa (raw, json)
Hash identifier: MpuB2aIbgKIxgNnY5nxxHbqI1kRjgw1UedzDmdWgU1o=
Subject key identifier: 4B:3D:0D:2D:3A:EC:2B:5C:EF:7E:87:16:64:83:0E:72:EB:AB:A1:3E
Certificate issuer: /CN=bbbb2a4302094f4c3f5bada547ef4f7ede18e903
Certificate serial: 019B79EC64289D2AE9F5AFE0520E18D64116
Authority key identifier: BB:BB:2A:43:02:09:4F:4C:3F:5B:AD:A5:47:EF:4F:7E:DE:18:E9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/u7sqQwIJT0w_W62lR-9Pft4Y6QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/c399a4-53b6-4271-9b90-32bf1641fb3b/1/Sz0NLTrsK1zvfocWZIMOcuuroT4.roa
Signing time: Thu 01 Jan 2026 14:18:13 +0000
ROA not before: Thu 01 Jan 2026 14:18:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207811
IP address blocks: 194.31.93.0/24 maxlen: 24
194.31.193.0/24 maxlen: 24
194.31.199.0/24 maxlen: 24
194.31.220.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/c399a4-53b6-4271-9b90-32bf1641fb3b/1/u7sqQwIJT0w_W62lR-9Pft4Y6QM.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/c399a4-53b6-4271-9b90-32bf1641fb3b/1/u7sqQwIJT0w_W62lR-9Pft4Y6QM.mft
rsync://rpki.ripe.net/repository/DEFAULT/u7sqQwIJT0w_W62lR-9Pft4Y6QM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:79:ec:64:28:9d:2a:e9:f5:af:e0:52:0e:18:d6:41:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bbbb2a4302094f4c3f5bada547ef4f7ede18e903
Validity
Not Before: Jan 1 14:18:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4b3d0d2d3aec2b5cef7e871664830e72ebaba13e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:e1:ef:0a:e9:f4:64:dc:b0:f5:55:30:8f:63:
96:5d:24:02:09:a3:e2:43:61:9d:5e:cd:e4:c7:1b:
ab:33:10:82:60:2c:67:3f:ba:80:d5:60:1b:31:87:
68:b1:f8:36:5c:18:53:6d:e6:cf:6e:7d:5e:27:26:
77:44:93:7f:35:18:f7:d3:96:2d:1a:a1:4a:c8:d5:
9a:93:bc:09:53:5d:2f:a4:ce:11:59:c9:12:57:f3:
af:11:27:b8:76:b7:13:41:c1:97:22:66:45:1f:34:
c2:dc:2b:11:2d:9e:b6:5c:5b:6f:7c:63:b4:bc:96:
3c:9d:df:f8:01:b2:68:6c:7a:10:a6:91:63:12:8a:
3f:aa:7c:89:35:9a:75:cb:47:a9:78:4b:42:78:a9:
ec:d5:f6:62:9e:06:05:d6:78:a6:c5:7c:f1:3e:17:
af:94:b1:dd:de:e8:a6:27:b9:10:25:ab:2c:23:60:
40:cb:3a:20:43:0e:a1:d9:75:65:fd:54:a1:32:f6:
c1:77:09:0e:a0:ae:98:fb:ae:7a:6c:90:e8:e4:ac:
63:b4:cd:a6:f6:a7:1a:2b:06:de:7c:fb:e3:32:3a:
02:bb:9a:60:f2:8c:83:38:2d:9c:46:dc:18:0f:fb:
18:f7:b7:4b:48:9d:aa:ea:2e:95:0c:8e:d9:d4:d6:
53:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:3D:0D:2D:3A:EC:2B:5C:EF:7E:87:16:64:83:0E:72:EB:AB:A1:3E
X509v3 Authority Key Identifier:
keyid:BB:BB:2A:43:02:09:4F:4C:3F:5B:AD:A5:47:EF:4F:7E:DE:18:E9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u7sqQwIJT0w_W62lR-9Pft4Y6QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c399a4-53b6-4271-9b90-32bf1641fb3b/1/Sz0NLTrsK1zvfocWZIMOcuuroT4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c399a4-53b6-4271-9b90-32bf1641fb3b/1/u7sqQwIJT0w_W62lR-9Pft4Y6QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.31.93.0/24
194.31.193.0/24
194.31.199.0/24
194.31.220.0/24
Signature Algorithm: sha256WithRSAEncryption
04:90:02:83:94:1f:da:dc:f8:d9:5d:91:a4:b0:c6:1d:1b:15:
15:7b:1e:44:3f:e9:eb:a6:ad:49:e9:9b:ca:45:61:fd:7f:05:
09:58:1c:c6:61:25:4f:58:83:20:4e:a7:ad:97:71:47:cd:0f:
de:36:a4:49:a8:c9:25:d9:a9:e1:f0:95:1a:0b:30:a7:a1:2f:
cd:4a:8b:59:e2:69:ad:05:b8:d3:cb:b0:87:e1:df:c2:2c:d0:
86:09:db:77:16:75:3f:75:23:0d:96:e8:42:31:3c:fd:7b:22:
76:94:bc:da:c1:d9:f2:64:16:7a:98:73:41:bd:fe:f4:d1:94:
0b:be:8b:f6:7d:7c:fe:a3:5f:35:c2:b5:bf:3c:07:8d:f2:63:
7a:9b:e1:26:b7:eb:2a:85:67:fb:ea:ff:fa:64:03:d7:88:00:
3f:38:5b:b3:46:ff:53:9a:23:02:72:5d:7b:76:b6:57:b3:45:
19:87:73:1d:8d:50:61:a6:f2:39:2e:4c:2c:b1:55:41:9d:bb:
1a:b3:1e:4d:e0:d7:f5:2e:6c:75:1d:49:f0:5b:ca:cf:e4:a2:
a6:7e:7d:e4:35:e8:0e:6a:3f:d6:3e:ca:8f:c2:7b:85:9f:75:
56:59:b9:c8:83:8e:b3:1a:3c:70:b1:d8:0e:1a:29:3f:9a:65:
eb:4b:2c:61
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZt57GQonSrp9a/gUg4Y1kEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYmIyYTQzMDIwOTRmNGMzZjViYWRhNTQ3ZWY0ZjdlZGUx
OGU5MDMwHhcNMjYwMTAxMTQxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjNkMGQyZDNhZWMyYjVjZWY3ZTg3MTY2NDgzMGU3MmViYWJhMTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOHvCun0ZNyw9VUwj2OWXSQCCaPi
Q2GdXs3kxxurMxCCYCxnP7qA1WAbMYdosfg2XBhTbebPbn1eJyZ3RJN/NRj305Yt
GqFKyNWak7wJU10vpM4RWckSV/OvESe4drcTQcGXImZFHzTC3CsRLZ62XFtvfGO0
vJY8nd/4AbJobHoQppFjEoo/qnyJNZp1y0epeEtCeKns1fZingYF1nimxXzxPhev
lLHd3uimJ7kQJassI2BAyzogQw6h2XVl/VShMvbBdwkOoK6Y+656bJDo5KxjtM2m
9qcaKwbefPvjMjoCu5pg8oyDOC2cRtwYD/sY97dLSJ2q6i6VDI7Z1NZTgwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEs9DS067Ctc736HFmSDDnLrq6E+MB8GA1UdIwQY
MBaAFLu7KkMCCU9MP1utpUfvT37eGOkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTdzcVF3SUpUMHdfVzYybFItOVBmdDRZNlFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jMzk5YTQtNTNiNi00MjcxLTliOTAt
MzJiZjE2NDFmYjNiLzEvU3owTkxUcnNLMXp2Zm9jV1pJTU9jdXVyb1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jMzk5YTQtNTNiNi00MjcxLTliOTAtMzJiZjE2NDFmYjNi
LzEvdTdzcVF3SUpUMHdfVzYybFItOVBmdDRZNlFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwh9dAwQA
wh/BAwQAwh/HAwQAwh/cMA0GCSqGSIb3DQEBCwUAA4IBAQAEkAKDlB/a3PjZXZGk
sMYdGxUVex5EP+nrpq1J6ZvKRWH9fwUJWBzGYSVPWIMgTqetl3FHzQ/eNqRJqMkl
2anh8JUaCzCnoS/NSotZ4mmtBbjTy7CH4d/CLNCGCdt3FnU/dSMNluhCMTz9eyJ2
lLzawdnyZBZ6mHNBvf700ZQLvov2fXz+o181wrW/PAeN8mN6m+Emt+sqhWf76v/6
ZAPXiAA/OFuzRv9TmiMCcl17drZXs0UZh3MdjVBhpvI5LkwssVVBnbsasx5N4Nf1
Lmx1HUnwW8rP5KKmfn3kNegOaj/WPsqPwnuFn3VWWbnIg46zGjxwsdgOGik/mmXr
Syxh
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:06:30 2026 by rpki-client