Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/ZLCaZarmOydzUn6rnPA4DARgtdI.roa
File: ZLCaZarmOydzUn6rnPA4DARgtdI.roa (raw, json)
Hash identifier: bWM+rtJ+nDproyFIfZ+Rzfa6rbod9ZVtKztR7u7HeaU=
Subject key identifier: 64:B0:9A:65:AA:E6:3B:27:73:52:7E:AB:9C:F0:38:0C:04:60:B5:D2
Certificate issuer: /CN=15733ff82be00b41a990ded6b72b04cb7bf580d7
Certificate serial: 019B7F81463B3FA422D2E8D759AD19B4C3A1
Authority key identifier: 15:73:3F:F8:2B:E0:0B:41:A9:90:DE:D6:B7:2B:04:CB:7B:F5:80:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FXM_-CvgC0GpkN7WtysEy3v1gNc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/ZLCaZarmOydzUn6rnPA4DARgtdI.roa
Signing time: Fri 02 Jan 2026 16:18:56 +0000
ROA not before: Fri 02 Jan 2026 16:18:56 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29246
IP address blocks: 185.89.168.0/22 maxlen: 22
195.68.250.0/23 maxlen: 23
2a00:18a8::/29 maxlen: 29
2a00:18a8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/FXM_-CvgC0GpkN7WtysEy3v1gNc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/FXM_-CvgC0GpkN7WtysEy3v1gNc.mft
rsync://rpki.ripe.net/repository/DEFAULT/FXM_-CvgC0GpkN7WtysEy3v1gNc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 21:16:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:81:46:3b:3f:a4:22:d2:e8:d7:59:ad:19:b4:c3:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=15733ff82be00b41a990ded6b72b04cb7bf580d7
Validity
Not Before: Jan 2 16:18:56 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=64b09a65aae63b2773527eab9cf0380c0460b5d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:09:93:71:1c:a7:15:87:f3:7d:b6:e5:ad:ba:
8c:f7:ca:4f:34:92:f0:c0:c4:a7:ba:de:a3:cd:08:
ae:17:5e:59:a8:e1:5b:a7:81:a7:8d:6a:97:e0:83:
cc:4c:ec:3c:08:bc:ce:a1:cb:a7:7b:bd:71:bb:7d:
2c:c6:e0:31:f1:9a:e5:7e:3f:20:9d:56:38:95:02:
ed:01:80:03:ba:d0:9d:cb:ad:ce:18:da:7f:e8:27:
02:5a:06:54:3b:47:0e:e9:72:27:5a:fa:5b:fd:d0:
d2:20:74:6d:dc:47:d6:6e:ad:b0:58:ea:bc:18:70:
cb:c5:a7:93:4f:e4:18:3f:60:fa:55:8e:ec:e6:16:
58:28:17:b4:2f:c9:1f:38:f1:0d:f9:cf:35:43:d8:
7e:62:83:8d:2c:d4:6b:f2:01:e7:3e:c5:f7:f2:9f:
20:1f:a1:a5:88:b9:bc:b4:58:a4:71:13:74:93:6b:
79:74:9d:f6:6c:d9:9b:c4:88:42:ef:38:25:50:03:
d6:a4:b3:92:77:1a:4e:d1:38:17:96:37:16:e0:98:
bd:eb:c3:6e:68:6c:42:04:12:da:15:6e:46:bf:c3:
57:c7:5f:d4:a7:ac:24:c9:b0:1e:4b:1e:7e:78:84:
bc:b3:6a:50:e3:c4:3a:f3:a6:c6:56:cc:6d:78:c7:
77:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:B0:9A:65:AA:E6:3B:27:73:52:7E:AB:9C:F0:38:0C:04:60:B5:D2
X509v3 Authority Key Identifier:
keyid:15:73:3F:F8:2B:E0:0B:41:A9:90:DE:D6:B7:2B:04:CB:7B:F5:80:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FXM_-CvgC0GpkN7WtysEy3v1gNc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/ZLCaZarmOydzUn6rnPA4DARgtdI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/FXM_-CvgC0GpkN7WtysEy3v1gNc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.89.168.0/22
195.68.250.0/23
IPv6:
2a00:18a8::/29
Signature Algorithm: sha256WithRSAEncryption
16:52:df:c7:cb:28:75:c7:0d:f4:89:1b:8c:aa:98:04:55:90:
03:9c:89:27:40:d7:fc:86:41:8c:2b:97:69:2e:e8:b4:2d:c2:
4e:47:45:aa:09:d4:9d:bd:04:9b:8b:f4:65:a5:67:04:a4:74:
e1:5c:45:86:38:f9:85:4d:e6:e5:96:74:3a:ae:d9:64:88:68:
d0:c4:51:40:6e:79:f1:b5:13:50:93:ca:05:45:9d:d5:b0:ca:
a5:9b:fc:d6:6f:fe:84:a0:3a:d7:a2:69:e5:89:ab:5e:ef:da:
49:6b:ca:61:4d:4f:f2:48:85:89:48:1a:63:95:86:dc:ee:a3:
b4:d3:12:9a:b6:c6:f1:fe:7e:70:14:4b:40:ea:c2:dc:2c:14:
a8:03:08:7f:ca:8e:99:73:ac:19:8f:78:e4:54:81:1b:6f:3e:
8b:69:43:87:1f:1d:58:f5:78:f1:de:27:5a:ae:4d:fe:f3:40:
b4:2a:88:8f:4b:a4:8d:8b:ae:c6:da:d0:63:a2:f5:a5:b5:a1:
cf:11:1b:ae:76:d5:c5:1e:38:fb:38:68:ea:13:cb:65:1d:b0:
12:b4:2a:a4:f3:78:37:be:76:69:00:82:29:cd:21:36:1b:a4:
6c:07:69:78:80:68:df:d8:0c:0d:60:5f:f8:cd:a1:c0:9d:e8:
d8:a0:2e:83
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt/gUY7P6Qi0ujXWa0ZtMOhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1NzMzZmY4MmJlMDBiNDFhOTkwZGVkNmI3MmIwNGNiN2Jm
NTgwZDcwHhcNMjYwMTAyMTYxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGIwOWE2NWFhZTYzYjI3NzM1MjdlYWI5Y2YwMzgwYzA0NjBiNWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQmTcRynFYfzfbblrbqM98pPNJLw
wMSnut6jzQiuF15ZqOFbp4GnjWqX4IPMTOw8CLzOocune71xu30sxuAx8Zrlfj8g
nVY4lQLtAYADutCdy63OGNp/6CcCWgZUO0cO6XInWvpb/dDSIHRt3EfWbq2wWOq8
GHDLxaeTT+QYP2D6VY7s5hZYKBe0L8kfOPEN+c81Q9h+YoONLNRr8gHnPsX38p8g
H6GliLm8tFikcRN0k2t5dJ32bNmbxIhC7zglUAPWpLOSdxpO0TgXljcW4Ji968Nu
aGxCBBLaFW5Gv8NXx1/Up6wkybAeSx5+eIS8s2pQ48Q686bGVsxteMd3gQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGSwmmWq5jsnc1J+q5zwOAwEYLXSMB8GA1UdIwQY
MBaAFBVzP/gr4AtBqZDe1rcrBMt79YDXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlhNXy1DdmdDMEdwa043V3R5c0V5M3YxZ05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lYjVkY2UtZDI4Ni00ODI1LWE0MWMt
YjJiZDY2ODg5YzI5LzEvWkxDYVphcm1PeWR6VW42cm5QQTREQVJndGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lYjVkY2UtZDI4Ni00ODI1LWE0MWMtYjJiZDY2ODg5YzI5
LzEvRlhNXy1DdmdDMEdwa043V3R5c0V5M3YxZ05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuVmoAwQB
w0T6MA0EAgACMAcDBQMqABioMA0GCSqGSIb3DQEBCwUAA4IBAQAWUt/Hyyh1xw30
iRuMqpgEVZADnIknQNf8hkGMK5dpLui0LcJOR0WqCdSdvQSbi/RlpWcEpHThXEWG
OPmFTebllnQ6rtlkiGjQxFFAbnnxtRNQk8oFRZ3VsMqlm/zWb/6EoDrXomnliate
79pJa8phTU/ySIWJSBpjlYbc7qO00xKatsbx/n5wFEtA6sLcLBSoAwh/yo6Zc6wZ
j3jkVIEbbz6LaUOHHx1Y9Xjx3idark3+80C0KoiPS6SNi67G2tBjovWltaHPERuu
dtXFHjj7OGjqE8tlHbAStCqk83g3vnZpAIIpzSE2G6RsB2l4gGjf2AwNYF/4zaHA
nejYoC6D
-----END CERTIFICATE-----
Generated at Tue Mar 3 01:57:34 2026 by rpki-client