Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lgzi4YsrXvoBW8RlYxslYJTfpHs.roa
File: lgzi4YsrXvoBW8RlYxslYJTfpHs.roa (raw, json)
Hash identifier: eSi9kncqAL4WVQ1k1BW+/Zwu2o42SgRuUSoCCd+nq9I=
Subject key identifier: 96:0C:E2:E1:8B:2B:5E:FA:01:5B:C4:65:63:1B:25:60:94:DF:A4:7B
Certificate issuer: /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial: 019C5BE977511B0EDFB4F0A0D0E6BFCCF49D
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lgzi4YsrXvoBW8RlYxslYJTfpHs.roa
Signing time: Sat 14 Feb 2026 11:29:12 +0000
ROA not before: Sat 14 Feb 2026 11:29:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200993
IP address blocks: 2a0d:d940:50::/46 maxlen: 48
2a0d:d940:5e::/48 maxlen: 48
2a0d:d940:1300::/40 maxlen: 40
2a0d:d940:1f00::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:5b:e9:77:51:1b:0e:df:b4:f0:a0:d0:e6:bf:cc:f4:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Validity
Not Before: Feb 14 11:29:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=960ce2e18b2b5efa015bc465631b256094dfa47b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:98:ab:c6:5c:59:48:7f:0c:d6:2d:f4:71:cb:
14:a2:59:96:01:cc:0e:29:bc:54:87:ae:23:f8:00:
50:42:40:cc:9c:01:6f:23:42:25:07:ee:69:7f:85:
20:b4:02:75:9d:c2:56:67:72:41:b7:c9:97:40:96:
38:4c:1d:e0:19:21:62:55:f0:64:b0:9c:03:6e:7f:
1a:99:0c:43:44:3c:75:1b:d6:d3:8c:1c:c0:1c:10:
3c:4d:48:f8:82:3a:06:c2:f7:3a:07:a7:ef:4f:4b:
9a:2f:35:d1:86:72:6d:a8:ed:29:eb:ce:9d:b7:96:
ce:21:b6:37:a5:dd:cb:ea:3f:a7:81:b0:8a:dc:ce:
b5:4d:2a:23:5d:ec:70:c3:9d:59:77:9c:c2:ee:1f:
86:35:e5:e2:45:2e:70:84:3d:0a:08:9e:28:74:ee:
0e:2e:21:df:1a:ef:75:b1:6a:b5:9a:8a:d4:f1:68:
0b:d3:c9:9a:a2:53:ea:e8:fd:b5:68:6d:5d:42:6c:
27:0d:32:18:e4:77:e9:ed:fe:07:73:42:50:f5:04:
a4:50:81:2e:be:14:c8:9b:88:2d:14:ea:f7:c6:b6:
ed:28:04:d9:bf:24:70:5c:af:a0:5a:1a:7b:4c:0a:
8f:6f:88:38:13:d6:9e:3f:6c:ed:51:28:39:98:10:
d7:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:0C:E2:E1:8B:2B:5E:FA:01:5B:C4:65:63:1B:25:60:94:DF:A4:7B
X509v3 Authority Key Identifier:
keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lgzi4YsrXvoBW8RlYxslYJTfpHs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:d940:50::/46
2a0d:d940:5e::/48
2a0d:d940:1300::/40
2a0d:d940:1f00::/40
Signature Algorithm: sha256WithRSAEncryption
50:ae:d4:41:86:ca:eb:64:0b:61:47:f2:9c:20:ca:d6:95:eb:
4e:9d:13:d1:fa:03:c8:00:68:11:4b:3e:fe:7a:9e:4c:f2:20:
f9:81:d7:07:26:0d:09:22:24:23:d7:51:a2:b9:f3:fe:da:b3:
70:45:21:f1:99:15:b0:1a:fb:6e:b0:15:40:10:ec:49:f5:36:
ff:68:4a:b2:7f:87:50:90:44:d2:00:93:1e:60:b9:00:0e:67:
c1:da:05:87:1e:eb:ee:dd:03:e9:e0:e5:1a:80:9a:11:45:03:
e4:72:3f:8c:8a:67:85:e4:95:58:90:3d:17:01:7a:61:80:a1:
4e:84:dc:0d:e1:5c:66:a9:d9:e7:d9:e0:8a:b2:35:68:d9:23:
95:ed:44:0b:05:27:3a:e2:2e:64:b2:4f:d4:30:4c:de:0f:0d:
ee:1b:37:c2:08:1c:d7:7d:0c:62:b4:4f:7c:2a:5d:5c:15:8b:
6c:91:d2:b8:e2:bb:45:4e:5c:5a:50:24:1e:34:1b:b2:f1:87:
77:80:23:3c:f0:32:3e:d6:f2:f4:de:f0:cb:44:ea:ae:68:4a:
96:f8:84:b6:65:53:4b:c9:34:57:41:47:a4:98:9d:83:fc:7a:
6c:81:e4:0d:01:e1:90:2c:4d:e7:ec:6d:45:00:1f:dc:4c:f9:
62:28:c8:cb
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZxb6XdRGw7ftPCg0Oa/zPSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMjE0MTEyOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjBjZTJlMThiMmI1ZWZhMDE1YmM0NjU2MzFiMjU2MDk0ZGZhNDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5irxlxZSH8M1i30ccsUolmWAcwO
KbxUh64j+ABQQkDMnAFvI0IlB+5pf4UgtAJ1ncJWZ3JBt8mXQJY4TB3gGSFiVfBk
sJwDbn8amQxDRDx1G9bTjBzAHBA8TUj4gjoGwvc6B6fvT0uaLzXRhnJtqO0p686d
t5bOIbY3pd3L6j+ngbCK3M61TSojXexww51Zd5zC7h+GNeXiRS5whD0KCJ4odO4O
LiHfGu91sWq1morU8WgL08maolPq6P21aG1dQmwnDTIY5Hfp7f4Hc0JQ9QSkUIEu
vhTIm4gtFOr3xrbtKATZvyRwXK+gWhp7TAqPb4g4E9aeP2ztUSg5mBDXQQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFJYM4uGLK176AVvEZWMbJWCU36R7MB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvbGd6aTRZc3JYdm9CVzhSbFl4c2xZSlRmcEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAAjAiAwcCKg3ZQABQ
AwcAKg3ZQABeAwYAKg3ZQBMDBgAqDdlAHzANBgkqhkiG9w0BAQsFAAOCAQEAUK7U
QYbK62QLYUfynCDK1pXrTp0T0foDyABoEUs+/nqeTPIg+YHXByYNCSIkI9dRornz
/tqzcEUh8ZkVsBr7brAVQBDsSfU2/2hKsn+HUJBE0gCTHmC5AA5nwdoFhx7r7t0D
6eDlGoCaEUUD5HI/jIpnheSVWJA9FwF6YYChToTcDeFcZqnZ59ngirI1aNkjle1E
CwUnOuIuZLJP1DBM3g8N7hs3wggc130MYrRPfCpdXBWLbJHSuOK7RU5cWlAkHjQb
svGHd4AjPPAyPtby9N7wy0TqrmhKlviEtmVTS8k0V0FHpJidg/x6bIHkDQHhkCxN
5+xtRQAf3Ez5YijIyw==
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:02:31 2026 by rpki-client