Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/9ZsiVUbUX5W-ZMCVQPzYEB1xBz4.roa
File: 9ZsiVUbUX5W-ZMCVQPzYEB1xBz4.roa (raw, json)
Hash identifier: PbpoXyAV/0b2z6QlVsi46fCFIAuuq0DUJ5Bw/Cp89FU=
Subject key identifier: F5:9B:22:55:46:D4:5F:95:BE:64:C0:95:40:FC:D8:10:1D:71:07:3E
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 019C052C8ACB801FD7694385B98A02C754F8
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/9ZsiVUbUX5W-ZMCVQPzYEB1xBz4.roa
Signing time: Wed 28 Jan 2026 15:15:31 +0000
ROA not before: Wed 28 Jan 2026 15:15:31 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3356
IP address blocks: 5.39.176.0/21 maxlen: 24
5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
80.87.16.0/20 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
87.236.128.0/21 maxlen: 24
88.151.152.0/21 maxlen: 24
89.38.120.0/21 maxlen: 24
91.143.64.0/20 maxlen: 24
92.42.120.0/21 maxlen: 24
93.115.176.0/20 maxlen: 24
94.142.168.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.52.144.0/22 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.0.0/21 maxlen: 24
185.182.200.0/22 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 10:01:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:05:2c:8a:cb:80:1f:d7:69:43:85:b9:8a:02:c7:54:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Jan 28 15:15:31 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f59b225546d45f95be64c09540fcd8101d71073e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:65:dd:09:76:af:f7:e2:84:b4:f8:ab:ec:23:
4b:9e:91:db:01:18:d8:91:83:f7:2f:f6:59:74:b2:
ac:e6:ba:28:5a:c9:c1:86:3c:b3:6c:37:a5:93:ea:
d8:ae:2e:77:e4:84:14:7f:3b:ce:e6:43:fd:b7:03:
af:31:dc:74:31:79:17:e1:45:93:26:d9:d7:d6:a9:
74:3f:3b:07:97:23:05:ba:be:e0:5a:3d:42:9c:5a:
6a:dd:ee:b3:93:0b:af:26:8f:5c:9f:6e:72:ff:3a:
fc:be:b4:71:6a:24:23:ee:00:63:f8:4b:f8:e4:b0:
19:c5:b4:36:02:d4:41:7a:2d:03:0c:df:2f:13:52:
6b:a0:49:ff:4d:1f:1a:76:30:9a:07:1d:bd:ed:51:
99:96:69:b3:d1:4f:8d:54:26:96:7b:31:ec:3a:c9:
a0:2e:fe:aa:4c:6b:98:5d:c3:65:66:9a:8f:f5:9b:
ae:59:cf:ba:85:c3:0f:ff:c6:86:fb:e9:c4:fb:2d:
f5:b0:e7:34:f2:c9:b2:65:b2:5f:e2:13:64:e6:73:
a8:5b:4e:5b:87:9f:fc:41:91:20:0a:bb:18:61:ad:
92:71:1f:f2:9c:9a:33:3c:a8:a2:09:94:bc:1c:eb:
70:df:8f:11:e8:7f:88:66:12:56:aa:ca:08:5b:3a:
60:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:9B:22:55:46:D4:5F:95:BE:64:C0:95:40:FC:D8:10:1D:71:07:3E
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/9ZsiVUbUX5W-ZMCVQPzYEB1xBz4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.176.0/21
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
80.87.16.0/20
83.150.252.0/22
85.95.96.0/19
87.236.128.0/21
88.151.152.0/21
89.38.120.0/21
91.143.64.0/20
92.42.120.0/21
93.115.176.0/20
94.142.168.0/21
95.129.64.0/21
176.58.0.0/21
185.52.144.0/22
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.0.0/21
185.182.200.0/22
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
Signature Algorithm: sha256WithRSAEncryption
6a:94:7f:44:89:c7:e7:05:12:2b:95:99:a3:ad:9e:cc:b5:c2:
2b:f9:9a:98:a6:02:24:87:e1:f4:fa:35:98:33:3f:ec:63:67:
3c:8c:9c:12:ec:6a:7b:1f:5b:21:70:46:86:14:77:68:1a:15:
33:11:59:07:be:48:c7:d3:a3:56:04:5b:cb:28:d1:f0:7a:9d:
1c:09:27:6a:a0:05:d3:58:2b:24:b8:62:27:fa:d4:8d:44:d9:
44:de:eb:d7:b0:03:c9:e0:bc:6f:cd:c9:da:b1:3a:92:b4:48:
e0:3d:2f:2d:93:61:6f:6a:91:54:12:3b:38:01:1f:25:fe:8e:
4c:ae:72:50:2d:9a:74:a4:31:0c:04:10:e3:7e:5d:99:5e:53:
8e:ea:cf:c4:e5:d2:b4:27:ba:c7:91:e0:18:54:82:e2:b4:af:
d4:1d:12:1d:df:6b:84:e0:31:98:9c:6c:7f:5e:ad:f0:60:29:
9c:d4:22:94:6f:0b:24:68:11:0a:4e:2e:7c:02:bb:90:da:f1:
77:ed:d0:06:df:b1:1b:4a:f3:bc:55:0a:f8:3a:a4:da:de:69:
8d:b3:f3:08:fe:46:5a:f5:0c:b8:4b:9f:51:63:48:20:93:83:
97:71:ec:e5:90:3c:93:5c:25:39:2a:3f:c0:9e:d4:52:08:eb:
b3:be:88:15
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgISAZwFLIrLgB/XaUOFuYoCx1T4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjYwMTI4MTUxNTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTliMjI1NTQ2ZDQ1Zjk1YmU2NGMwOTU0MGZjZDgxMDFkNzEwNzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2XdCXav9+KEtPir7CNLnpHbARjY
kYP3L/ZZdLKs5rooWsnBhjyzbDelk+rYri535IQUfzvO5kP9twOvMdx0MXkX4UWT
JtnX1ql0PzsHlyMFur7gWj1CnFpq3e6zkwuvJo9cn25y/zr8vrRxaiQj7gBj+Ev4
5LAZxbQ2AtRBei0DDN8vE1JroEn/TR8adjCaBx297VGZlmmz0U+NVCaWezHsOsmg
Lv6qTGuYXcNlZpqP9ZuuWc+6hcMP/8aG++nE+y31sOc08smyZbJf4hNk5nOoW05b
h5/8QZEgCrsYYa2ScR/ynJozPKiiCZS8HOtw348R6H+IZhJWqsoIWzpgXwIDAQAB
o4IDJjCCAyIwHQYDVR0OBBYEFPWbIlVG1F+VvmTAlUD82BAdcQc+MB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvOVpzaVZVYlVYNVctWk1DVlFQellFQjF4Qno0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOgYIKwYBBQUHAQcBAf8EggEpMIIBJTCCARIEAgABMIIB
CgMEAwUnsAMEAwWf0AMEAgW1SAMEAx/AYAMEAi0IZAMEAi2EbAMEAi2JLAMEBFBK
8AMEBFBXEAMEAlOW/AMEBVVfYAMEA1fsgAMEA1iXmAMEA1kmeAMEBFuPQAMEA1wq
eAMEBF1zsAMEA16OqAMEA1+BQAMEA7A6AAMEArk0kAMEArlPuAMEArlaAAMEArle
zAMEArljTAMEArmRWAMEArmy2AMEA7m2AAMEArm2yAMEArnM1AMEArnlBAMEArn2
hAMEArn3yAMEArn4/AMEA7xeEAMEAMEYAwMEAMEYBgMEAMEYDQMEAMEYHwMEBcMa
IAMEAcNYCDAMAwQC1AtEAwQC1AtIAwQE2ZGAMA0EAgACMAcDBQAqAPHAMA0GCSqG
SIb3DQEBCwUAA4IBAQBqlH9EicfnBRIrlZmjrZ7MtcIr+ZqYpgIkh+H0+jWYMz/s
Y2c8jJwS7Gp7H1shcEaGFHdoGhUzEVkHvkjH06NWBFvLKNHwep0cCSdqoAXTWCsk
uGIn+tSNRNlE3uvXsAPJ4LxvzcnasTqStEjgPS8tk2FvapFUEjs4AR8l/o5MrnJQ
LZp0pDEMBBDjfl2ZXlOO6s/E5dK0J7rHkeAYVILitK/UHRId32uE4DGYnGx/Xq3w
YCmc1CKUbwskaBEKTi58AruQ2vF37dAG37EbSvO8VQr4OqTa3mmNs/MI/kZa9Qy4
S59RY0ggk4OXcezlkDyTXCU5Kj/AntRSCOuzvogV
-----END CERTIFICATE-----
Generated at Mon Mar 2 16:36:04 2026 by rpki-client