Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/zIooxkz42P8_5ReZHQIQQDyh_E0.roa
File: zIooxkz42P8_5ReZHQIQQDyh_E0.roa (raw, json)
Hash identifier: vHG8nX4oJh4/M/Rbe7SvWBLoOWc7PYioObPqt6DtUuI=
Subject key identifier: CC:8A:28:C6:4C:F8:D8:FF:3F:E5:17:99:1D:02:10:40:3C:A1:FC:4D
Certificate issuer: /CN=ff1a0a7554385703974ae15ef947bc54c0b89c95
Certificate serial: 019B7CEE1C85EB9E104AC78A734D1C50E887
Authority key identifier: FF:1A:0A:75:54:38:57:03:97:4A:E1:5E:F9:47:BC:54:C0:B8:9C:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/zIooxkz42P8_5ReZHQIQQDyh_E0.roa
Signing time: Fri 02 Jan 2026 04:18:58 +0000
ROA not before: Fri 02 Jan 2026 04:18:58 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 25181
IP address blocks: 195.2.32.0/19 maxlen: 24
195.2.32.0/22 maxlen: 24
195.2.36.0/22 maxlen: 24
195.2.36.0/23 maxlen: 23
195.2.38.0/23 maxlen: 23
195.2.40.0/23 maxlen: 24
195.2.41.0/24 maxlen: 24
2a00:1310::/32 maxlen: 48
2a00:1310:110::/48 maxlen: 48
2a00:1310:301::/48 maxlen: 48
2a00:1310:802::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.crl
rsync://rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.mft
rsync://rpki.ripe.net/repository/DEFAULT/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 09:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:ee:1c:85:eb:9e:10:4a:c7:8a:73:4d:1c:50:e8:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff1a0a7554385703974ae15ef947bc54c0b89c95
Validity
Not Before: Jan 2 04:18:58 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cc8a28c64cf8d8ff3fe517991d0210403ca1fc4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:f1:d6:01:23:eb:5a:4b:7f:d7:69:b1:91:e9:
b0:9e:e8:c8:57:e2:16:cd:46:7e:98:75:41:ed:95:
ea:58:f8:e1:c2:3b:51:b0:da:f2:16:31:ab:f7:d1:
15:6b:9f:55:93:9f:cf:1f:a3:4b:9d:45:78:71:a0:
cd:67:56:ff:26:0f:06:fc:cd:70:e8:88:03:43:d0:
46:61:ce:c9:6e:2d:cf:d7:a4:d2:d1:e2:47:e3:ba:
46:92:0a:c9:99:d8:da:de:53:1b:e0:50:27:fa:46:
cc:d5:9d:e9:45:2d:dc:8c:8f:f3:23:a6:81:05:fd:
e8:e2:74:18:e1:c7:8a:06:57:c2:65:04:27:b4:01:
94:95:e1:41:4d:ea:58:90:ed:4a:2a:b0:87:7d:3a:
5f:d7:56:0b:f5:f3:97:c5:12:ba:53:06:2c:3f:a9:
de:1c:99:aa:62:72:60:c1:03:09:b9:d3:34:63:50:
7b:bf:f9:ee:99:1a:06:75:6c:98:f5:a5:d8:c2:24:
76:74:46:68:64:2b:63:c4:5f:7a:52:cd:57:77:6a:
3f:c7:ce:d1:c5:33:a8:31:03:fc:e7:5d:bc:f5:70:
7c:3a:96:75:f8:bf:49:ba:d4:34:c5:21:b1:c6:7a:
c7:54:10:90:c1:ae:d0:97:17:e4:16:84:b8:4e:8d:
28:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:8A:28:C6:4C:F8:D8:FF:3F:E5:17:99:1D:02:10:40:3C:A1:FC:4D
X509v3 Authority Key Identifier:
keyid:FF:1A:0A:75:54:38:57:03:97:4A:E1:5E:F9:47:BC:54:C0:B8:9C:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/zIooxkz42P8_5ReZHQIQQDyh_E0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/269290-59ff-4233-8fa0-27550b219507/1/_xoKdVQ4VwOXSuFe-Ue8VMC4nJU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.2.32.0/19
IPv6:
2a00:1310::/32
Signature Algorithm: sha256WithRSAEncryption
18:90:25:d0:d8:3b:9a:b6:57:85:46:a9:9b:17:3f:73:2a:0a:
55:05:03:9b:a6:05:52:35:57:bd:b5:b2:3c:a6:97:2b:d2:78:
47:fd:2f:cf:11:d9:8e:be:12:ab:93:ed:e2:88:48:35:4a:2f:
e6:2f:f4:b3:20:4a:70:84:2a:92:74:b6:2a:bb:45:46:73:ef:
16:d5:d7:5c:59:bd:06:7d:b0:00:0f:b4:c2:81:cc:1b:6c:91:
21:0c:da:c6:d7:2d:91:6d:b1:7d:86:a0:a3:43:4b:c0:2f:75:
e5:2d:8f:39:75:43:03:fe:82:42:56:fb:2f:28:26:7c:a8:77:
29:99:79:1b:ab:f5:52:61:7d:9d:7a:a4:54:61:c6:42:a7:5d:
e0:37:33:1d:60:06:2b:2f:13:2f:05:e4:0a:c8:1b:fe:e4:b2:
90:2b:b9:69:dc:b3:ac:8c:8d:63:a0:a3:65:b5:41:d0:10:b8:
03:f3:b0:f2:54:45:29:bc:74:1c:b7:f9:17:51:c5:13:ef:31:
ad:f7:8f:7d:11:2c:56:a5:b3:cd:24:2c:7d:7f:14:dc:c5:63:
b3:0a:7f:fc:95:34:0f:ab:f3:76:9c:b4:95:98:c7:34:69:7f:
5b:9b:a3:5e:08:71:73:12:dc:df:f3:3c:0a:c6:63:a1:9f:f6:
4c:5d:3f:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt87hyF654QSseKc00cUOiHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMWEwYTc1NTQzODU3MDM5NzRhZTE1ZWY5NDdiYzU0YzBi
ODljOTUwHhcNMjYwMTAyMDQxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzhhMjhjNjRjZjhkOGZmM2ZlNTE3OTkxZDAyMTA0MDNjYTFmYzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvHWASPrWkt/12mxkemwnujIV+IW
zUZ+mHVB7ZXqWPjhwjtRsNryFjGr99EVa59Vk5/PH6NLnUV4caDNZ1b/Jg8G/M1w
6IgDQ9BGYc7Jbi3P16TS0eJH47pGkgrJmdja3lMb4FAn+kbM1Z3pRS3cjI/zI6aB
Bf3o4nQY4ceKBlfCZQQntAGUleFBTepYkO1KKrCHfTpf11YL9fOXxRK6UwYsP6ne
HJmqYnJgwQMJudM0Y1B7v/numRoGdWyY9aXYwiR2dEZoZCtjxF96Us1Xd2o/x87R
xTOoMQP851289XB8OpZ1+L9JutQ0xSGxxnrHVBCQwa7QlxfkFoS4To0oZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMyKKMZM+Nj/P+UXmR0CEEA8ofxNMB8GA1UdIwQY
MBaAFP8aCnVUOFcDl0rhXvlHvFTAuJyVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3hvS2RWUTRWd09YU3VGZS1VZThWTUM0bkpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8yNjkyOTAtNTlmZi00MjMzLThmYTAt
Mjc1NTBiMjE5NTA3LzEveklvb3hrejQyUDhfNVJlWkhRSVFRRHloX0UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8yNjkyOTAtNTlmZi00MjMzLThmYTAtMjc1NTBiMjE5NTA3
LzEvX3hvS2RWUTRWd09YU3VGZS1VZThWTUM0bkpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFwwIgMA0E
AgACMAcDBQAqABMQMA0GCSqGSIb3DQEBCwUAA4IBAQAYkCXQ2DuatleFRqmbFz9z
KgpVBQObpgVSNVe9tbI8ppcr0nhH/S/PEdmOvhKrk+3iiEg1Si/mL/SzIEpwhCqS
dLYqu0VGc+8W1ddcWb0GfbAAD7TCgcwbbJEhDNrG1y2RbbF9hqCjQ0vAL3XlLY85
dUMD/oJCVvsvKCZ8qHcpmXkbq/VSYX2deqRUYcZCp13gNzMdYAYrLxMvBeQKyBv+
5LKQK7lp3LOsjI1joKNltUHQELgD87DyVEUpvHQct/kXUcUT7zGt9499ESxWpbPN
JCx9fxTcxWOzCn/8lTQPq/N2nLSVmMc0aX9bm6NeCHFzEtzf8zwKxmOhn/ZMXT8k
-----END CERTIFICATE-----
Generated at Mon Mar 2 15:47:58 2026 by rpki-client