Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/5bce46-cc9b-483f-b940-047ba0e62de4/1/ZKITQWeRmOOpWe3j9phAgbWo098.roa
File: ZKITQWeRmOOpWe3j9phAgbWo098.roa (raw, json)
Hash identifier: uQME1knZ+/RpjbN1SdA7vXHO6Nrx1GYvYRwaBz+mqFI=
Subject key identifier: 64:A2:13:41:67:91:98:E3:A9:59:ED:E3:F6:98:40:81:B5:A8:D3:DF
Certificate issuer: /CN=ef0294479459182459c15d8ca010a8a7f47f80c8
Certificate serial: 019CB0C0BBADE9E93FA5DF81E5E372AE38E7
Authority key identifier: EF:02:94:47:94:59:18:24:59:C1:5D:8C:A0:10:A8:A7:F4:7F:80:C8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7wKUR5RZGCRZwV2MoBCop_R_gMg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/5bce46-cc9b-483f-b940-047ba0e62de4/1/ZKITQWeRmOOpWe3j9phAgbWo098.roa
Signing time: Mon 02 Mar 2026 22:52:26 +0000
ROA not before: Mon 02 Mar 2026 22:52:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42320
IP address blocks: 77.72.112.0/21 maxlen: 21
77.72.112.0/24 maxlen: 24
77.72.115.0/24 maxlen: 24
77.72.116.0/24 maxlen: 24
77.72.117.0/24 maxlen: 24
77.72.118.0/24 maxlen: 24
77.72.119.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3e/5bce46-cc9b-483f-b940-047ba0e62de4/1/7wKUR5RZGCRZwV2MoBCop_R_gMg.crl
rsync://rpki.ripe.net/repository/DEFAULT/3e/5bce46-cc9b-483f-b940-047ba0e62de4/1/7wKUR5RZGCRZwV2MoBCop_R_gMg.mft
rsync://rpki.ripe.net/repository/DEFAULT/7wKUR5RZGCRZwV2MoBCop_R_gMg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 21:16:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:b0:c0:bb:ad:e9:e9:3f:a5:df:81:e5:e3:72:ae:38:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef0294479459182459c15d8ca010a8a7f47f80c8
Validity
Not Before: Mar 2 22:52:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=64a21341679198e3a959ede3f6984081b5a8d3df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:9e:e5:5b:83:c5:10:c7:75:1c:26:87:70:62:
17:f7:c7:ca:e6:68:a4:8a:a3:4d:e3:d8:02:dd:2f:
d5:89:43:a1:dc:8b:c8:fd:c4:76:34:b4:7a:8a:d1:
1e:ca:32:47:ee:83:66:81:54:af:09:30:1e:19:0b:
9d:d5:39:28:80:6b:79:2e:1e:10:01:f0:cf:99:d8:
85:e2:c8:58:5e:d1:3a:bd:8b:48:76:cd:f1:a7:0b:
18:57:ff:c6:75:ca:99:18:86:d1:fc:ad:c6:0b:b1:
10:7f:e0:cb:9e:57:69:fb:9f:ee:43:00:00:16:eb:
21:f5:0c:bf:d5:3d:22:9a:4a:9a:e0:76:eb:60:81:
4b:3b:99:3b:94:49:aa:fc:39:d0:a9:88:eb:ea:69:
15:61:1b:f0:6d:9e:88:3f:55:ae:79:5b:67:50:c0:
e2:5d:64:02:7b:eb:21:07:e3:3b:5a:c2:bf:d4:af:
50:da:56:d4:5a:95:a2:e2:79:29:eb:a8:55:1b:c2:
13:af:cc:2d:e0:57:7c:07:99:b9:15:66:64:4d:d3:
eb:ec:c0:60:d5:4b:98:23:27:21:2a:04:36:64:65:
59:19:ec:b8:69:9a:31:c1:a5:f5:9a:0c:79:a1:89:
f2:7a:ac:13:82:30:c0:69:6b:e1:7a:fe:08:72:2f:
c6:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:A2:13:41:67:91:98:E3:A9:59:ED:E3:F6:98:40:81:B5:A8:D3:DF
X509v3 Authority Key Identifier:
keyid:EF:02:94:47:94:59:18:24:59:C1:5D:8C:A0:10:A8:A7:F4:7F:80:C8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7wKUR5RZGCRZwV2MoBCop_R_gMg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5bce46-cc9b-483f-b940-047ba0e62de4/1/ZKITQWeRmOOpWe3j9phAgbWo098.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5bce46-cc9b-483f-b940-047ba0e62de4/1/7wKUR5RZGCRZwV2MoBCop_R_gMg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.72.112.0/21
Signature Algorithm: sha256WithRSAEncryption
70:6c:98:04:c5:a4:c8:dc:4e:a1:ac:f0:1e:9d:94:9a:5b:c8:
ec:ce:a9:8d:8d:78:5e:1d:10:30:db:35:e8:ee:4b:73:6d:32:
02:c6:6a:b9:01:18:99:26:d1:41:5d:79:22:c5:4e:e4:e1:9c:
f7:d0:81:08:8b:52:31:5d:25:94:10:f7:20:ef:06:bb:3d:1d:
e2:2e:5c:5c:23:09:af:e3:27:6d:92:b1:af:76:38:39:ff:72:
09:7e:b2:0a:29:e8:34:6c:d7:96:0a:0e:ad:f2:34:df:38:0a:
c8:ee:4f:e5:ed:09:3d:21:b5:8b:48:a5:d4:3a:83:40:85:a0:
59:39:27:64:da:ac:68:6a:cf:a1:4d:f9:05:48:b7:9c:7a:39:
72:7e:1c:e8:8f:64:59:a2:5a:28:43:ca:53:54:30:f5:0b:4d:
51:aa:44:9e:b6:f6:b3:05:db:52:18:e8:e8:26:6e:64:3c:54:
0a:16:ee:4f:9f:75:31:aa:b4:1e:e5:02:c3:00:7d:a1:d2:12:
e9:5b:69:bf:eb:6b:43:37:ea:b5:1e:5d:7a:0f:87:ae:9b:ea:
c5:2e:32:d4:bd:c0:cb:d9:10:63:aa:52:7d:e6:4d:84:84:9f:
80:09:09:74:62:9e:c9:99:13:61:86:c5:a7:1a:f2:c2:3b:a0:
7b:bf:a4:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZywwLut6ek/pd+B5eNyrjjnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMDI5NDQ3OTQ1OTE4MjQ1OWMxNWQ4Y2EwMTBhOGE3ZjQ3
ZjgwYzgwHhcNMjYwMzAyMjI1MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGEyMTM0MTY3OTE5OGUzYTk1OWVkZTNmNjk4NDA4MWI1YThkM2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp7lW4PFEMd1HCaHcGIX98fK5mik
iqNN49gC3S/ViUOh3IvI/cR2NLR6itEeyjJH7oNmgVSvCTAeGQud1TkogGt5Lh4Q
AfDPmdiF4shYXtE6vYtIds3xpwsYV//GdcqZGIbR/K3GC7EQf+DLnldp+5/uQwAA
Fush9Qy/1T0imkqa4HbrYIFLO5k7lEmq/DnQqYjr6mkVYRvwbZ6IP1WueVtnUMDi
XWQCe+shB+M7WsK/1K9Q2lbUWpWi4nkp66hVG8ITr8wt4Fd8B5m5FWZkTdPr7MBg
1UuYIychKgQ2ZGVZGey4aZoxwaX1mgx5oYnyeqwTgjDAaWvhev4Ici/GnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSiE0FnkZjjqVnt4/aYQIG1qNPfMB8GA1UdIwQY
MBaAFO8ClEeUWRgkWcFdjKAQqKf0f4DIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3dLVVI1UlpHQ1Jad1YyTW9CQ29wX1JfZ01nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81YmNlNDYtY2M5Yi00ODNmLWI5NDAt
MDQ3YmEwZTYyZGU0LzEvWktJVFFXZVJtT09wV2UzajlwaEFnYldvMDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81YmNlNDYtY2M5Yi00ODNmLWI5NDAtMDQ3YmEwZTYyZGU0
LzEvN3dLVVI1UlpHQ1Jad1YyTW9CQ29wX1JfZ01nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTUhwMA0G
CSqGSIb3DQEBCwUAA4IBAQBwbJgExaTI3E6hrPAenZSaW8jszqmNjXheHRAw2zXo
7ktzbTICxmq5ARiZJtFBXXkixU7k4Zz30IEIi1IxXSWUEPcg7wa7PR3iLlxcIwmv
4ydtkrGvdjg5/3IJfrIKKeg0bNeWCg6t8jTfOArI7k/l7Qk9IbWLSKXUOoNAhaBZ
OSdk2qxoas+hTfkFSLecejlyfhzoj2RZolooQ8pTVDD1C01RqkSetvazBdtSGOjo
Jm5kPFQKFu5Pn3UxqrQe5QLDAH2h0hLpW2m/62tDN+q1Hl16D4eum+rFLjLUvcDL
2RBjqlJ95k2EhJ+ACQl0Yp7JmRNhhsWnGvLCO6B7v6Q4
-----END CERTIFICATE-----
Generated at Tue Mar 3 03:24:41 2026 by rpki-client