Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/zgTryKojDkqazYkBByfV3Hv8WvI.roa
File: zgTryKojDkqazYkBByfV3Hv8WvI.roa (raw, json)
Hash identifier: Kt7oCGuwAk/VTfNKFsxeChPMOn6ldVTOIrUeTZws23Q=
Subject key identifier: CE:04:EB:C8:AA:23:0E:4A:9A:CD:89:01:07:27:D5:DC:7B:FC:5A:F2
Certificate issuer: /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial: 019A3506679B913EC95A13E902E10BB9213A
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/zgTryKojDkqazYkBByfV3Hv8WvI.roa
Signing time: Thu 30 Oct 2025 12:10:03 +0000
ROA not before: Thu 30 Oct 2025 12:10:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401783
IP address blocks: 88.148.35.0/24 maxlen: 24
88.148.40.0/23 maxlen: 23
88.148.44.0/24 maxlen: 24
88.148.45.0/24 maxlen: 24
88.148.55.0/24 maxlen: 24
88.148.95.0/24 maxlen: 24
88.148.109.0/24 maxlen: 24
88.148.117.0/24 maxlen: 24
94.76.158.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 08:48:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:35:06:67:9b:91:3e:c9:5a:13:e9:02:e1:0b:b9:21:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Validity
Not Before: Oct 30 12:10:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ce04ebc8aa230e4a9acd89010727d5dc7bfc5af2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:3e:d6:ae:15:64:8f:9d:1e:44:57:c0:da:91:
3d:ac:3f:27:c4:1c:6e:f2:57:7f:8a:53:0a:45:25:
42:d1:b8:7b:11:ca:67:17:59:cd:a3:1a:48:7b:a2:
7f:b5:ff:61:da:a0:64:7b:95:70:51:eb:9b:b8:d4:
0b:7f:92:93:bc:89:b2:57:5a:5b:53:57:e9:eb:9a:
0d:51:9a:2a:aa:ef:33:60:06:55:57:f5:68:18:0c:
19:ca:d4:95:4b:9c:00:7d:b1:07:8e:03:9b:cc:d6:
70:77:87:e0:84:d9:bb:d8:d3:c3:55:d1:6f:dd:0d:
b6:18:66:7d:a7:c3:94:fb:71:c6:9c:34:c8:27:86:
3d:95:15:95:bd:fb:7a:68:51:0b:eb:bf:b8:1c:97:
64:e0:9f:92:5e:df:9b:75:68:f5:49:35:99:ac:d2:
1c:cd:c2:6d:2e:bc:06:16:f1:56:21:20:7c:13:67:
18:89:32:73:c1:b9:5a:95:08:b1:ef:d5:53:7c:ee:
94:c9:1c:d8:ac:f6:0c:98:e9:39:3a:50:99:fa:73:
d5:d2:28:24:46:92:f4:29:3b:c3:21:a8:4b:6f:90:
b0:a6:4c:99:bb:8d:d3:5c:d9:e0:88:58:79:a4:84:
bc:ab:56:45:95:1d:62:33:6a:7f:49:71:97:a3:5f:
91:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:04:EB:C8:AA:23:0E:4A:9A:CD:89:01:07:27:D5:DC:7B:FC:5A:F2
X509v3 Authority Key Identifier:
keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/zgTryKojDkqazYkBByfV3Hv8WvI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.148.35.0/24
88.148.40.0/23
88.148.44.0/23
88.148.55.0/24
88.148.95.0/24
88.148.109.0/24
88.148.117.0/24
94.76.158.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:98:41:af:cb:cf:c0:d2:4e:aa:70:81:95:21:f2:af:e9:fe:
d0:31:79:8c:47:2a:8c:b7:ae:d2:ab:19:5e:73:cd:e5:d7:f9:
4d:23:5e:ca:04:30:39:4b:d2:a6:97:a8:73:54:f5:f8:a5:59:
8e:d8:04:3d:32:03:15:3a:5a:a8:90:70:9b:f3:7a:68:0e:bd:
f7:61:a9:e3:0d:4e:0a:45:ff:64:04:8c:44:6e:9c:66:a5:c0:
fb:d6:c7:a9:64:0b:c4:33:3d:e8:de:bb:c1:8f:d2:5b:56:c1:
f5:92:a9:4b:bb:e6:cb:14:10:59:da:3e:64:2b:ce:1b:33:44:
cb:ed:ab:6e:f9:e7:06:d7:39:2b:6d:07:90:e2:e3:d7:81:f0:
fc:8d:00:bb:5c:90:e0:70:af:56:73:0b:5e:88:87:b5:4b:2a:
38:e5:05:d7:fd:e0:c9:42:5a:d4:6d:88:40:5e:31:1c:a0:34:
54:6a:9a:62:69:fb:02:09:c6:2a:32:71:83:49:40:4e:98:89:
80:fe:d9:a8:6d:70:ff:d4:e3:ce:91:83:e2:69:af:88:f6:20:
4a:1b:4f:6b:3f:7d:75:b4:f3:d2:94:30:f3:da:1b:16:7f:d3:
cd:12:41:d6:6d:8c:fb:a9:7c:97:59:a3:0c:19:93:4d:6a:6b:
c7:f8:8e:2b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZo1BmebkT7JWhPpAuELuSE6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjUxMDMwMTIxMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTA0ZWJjOGFhMjMwZTRhOWFjZDg5MDEwNzI3ZDVkYzdiZmM1YWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkD7WrhVkj50eRFfA2pE9rD8nxBxu
8ld/ilMKRSVC0bh7EcpnF1nNoxpIe6J/tf9h2qBke5VwUeubuNQLf5KTvImyV1pb
U1fp65oNUZoqqu8zYAZVV/VoGAwZytSVS5wAfbEHjgObzNZwd4fghNm72NPDVdFv
3Q22GGZ9p8OU+3HGnDTIJ4Y9lRWVvft6aFEL67+4HJdk4J+SXt+bdWj1STWZrNIc
zcJtLrwGFvFWISB8E2cYiTJzwblalQix79VTfO6UyRzYrPYMmOk5OlCZ+nPV0igk
RpL0KTvDIahLb5CwpkyZu43TXNngiFh5pIS8q1ZFlR1iM2p/SXGXo1+RWwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFM4E68iqIw5Kms2JAQcn1dx7/FryMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvemdUcnlLb2pEa3FhellrQkJ5ZlYzSHY4V3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAWJQjAwQB
WJQoAwQBWJQsAwQAWJQ3AwQAWJRfAwQAWJRtAwQAWJR1AwQAXkyeMA0GCSqGSIb3
DQEBCwUAA4IBAQCkmEGvy8/A0k6qcIGVIfKv6f7QMXmMRyqMt67Sqxlec83l1/lN
I17KBDA5S9Kml6hzVPX4pVmO2AQ9MgMVOlqokHCb83poDr33YanjDU4KRf9kBIxE
bpxmpcD71sepZAvEMz3o3rvBj9JbVsH1kqlLu+bLFBBZ2j5kK84bM0TL7atu+ecG
1zkrbQeQ4uPXgfD8jQC7XJDgcK9WcwteiIe1Syo45QXX/eDJQlrUbYhAXjEcoDRU
appiafsCCcYqMnGDSUBOmImA/tmobXD/1OPOkYPiaa+I9iBKG09rP311tPPSlDDz
2hsWf9PNEkHWbYz7qXyXWaMMGZNNamvH+I4r
-----END CERTIFICATE-----
Generated at Tue Nov 4 18:04:45 2025 by rpki-client