Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/ZPI9qfs0gVUf8GTfcfWaO2bFXW0.roa
File: ZPI9qfs0gVUf8GTfcfWaO2bFXW0.roa (raw, json)
Hash identifier: yeSNEsXwHcAXCBN4T17R4L112mUgEsEF+By7doIb0CM=
Subject key identifier: 64:F2:3D:A9:FB:34:81:55:1F:F0:64:DF:71:F5:9A:3B:66:C5:5D:6D
Certificate issuer: /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial: 019C8E8D8BBD172CDFF8425B594BE433A11A
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/ZPI9qfs0gVUf8GTfcfWaO2bFXW0.roa
Signing time: Tue 24 Feb 2026 07:29:26 +0000
ROA not before: Tue 24 Feb 2026 07:29:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 680
IP address blocks: 84.246.64.0/21 maxlen: 21
129.26.0.0/16 maxlen: 16
129.233.128.0/18 maxlen: 18
129.233.210.0/24 maxlen: 24
129.233.224.0/20 maxlen: 20
153.96.0.0/16 maxlen: 16
153.97.0.0/16 maxlen: 16
192.35.149.0/24 maxlen: 24
192.35.150.0/24 maxlen: 24
192.35.151.0/24 maxlen: 24
192.35.152.0/24 maxlen: 24
192.35.153.0/24 maxlen: 24
192.44.5.0/24 maxlen: 24
192.44.6.0/24 maxlen: 24
192.44.8.0/24 maxlen: 24
192.44.12.0/24 maxlen: 24
192.44.15.0/24 maxlen: 24
192.44.18.0/24 maxlen: 24
192.44.20.0/23 maxlen: 23
192.44.23.0/24 maxlen: 24
192.44.25.0/24 maxlen: 24
192.44.26.0/24 maxlen: 24
192.44.28.0/24 maxlen: 24
192.44.29.0/24 maxlen: 24
192.44.30.0/23 maxlen: 23
192.44.36.0/24 maxlen: 24
192.44.37.0/24 maxlen: 24
192.44.38.0/24 maxlen: 24
192.44.39.0/24 maxlen: 24
192.44.40.0/24 maxlen: 24
192.54.34.0/23 maxlen: 23
192.76.148.0/24 maxlen: 24
192.76.241.0/24 maxlen: 24
192.76.245.0/24 maxlen: 24
192.76.246.0/23 maxlen: 23
192.76.248.0/24 maxlen: 24
192.88.108.0/24 maxlen: 24
192.102.150.0/23 maxlen: 23
192.102.152.0/23 maxlen: 23
192.102.156.0/24 maxlen: 24
192.102.158.0/23 maxlen: 23
192.102.160.0/24 maxlen: 24
192.102.161.0/24 maxlen: 24
192.102.162.0/23 maxlen: 23
192.102.164.0/24 maxlen: 24
192.102.167.0/24 maxlen: 24
192.102.168.0/24 maxlen: 24
192.102.169.0/24 maxlen: 24
192.102.170.0/24 maxlen: 24
192.102.172.0/24 maxlen: 24
192.102.174.0/24 maxlen: 24
192.102.175.0/24 maxlen: 24
192.102.176.0/23 maxlen: 23
192.109.177.0/24 maxlen: 24
212.44.192.0/19 maxlen: 19
2a03:db80::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:8e:8d:8b:bd:17:2c:df:f8:42:5b:59:4b:e4:33:a1:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
Validity
Not Before: Feb 24 07:29:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=64f23da9fb3481551ff064df71f59a3b66c55d6d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:31:b5:94:7c:2f:bf:05:30:a1:c0:ea:ca:56:
c7:8f:56:b7:21:3a:04:4a:c7:1b:99:b7:13:ce:a7:
6e:b2:40:eb:16:4e:5e:48:08:33:93:ed:60:d6:a2:
71:6f:84:32:1b:e7:aa:10:00:31:84:f7:20:92:69:
c9:83:71:e2:20:cd:a5:99:25:c2:56:bd:ea:28:51:
99:0f:3f:03:39:d4:a4:e1:7b:80:88:72:6f:9b:f8:
8a:f8:b8:56:ea:e2:e9:00:08:29:84:91:50:98:f1:
0c:b1:2c:97:e8:78:c5:b7:06:7c:17:90:6b:b3:0a:
08:be:c1:e5:8c:fb:c7:e9:8f:49:e2:dc:b6:8c:24:
2a:fe:78:c2:a6:0a:62:0e:78:ac:ac:24:d7:6e:7b:
c4:24:cd:41:da:a8:15:87:ed:4e:e8:8a:4a:24:db:
76:6a:71:4f:e1:c8:e7:55:bd:1d:42:30:d1:95:53:
52:aa:7b:cf:f2:c7:ad:86:3e:1e:a3:b8:bb:b9:db:
31:8d:94:9b:d2:99:7e:ee:fc:54:81:80:e3:06:47:
fb:f9:27:d8:5b:fa:29:d5:94:a6:e9:40:4e:bd:a1:
6a:5a:81:b0:29:1b:f9:ec:a7:d8:87:47:06:65:70:
68:46:47:be:b2:be:e9:f2:94:db:f1:00:6d:bc:9d:
44:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:F2:3D:A9:FB:34:81:55:1F:F0:64:DF:71:F5:9A:3B:66:C5:5D:6D
X509v3 Authority Key Identifier:
keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/ZPI9qfs0gVUf8GTfcfWaO2bFXW0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.246.64.0/21
129.26.0.0/16
129.233.128.0/18
129.233.210.0/24
129.233.224.0/20
153.96.0.0/15
192.35.149.0-192.35.153.255
192.44.5.0-192.44.6.255
192.44.8.0/24
192.44.12.0/24
192.44.15.0/24
192.44.18.0/24
192.44.20.0/23
192.44.23.0/24
192.44.25.0-192.44.26.255
192.44.28.0/22
192.44.36.0-192.44.40.255
192.54.34.0/23
192.76.148.0/24
192.76.241.0/24
192.76.245.0-192.76.248.255
192.88.108.0/24
192.102.150.0-192.102.153.255
192.102.156.0/24
192.102.158.0-192.102.164.255
192.102.167.0-192.102.170.255
192.102.172.0/24
192.102.174.0-192.102.177.255
192.109.177.0/24
212.44.192.0/19
IPv6:
2a03:db80::/32
Signature Algorithm: sha256WithRSAEncryption
36:85:6d:35:cb:b7:f1:ea:fb:d7:4e:6a:f2:37:fa:ed:5a:b0:
e3:d8:09:8d:b6:09:a9:2f:54:51:20:b6:e4:f3:93:ca:8c:6c:
93:9a:c3:f3:3d:43:23:81:8e:59:33:53:14:53:9f:b4:65:59:
eb:ab:e6:8f:4e:4f:a4:5c:37:22:80:9c:57:86:2b:50:1a:4f:
69:66:90:92:f9:39:00:63:73:61:d0:6b:ef:5c:2b:db:fc:21:
7c:bb:b7:52:54:61:90:4d:99:50:0d:76:88:24:c0:e4:4d:6a:
06:a6:2f:f6:76:7e:d6:9b:6a:90:a9:d9:a2:bc:73:c6:4a:21:
5c:6e:e9:7f:8f:46:68:7d:52:84:1e:f9:be:1d:35:a7:13:50:
5f:c6:14:de:ec:03:bb:9a:e4:21:b8:eb:ee:27:a8:71:ec:8a:
0f:ab:7d:52:79:45:d8:dd:8d:5f:73:15:83:0a:49:34:cb:97:
b1:ff:9f:31:f3:14:92:0e:5b:3c:ac:e4:97:62:72:21:8f:ae:
e3:06:c0:d1:2a:c5:0d:f4:36:69:7c:d3:1c:77:00:54:40:01:
aa:24:68:62:1c:be:84:ec:b0:f2:62:0b:e4:bc:1e:56:dc:8a:
5d:e1:3f:45:ca:64:6b:19:42:fc:78:0c:17:9d:bc:69:01:a6:
df:6d:76:51
-----BEGIN CERTIFICATE-----
MIIGCTCCBPGgAwIBAgISAZyOjYu9Fyzf+EJbWUvkM6EaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjYwMjI0MDcyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGYyM2RhOWZiMzQ4MTU1MWZmMDY0ZGY3MWY1OWEzYjY2YzU1ZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDG1lHwvvwUwocDqylbHj1a3IToE
SscbmbcTzqduskDrFk5eSAgzk+1g1qJxb4QyG+eqEAAxhPcgkmnJg3HiIM2lmSXC
Vr3qKFGZDz8DOdSk4XuAiHJvm/iK+LhW6uLpAAgphJFQmPEMsSyX6HjFtwZ8F5Br
swoIvsHljPvH6Y9J4ty2jCQq/njCpgpiDnisrCTXbnvEJM1B2qgVh+1O6IpKJNt2
anFP4cjnVb0dQjDRlVNSqnvP8sethj4eo7i7udsxjZSb0pl+7vxUgYDjBkf7+SfY
W/op1ZSm6UBOvaFqWoGwKRv57KfYh0cGZXBoRke+sr7p8pTb8QBtvJ1EXwIDAQAB
o4IDFTCCAxEwHQYDVR0OBBYEFGTyPan7NIFVH/Bk33H1mjtmxV1tMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvWlBJOXFmczBnVlVmOEdUZmNmV2FPMmJGWFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKQYIKwYBBQUHAQcBAf8EggEYMIIBFDCCAQEEAgABMIH6
AwQDVPZAAwMAgRoDBAaB6YADBACB6dIDBASB6eADAwGZYDAMAwQAwCOVAwQBwCOY
MAwDBADALAUDBADALAYDBADALAgDBADALAwDBADALA8DBADALBIDBAHALBQDBADA
LBcwDAMEAMAsGQMEAMAsGgMEAsAsHDAMAwQCwCwkAwQAwCwoAwQBwDYiAwQAwEyU
AwQAwEzxMAwDBADATPUDBADATPgDBADAWGwwDAMEAcBmlgMEAcBmmAMEAMBmnDAM
AwQBwGaeAwQAwGakMAwDBADAZqcDBADAZqoDBADAZqwwDAMEAcBmrgMEAcBmsAME
AMBtsQMEBdQswDANBAIAAjAHAwUAKgPbgDANBgkqhkiG9w0BAQsFAAOCAQEANoVt
Ncu38er7105q8jf67Vqw49gJjbYJqS9UUSC25POTyoxsk5rD8z1DI4GOWTNTFFOf
tGVZ66vmj05PpFw3IoCcV4YrUBpPaWaQkvk5AGNzYdBr71wr2/whfLu3UlRhkE2Z
UA12iCTA5E1qBqYv9nZ+1ptqkKnZorxzxkohXG7pf49GaH1ShB75vh01pxNQX8YU
3uwDu5rkIbjr7ieoceyKD6t9UnlF2N2NX3MVgwpJNMuXsf+fMfMUkg5bPKzkl2Jy
IY+u4wbA0SrFDfQ2aXzTHHcAVEABqiRoYhy+hOyw8mIL5LweVtyKXeE/RcpkaxlC
/HgMF528aQGm3212UQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:58:26 2026 by rpki-client