Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f906d5-63d8-41fa-a2cf-5c37ca7a57a5/1/Z2hi7ItQ4ePG-89oC3NsOmcwohk.roa
File: Z2hi7ItQ4ePG-89oC3NsOmcwohk.roa (raw, json)
Hash identifier: hpOgQ0YBy/9da8UmbyZyoarOicwd5QMZEwe4cjjhqvg=
Subject key identifier: 67:68:62:EC:8B:50:E1:E3:C6:FB:CF:68:0B:73:6C:3A:67:30:A2:19
Certificate issuer: /CN=3f8b0dcb79fe0ae48ba83269ec12838470cae90a
Certificate serial: 019C7BAAA5032C4E3A59FD47F95C2407C2A8
Authority key identifier: 3F:8B:0D:CB:79:FE:0A:E4:8B:A8:32:69:EC:12:83:84:70:CA:E9:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P4sNy3n-CuSLqDJp7BKDhHDK6Qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/f906d5-63d8-41fa-a2cf-5c37ca7a57a5/1/Z2hi7ItQ4ePG-89oC3NsOmcwohk.roa
Signing time: Fri 20 Feb 2026 15:28:26 +0000
ROA not before: Fri 20 Feb 2026 15:28:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 1273
IP address blocks: 148.252.5.0/24 maxlen: 24
148.252.6.0/24 maxlen: 24
148.253.0.0/24 maxlen: 24
148.253.1.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4b/f906d5-63d8-41fa-a2cf-5c37ca7a57a5/1/P4sNy3n-CuSLqDJp7BKDhHDK6Qo.crl
rsync://rpki.ripe.net/repository/DEFAULT/4b/f906d5-63d8-41fa-a2cf-5c37ca7a57a5/1/P4sNy3n-CuSLqDJp7BKDhHDK6Qo.mft
rsync://rpki.ripe.net/repository/DEFAULT/P4sNy3n-CuSLqDJp7BKDhHDK6Qo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:7b:aa:a5:03:2c:4e:3a:59:fd:47:f9:5c:24:07:c2:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3f8b0dcb79fe0ae48ba83269ec12838470cae90a
Validity
Not Before: Feb 20 15:28:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=676862ec8b50e1e3c6fbcf680b736c3a6730a219
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:67:f1:a5:d7:bc:5a:80:1b:9b:7c:56:af:cf:
01:50:e7:6c:af:0c:37:7f:b2:39:e7:63:8b:58:6e:
f4:f2:52:c8:32:89:28:01:a3:97:87:e5:a0:db:08:
0f:a5:14:f9:ce:3a:49:c3:17:0b:20:d2:fb:9b:fb:
e6:2e:65:f8:d6:7d:d2:07:34:d3:c5:c6:f8:73:81:
29:1e:e0:36:95:4e:9f:47:55:01:44:53:a6:eb:20:
01:97:04:d0:fe:c9:3f:ad:dd:6f:33:96:cd:78:ef:
06:03:32:00:04:40:d3:7c:68:d0:09:5c:5a:f3:c6:
51:f3:60:50:19:84:94:d3:a7:fa:0a:f0:6a:3b:7b:
55:cb:10:a8:b2:1e:a9:9f:d4:f5:32:a9:3a:f3:f9:
6c:6b:06:1a:79:70:d2:21:1d:e9:79:37:5f:15:68:
6f:f4:ef:ac:1d:31:d6:ac:a7:5f:c5:08:b1:9c:81:
94:e7:e2:94:be:2f:7b:eb:3f:9a:06:56:31:ff:fe:
5f:e0:cc:1f:1b:7d:02:ec:a3:f8:8f:49:67:8c:6e:
d5:53:44:66:21:72:4c:7c:8e:35:8f:ae:8c:d5:bd:
59:88:46:e7:ae:5e:00:93:c2:26:20:58:ad:cb:b6:
8a:6f:c6:23:a5:c1:8f:6e:ab:bb:6e:93:18:1a:3d:
42:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:68:62:EC:8B:50:E1:E3:C6:FB:CF:68:0B:73:6C:3A:67:30:A2:19
X509v3 Authority Key Identifier:
keyid:3F:8B:0D:CB:79:FE:0A:E4:8B:A8:32:69:EC:12:83:84:70:CA:E9:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P4sNy3n-CuSLqDJp7BKDhHDK6Qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f906d5-63d8-41fa-a2cf-5c37ca7a57a5/1/Z2hi7ItQ4ePG-89oC3NsOmcwohk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f906d5-63d8-41fa-a2cf-5c37ca7a57a5/1/P4sNy3n-CuSLqDJp7BKDhHDK6Qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
148.252.5.0-148.252.6.255
148.253.0.0/23
Signature Algorithm: sha256WithRSAEncryption
61:e9:6a:44:d7:d4:b0:d9:4a:bb:a7:b9:b0:47:e1:93:66:2f:
4b:5f:35:07:28:b9:90:20:cb:ea:21:1e:1d:6e:70:70:0f:29:
87:82:a4:df:28:17:80:b5:d1:24:dc:0f:c6:18:ff:00:05:21:
ad:af:d7:49:26:bc:eb:60:68:fb:a5:0e:f1:2d:f1:6b:42:45:
f3:16:da:ab:18:de:7a:0a:3c:fe:e7:f1:bc:22:c7:0b:02:c3:
02:6d:1a:68:6e:4e:ac:d2:db:71:11:fa:9f:62:bd:1e:f2:2b:
e2:9f:3b:84:b2:ac:6f:a4:28:31:92:59:e7:a0:e9:42:44:5e:
d5:b5:61:2c:54:9e:5a:3a:54:b5:2e:fc:d2:4c:97:64:de:09:
f8:f7:4d:b3:8b:0e:17:67:43:3b:10:35:46:5a:71:01:d7:b7:
0a:a9:05:6b:48:a8:9d:66:5d:80:1d:36:f4:11:04:b1:8c:29:
e7:2f:41:e5:fb:b9:05:45:86:c7:50:01:3e:a6:0c:62:08:5e:
03:30:d4:74:a2:19:6b:18:2a:1d:98:e3:59:60:39:1b:d9:97:
a5:41:86:b8:81:7c:39:84:82:b2:9b:cd:38:cb:57:dc:23:41:
74:a6:55:5b:55:c4:9a:81:05:73:74:df:4e:48:c6:a8:db:f4:
3f:bf:9a:6d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZx7qqUDLE46Wf1H+VwkB8KoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmOGIwZGNiNzlmZTBhZTQ4YmE4MzI2OWVjMTI4Mzg0NzBj
YWU5MGEwHhcNMjYwMjIwMTUyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzY4NjJlYzhiNTBlMWUzYzZmYmNmNjgwYjczNmMzYTY3MzBhMjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmfxpde8WoAbm3xWr88BUOdsrww3
f7I552OLWG708lLIMokoAaOXh+Wg2wgPpRT5zjpJwxcLINL7m/vmLmX41n3SBzTT
xcb4c4EpHuA2lU6fR1UBRFOm6yABlwTQ/sk/rd1vM5bNeO8GAzIABEDTfGjQCVxa
88ZR82BQGYSU06f6CvBqO3tVyxCosh6pn9T1Mqk68/lsawYaeXDSIR3peTdfFWhv
9O+sHTHWrKdfxQixnIGU5+KUvi976z+aBlYx//5f4MwfG30C7KP4j0lnjG7VU0Rm
IXJMfI41j66M1b1ZiEbnrl4Ak8ImIFity7aKb8YjpcGPbqu7bpMYGj1C6QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGdoYuyLUOHjxvvPaAtzbDpnMKIZMB8GA1UdIwQY
MBaAFD+LDct5/grki6gyaewSg4RwyukKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDRzTnkzbi1DdVNMcURKcDdCS0RoSERLNlFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOTA2ZDUtNjNkOC00MWZhLWEyY2Yt
NWMzN2NhN2E1N2E1LzEvWjJoaTdJdFE0ZVBHLTg5b0MzTnNPbWN3b2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOTA2ZDUtNjNkOC00MWZhLWEyY2YtNWMzN2NhN2E1N2E1
LzEvUDRzTnkzbi1DdVNMcURKcDdCS0RoSERLNlFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBACU/AUD
BACU/AYDBAGU/QAwDQYJKoZIhvcNAQELBQADggEBAGHpakTX1LDZSrunubBH4ZNm
L0tfNQcouZAgy+ohHh1ucHAPKYeCpN8oF4C10STcD8YY/wAFIa2v10kmvOtgaPul
DvEt8WtCRfMW2qsY3noKPP7n8bwixwsCwwJtGmhuTqzS23ER+p9ivR7yK+KfO4Sy
rG+kKDGSWeeg6UJEXtW1YSxUnlo6VLUu/NJMl2TeCfj3TbOLDhdnQzsQNUZacQHX
twqpBWtIqJ1mXYAdNvQRBLGMKecvQeX7uQVFhsdQAT6mDGIIXgMw1HSiGWsYKh2Y
41lgORvZl6VBhriBfDmEgrKbzTjLV9wjQXSmVVtVxJqBBXN0305Ixqjb9D+/mm0=
-----END CERTIFICATE-----
Generated at Mon Mar 2 08:22:54 2026 by rpki-client