Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/znK95_JFl0pNvLfj6OXmewYJypk.roa
File: znK95_JFl0pNvLfj6OXmewYJypk.roa (raw, json)
Hash identifier: KuT2Fb0+p87DW0EC5Dzu5qZfHaXjG7VpnPReGDVhA8c=
Subject key identifier: CE:72:BD:E7:F2:45:97:4A:4D:BC:B7:E3:E8:E5:E6:7B:06:09:CA:99
Certificate issuer: /CN=d8772aac1b62b87d6b01d57a1a00a6a72b8a7da6
Certificate serial: 019C6AF9154ACB3BEA61660E542A4965B684
Authority key identifier: D8:77:2A:AC:1B:62:B8:7D:6B:01:D5:7A:1A:00:A6:A7:2B:8A:7D:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/znK95_JFl0pNvLfj6OXmewYJypk.roa
Signing time: Tue 17 Feb 2026 09:40:34 +0000
ROA not before: Tue 17 Feb 2026 09:40:34 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 1299
IP address blocks: 139.123.225.0/24 maxlen: 24
139.123.228.0/24 maxlen: 24
139.123.232.0/24 maxlen: 24
193.24.65.0/24 maxlen: 24
193.24.66.0/24 maxlen: 25
193.24.68.0/24 maxlen: 25
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.crl
rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.mft
rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 06:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:6a:f9:15:4a:cb:3b:ea:61:66:0e:54:2a:49:65:b6:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8772aac1b62b87d6b01d57a1a00a6a72b8a7da6
Validity
Not Before: Feb 17 09:40:34 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ce72bde7f245974a4dbcb7e3e8e5e67b0609ca99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:cb:fd:71:36:d5:df:a5:9c:4a:e3:0b:6d:fe:
89:14:e1:7a:6d:36:3f:e6:57:51:1b:9b:0c:8e:e5:
17:8d:c1:f7:c9:e2:a9:66:d4:c9:2a:48:db:0c:15:
af:a1:01:09:3b:b5:f7:10:cf:c8:aa:19:08:fe:ed:
e9:05:6c:b1:c8:f1:d5:31:e4:d7:7d:0d:4f:8e:65:
7f:89:44:53:78:e7:ab:8d:7b:46:ad:f3:fe:74:b5:
9e:39:e5:2b:08:39:16:cf:4e:b0:6f:f7:a9:91:54:
c7:d4:68:66:f8:5b:36:88:ba:d1:1f:0a:fc:f0:47:
b9:86:36:4f:c7:0e:48:2e:c8:fe:bd:45:4e:01:53:
d1:4e:d7:78:82:f5:91:af:27:7f:88:f5:e2:55:61:
26:fd:40:63:e7:64:f4:4b:83:6a:8e:9e:c5:48:36:
f8:18:2e:c6:90:87:df:c1:52:81:33:c9:d2:11:0f:
6d:0d:65:68:25:4e:14:17:44:05:8b:cb:18:5c:87:
fc:e2:7c:ae:c5:66:e6:da:08:9f:b7:b1:c4:3e:85:
f6:58:80:d0:5c:91:2f:19:93:8b:2a:c0:cd:ab:da:
23:02:2f:91:fa:79:2b:59:02:78:2a:2a:41:db:79:
1c:43:48:e1:7c:9c:e9:b8:b6:91:5a:5e:66:67:e6:
4a:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:72:BD:E7:F2:45:97:4A:4D:BC:B7:E3:E8:E5:E6:7B:06:09:CA:99
X509v3 Authority Key Identifier:
keyid:D8:77:2A:AC:1B:62:B8:7D:6B:01:D5:7A:1A:00:A6:A7:2B:8A:7D:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/znK95_JFl0pNvLfj6OXmewYJypk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
139.123.225.0/24
139.123.228.0/24
139.123.232.0/24
193.24.65.0-193.24.66.255
193.24.68.0/24
Signature Algorithm: sha256WithRSAEncryption
0a:8f:dd:09:de:05:1b:b9:81:0c:12:71:b1:ec:8b:be:74:c7:
66:51:43:5d:ef:a3:45:d1:49:09:9c:73:1c:92:69:50:cf:08:
c5:2b:20:7b:d6:ab:65:1b:de:c7:28:c8:93:74:b8:f1:e6:8c:
3c:dd:1d:16:a7:95:c7:38:bd:48:a0:aa:48:45:a7:1d:0b:e5:
23:1e:c1:25:3f:cd:41:ad:a6:fa:34:ae:b3:0a:72:21:5d:90:
ed:6e:e7:4c:46:43:1e:d4:27:c2:a7:34:f7:de:42:09:5f:15:
f1:e4:3b:38:09:38:89:fc:e1:ad:1f:45:25:dc:72:45:06:c7:
26:cd:a1:bb:b8:02:c1:11:a3:34:41:5a:12:52:55:07:4d:8f:
f9:f8:db:b0:3a:ac:f0:bc:06:b7:2b:02:15:3b:e1:fd:4e:b8:
2a:db:90:50:90:5e:6b:a8:2b:ea:c2:82:6e:a2:25:f2:be:33:
f2:35:c7:20:0a:81:fd:e3:7d:7e:4d:f3:73:97:7d:7a:79:24:
1e:c5:b9:23:1f:7c:69:0b:a3:f6:2f:b4:f0:cd:1d:ad:2f:5c:
7b:26:c0:aa:42:d6:73:ef:19:34:03:bf:29:47:5e:53:a4:2f:
81:60:b2:10:53:9f:56:6f:04:bc:a9:12:e5:66:87:94:46:95:
74:9b:21:58
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZxq+RVKyzvqYWYOVCpJZbaEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NzcyYWFjMWI2MmI4N2Q2YjAxZDU3YTFhMDBhNmE3MmI4
YTdkYTYwHhcNMjYwMjE3MDk0MDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTcyYmRlN2YyNDU5NzRhNGRiY2I3ZTNlOGU1ZTY3YjA2MDljYTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8v9cTbV36WcSuMLbf6JFOF6bTY/
5ldRG5sMjuUXjcH3yeKpZtTJKkjbDBWvoQEJO7X3EM/IqhkI/u3pBWyxyPHVMeTX
fQ1PjmV/iURTeOerjXtGrfP+dLWeOeUrCDkWz06wb/epkVTH1Ghm+Fs2iLrRHwr8
8Ee5hjZPxw5ILsj+vUVOAVPRTtd4gvWRryd/iPXiVWEm/UBj52T0S4Nqjp7FSDb4
GC7GkIffwVKBM8nSEQ9tDWVoJU4UF0QFi8sYXIf84nyuxWbm2gift7HEPoX2WIDQ
XJEvGZOLKsDNq9ojAi+R+nkrWQJ4KipB23kcQ0jhfJzpuLaRWl5mZ+ZKfwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFM5yvefyRZdKTby34+jl5nsGCcqZMB8GA1UdIwQY
MBaAFNh3KqwbYrh9awHVehoApqcrin2mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkhjcXJCdGl1SDFyQWRWNkdnQ21weXVLZmFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My82MTZhNTgtNTM0Mi00MzJjLWE5YzUt
MzMzYmVlY2ZmNmY0LzEvem5LOTVfSkZsMHBOdkxmajZPWG1ld1lKeXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My82MTZhNTgtNTM0Mi00MzJjLWE5YzUtMzMzYmVlY2ZmNmY0
LzEvMkhjcXJCdGl1SDFyQWRWNkdnQ21weXVLZmFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAi3vhAwQA
i3vkAwQAi3voMAwDBADBGEEDBADBGEIDBADBGEQwDQYJKoZIhvcNAQELBQADggEB
AAqP3QneBRu5gQwScbHsi750x2ZRQ13vo0XRSQmccxySaVDPCMUrIHvWq2Ub3sco
yJN0uPHmjDzdHRanlcc4vUigqkhFpx0L5SMewSU/zUGtpvo0rrMKciFdkO1u50xG
Qx7UJ8KnNPfeQglfFfHkOzgJOIn84a0fRSXcckUGxybNobu4AsERozRBWhJSVQdN
j/n427A6rPC8BrcrAhU74f1OuCrbkFCQXmuoK+rCgm6iJfK+M/I1xyAKgf3jfX5N
83OXfXp5JB7FuSMffGkLo/YvtPDNHa0vXHsmwKpC1nPvGTQDvylHXlOkL4FgshBT
n1ZvBLypEuVmh5RGlXSbIVg=
-----END CERTIFICATE-----
Generated at Sun Mar 1 16:25:20 2026 by rpki-client