Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/CB7ZOTfRe3Lfy6bzU3USZ75HVvw.roa
File: CB7ZOTfRe3Lfy6bzU3USZ75HVvw.roa (raw, json)
Hash identifier: FlUrZcGjnxqC1lXl49edK/FXKIDYYIun/75ke4aPSyw=
Subject key identifier: 08:1E:D9:39:37:D1:7B:72:DF:CB:A6:F3:53:75:12:67:BE:47:56:FC
Certificate issuer: /CN=6416bc721c740c10fc7b0d8b1b358a2d35f488b7
Certificate serial: 019B7C12C9044400C30CE9C8EB84551F51CE
Authority key identifier: 64:16:BC:72:1C:74:0C:10:FC:7B:0D:8B:1B:35:8A:2D:35:F4:88:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZBa8chx0DBD8ew2LGzWKLTX0iLc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/CB7ZOTfRe3Lfy6bzU3USZ75HVvw.roa
Signing time: Fri 02 Jan 2026 00:19:24 +0000
ROA not before: Fri 02 Jan 2026 00:19:24 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 43973
IP address blocks: 79.142.16.0/20 maxlen: 20
79.142.16.0/23 maxlen: 24
79.142.18.0/23 maxlen: 24
79.142.20.0/23 maxlen: 24
79.142.22.0/23 maxlen: 24
79.142.24.0/23 maxlen: 24
79.142.26.0/23 maxlen: 24
79.142.28.0/23 maxlen: 24
79.142.30.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/ZBa8chx0DBD8ew2LGzWKLTX0iLc.crl
rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/ZBa8chx0DBD8ew2LGzWKLTX0iLc.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZBa8chx0DBD8ew2LGzWKLTX0iLc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 21:01:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:12:c9:04:44:00:c3:0c:e9:c8:eb:84:55:1f:51:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6416bc721c740c10fc7b0d8b1b358a2d35f488b7
Validity
Not Before: Jan 2 00:19:24 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=081ed93937d17b72dfcba6f353751267be4756fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:a7:6c:ee:6c:18:72:50:fd:92:8e:10:b9:96:
05:2a:bb:ca:f1:b5:e9:f2:28:e2:ea:e2:b9:34:c5:
f1:a5:a0:da:ba:57:30:12:ed:3f:bc:fa:75:51:e1:
46:b2:3b:8b:67:ab:cf:fd:e2:a3:0d:46:78:7a:83:
46:77:41:f5:2f:55:20:49:76:5a:1d:87:40:51:e6:
45:15:55:6a:c2:67:02:99:53:3f:39:4a:93:d9:2a:
42:95:4a:31:b5:e1:bb:75:a1:93:31:c5:2f:84:10:
d6:7a:a5:17:37:4d:ec:7f:a3:92:30:21:59:6f:f1:
b9:9b:7b:7e:55:fa:a2:da:64:c3:1b:16:20:9e:02:
39:96:d5:b1:17:af:1c:e9:07:e2:5c:21:b2:f0:59:
19:7f:7e:9c:8f:45:76:d8:f6:84:ff:51:43:cc:f6:
93:2a:c8:24:ba:9f:63:8f:42:dd:2a:db:ac:db:a0:
30:fe:de:6a:e1:ba:e5:f6:9a:19:58:19:1e:4e:8d:
e5:cf:e1:27:04:f4:0b:3c:04:ff:8b:50:55:5b:f9:
d0:54:24:b2:bf:70:53:47:1d:3c:f0:49:5a:39:7e:
c4:e5:e0:b7:c5:c2:fe:1e:e7:bb:59:97:4b:ed:31:
84:bb:47:01:63:8b:5c:0d:7c:cc:28:ab:d2:d0:24:
58:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:1E:D9:39:37:D1:7B:72:DF:CB:A6:F3:53:75:12:67:BE:47:56:FC
X509v3 Authority Key Identifier:
keyid:64:16:BC:72:1C:74:0C:10:FC:7B:0D:8B:1B:35:8A:2D:35:F4:88:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBa8chx0DBD8ew2LGzWKLTX0iLc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/CB7ZOTfRe3Lfy6bzU3USZ75HVvw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/ZBa8chx0DBD8ew2LGzWKLTX0iLc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.142.16.0/20
Signature Algorithm: sha256WithRSAEncryption
df:18:86:46:57:c0:41:10:34:c7:67:ad:2e:a2:fd:c2:f4:dd:
2c:53:53:0a:6f:d0:de:7f:7c:ca:91:8f:73:c5:04:26:08:90:
df:1e:b1:78:b4:ca:bd:84:aa:4a:81:83:a4:ae:a2:1f:5a:19:
87:3c:79:ff:96:5d:b0:01:ba:7f:9e:b9:2a:f7:43:14:5f:a3:
64:19:26:2b:cc:14:e8:bf:f8:df:cf:ec:40:db:c3:1f:c2:05:
09:57:3b:37:1b:9e:7e:31:8e:44:53:b2:3f:1d:72:c7:7a:c5:
07:e2:ad:fe:27:eb:b8:2e:fe:e6:9e:57:57:81:cc:29:ad:77:
8b:a3:c5:e1:92:31:85:bc:4f:95:d3:66:06:e9:93:ae:c1:9f:
30:13:96:45:6c:10:02:fa:39:2d:27:f8:4a:c0:af:9c:1d:b9:
13:80:42:20:16:ba:a9:f6:ff:ab:b3:32:3c:7f:d7:58:cf:b1:
e6:80:7a:79:9f:07:ff:66:d2:2e:22:49:6e:8f:b3:d5:8b:9a:
27:b1:c7:8c:ee:db:36:7d:ac:f8:0a:63:f6:90:94:cc:de:89:
c4:f3:fd:dc:78:dc:b0:c5:b8:8f:af:29:54:d5:5a:fc:02:b5:
f7:ce:e4:bf:d9:7f:2d:ea:fd:40:49:7d:9e:89:0b:d2:30:06:
73:8c:39:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EskERADDDOnI64RVH1HOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTZiYzcyMWM3NDBjMTBmYzdiMGQ4YjFiMzU4YTJkMzVm
NDg4YjcwHhcNMjYwMTAyMDAxOTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODFlZDkzOTM3ZDE3YjcyZGZjYmE2ZjM1Mzc1MTI2N2JlNDc1NmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKds7mwYclD9ko4QuZYFKrvK8bXp
8iji6uK5NMXxpaDaulcwEu0/vPp1UeFGsjuLZ6vP/eKjDUZ4eoNGd0H1L1UgSXZa
HYdAUeZFFVVqwmcCmVM/OUqT2SpClUoxteG7daGTMcUvhBDWeqUXN03sf6OSMCFZ
b/G5m3t+Vfqi2mTDGxYgngI5ltWxF68c6QfiXCGy8FkZf36cj0V22PaE/1FDzPaT
Ksgkup9jj0LdKtus26Aw/t5q4brl9poZWBkeTo3lz+EnBPQLPAT/i1BVW/nQVCSy
v3BTRx088ElaOX7E5eC3xcL+Hue7WZdL7TGEu0cBY4tcDXzMKKvS0CRYFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAge2Tk30Xty38um81N1Eme+R1b8MB8GA1UdIwQY
MBaAFGQWvHIcdAwQ/HsNixs1ii019Ii3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJhOGNoeDBEQkQ4ZXcyTEd6V0tMVFgwaUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy82ZGIyNjQtNzNkNC00M2FjLWE5N2Ut
NTkwYjFiMmE0NjA5LzEvQ0I3Wk9UZlJlM0xmeTZielUzVVNaNzVIVnZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy82ZGIyNjQtNzNkNC00M2FjLWE5N2UtNTkwYjFiMmE0NjA5
LzEvWkJhOGNoeDBEQkQ4ZXcyTEd6V0tMVFgwaUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQET44QMA0G
CSqGSIb3DQEBCwUAA4IBAQDfGIZGV8BBEDTHZ60uov3C9N0sU1MKb9Def3zKkY9z
xQQmCJDfHrF4tMq9hKpKgYOkrqIfWhmHPHn/ll2wAbp/nrkq90MUX6NkGSYrzBTo
v/jfz+xA28MfwgUJVzs3G55+MY5EU7I/HXLHesUH4q3+J+u4Lv7mnldXgcwprXeL
o8XhkjGFvE+V02YG6ZOuwZ8wE5ZFbBAC+jktJ/hKwK+cHbkTgEIgFrqp9v+rszI8
f9dYz7HmgHp5nwf/ZtIuIkluj7PVi5onsceM7ts2faz4CmP2kJTM3onE8/3ceNyw
xbiPrylU1Vr8ArX3zuS/2X8t6v1ASX2eiQvSMAZzjDlC
-----END CERTIFICATE-----
Generated at Mon Mar 2 07:35:15 2026 by rpki-client