Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/aZTZQO0ZOzkqTGwCJPfnJ2ufoxU.roa
File: aZTZQO0ZOzkqTGwCJPfnJ2ufoxU.roa (raw, json)
Hash identifier: D3GFtfAyU4nkCyGbU5pDlfn4rnuPIgU4niixGcA5l3M=
Subject key identifier: 69:94:D9:40:ED:19:3B:39:2A:4C:6C:02:24:F7:E7:27:6B:9F:A3:15
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 019D9258193EECFE7D4246D7BBFBA3A0305E
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/aZTZQO0ZOzkqTGwCJPfnJ2ufoxU.roa
Signing time: Wed 15 Apr 2026 18:12:20 +0000
ROA not before: Wed 15 Apr 2026 18:12:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214822
IP address blocks: 170.168.10.0/24 maxlen: 24
170.168.15.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 06:00:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:92:58:19:3e:ec:fe:7d:42:46:d7:bb:fb:a3:a0:30:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: Apr 15 18:12:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6994d940ed193b392a4c6c0224f7e7276b9fa315
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:20:cf:c7:a3:2c:a1:c8:8f:4f:a6:b9:a2:eb:
54:9a:f4:5c:22:d4:d0:5b:81:fa:16:a2:ce:bb:91:
4c:c1:2d:a0:80:f2:12:d0:40:78:11:5d:97:c9:fa:
91:a6:2f:ef:20:2c:ca:52:9c:3b:b5:20:d9:18:ef:
3a:69:51:1a:ee:73:00:1c:77:d3:64:46:17:3a:5b:
95:a6:7a:97:0b:12:46:fe:90:7e:44:79:e9:f1:af:
1c:f0:24:6d:27:2e:57:b7:de:a8:ac:fa:60:c9:cf:
d7:41:7f:ba:f6:09:75:48:4a:bd:8e:1d:c0:19:44:
00:50:d3:ac:89:16:8b:0f:a6:88:d3:96:75:e2:a2:
8a:e4:9b:02:6c:84:26:4f:66:45:c9:e9:8f:f5:2e:
e6:95:f2:c8:ac:31:68:c1:24:e4:d6:c5:b8:54:b9:
6c:3c:8e:e7:f9:4d:3b:6b:23:d5:d3:56:75:ee:40:
b6:f8:ca:4d:8f:5e:16:90:74:c3:2a:e5:d3:24:45:
0c:51:be:36:da:8a:f9:7e:77:2e:e4:f8:ce:80:97:
ad:38:b5:c1:46:15:6b:d0:85:32:64:9e:3d:1e:40:
fa:42:ef:aa:7a:93:48:8c:6e:08:39:d3:a0:ab:b7:
05:a6:5e:56:f1:bf:97:22:ae:45:bd:44:8f:fc:58:
8b:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:94:D9:40:ED:19:3B:39:2A:4C:6C:02:24:F7:E7:27:6B:9F:A3:15
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/aZTZQO0ZOzkqTGwCJPfnJ2ufoxU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
170.168.10.0/24
170.168.15.0/24
Signature Algorithm: sha256WithRSAEncryption
69:e5:a4:6a:9b:6c:d6:cc:45:ee:ab:2d:f6:2d:20:9d:ed:f4:
6a:f1:47:c2:84:a7:a3:25:2b:71:18:d3:5a:cc:48:8a:50:d5:
37:c9:dc:f8:08:95:2b:c6:0d:ba:12:36:47:f7:db:ab:2c:84:
09:22:1f:ef:87:33:19:ac:bf:17:15:43:97:df:52:da:15:fa:
d0:74:db:8a:14:48:20:b7:6a:7c:ab:65:79:cf:e8:bc:85:0c:
dd:36:a6:b1:5a:01:4b:c6:c9:43:17:a7:a2:e2:b3:b9:82:69:
6b:af:da:71:bb:7f:15:55:8a:1d:7a:2d:15:7d:e5:94:c7:f5:
e5:61:66:17:4a:0c:26:52:ac:35:e6:42:c6:0b:8f:8d:c1:76:
70:85:51:f7:27:fa:05:d4:4a:34:43:fd:1c:d4:af:e3:09:3a:
ca:1f:cd:56:3d:89:54:30:eb:37:02:5c:47:9b:13:5f:5f:5d:
5c:31:da:2b:9a:ae:5e:d1:b5:f4:73:e5:07:0a:61:ac:f6:74:
bd:e6:8f:92:75:0d:7d:f5:39:d2:bd:04:6d:9f:5e:6b:c2:a0:
b1:6e:3e:91:73:32:75:46:10:f3:1a:f9:d0:92:6e:b0:8a:6e:
d3:4e:0d:8b:2a:e7:82:9b:81:46:d9:35:27:65:ca:a6:d5:b5:
7c:10:fd:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2SWBk+7P59QkbXu/ujoDBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwNDE1MTgxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTk0ZDk0MGVkMTkzYjM5MmE0YzZjMDIyNGY3ZTcyNzZiOWZhMzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSDPx6MsociPT6a5outUmvRcItTQ
W4H6FqLOu5FMwS2ggPIS0EB4EV2XyfqRpi/vICzKUpw7tSDZGO86aVEa7nMAHHfT
ZEYXOluVpnqXCxJG/pB+RHnp8a8c8CRtJy5Xt96orPpgyc/XQX+69gl1SEq9jh3A
GUQAUNOsiRaLD6aI05Z14qKK5JsCbIQmT2ZFyemP9S7mlfLIrDFowSTk1sW4VLls
PI7n+U07ayPV01Z17kC2+MpNj14WkHTDKuXTJEUMUb422or5fncu5PjOgJetOLXB
RhVr0IUyZJ49HkD6Qu+qepNIjG4IOdOgq7cFpl5W8b+XIq5FvUSP/FiLbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGmU2UDtGTs5KkxsAiT35ydrn6MVMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvYVpUWlFPMFpPemtxVEd3Q0pQZm5KMnVmb3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqqgKAwQA
qqgPMA0GCSqGSIb3DQEBCwUAA4IBAQBp5aRqm2zWzEXuqy32LSCd7fRq8UfChKej
JStxGNNazEiKUNU3ydz4CJUrxg26EjZH99urLIQJIh/vhzMZrL8XFUOX31LaFfrQ
dNuKFEggt2p8q2V5z+i8hQzdNqaxWgFLxslDF6ei4rO5gmlrr9pxu38VVYodei0V
feWUx/XlYWYXSgwmUqw15kLGC4+NwXZwhVH3J/oF1Eo0Q/0c1K/jCTrKH81WPYlU
MOs3AlxHmxNfX11cMdormq5e0bX0c+UHCmGs9nS95o+SdQ199TnSvQRtn15rwqCx
bj6RczJ1RhDzGvnQkm6wim7TTg2LKueCm4FG2TUnZcqm1bV8EP0/
-----END CERTIFICATE-----
Generated at Fri Apr 17 12:25:44 2026 by rpki-client