Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/znw2lGJYdWMaH-96bNZbXnmEmJI.roa
File: znw2lGJYdWMaH-96bNZbXnmEmJI.roa (raw, json)
Hash identifier: pJY5P5M8s7+KZK1kLeYuyhSxXiBIJe995ohMNelQDGc=
Subject key identifier: CE:7C:36:94:62:58:75:63:1A:1F:EF:7A:6C:D6:5B:5E:79:84:98:92
Certificate issuer: /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial: 019C33CA2C091BB3C49EEAB4B93461783507
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/znw2lGJYdWMaH-96bNZbXnmEmJI.roa
Signing time: Fri 06 Feb 2026 16:30:13 +0000
ROA not before: Fri 06 Feb 2026 16:30:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213220
IP address blocks: 95.182.108.0/24 maxlen: 24
95.182.110.0/24 maxlen: 24
109.248.6.0/23 maxlen: 24
109.248.33.0/24 maxlen: 24
109.248.45.0/24 maxlen: 24
109.248.168.0/24 maxlen: 24
188.130.209.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:33:ca:2c:09:1b:b3:c4:9e:ea:b4:b9:34:61:78:35:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
Validity
Not Before: Feb 6 16:30:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ce7c3694625875631a1fef7a6cd65b5e79849892
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:ac:83:fb:de:11:2e:b8:e3:78:48:b0:1f:bd:
ab:cc:af:bd:d6:68:d2:ce:4b:d1:34:05:8a:bf:91:
69:f9:8b:94:cf:32:45:bc:6d:57:f1:b8:86:c6:a2:
9e:88:6e:bd:ff:12:ad:a4:8c:b4:ec:28:3c:8c:f6:
58:58:1b:e8:cd:08:89:b3:60:4e:54:4a:17:5d:cb:
76:3d:1a:69:9a:0d:92:df:5d:e5:d2:30:05:3e:95:
98:d3:05:32:aa:ef:e7:db:c2:44:62:c2:68:5a:17:
68:a4:75:5c:59:1e:18:83:fe:1c:cd:79:32:d2:df:
39:c3:90:1d:82:13:5f:4e:ff:4c:96:f5:06:36:5f:
c7:48:58:38:95:51:e0:d9:e2:99:5e:00:6b:23:b8:
0b:e3:9e:ad:49:ff:3b:ec:54:1b:00:2c:ef:11:8d:
e1:b4:75:2b:9e:f3:bc:5e:68:d6:a7:9b:00:11:1c:
48:15:e9:98:f0:b7:0c:9e:cb:76:61:48:f8:0a:af:
0c:38:ae:80:5e:82:73:d2:02:b8:23:9b:b0:e3:26:
ee:9f:45:dc:15:26:61:6a:40:45:b3:d2:a6:bc:8c:
22:7f:d8:7c:83:44:74:6d:28:ca:ba:fb:00:bf:06:
7d:43:45:f3:e8:a0:1c:70:d5:8d:b9:cf:f6:95:d3:
e0:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:7C:36:94:62:58:75:63:1A:1F:EF:7A:6C:D6:5B:5E:79:84:98:92
X509v3 Authority Key Identifier:
keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/znw2lGJYdWMaH-96bNZbXnmEmJI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.182.108.0/24
95.182.110.0/24
109.248.6.0/23
109.248.33.0/24
109.248.45.0/24
109.248.168.0/24
188.130.209.0/24
Signature Algorithm: sha256WithRSAEncryption
86:43:47:8b:fa:12:26:1d:23:58:a4:d8:b2:3c:f1:7a:20:47:
02:e1:c5:9f:6b:1c:cc:66:39:f1:d1:23:dc:40:14:b4:ac:86:
e3:52:46:8b:20:2d:e0:a9:47:6e:df:a6:9a:25:06:af:de:8d:
cf:c3:0a:34:37:2e:34:41:f2:d3:fb:f6:fa:90:ae:36:94:11:
fd:12:a6:7e:a7:96:62:28:e4:3b:a5:09:8b:dc:3f:f7:6c:18:
ca:aa:9c:67:b0:a2:68:7d:a4:b2:67:6a:c6:d8:c0:ee:c4:38:
b3:6c:ee:e8:8b:af:b6:e4:9e:54:36:1c:29:52:16:79:53:75:
9d:7d:7b:fe:9c:a2:30:45:6c:ef:ba:6b:73:11:bc:e1:f5:6e:
99:fa:bf:13:30:6c:be:4c:c5:89:8f:a7:df:76:fb:12:8a:eb:
0a:33:59:05:52:e8:e0:84:6c:4f:cf:11:2c:1e:84:9c:f8:f2:
28:70:e3:90:c4:f2:0a:c7:8c:f9:d6:4d:65:c3:20:dc:1d:a5:
83:4c:32:33:51:63:39:9a:c2:dc:36:ff:59:66:fa:a8:b3:fc:
15:e2:23:8b:ea:ac:31:40:0d:80:38:e8:3f:66:61:b1:db:ac:
0c:99:b4:0e:d9:20:8c:ee:6f:90:ec:23:a1:a0:84:f3:27:92:
4c:2c:b2:e7
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZwzyiwJG7PEnuq0uTRheDUHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMjA2MTYzMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTdjMzY5NDYyNTg3NTYzMWExZmVmN2E2Y2Q2NWI1ZTc5ODQ5ODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqyD+94RLrjjeEiwH72rzK+91mjS
zkvRNAWKv5Fp+YuUzzJFvG1X8biGxqKeiG69/xKtpIy07Cg8jPZYWBvozQiJs2BO
VEoXXct2PRppmg2S313l0jAFPpWY0wUyqu/n28JEYsJoWhdopHVcWR4Yg/4czXky
0t85w5AdghNfTv9MlvUGNl/HSFg4lVHg2eKZXgBrI7gL456tSf877FQbACzvEY3h
tHUrnvO8XmjWp5sAERxIFemY8LcMnst2YUj4Cq8MOK6AXoJz0gK4I5uw4ybun0Xc
FSZhakBFs9KmvIwif9h8g0R0bSjKuvsAvwZ9Q0Xz6KAccNWNuc/2ldPg9QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFM58NpRiWHVjGh/vemzWW155hJiSMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvem53MmxHSllkV01hSC05NmJOWmJYbm1FbUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAX7ZsAwQA
X7ZuAwQBbfgGAwQAbfghAwQAbfgtAwQAbfioAwQAvILRMA0GCSqGSIb3DQEBCwUA
A4IBAQCGQ0eL+hImHSNYpNiyPPF6IEcC4cWfaxzMZjnx0SPcQBS0rIbjUkaLIC3g
qUdu36aaJQav3o3Pwwo0Ny40QfLT+/b6kK42lBH9EqZ+p5ZiKOQ7pQmL3D/3bBjK
qpxnsKJofaSyZ2rG2MDuxDizbO7oi6+25J5UNhwpUhZ5U3WdfXv+nKIwRWzvumtz
Ebzh9W6Z+r8TMGy+TMWJj6ffdvsSiusKM1kFUujghGxPzxEsHoSc+PIocOOQxPIK
x4z51k1lwyDcHaWDTDIzUWM5msLcNv9ZZvqos/wV4iOL6qwxQA2AOOg/ZmGx26wM
mbQO2SCM7m+Q7COhoITzJ5JMLLLn
-----END CERTIFICATE-----
Generated at Mon Mar 2 00:49:07 2026 by rpki-client