Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/TZIus5zjmse4f3-OgCEc93REP8k.roa
File: TZIus5zjmse4f3-OgCEc93REP8k.roa (raw, json)
Hash identifier: JY/S5KOhnuxDqIoyglkKKjCVinv5QC1WV2BBaIoWgqg=
Subject key identifier: 4D:92:2E:B3:9C:E3:9A:C7:B8:7F:7F:8E:80:21:1C:F7:74:44:3F:C9
Certificate issuer: /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial: 019D85573DE1959C085C89B796BE136CB23D
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/TZIus5zjmse4f3-OgCEc93REP8k.roa
Signing time: Mon 13 Apr 2026 05:36:20 +0000
ROA not before: Mon 13 Apr 2026 05:36:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3320
IP address blocks: 147.90.5.0/24 maxlen: 24
147.90.29.0/24 maxlen: 24
147.90.38.0/24 maxlen: 24
147.90.56.0/24 maxlen: 24
147.90.57.0/24 maxlen: 24
147.90.58.0/24 maxlen: 24
147.90.75.0/24 maxlen: 24
147.90.112.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:85:57:3d:e1:95:9c:08:5c:89:b7:96:be:13:6c:b2:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
Validity
Not Before: Apr 13 05:36:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4d922eb39ce39ac7b87f7f8e80211cf774443fc9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:c3:e6:37:e1:35:42:7d:13:a6:5c:6e:0f:b9:
5c:2a:61:ad:1e:43:f5:db:e3:dc:4f:07:d1:78:09:
b4:be:52:9a:fb:5c:31:71:0e:22:b6:a3:7b:f9:c3:
7f:07:6c:14:f9:0a:d8:16:15:fb:6a:2f:e6:25:e8:
5e:a6:da:b6:06:86:36:b7:a8:b7:42:50:fd:3f:99:
21:21:5d:dc:fd:52:64:d6:42:13:94:6c:d2:c2:52:
db:ac:c4:f4:ed:c9:a1:a1:27:18:c1:a9:07:c3:98:
55:9e:df:23:40:e8:47:4f:4d:82:53:6a:82:d0:64:
82:07:98:2a:a5:fa:cc:0d:7d:01:63:7e:06:d3:88:
7e:e9:5b:d0:71:02:bf:c3:e1:96:12:53:45:35:36:
7b:9f:25:22:0f:91:b0:17:74:75:26:5e:d6:8e:d0:
85:7c:2a:73:21:74:2d:c6:2e:f9:25:af:a2:75:c6:
ed:b9:13:c6:15:31:09:6c:2f:b5:21:71:87:11:3c:
62:4c:53:42:ce:e7:71:e3:25:c0:49:4e:fd:bc:f1:
52:e7:61:7c:96:c9:43:d7:a8:2a:05:1d:ae:0a:f1:
2c:1d:1c:ea:60:24:91:9a:2b:02:e4:8b:81:4c:3a:
86:b3:52:ca:17:81:9e:66:93:00:f6:ca:f5:5f:96:
de:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:92:2E:B3:9C:E3:9A:C7:B8:7F:7F:8E:80:21:1C:F7:74:44:3F:C9
X509v3 Authority Key Identifier:
keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/TZIus5zjmse4f3-OgCEc93REP8k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.90.5.0/24
147.90.29.0/24
147.90.38.0/24
147.90.56.0-147.90.58.255
147.90.75.0/24
147.90.112.0/24
Signature Algorithm: sha256WithRSAEncryption
ab:0a:4d:b9:51:ce:a5:f2:83:47:bc:88:8e:17:05:99:2d:df:
3b:67:1a:e1:4b:7d:4e:98:c4:3d:d9:38:9e:79:49:23:27:d8:
44:2c:21:0a:0e:1c:93:2b:41:e7:dc:e0:a2:f7:b3:1f:8e:78:
46:8f:37:7c:6c:74:e5:6d:85:03:d3:d1:20:29:b3:95:ed:ef:
86:90:f8:2d:c1:c9:0c:0c:85:06:d2:22:96:a9:71:59:fb:a5:
6b:24:42:fa:bf:74:f4:af:25:40:59:60:d0:b4:64:dd:0a:32:
76:d3:87:5c:23:8b:19:e9:21:0f:4e:3d:ad:62:a3:0e:92:5d:
16:0a:4b:e0:77:f6:07:6b:1f:81:40:b0:44:9f:13:5e:02:e8:
8f:04:4a:ff:86:d1:ca:40:a8:6e:7e:c0:66:0a:47:f3:e4:f3:
09:bd:25:cb:09:80:33:6e:7b:6f:7f:93:cd:4b:28:78:38:da:
4b:e4:f6:b8:c8:bd:f4:ab:5d:f9:66:65:a9:dd:b5:80:62:6f:
d7:49:51:85:98:af:81:22:f4:b7:e9:2c:42:36:f7:59:42:67:
d3:4c:97:18:57:46:51:58:a5:c7:05:93:fa:11:a5:db:88:c2:
80:ad:0a:69:14:90:0e:e6:dc:c7:de:4d:60:ca:c9:94:bb:72:
fc:fd:18:c5
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZ2FVz3hlZwIXIm3lr4TbLI9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDEzMDUzNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDkyMmViMzljZTM5YWM3Yjg3ZjdmOGU4MDIxMWNmNzc0NDQzZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sPmN+E1Qn0TplxuD7lcKmGtHkP1
2+PcTwfReAm0vlKa+1wxcQ4itqN7+cN/B2wU+QrYFhX7ai/mJeheptq2BoY2t6i3
QlD9P5khIV3c/VJk1kITlGzSwlLbrMT07cmhoScYwakHw5hVnt8jQOhHT02CU2qC
0GSCB5gqpfrMDX0BY34G04h+6VvQcQK/w+GWElNFNTZ7nyUiD5GwF3R1Jl7WjtCF
fCpzIXQtxi75Ja+idcbtuRPGFTEJbC+1IXGHETxiTFNCzudx4yXASU79vPFS52F8
lslD16gqBR2uCvEsHRzqYCSRmisC5IuBTDqGs1LKF4GeZpMA9sr1X5beXQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFE2SLrOc45rHuH9/joAhHPd0RD/JMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvVFpJdXM1emptc2U0ZjMtT2dDRWM5M1JFUDhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAk1oFAwQA
k1odAwQAk1omMAwDBAOTWjgDBACTWjoDBACTWksDBACTWnAwDQYJKoZIhvcNAQEL
BQADggEBAKsKTblRzqXyg0e8iI4XBZkt3ztnGuFLfU6YxD3ZOJ55SSMn2EQsIQoO
HJMrQefc4KL3sx+OeEaPN3xsdOVthQPT0SAps5Xt74aQ+C3ByQwMhQbSIpapcVn7
pWskQvq/dPSvJUBZYNC0ZN0KMnbTh1wjixnpIQ9OPa1iow6SXRYKS+B39gdrH4FA
sESfE14C6I8ESv+G0cpAqG5+wGYKR/Pk8wm9JcsJgDNue29/k81LKHg42kvk9rjI
vfSrXflmZandtYBib9dJUYWYr4Ei9LfpLEI291lCZ9NMlxhXRlFYpccFk/oRpduI
woCtCmkUkA7m3MfeTWDKyZS7cvz9GMU=
-----END CERTIFICATE-----
Generated at Fri Apr 17 03:06:51 2026 by rpki-client