Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/483e33-c767-46b7-8f3a-9c0a0e2767aa/1/z-aJwl9b6-Fg-tjT35AVaW31bbk.roa
File: z-aJwl9b6-Fg-tjT35AVaW31bbk.roa (raw, json)
Hash identifier: Q7HNIu2XP4UmUM1Hc1KolHhvxQ12fcGc9ACkIW4biRQ=
Subject key identifier: CF:E6:89:C2:5F:5B:EB:E1:60:FA:D8:D3:DF:90:15:69:6D:F5:6D:B9
Certificate issuer: /CN=3e6c4520759f3a4ef8b9a9a27e2533ce732c5411
Certificate serial: 019B7F85776A7B7D4B86D0DE65B19FDE281B
Authority key identifier: 3E:6C:45:20:75:9F:3A:4E:F8:B9:A9:A2:7E:25:33:CE:73:2C:54:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PmxFIHWfOk74uamifiUzznMsVBE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/483e33-c767-46b7-8f3a-9c0a0e2767aa/1/z-aJwl9b6-Fg-tjT35AVaW31bbk.roa
Signing time: Fri 02 Jan 2026 16:23:31 +0000
ROA not before: Fri 02 Jan 2026 16:23:31 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 49688
IP address blocks: 195.35.98.0/24 maxlen: 24
195.35.102.0/24 maxlen: 24
195.35.108.0/24 maxlen: 24
195.38.21.0/24 maxlen: 24
2a0f:b7c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/86/483e33-c767-46b7-8f3a-9c0a0e2767aa/1/PmxFIHWfOk74uamifiUzznMsVBE.crl
rsync://rpki.ripe.net/repository/DEFAULT/86/483e33-c767-46b7-8f3a-9c0a0e2767aa/1/PmxFIHWfOk74uamifiUzznMsVBE.mft
rsync://rpki.ripe.net/repository/DEFAULT/PmxFIHWfOk74uamifiUzznMsVBE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 13:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:85:77:6a:7b:7d:4b:86:d0:de:65:b1:9f:de:28:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e6c4520759f3a4ef8b9a9a27e2533ce732c5411
Validity
Not Before: Jan 2 16:23:31 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cfe689c25f5bebe160fad8d3df9015696df56db9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:f7:e1:16:75:82:4b:d1:d0:05:72:a4:a8:0f:
fd:42:f8:97:49:4d:32:9a:c6:a9:c8:d5:9d:6b:57:
a1:b9:3e:1a:e9:cd:ed:f3:16:64:5e:04:0f:8c:b7:
5e:b3:e7:86:65:42:73:77:48:b4:78:db:5a:ca:cd:
28:ee:71:8f:b1:2d:70:67:03:e0:cc:31:ea:90:5b:
a0:4b:ab:17:bb:c4:fe:9b:8f:83:e1:23:84:aa:66:
f8:4f:08:59:e1:62:ea:e3:c8:be:2f:19:13:7c:d0:
1b:90:cb:be:74:ef:19:0c:f0:ed:bc:74:22:04:4a:
2a:85:e0:6a:97:ed:a1:21:40:12:c4:a1:05:83:2b:
cd:30:cb:4e:8d:b3:11:63:39:52:c7:e2:ac:28:55:
22:d5:b3:6f:c5:58:c6:10:6d:f3:24:71:77:bd:eb:
81:48:2e:16:63:31:08:e6:4d:88:cc:c0:54:11:5f:
4c:17:22:24:cd:11:db:8f:d6:c2:77:b5:9d:fd:0e:
ef:49:0d:56:24:17:48:a5:da:d1:87:e9:15:84:ee:
70:25:22:8c:ba:f0:44:bd:a7:c3:fc:4a:af:23:d4:
bf:3f:f7:e5:ed:ff:fd:5d:0f:bd:ee:9e:9b:dd:9f:
c7:df:71:bb:98:e5:47:ea:27:53:26:7c:89:9f:f6:
cd:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:E6:89:C2:5F:5B:EB:E1:60:FA:D8:D3:DF:90:15:69:6D:F5:6D:B9
X509v3 Authority Key Identifier:
keyid:3E:6C:45:20:75:9F:3A:4E:F8:B9:A9:A2:7E:25:33:CE:73:2C:54:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmxFIHWfOk74uamifiUzznMsVBE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/483e33-c767-46b7-8f3a-9c0a0e2767aa/1/z-aJwl9b6-Fg-tjT35AVaW31bbk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/483e33-c767-46b7-8f3a-9c0a0e2767aa/1/PmxFIHWfOk74uamifiUzznMsVBE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.35.98.0/24
195.35.102.0/24
195.35.108.0/24
195.38.21.0/24
IPv6:
2a0f:b7c0::/29
Signature Algorithm: sha256WithRSAEncryption
90:61:d3:d8:be:ef:f3:de:4d:68:fb:87:a9:33:ef:35:61:17:
e4:f7:b3:66:db:3e:43:19:ff:25:1a:83:a2:28:5a:47:b4:ad:
ed:3c:5b:5a:80:31:ef:f9:fd:c4:16:a9:0d:62:83:52:4d:fd:
86:6e:cf:68:fb:73:ee:2c:29:82:65:bf:3c:6c:71:05:d6:5d:
f7:7b:a1:fa:27:74:2a:bb:0d:50:5b:9e:47:03:c4:33:93:de:
4f:d6:d7:8d:9c:1a:6f:b1:17:fa:9d:29:84:a4:32:76:17:f4:
a8:d4:c2:c9:f0:3a:93:84:1f:c4:ce:19:63:42:aa:6f:5b:5c:
58:a6:72:38:c4:b2:79:c6:e4:23:88:04:39:22:83:e0:ec:ad:
4b:5d:b1:a5:59:52:21:35:bf:5b:8f:10:1f:2d:00:bb:c2:58:
9a:93:4d:5a:e3:e3:1a:a1:09:46:38:1b:f4:54:6f:d1:af:a0:
81:c3:5c:2c:bc:38:b3:f0:92:fc:a2:fc:2d:5e:31:2d:a6:19:
cc:56:69:df:a9:e2:e5:13:12:80:49:5f:d8:3f:94:a1:78:5a:
e6:fc:0c:41:c9:db:17:24:2a:43:12:f4:75:3f:3c:ec:99:55:
59:59:12:4d:56:bd:df:63:5c:5c:49:5a:89:46:91:f9:1b:18:
48:83:bf:80
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZt/hXdqe31LhtDeZbGf3igbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNmM0NTIwNzU5ZjNhNGVmOGI5YTlhMjdlMjUzM2NlNzMy
YzU0MTEwHhcNMjYwMTAyMTYyMzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmU2ODljMjVmNWJlYmUxNjBmYWQ4ZDNkZjkwMTU2OTZkZjU2ZGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/fhFnWCS9HQBXKkqA/9QviXSU0y
msapyNWda1ehuT4a6c3t8xZkXgQPjLdes+eGZUJzd0i0eNtays0o7nGPsS1wZwPg
zDHqkFugS6sXu8T+m4+D4SOEqmb4TwhZ4WLq48i+LxkTfNAbkMu+dO8ZDPDtvHQi
BEoqheBql+2hIUASxKEFgyvNMMtOjbMRYzlSx+KsKFUi1bNvxVjGEG3zJHF3veuB
SC4WYzEI5k2IzMBUEV9MFyIkzRHbj9bCd7Wd/Q7vSQ1WJBdIpdrRh+kVhO5wJSKM
uvBEvafD/EqvI9S/P/fl7f/9XQ+97p6b3Z/H33G7mOVH6idTJnyJn/bNewIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFM/micJfW+vhYPrY09+QFWlt9W25MB8GA1UdIwQY
MBaAFD5sRSB1nzpO+Lmpon4lM85zLFQRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG14RklIV2ZPazc0dWFtaWZpVXp6bk1zVkJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80ODNlMzMtYzc2Ny00NmI3LThmM2Et
OWMwYTBlMjc2N2FhLzEvei1hSndsOWI2LUZnLXRqVDM1QVZhVzMxYmJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80ODNlMzMtYzc2Ny00NmI3LThmM2EtOWMwYTBlMjc2N2Fh
LzEvUG14RklIV2ZPazc0dWFtaWZpVXp6bk1zVkJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAwyNiAwQA
wyNmAwQAwyNsAwQAwyYVMA0EAgACMAcDBQMqD7fAMA0GCSqGSIb3DQEBCwUAA4IB
AQCQYdPYvu/z3k1o+4epM+81YRfk97Nm2z5DGf8lGoOiKFpHtK3tPFtagDHv+f3E
FqkNYoNSTf2Gbs9o+3PuLCmCZb88bHEF1l33e6H6J3Qquw1QW55HA8Qzk95P1teN
nBpvsRf6nSmEpDJ2F/So1MLJ8DqThB/EzhljQqpvW1xYpnI4xLJ5xuQjiAQ5IoPg
7K1LXbGlWVIhNb9bjxAfLQC7wliak01a4+MaoQlGOBv0VG/Rr6CBw1wsvDiz8JL8
ovwtXjEtphnMVmnfqeLlExKASV/YP5SheFrm/AxBydsXJCpDEvR1PzzsmVVZWRJN
Vr3fY1xcSVqJRpH5GxhIg7+A
-----END CERTIFICATE-----
Generated at Mon Mar 2 22:44:52 2026 by rpki-client