Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zm_0XHgJ5pLHGuERW-D_KCM_suk.roa
File: zm_0XHgJ5pLHGuERW-D_KCM_suk.roa (raw, json)
Hash identifier: sNJISJBhl+LgLP+uIDK8SGP46j+JjM5kLlKAtW/j6mg=
Subject key identifier: CE:6F:F4:5C:78:09:E6:92:C7:1A:E1:11:5B:E0:FF:28:23:3F:B2:E9
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019A49218341CC8546854AED0E042AA2383C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zm_0XHgJ5pLHGuERW-D_KCM_suk.roa
Signing time: Mon 03 Nov 2025 09:52:04 +0000
ROA not before: Mon 03 Nov 2025 09:52:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 141968
IP address blocks: 82.153.226.0/24 maxlen: 24
109.176.17.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 04 Nov 2025 22:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:49:21:83:41:cc:85:46:85:4a:ed:0e:04:2a:a2:38:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Nov 3 09:52:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ce6ff45c7809e692c71ae1115be0ff28233fb2e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:93:e0:c6:75:f3:82:2d:4a:d2:cf:da:1a:5a:
a8:94:28:70:ab:d9:7a:01:04:c8:e3:7a:a3:01:aa:
93:22:a3:6f:cf:88:28:a4:d1:18:8e:13:76:ac:3d:
46:62:f8:6a:36:16:e0:2e:c9:cb:e0:3d:5e:ef:61:
4a:bf:8f:d1:97:7a:67:29:1c:64:f2:9b:3e:61:6d:
de:49:a9:a5:df:7b:49:ba:09:ec:e0:fe:79:27:c1:
e2:c9:97:83:de:b6:45:e3:2f:52:89:86:26:ec:39:
67:8a:b8:74:f2:72:df:d1:da:2c:85:34:af:9a:9f:
b1:7b:83:20:62:97:a4:1a:b8:99:42:9f:e1:18:8e:
39:eb:10:5a:b6:4a:cf:d4:cb:9a:90:bd:de:44:e7:
ab:62:b3:3a:45:c2:92:2d:25:eb:eb:3f:fa:53:29:
24:4a:7d:78:95:89:46:c7:8f:31:ef:24:03:bf:5f:
8b:36:cc:ed:38:6f:0d:1d:6a:0f:46:e2:60:b7:d0:
fe:cd:8d:fb:d1:59:7c:6d:d0:0e:b7:ac:6f:7a:48:
c5:7c:fe:23:18:73:37:b3:b7:6f:3f:6a:00:35:96:
69:5b:0e:8a:b9:62:dc:61:a6:1c:cf:79:e3:cc:48:
72:d2:09:71:56:c6:e9:aa:8b:52:99:fe:f8:53:a0:
b4:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:6F:F4:5C:78:09:E6:92:C7:1A:E1:11:5B:E0:FF:28:23:3F:B2:E9
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zm_0XHgJ5pLHGuERW-D_KCM_suk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.226.0/24
109.176.17.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:74:0e:c5:b1:8c:60:fc:fc:11:70:98:52:6e:9c:ec:c5:ea:
c6:5f:37:40:15:e4:a9:dc:63:82:03:c3:8d:52:22:06:bf:cf:
86:67:37:d7:7a:79:68:2e:a0:c9:a0:3f:9a:1a:9d:0e:4b:b1:
5e:4c:d1:0c:f4:01:35:57:05:64:11:2c:ae:eb:d8:34:a0:95:
f7:be:d2:6a:9d:ed:54:0a:cb:4a:63:39:f6:60:f8:c7:be:ae:
3d:ad:97:3e:9b:22:cf:10:78:71:51:85:1e:6b:e4:57:70:a5:
cd:43:9f:a8:97:f1:f5:5d:10:a9:be:05:83:9a:31:20:11:dc:
6e:78:d7:ff:a9:36:53:d2:70:98:e8:70:cf:6b:b2:94:90:ce:
f8:20:1e:4b:39:8a:95:b6:f4:05:f8:b7:3a:49:88:4c:e7:f4:
f1:65:e0:21:a7:88:96:e9:97:29:2c:e1:ac:17:0e:7e:3e:29:
0e:be:18:12:d1:8f:91:c6:6f:20:2d:58:5c:eb:02:cd:e0:35:
0a:a2:76:62:c2:6f:52:40:7a:e3:01:c4:55:04:04:32:d3:5e:
21:6d:23:b4:49:ec:13:80:90:d4:93:32:52:6a:1f:fc:12:25:
87:77:21:41:0d:5f:9a:bf:59:df:e1:3c:c1:f1:51:27:d2:0d:
30:84:21:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpJIYNBzIVGhUrtDgQqojg8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMTAzMDk1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTZmZjQ1Yzc4MDllNjkyYzcxYWUxMTE1YmUwZmYyODIzM2ZiMmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ZPgxnXzgi1K0s/aGlqolChwq9l6
AQTI43qjAaqTIqNvz4gopNEYjhN2rD1GYvhqNhbgLsnL4D1e72FKv4/Rl3pnKRxk
8ps+YW3eSaml33tJugns4P55J8HiyZeD3rZF4y9SiYYm7Dlnirh08nLf0doshTSv
mp+xe4MgYpekGriZQp/hGI456xBatkrP1MuakL3eROerYrM6RcKSLSXr6z/6Uykk
Sn14lYlGx48x7yQDv1+LNsztOG8NHWoPRuJgt9D+zY370Vl8bdAOt6xvekjFfP4j
GHM3s7dvP2oANZZpWw6KuWLcYaYcz3njzEhy0glxVsbpqotSmf74U6C0xQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM5v9Fx4CeaSxxrhEVvg/ygjP7LpMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvem1fMFhIZ0o1cExIR3VFUlctRF9LQ01fc3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpniAwQA
bbARMA0GCSqGSIb3DQEBCwUAA4IBAQArdA7FsYxg/PwRcJhSbpzsxerGXzdAFeSp
3GOCA8ONUiIGv8+GZzfXenloLqDJoD+aGp0OS7FeTNEM9AE1VwVkESyu69g0oJX3
vtJqne1UCstKYzn2YPjHvq49rZc+myLPEHhxUYUea+RXcKXNQ5+ol/H1XRCpvgWD
mjEgEdxueNf/qTZT0nCY6HDPa7KUkM74IB5LOYqVtvQF+Lc6SYhM5/TxZeAhp4iW
6ZcpLOGsFw5+PikOvhgS0Y+Rxm8gLVhc6wLN4DUKonZiwm9SQHrjAcRVBAQy014h
bSO0SewTgJDUkzJSah/8EiWHdyFBDV+av1nf4TzB8VEn0g0whCHX
-----END CERTIFICATE-----
Generated at Tue Nov 4 08:00:58 2025 by rpki-client