Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/0Zg1a68UKbWsfvNx4_nOvwQjlHE.roa
File: 0Zg1a68UKbWsfvNx4_nOvwQjlHE.roa (raw, json)
Hash identifier: xnnBnLC8oEfPm/E3FQ16BwfRntk327nMGFYeLCzND7Q=
Subject key identifier: D1:98:35:6B:AF:14:29:B5:AC:7E:F3:71:E3:F9:CE:BF:04:23:94:71
Certificate issuer: /CN=3144e609e361913e3c3b0a78d7486aa45b562401
Certificate serial: 019B7C11CD5C3B4209E206633FF4EBE3AE18
Authority key identifier: 31:44:E6:09:E3:61:91:3E:3C:3B:0A:78:D7:48:6A:A4:5B:56:24:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MUTmCeNhkT48Owp410hqpFtWJAE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/0Zg1a68UKbWsfvNx4_nOvwQjlHE.roa
Signing time: Fri 02 Jan 2026 00:18:19 +0000
ROA not before: Fri 02 Jan 2026 00:18:19 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 39279
IP address blocks: 89.32.224.0/20 maxlen: 24
89.32.226.0/24 maxlen: 24
185.33.104.0/22 maxlen: 22
185.33.105.0/24 maxlen: 24
185.108.136.0/22 maxlen: 24
185.108.180.0/22 maxlen: 24
185.108.181.0/24 maxlen: 24
185.108.182.0/24 maxlen: 24
2a00:c5a0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/MUTmCeNhkT48Owp410hqpFtWJAE.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/MUTmCeNhkT48Owp410hqpFtWJAE.mft
rsync://rpki.ripe.net/repository/DEFAULT/MUTmCeNhkT48Owp410hqpFtWJAE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 21:01:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:11:cd:5c:3b:42:09:e2:06:63:3f:f4:eb:e3:ae:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3144e609e361913e3c3b0a78d7486aa45b562401
Validity
Not Before: Jan 2 00:18:19 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d198356baf1429b5ac7ef371e3f9cebf04239471
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:e3:fd:8c:1f:d4:c4:c5:86:38:27:aa:9f:6c:
35:96:79:f1:1a:ea:0c:17:9b:6d:a9:39:63:93:37:
46:57:85:6f:2c:f4:1a:90:41:bf:0a:88:3c:ed:49:
de:24:46:6a:ce:f9:bf:86:08:48:88:5a:0e:7a:17:
91:e2:b2:3e:e3:76:10:ea:32:d7:8a:cb:a7:4d:a6:
59:16:45:25:97:04:7a:5d:c6:55:05:17:b7:28:a9:
27:7a:41:9d:a2:4e:9b:21:40:83:19:9d:d6:dd:e9:
f0:0d:c6:79:c1:6d:77:28:6d:ad:1e:6c:44:0d:79:
d6:aa:f1:90:83:f3:c8:ef:8a:7e:b3:7a:a5:66:21:
33:36:ed:35:e4:b7:7a:f4:47:29:a8:12:01:a1:f4:
bc:a0:00:f1:f3:b5:cf:40:cf:a9:7e:cc:6f:1b:da:
2f:cb:d4:59:fa:f5:ce:63:86:a4:1d:78:6c:61:96:
ae:fe:8b:b8:f3:be:7f:f0:b0:f6:57:34:1b:9a:ea:
ec:5e:c8:1f:fd:e2:e8:cc:40:90:fa:87:c1:d8:ad:
f5:6b:b3:04:16:46:10:db:ad:b6:78:41:41:68:dc:
d9:fc:87:97:65:09:51:56:00:52:b2:47:18:aa:2f:
6d:61:e7:69:4e:aa:93:41:f3:df:00:02:90:b4:d7:
59:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:98:35:6B:AF:14:29:B5:AC:7E:F3:71:E3:F9:CE:BF:04:23:94:71
X509v3 Authority Key Identifier:
keyid:31:44:E6:09:E3:61:91:3E:3C:3B:0A:78:D7:48:6A:A4:5B:56:24:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MUTmCeNhkT48Owp410hqpFtWJAE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/0Zg1a68UKbWsfvNx4_nOvwQjlHE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/caa2b6-87e8-4e24-a446-775888a87194/1/MUTmCeNhkT48Owp410hqpFtWJAE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.32.224.0/20
185.33.104.0/22
185.108.136.0/22
185.108.180.0/22
IPv6:
2a00:c5a0::/32
Signature Algorithm: sha256WithRSAEncryption
31:15:87:a5:4d:f8:b5:52:de:47:d0:42:a2:36:de:1d:72:46:
59:27:d3:70:01:cc:34:5d:4e:f6:41:9b:e0:2d:94:fd:2a:10:
a7:82:98:a4:6d:18:8e:dc:30:2e:6e:4a:d1:f5:ef:bd:71:d9:
50:a4:5f:09:58:1c:5a:44:57:19:27:79:78:3c:ee:bb:fb:40:
5a:39:d7:33:80:77:7a:ac:00:97:0a:f7:dc:55:83:ec:12:48:
88:57:dc:4d:8f:6b:6d:24:30:8d:02:a7:c1:0c:8d:a3:d6:e7:
f7:88:e8:6f:de:c1:f1:fd:6f:d1:60:29:41:0a:13:f1:e4:e5:
7c:01:cc:9e:da:b2:08:af:4f:d4:79:d8:d0:62:1c:50:cc:44:
3b:01:c6:27:8e:f4:e3:45:73:29:88:6b:de:96:ce:0d:09:3e:
d4:5c:fe:b8:97:78:6b:7b:bd:9e:fd:9e:09:6a:19:06:9e:6a:
61:2b:0a:a6:32:df:23:67:b1:db:84:5e:1c:3b:f4:84:61:fb:
df:fb:8c:77:a1:de:75:6a:eb:c8:40:18:a1:e2:b8:f1:4f:8c:
fd:61:91:17:16:89:1f:e2:08:82:9b:99:cb:42:f0:4e:0c:eb:
a0:ae:69:83:b5:44:1a:df:a3:36:7f:7e:35:17:b6:1c:95:ad:
e2:c0:dd:eb
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZt8Ec1cO0IJ4gZjP/Tr464YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNDRlNjA5ZTM2MTkxM2UzYzNiMGE3OGQ3NDg2YWE0NWI1
NjI0MDEwHhcNMjYwMTAyMDAxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTk4MzU2YmFmMTQyOWI1YWM3ZWYzNzFlM2Y5Y2ViZjA0MjM5NDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uP9jB/UxMWGOCeqn2w1lnnxGuoM
F5ttqTljkzdGV4VvLPQakEG/Cog87UneJEZqzvm/hghIiFoOeheR4rI+43YQ6jLX
isunTaZZFkUllwR6XcZVBRe3KKknekGdok6bIUCDGZ3W3enwDcZ5wW13KG2tHmxE
DXnWqvGQg/PI74p+s3qlZiEzNu015Ld69EcpqBIBofS8oADx87XPQM+pfsxvG9ov
y9RZ+vXOY4akHXhsYZau/ou4875/8LD2VzQbmursXsgf/eLozECQ+ofB2K31a7ME
FkYQ2622eEFBaNzZ/IeXZQlRVgBSskcYqi9tYedpTqqTQfPfAAKQtNdZGwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFNGYNWuvFCm1rH7zceP5zr8EI5RxMB8GA1UdIwQY
MBaAFDFE5gnjYZE+PDsKeNdIaqRbViQBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVVUbUNlTmhrVDQ4T3dwNDEwaHFwRnRXSkFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jYWEyYjYtODdlOC00ZTI0LWE0NDYt
Nzc1ODg4YTg3MTk0LzEvMFpnMWE2OFVLYldzZnZOeDRfbk92d1FqbEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jYWEyYjYtODdlOC00ZTI0LWE0NDYtNzc1ODg4YTg3MTk0
LzEvTVVUbUNlTmhrVDQ4T3dwNDEwaHFwRnRXSkFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEWSDgAwQC
uSFoAwQCuWyIAwQCuWy0MA0EAgACMAcDBQAqAMWgMA0GCSqGSIb3DQEBCwUAA4IB
AQAxFYelTfi1Ut5H0EKiNt4dckZZJ9NwAcw0XU72QZvgLZT9KhCngpikbRiO3DAu
bkrR9e+9cdlQpF8JWBxaRFcZJ3l4PO67+0BaOdczgHd6rACXCvfcVYPsEkiIV9xN
j2ttJDCNAqfBDI2j1uf3iOhv3sHx/W/RYClBChPx5OV8Acye2rIIr0/UedjQYhxQ
zEQ7AcYnjvTjRXMpiGvels4NCT7UXP64l3hre72e/Z4JahkGnmphKwqmMt8jZ7Hb
hF4cO/SEYfvf+4x3od51auvIQBih4rjxT4z9YZEXFokf4giCm5nLQvBODOugrmmD
tUQa36M2f341F7Ycla3iwN3r
-----END CERTIFICATE-----
Generated at Mon Mar 2 07:02:34 2026 by rpki-client