Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/5Z3398bPjFZnkQuZgIZdGWDznRY.roa
File: 5Z3398bPjFZnkQuZgIZdGWDznRY.roa (raw, json)
Hash identifier: xmJ4QribTdZo3tMhYvYOnwRRxONh8dhYrIwoBT29TpE=
Subject key identifier: E5:9D:F7:F7:C6:CF:8C:56:67:91:0B:99:80:86:5D:19:60:F3:9D:16
Certificate issuer: /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial: 019D3E7BDD0B9C715405E8B9D93465831CDD
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/5Z3398bPjFZnkQuZgIZdGWDznRY.roa
Signing time: Mon 30 Mar 2026 11:23:18 +0000
ROA not before: Mon 30 Mar 2026 11:23:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3216
IP address blocks: 130.49.217.0/24 maxlen: 24
2a09:3801::/32 maxlen: 32
2a10:d8c0::/32 maxlen: 32
2a12:7c07::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3e:7b:dd:0b:9c:71:54:05:e8:b9:d9:34:65:83:1c:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Validity
Not Before: Mar 30 11:23:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e59df7f7c6cf8c5667910b9980865d1960f39d16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:39:27:bf:7f:92:07:a7:73:fd:fc:6d:c0:97:
02:72:61:9e:68:b7:de:0e:fc:fd:5d:5f:a6:34:f6:
92:cc:13:40:e3:06:7a:9d:c3:b2:98:d3:43:97:3b:
c3:20:97:fb:69:5f:7a:6e:37:62:e4:3a:09:fd:fa:
ef:33:8a:37:d4:27:cc:d6:bd:be:20:8a:13:73:c4:
c6:c0:07:cb:96:49:c4:9c:b4:70:ff:38:ca:e6:c6:
03:18:0f:a8:e9:e4:61:9d:29:59:02:93:13:0a:63:
00:34:24:02:a6:25:88:2f:77:96:eb:ab:f9:56:2b:
9a:ff:7f:93:0b:2a:5e:31:a1:bb:66:0e:fb:a2:59:
45:d5:db:3f:70:e0:ea:d0:01:b0:b1:95:6a:db:64:
0f:a7:64:29:5e:aa:6f:c0:13:7f:ed:75:ec:4c:ec:
65:f4:ff:ff:0b:2f:12:f8:bf:97:b3:f0:a6:55:45:
db:c2:d4:f4:52:b2:8f:f2:c1:0b:97:ce:20:2f:ab:
9e:a4:70:ae:75:41:35:bc:4a:da:91:cc:27:35:45:
e3:3c:bf:7b:a5:af:15:b8:e9:64:a2:4e:78:31:51:
08:a1:47:12:93:de:0c:e1:01:34:24:e6:d0:cd:c8:
c5:43:97:55:09:62:8a:9e:2a:53:4b:87:bb:10:3b:
1e:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:9D:F7:F7:C6:CF:8C:56:67:91:0B:99:80:86:5D:19:60:F3:9D:16
X509v3 Authority Key Identifier:
keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/5Z3398bPjFZnkQuZgIZdGWDznRY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.49.217.0/24
IPv6:
2a09:3801::/32
2a10:d8c0::/32
2a12:7c07::/32
Signature Algorithm: sha256WithRSAEncryption
b3:b3:d8:41:e1:c1:c2:6c:c0:b8:c6:16:eb:70:b1:2a:ce:98:
b4:0f:2b:41:47:33:50:76:de:2b:08:04:bf:0b:89:f6:4f:db:
32:6a:51:f1:1a:80:49:44:38:10:16:84:45:9c:71:6b:c6:50:
24:ee:59:74:94:eb:4a:f4:4a:7f:8c:5a:7f:91:15:b6:e4:f9:
eb:29:e0:a1:b3:78:c4:22:16:83:66:14:ce:fa:94:b3:68:06:
1a:f1:d4:c0:30:a9:6f:fc:8d:a2:99:99:4e:74:80:28:45:5b:
12:51:9b:82:8c:43:f0:39:a9:da:34:02:00:24:57:3d:85:2d:
ba:51:5f:fd:fb:91:c3:a8:48:55:ad:a9:c0:cf:02:ab:35:77:
f7:5f:96:a6:9a:b9:06:a7:6a:03:eb:ea:e7:33:97:19:d3:29:
11:2c:b6:79:95:5f:f9:cb:9f:bb:19:cf:40:e6:a4:a6:f2:2e:
01:c7:72:4a:cb:40:c5:93:db:ed:f1:03:ac:20:57:14:4d:71:
75:e0:68:fe:d2:f2:00:87:d8:b0:ee:ad:1e:35:c4:88:72:0e:
97:29:53:cb:53:a8:c1:92:e7:d9:f5:7b:23:b8:49:dd:8f:b6:
3a:1a:f6:ee:4e:33:86:07:2c:c1:2a:72:13:b2:2a:ef:a5:5b:
70:bb:7c:18
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZ0+e90LnHFUBei52TRlgxzdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjYwMzMwMTEyMzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTlkZjdmN2M2Y2Y4YzU2Njc5MTBiOTk4MDg2NWQxOTYwZjM5ZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDknv3+SB6dz/fxtwJcCcmGeaLfe
Dvz9XV+mNPaSzBNA4wZ6ncOymNNDlzvDIJf7aV96bjdi5DoJ/frvM4o31CfM1r2+
IIoTc8TGwAfLlknEnLRw/zjK5sYDGA+o6eRhnSlZApMTCmMANCQCpiWIL3eW66v5
Viua/3+TCypeMaG7Zg77ollF1ds/cODq0AGwsZVq22QPp2QpXqpvwBN/7XXsTOxl
9P//Cy8S+L+Xs/CmVUXbwtT0UrKP8sELl84gL6uepHCudUE1vErakcwnNUXjPL97
pa8VuOlkok54MVEIoUcSk94M4QE0JObQzcjFQ5dVCWKKnipTS4e7EDseOwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFOWd9/fGz4xWZ5ELmYCGXRlg850WMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvNVozMzk4YlBqRlpua1F1WmdJWmRHV0R6blJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAMBAIAATAGAwQAgjHZMBsE
AgACMBUDBQAqCTgBAwUAKhDYwAMFACoSfAcwDQYJKoZIhvcNAQELBQADggEBALOz
2EHhwcJswLjGFutwsSrOmLQPK0FHM1B23isIBL8LifZP2zJqUfEagElEOBAWhEWc
cWvGUCTuWXSU60r0Sn+MWn+RFbbk+esp4KGzeMQiFoNmFM76lLNoBhrx1MAwqW/8
jaKZmU50gChFWxJRm4KMQ/A5qdo0AgAkVz2FLbpRX/37kcOoSFWtqcDPAqs1d/df
lqaauQanagPr6uczlxnTKREstnmVX/nLn7sZz0DmpKbyLgHHckrLQMWT2+3xA6wg
VxRNcXXgaP7S8gCH2LDurR41xIhyDpcpU8tTqMGS59n1eyO4Sd2Ptjoa9u5OM4YH
LMEqchOyKu+lW3C7fBg=
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:28:09 2026 by rpki-client