Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/zDQSWzz7tOn5vYrKuzg1MDeiVRo.roa
File: zDQSWzz7tOn5vYrKuzg1MDeiVRo.roa (raw, json)
Hash identifier: +xz0fm96upjlrgDEAx1g73R2e8ugBjP0q0ZiamqjzSQ=
Subject key identifier: CC:34:12:5B:3C:FB:B4:E9:F9:BD:8A:CA:BB:38:35:30:37:A2:55:1A
Certificate issuer: /CN=9b8151ae164a5b782b103de7f7c8a8948932aebf
Certificate serial: 019C37D94A94C64B38B23A09B6DFFA8EE311
Authority key identifier: 9B:81:51:AE:16:4A:5B:78:2B:10:3D:E7:F7:C8:A8:94:89:32:AE:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/m4FRrhZKW3grED3n98iolIkyrr8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/zDQSWzz7tOn5vYrKuzg1MDeiVRo.roa
Signing time: Sat 07 Feb 2026 11:25:13 +0000
ROA not before: Sat 07 Feb 2026 11:25:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 48926
IP address blocks: 37.44.16.0/20 maxlen: 20
37.143.112.0/21 maxlen: 21
91.233.208.0/22 maxlen: 22
94.142.232.0/21 maxlen: 21
178.248.248.0/21 maxlen: 21
185.75.116.0/22 maxlen: 22
2a01:6b40::/32 maxlen: 32
2a03:a900::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/m4FRrhZKW3grED3n98iolIkyrr8.crl
rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/m4FRrhZKW3grED3n98iolIkyrr8.mft
rsync://rpki.ripe.net/repository/DEFAULT/m4FRrhZKW3grED3n98iolIkyrr8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:37:d9:4a:94:c6:4b:38:b2:3a:09:b6:df:fa:8e:e3:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9b8151ae164a5b782b103de7f7c8a8948932aebf
Validity
Not Before: Feb 7 11:25:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cc34125b3cfbb4e9f9bd8acabb38353037a2551a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:51:75:29:da:17:84:ba:77:34:ea:e9:7e:e9:
3b:4a:27:45:3b:79:3b:8d:5b:7e:4e:a6:9f:e6:1e:
4f:4c:fa:f4:9b:74:5b:b2:2e:d7:28:4d:36:67:f0:
83:87:ea:b1:c3:5a:09:bb:3d:33:f7:1b:8e:f4:39:
83:56:eb:5b:20:10:d2:11:54:b4:cf:74:b3:93:f1:
ed:15:47:42:36:ee:5c:e7:f7:a4:ce:65:5f:7c:9a:
79:cf:b7:75:78:dc:3f:38:0e:8a:ef:85:5a:9c:95:
6a:c0:fe:66:1b:b5:ca:3f:98:60:ac:07:d4:74:a4:
12:ca:79:6f:9b:c9:f4:e1:28:75:fc:ac:8e:0c:40:
9d:31:9a:16:be:18:24:b0:1c:70:b9:92:66:5b:a2:
92:e3:b3:23:e7:87:fb:26:67:70:83:70:d3:1b:04:
d9:86:ec:e4:f0:c9:90:d8:66:25:bd:d8:eb:bb:a8:
8e:d5:62:26:e5:64:f4:4b:ea:19:04:dc:7e:74:fa:
d9:84:6d:b2:4d:f4:3f:07:ee:23:0b:49:a5:31:6d:
bb:32:14:d5:54:ec:d9:2f:7e:51:e2:7f:b5:41:91:
92:e5:51:4a:82:39:a7:a0:1a:af:7e:b3:0e:04:26:
43:4a:07:f1:ed:d5:21:c1:e2:74:b3:b8:75:03:87:
1f:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:34:12:5B:3C:FB:B4:E9:F9:BD:8A:CA:BB:38:35:30:37:A2:55:1A
X509v3 Authority Key Identifier:
keyid:9B:81:51:AE:16:4A:5B:78:2B:10:3D:E7:F7:C8:A8:94:89:32:AE:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m4FRrhZKW3grED3n98iolIkyrr8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/zDQSWzz7tOn5vYrKuzg1MDeiVRo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/m4FRrhZKW3grED3n98iolIkyrr8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.44.16.0/20
37.143.112.0/21
91.233.208.0/22
94.142.232.0/21
178.248.248.0/21
185.75.116.0/22
IPv6:
2a01:6b40::/32
2a03:a900::/32
Signature Algorithm: sha256WithRSAEncryption
09:ba:15:34:35:c6:65:cb:cc:e9:2c:a9:18:7c:39:7b:ce:c8:
77:6d:65:b2:8c:b6:72:f3:bf:76:a4:d0:80:27:0d:88:a4:ad:
e4:72:50:06:a2:5c:4a:1e:69:49:65:e4:6f:c3:21:c9:d3:78:
ac:27:1b:b5:12:dc:c8:0b:c6:b7:21:23:bb:b1:43:f5:8b:3c:
f5:d7:33:83:56:23:ec:5a:d6:27:d2:bf:6e:fc:a5:8b:06:be:
d1:66:fe:10:56:6e:00:0b:99:18:c8:e6:51:51:c7:82:32:89:
6c:dc:cb:9a:5a:71:51:64:f9:90:02:01:eb:0c:fc:9a:6f:c4:
d0:78:cb:59:30:39:1c:fc:a3:ad:8d:2f:91:81:17:79:0c:51:
7e:ac:1b:fb:af:90:8e:49:e6:b9:5b:b6:5f:64:2b:bb:bf:7f:
33:84:94:ef:58:6c:08:f4:35:db:b7:d9:a4:b6:7a:80:96:9c:
10:73:ab:78:a8:9e:64:34:c6:78:b7:8e:d1:51:ab:ed:86:75:
02:d6:03:22:87:35:5c:a3:b4:0b:20:1c:83:e4:75:c0:3f:b1:
3d:7d:cb:09:a7:12:27:98:95:8d:cf:62:e2:04:8c:9c:31:be:
df:de:f2:66:ea:ac:31:bb:0d:19:df:a1:b4:3c:af:87:18:6c:
60:45:f9:76
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZw32UqUxks4sjoJtt/6juMRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliODE1MWFlMTY0YTViNzgyYjEwM2RlN2Y3YzhhODk0ODkz
MmFlYmYwHhcNMjYwMjA3MTEyNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzM0MTI1YjNjZmJiNGU5ZjliZDhhY2FiYjM4MzUzMDM3YTI1NTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllF1KdoXhLp3NOrpfuk7SidFO3k7
jVt+Tqaf5h5PTPr0m3Rbsi7XKE02Z/CDh+qxw1oJuz0z9xuO9DmDVutbIBDSEVS0
z3Szk/HtFUdCNu5c5/ekzmVffJp5z7d1eNw/OA6K74VanJVqwP5mG7XKP5hgrAfU
dKQSynlvm8n04Sh1/KyODECdMZoWvhgksBxwuZJmW6KS47Mj54f7Jmdwg3DTGwTZ
huzk8MmQ2GYlvdjru6iO1WIm5WT0S+oZBNx+dPrZhG2yTfQ/B+4jC0mlMW27MhTV
VOzZL35R4n+1QZGS5VFKgjmnoBqvfrMOBCZDSgfx7dUhweJ0s7h1A4cfyQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFMw0Els8+7Tp+b2Kyrs4NTA3olUaMB8GA1UdIwQY
MBaAFJuBUa4WSlt4KxA95/fIqJSJMq6/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTRGUnJoWktXM2dyRUQzbjk4aW9sSWt5cnI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC82YjZkMWYtNTQyMS00OGI5LWI3ZWIt
ZGExZmU5ZWJlZThlLzEvekRRU1d6ejd0T241dllyS3V6ZzFNRGVpVlJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC82YjZkMWYtNTQyMS00OGI5LWI3ZWItZGExZmU5ZWJlZThl
LzEvbTRGUnJoWktXM2dyRUQzbjk4aW9sSWt5cnI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQEJSwQAwQD
JY9wAwQCW+nQAwQDXo7oAwQDsvj4AwQCuUt0MBQEAgACMA4DBQAqAWtAAwUAKgOp
ADANBgkqhkiG9w0BAQsFAAOCAQEACboVNDXGZcvM6SypGHw5e87Id21lsoy2cvO/
dqTQgCcNiKSt5HJQBqJcSh5pSWXkb8MhydN4rCcbtRLcyAvGtyEju7FD9Ys89dcz
g1Yj7FrWJ9K/bvyliwa+0Wb+EFZuAAuZGMjmUVHHgjKJbNzLmlpxUWT5kAIB6wz8
mm/E0HjLWTA5HPyjrY0vkYEXeQxRfqwb+6+QjknmuVu2X2Qru79/M4SU71hsCPQ1
27fZpLZ6gJacEHOreKieZDTGeLeO0VGr7YZ1AtYDIoc1XKO0CyAcg+R1wD+xPX3L
CacSJ5iVjc9i4gSMnDG+397yZuqsMbsNGd+htDyvhxhsYEX5dg==
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:37:21 2026 by rpki-client