Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/ZUC7Id2Okv2eHSSZdTBUkg-VCng.roa
File: ZUC7Id2Okv2eHSSZdTBUkg-VCng.roa (raw, json)
Hash identifier: /lduSjfq1UA9xfg3a0WqS2j8mYLYGsas2BzQFm6I+Kk=
Subject key identifier: 65:40:BB:21:DD:8E:92:FD:9E:1D:24:99:75:30:54:92:0F:95:0A:78
Certificate issuer: /CN=0a1d72ac0826e09bc0d17ddee8ba87d9731dd413
Certificate serial: 019C08D711B6F1D41FAAAFE438D625191D18
Authority key identifier: 0A:1D:72:AC:08:26:E0:9B:C0:D1:7D:DE:E8:BA:87:D9:73:1D:D4:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/ZUC7Id2Okv2eHSSZdTBUkg-VCng.roa
Signing time: Thu 29 Jan 2026 08:20:38 +0000
ROA not before: Thu 29 Jan 2026 08:20:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 1299
IP address blocks: 62.26.0.0/15 maxlen: 24
62.246.0.0/16 maxlen: 24
79.140.176.0/20 maxlen: 24
80.83.96.0/20 maxlen: 24
185.210.52.0/23 maxlen: 24
194.112.16.0/22 maxlen: 24
194.112.24.0/21 maxlen: 24
195.52.0.0/16 maxlen: 24
195.63.32.0/19 maxlen: 24
195.63.64.0/18 maxlen: 24
195.78.160.0/19 maxlen: 24
195.185.0.0/16 maxlen: 24
212.172.0.0/16 maxlen: 24
2001:4090::/32 maxlen: 48
2001:4091::/32 maxlen: 48
2a01:5c8::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.crl
rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 05:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:08:d7:11:b6:f1:d4:1f:aa:af:e4:38:d6:25:19:1d:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a1d72ac0826e09bc0d17ddee8ba87d9731dd413
Validity
Not Before: Jan 29 08:20:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6540bb21dd8e92fd9e1d2499753054920f950a78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:d8:80:43:bd:81:5f:93:2d:8d:b0:d4:b5:c7:
9e:c4:7c:9e:46:b4:bc:0b:63:94:1d:c3:67:44:05:
ac:da:3a:42:60:04:a0:12:4d:88:f7:48:32:96:fe:
3b:a2:98:9d:21:cb:4f:3d:b4:36:f9:d0:af:76:2c:
70:4d:4c:27:07:d3:7f:4d:17:18:8d:e3:b5:18:47:
60:be:3d:04:cb:3b:66:94:ba:30:6d:64:fa:92:1f:
bb:2a:18:05:87:c8:78:10:fe:00:38:d1:38:27:42:
43:26:16:7f:b5:d7:a5:ab:bc:6e:f7:c0:00:c3:84:
db:62:a9:1f:ad:e9:e8:ee:00:6e:b0:db:4d:17:03:
05:af:42:f3:a6:50:a0:60:3e:51:23:d3:0d:76:90:
b5:73:0e:f6:ff:5a:27:47:a0:7a:10:dd:08:46:db:
82:1d:db:86:e0:18:6c:2a:88:be:68:11:be:b6:a3:
6a:79:9a:a1:c6:6f:84:cb:7a:ff:1a:23:ec:91:d4:
66:9a:d1:a4:56:65:b2:b9:31:3f:6c:07:56:a2:cb:
d8:77:90:ec:07:6e:b9:23:b9:68:f2:30:2e:b4:ed:
5c:29:12:8a:a3:b6:c4:72:76:b0:2a:be:05:7e:2c:
9d:f9:05:e9:25:02:c9:5b:97:95:75:c8:ea:86:84:
59:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:40:BB:21:DD:8E:92:FD:9E:1D:24:99:75:30:54:92:0F:95:0A:78
X509v3 Authority Key Identifier:
keyid:0A:1D:72:AC:08:26:E0:9B:C0:D1:7D:DE:E8:BA:87:D9:73:1D:D4:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/ZUC7Id2Okv2eHSSZdTBUkg-VCng.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.26.0.0/15
62.246.0.0/16
79.140.176.0/20
80.83.96.0/20
185.210.52.0/23
194.112.16.0/22
194.112.24.0/21
195.52.0.0/16
195.63.32.0-195.63.127.255
195.78.160.0/19
195.185.0.0/16
212.172.0.0/16
IPv6:
2001:4090::/31
2a01:5c8::/32
Signature Algorithm: sha256WithRSAEncryption
ac:61:6a:39:4e:a7:1c:23:5a:51:29:71:7d:b0:3e:b3:e8:a8:
98:35:c8:3e:5d:a7:d2:f7:45:6d:4d:a7:1e:ad:30:3f:80:7c:
2f:e5:2f:bb:34:01:57:67:70:5c:e5:53:47:dc:9f:4d:28:c1:
48:c1:42:ec:db:22:19:0d:a3:af:71:53:c5:57:64:de:7b:f1:
dd:a8:1a:28:0e:67:a2:e1:e8:96:bc:97:e6:7c:f2:e1:17:27:
bf:83:28:58:7e:e6:1a:ad:b5:f0:2c:43:d7:5b:1c:9d:b5:65:
92:06:c6:c8:72:6d:4c:ed:34:42:ed:26:3e:02:e1:0f:e4:3b:
d6:0f:50:15:81:b7:64:fa:15:c9:33:69:5e:09:89:5b:bf:3f:
04:32:a9:82:09:27:b3:1b:33:b7:5c:e8:c4:0d:55:6f:ac:7d:
8c:b8:5c:34:a6:c6:8e:4a:6d:34:b4:83:6e:c6:f4:26:84:00:
f3:f1:3b:51:4b:43:b5:10:61:41:d4:48:29:f8:64:75:4c:02:
81:2d:f5:5c:ff:29:25:3f:ab:7f:f0:01:5c:6f:63:21:2f:5a:
9d:7d:5f:8e:be:41:12:a2:ef:b4:1f:7d:e0:86:9f:f5:92:9c:
50:56:2c:21:68:1d:5b:3f:33:24:7e:f6:67:7c:fd:db:3a:73:
de:01:82:21
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAZwI1xG28dQfqq/kONYlGR0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMWQ3MmFjMDgyNmUwOWJjMGQxN2RkZWU4YmE4N2Q5NzMx
ZGQ0MTMwHhcNMjYwMTI5MDgyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQwYmIyMWRkOGU5MmZkOWUxZDI0OTk3NTMwNTQ5MjBmOTUwYTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNiAQ72BX5MtjbDUtceexHyeRrS8
C2OUHcNnRAWs2jpCYASgEk2I90gylv47opidIctPPbQ2+dCvdixwTUwnB9N/TRcY
jeO1GEdgvj0EyztmlLowbWT6kh+7KhgFh8h4EP4AONE4J0JDJhZ/tdelq7xu98AA
w4TbYqkfreno7gBusNtNFwMFr0LzplCgYD5RI9MNdpC1cw72/1onR6B6EN0IRtuC
HduG4BhsKoi+aBG+tqNqeZqhxm+Ey3r/GiPskdRmmtGkVmWyuTE/bAdWosvYd5Ds
B265I7lo8jAutO1cKRKKo7bEcnawKr4Ffiyd+QXpJQLJW5eVdcjqhoRZTQIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFGVAuyHdjpL9nh0kmXUwVJIPlQp4MB8GA1UdIwQY
MBaAFAodcqwIJuCbwNF93ui6h9lzHdQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2gxeXJBZ200SnZBMFgzZTZMcUgyWE1kMUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC82MzQxZGEtMmIzNC00ZDQ1LTljMTct
OTU4MTEyYTQ4OWE0LzEvWlVDN0lkMk9rdjJlSFNTWmRUQlVrZy1WQ25nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC82MzQxZGEtMmIzNC00ZDQ1LTljMTctOTU4MTEyYTQ4OWE0
LzEvQ2gxeXJBZ200SnZBMFgzZTZMcUgyWE1kMUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBRBAIAATBLAwMBPhoDAwA+
9gMEBE+MsAMEBFBTYAMEAbnSNAMEAsJwEAMEA8JwGAMDAMM0MAwDBAXDPyADBAfD
PwADBAXDTqADAwDDuQMDANSsMBQEAgACMA4DBQEgAUCQAwUAKgEFyDANBgkqhkiG
9w0BAQsFAAOCAQEArGFqOU6nHCNaUSlxfbA+s+iomDXIPl2n0vdFbU2nHq0wP4B8
L+UvuzQBV2dwXOVTR9yfTSjBSMFC7NsiGQ2jr3FTxVdk3nvx3agaKA5nouHolryX
5nzy4Rcnv4MoWH7mGq218CxD11scnbVlkgbGyHJtTO00Qu0mPgLhD+Q71g9QFYG3
ZPoVyTNpXgmJW78/BDKpggknsxszt1zoxA1Vb6x9jLhcNKbGjkptNLSDbsb0JoQA
8/E7UUtDtRBhQdRIKfhkdUwCgS31XP8pJT+rf/ABXG9jIS9anX1fjr5BEqLvtB99
4Iaf9ZKcUFYsIWgdWz8zJH72Z3z92zpz3gGCIQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 14:40:23 2026 by rpki-client