Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/ZvQi868EflLttDRykRDA1OBXRp4.roa
File: ZvQi868EflLttDRykRDA1OBXRp4.roa (raw, json)
Hash identifier: bX09g7Zjgjvk10oVgY7EjrNBLmlrtkdPpGExQkKmVyM=
Subject key identifier: 66:F4:22:F3:AF:04:7E:52:ED:B4:34:72:91:10:C0:D4:E0:57:46:9E
Certificate issuer: /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial: 019E6335479F8BD6A742AF0542840BB04824
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/ZvQi868EflLttDRykRDA1OBXRp4.roa
Signing time: Tue 26 May 2026 07:34:56 +0000
ROA not before: Tue 26 May 2026 07:34:56 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197834
IP address blocks: 109.75.32.0/23 maxlen: 24
109.75.32.0/24 maxlen: 24
109.75.33.0/24 maxlen: 24
176.32.192.0/21 maxlen: 21
176.32.192.0/24 maxlen: 24
176.32.193.0/24 maxlen: 24
176.32.194.0/24 maxlen: 24
176.32.195.0/24 maxlen: 24
176.32.196.0/24 maxlen: 24
176.32.197.0/24 maxlen: 24
176.32.198.0/24 maxlen: 24
176.32.199.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Jun 2026 01:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:63:35:47:9f:8b:d6:a7:42:af:05:42:84:0b:b0:48:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
Validity
Not Before: May 26 07:34:56 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=66f422f3af047e52edb434729110c0d4e057469e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:ee:4d:3f:3d:68:fc:68:d5:0e:6d:ad:99:95:
77:41:92:12:43:bf:d6:84:27:6d:ca:a2:7d:d0:31:
4f:f2:1b:a2:ae:18:8a:c9:fc:a6:bf:6e:b5:00:b7:
7d:70:df:6f:eb:52:f8:3c:ce:75:43:92:4f:b5:dd:
1e:3c:75:b6:a7:82:8e:da:5c:40:51:dd:5c:24:b3:
68:cf:8c:b3:64:0e:0f:a8:59:bc:0f:b8:80:dd:4f:
b1:a0:88:03:8a:4f:3e:f1:cd:b5:52:d8:28:f9:35:
c2:e5:c0:f0:f2:51:cf:dd:f1:37:d0:91:66:4a:92:
7a:b9:78:0d:83:2e:5c:14:ca:6d:51:60:0b:98:86:
3d:4d:c1:64:ba:cf:25:75:af:e1:48:cd:b0:f7:07:
e3:28:c9:dd:7f:4f:05:f8:be:c0:6c:ac:75:b7:0f:
fe:70:50:58:c1:9f:dc:99:46:1b:49:e7:13:2d:9c:
de:60:6d:7c:2e:ca:14:b5:05:86:00:15:5b:fd:ee:
f0:63:23:14:d2:c2:80:e4:14:5d:7a:49:31:f7:a0:
bc:29:d5:1b:e7:0a:8f:d4:54:fe:6a:62:2b:28:c6:
92:e9:d1:86:48:c1:36:6e:3b:eb:dd:d3:91:66:ff:
1f:65:32:dc:7d:c9:df:23:79:cf:22:43:18:70:59:
a4:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:F4:22:F3:AF:04:7E:52:ED:B4:34:72:91:10:C0:D4:E0:57:46:9E
X509v3 Authority Key Identifier:
keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/ZvQi868EflLttDRykRDA1OBXRp4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.75.32.0/23
176.32.192.0/21
Signature Algorithm: sha256WithRSAEncryption
22:60:cd:0f:92:08:a7:83:0a:f2:3b:ed:65:ab:e5:e2:91:db:
22:20:69:f3:ae:be:f9:7e:f8:d3:26:a0:53:c1:65:92:64:fd:
d8:c4:c0:b2:22:f2:e0:34:d1:4a:1f:91:f7:f0:04:f7:f6:8f:
d6:3d:d3:f7:c4:09:22:27:a8:74:2e:00:e9:3b:fa:e2:5f:dd:
73:b8:8e:17:a6:51:eb:49:a4:64:08:64:24:d2:00:b5:f9:95:
7b:b3:b3:db:a5:70:59:e7:ee:04:88:e2:63:41:82:4f:f3:c3:
21:00:70:6e:3b:0f:bf:74:40:16:0a:ff:04:62:d6:6b:c8:d1:
64:17:2e:22:20:2d:70:2e:5c:95:1d:73:ec:5f:8f:e4:ac:3b:
ae:7a:66:12:76:e7:be:46:8f:7e:de:89:53:ba:ae:7a:f9:52:
c0:e7:79:2c:26:1f:fb:8f:ec:f5:b1:76:a5:22:b6:0b:51:c4:
31:26:cb:8a:f2:e7:45:fe:aa:60:64:c7:1e:4c:51:63:b5:21:
ec:bc:54:3e:94:d2:e9:6e:ae:bd:12:d6:be:fc:15:f8:60:f5:
ff:0b:62:ad:cb:c6:23:00:34:57:3d:ad:a7:1e:76:7b:8e:6b:
ef:14:86:c2:2f:09:e2:b4:99:2d:9e:86:14:0d:cf:7f:fb:bb:
ad:36:50:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5jNUefi9anQq8FQoQLsEgkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjYwNTI2MDczNDU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmY0MjJmM2FmMDQ3ZTUyZWRiNDM0NzI5MTEwYzBkNGUwNTc0NjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvu5NPz1o/GjVDm2tmZV3QZISQ7/W
hCdtyqJ90DFP8huirhiKyfymv261ALd9cN9v61L4PM51Q5JPtd0ePHW2p4KO2lxA
Ud1cJLNoz4yzZA4PqFm8D7iA3U+xoIgDik8+8c21Utgo+TXC5cDw8lHP3fE30JFm
SpJ6uXgNgy5cFMptUWALmIY9TcFkus8lda/hSM2w9wfjKMndf08F+L7AbKx1tw/+
cFBYwZ/cmUYbSecTLZzeYG18LsoUtQWGABVb/e7wYyMU0sKA5BRdekkx96C8KdUb
5wqP1FT+amIrKMaS6dGGSME2bjvr3dORZv8fZTLcfcnfI3nPIkMYcFmkswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGb0IvOvBH5S7bQ0cpEQwNTgV0aeMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvWnZRaTg2OEVmbEx0dERSeWtSREExT0JYUnA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBbUsgAwQD
sCDAMA0GCSqGSIb3DQEBCwUAA4IBAQAiYM0PkgingwryO+1lq+XikdsiIGnzrr75
fvjTJqBTwWWSZP3YxMCyIvLgNNFKH5H38AT39o/WPdP3xAkiJ6h0LgDpO/riX91z
uI4XplHrSaRkCGQk0gC1+ZV7s7PbpXBZ5+4EiOJjQYJP88MhAHBuOw+/dEAWCv8E
YtZryNFkFy4iIC1wLlyVHXPsX4/krDuuemYSdue+Ro9+3olTuq56+VLA53ksJh/7
j+z1sXalIrYLUcQxJsuK8udF/qpgZMceTFFjtSHsvFQ+lNLpbq69Eta+/BX4YPX/
C2Kty8YjADRXPa2nHnZ7jmvvFIbCLwnitJktnoYUDc9/+7utNlDa
-----END CERTIFICATE-----
Generated at Wed Jun 17 10:39:53 2026 by rpki-client