Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/SzookzV0kvbV2uV2WuzBzsdzDN0.roa
File: SzookzV0kvbV2uV2WuzBzsdzDN0.roa (raw, json)
Hash identifier: 305744fYy853yhsc/+Jcw6ozr6ihNDOG9TribOS/z2s=
Subject key identifier: 4B:3A:28:93:35:74:92:F6:D5:DA:E5:76:5A:EC:C1:CE:C7:73:0C:DD
Certificate issuer: /CN=ad1d2a562c7db21151b4a0926b8d6feeacef8857
Certificate serial: 019C70DACB3452752ECB82F68E7E545FB2F1
Authority key identifier: AD:1D:2A:56:2C:7D:B2:11:51:B4:A0:92:6B:8D:6F:EE:AC:EF:88:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/SzookzV0kvbV2uV2WuzBzsdzDN0.roa
Signing time: Wed 18 Feb 2026 13:05:12 +0000
ROA not before: Wed 18 Feb 2026 13:05:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 12859
IP address blocks: 91.230.244.0/23 maxlen: 24
91.233.105.0/24 maxlen: 24
185.63.152.0/22 maxlen: 24
185.84.140.0/22 maxlen: 24
185.103.172.0/22 maxlen: 24
194.33.112.0/23 maxlen: 24
2a03:7e0::/32 maxlen: 64
2a05:a640::/29 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.crl
rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.mft
rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 06:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:70:da:cb:34:52:75:2e:cb:82:f6:8e:7e:54:5f:b2:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ad1d2a562c7db21151b4a0926b8d6feeacef8857
Validity
Not Before: Feb 18 13:05:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4b3a2893357492f6d5dae5765aecc1cec7730cdd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:90:49:02:25:c3:50:6a:1d:b0:87:b5:56:85:
2d:3e:a5:bd:cf:c9:db:94:7f:d2:d4:cb:6e:8a:ed:
88:3d:6e:b5:57:ee:bc:08:99:f8:69:90:70:3b:54:
80:ee:20:8a:03:ca:cd:eb:6d:34:59:5d:19:79:f3:
e8:f6:8f:8a:46:69:07:8a:59:75:99:9f:66:f5:61:
fb:c3:78:f6:38:73:c9:03:8e:c6:11:a2:80:5a:78:
7f:51:6e:2a:eb:81:8e:0c:ff:ae:0a:cf:51:5b:f3:
6e:1c:07:ba:ea:16:92:43:81:05:f4:cc:6b:14:11:
42:d6:c5:09:4c:20:fb:fc:ac:0c:31:ef:94:df:e7:
b2:6e:72:f2:c4:2d:31:f3:03:63:48:18:12:44:49:
e7:dc:0b:ff:b5:00:1f:56:71:bb:31:3c:85:f2:a4:
1a:29:39:01:ec:f8:9c:32:71:17:e6:34:f1:7c:0f:
be:5d:ac:4e:72:29:47:b4:a9:20:c3:ea:73:32:c6:
65:e4:48:ef:0b:77:4d:c0:d9:e0:78:63:51:5d:f4:
e1:bf:84:41:3e:ec:09:d2:71:3d:28:11:bd:2b:bc:
7e:c6:34:de:f2:08:a7:2c:e5:d0:88:cb:14:c9:8a:
d6:10:a9:fc:87:b4:2a:6a:f6:8e:a0:0f:9a:73:aa:
5f:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:3A:28:93:35:74:92:F6:D5:DA:E5:76:5A:EC:C1:CE:C7:73:0C:DD
X509v3 Authority Key Identifier:
keyid:AD:1D:2A:56:2C:7D:B2:11:51:B4:A0:92:6B:8D:6F:EE:AC:EF:88:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/SzookzV0kvbV2uV2WuzBzsdzDN0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.230.244.0/23
91.233.105.0/24
185.63.152.0/22
185.84.140.0/22
185.103.172.0/22
194.33.112.0/23
IPv6:
2a03:7e0::/32
2a05:a640::/29
Signature Algorithm: sha256WithRSAEncryption
32:1c:5f:55:3a:ef:9d:16:ff:8d:2a:6a:e8:ce:8e:72:50:9a:
3a:13:e1:ee:42:f5:91:51:a6:13:35:00:8b:95:a0:49:47:8b:
36:45:ec:80:91:95:c1:17:94:19:0e:3f:5f:73:d3:df:71:fd:
48:77:b1:df:c9:40:1b:59:40:c9:ec:b7:da:08:58:cb:d4:9d:
16:39:27:7e:a6:6c:ce:47:29:51:0e:aa:47:b0:79:66:5e:eb:
ce:4a:f8:e2:35:c5:4c:81:4e:c4:e3:3f:9f:2f:20:aa:bd:b8:
57:d3:f0:ff:e7:ab:30:93:84:2c:55:08:2c:1d:05:70:55:78:
42:ce:fb:1e:1e:c1:09:76:2c:f6:8d:91:83:9c:df:97:2c:c7:
b8:c8:37:cf:c5:2d:bf:af:04:42:a7:e1:66:7d:63:c0:b3:18:
35:85:d8:6f:14:d1:1e:26:c8:f6:fd:6a:64:d8:b9:34:53:09:
41:f4:26:45:a2:a9:3c:7c:b2:49:c0:d7:2c:e1:a3:20:6e:44:
4a:26:90:ce:c3:41:6e:af:26:7a:7a:b1:fc:19:21:13:56:be:
20:89:0f:29:e6:1b:df:46:19:5b:c2:02:8e:bd:fd:e9:ad:5a:
9a:56:02:34:00:fc:9c:63:ca:d8:a2:20:59:8d:d7:31:a5:c4:
26:06:2e:04
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZxw2ss0UnUuy4L2jn5UX7LxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMWQyYTU2MmM3ZGIyMTE1MWI0YTA5MjZiOGQ2ZmVlYWNl
Zjg4NTcwHhcNMjYwMjE4MTMwNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjNhMjg5MzM1NzQ5MmY2ZDVkYWU1NzY1YWVjYzFjZWM3NzMwY2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5BJAiXDUGodsIe1VoUtPqW9z8nb
lH/S1Mtuiu2IPW61V+68CJn4aZBwO1SA7iCKA8rN6200WV0ZefPo9o+KRmkHill1
mZ9m9WH7w3j2OHPJA47GEaKAWnh/UW4q64GODP+uCs9RW/NuHAe66haSQ4EF9Mxr
FBFC1sUJTCD7/KwMMe+U3+eybnLyxC0x8wNjSBgSREnn3Av/tQAfVnG7MTyF8qQa
KTkB7PicMnEX5jTxfA++XaxOcilHtKkgw+pzMsZl5EjvC3dNwNngeGNRXfThv4RB
PuwJ0nE9KBG9K7x+xjTe8ginLOXQiMsUyYrWEKn8h7QqavaOoA+ac6pf4wIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFEs6KJM1dJL21drldlrswc7HcwzdMB8GA1UdIwQY
MBaAFK0dKlYsfbIRUbSgkmuNb+6s74hXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclIwcVZpeDlzaEZSdEtDU2E0MXY3cXp2aUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS84M2FjZDctNWUxYS00OWY5LWI0MDkt
MzI5MzZjM2E0YTlkLzEvU3pvb2t6VjBrdmJWMnVWMld1ekJ6c2R6RE4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS84M2FjZDctNWUxYS00OWY5LWI0MDktMzI5MzZjM2E0YTlk
LzEvclIwcVZpeDlzaEZSdEtDU2E0MXY3cXp2aUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQBW+b0AwQA
W+lpAwQCuT+YAwQCuVSMAwQCuWesAwQBwiFwMBQEAgACMA4DBQAqAwfgAwUDKgWm
QDANBgkqhkiG9w0BAQsFAAOCAQEAMhxfVTrvnRb/jSpq6M6OclCaOhPh7kL1kVGm
EzUAi5WgSUeLNkXsgJGVwReUGQ4/X3PT33H9SHex38lAG1lAyey32ghYy9SdFjkn
fqZszkcpUQ6qR7B5Zl7rzkr44jXFTIFOxOM/ny8gqr24V9Pw/+erMJOELFUILB0F
cFV4Qs77Hh7BCXYs9o2Rg5zflyzHuMg3z8Utv68EQqfhZn1jwLMYNYXYbxTRHibI
9v1qZNi5NFMJQfQmRaKpPHyyScDXLOGjIG5ESiaQzsNBbq8menqx/BkhE1a+IIkP
KeYb30YZW8ICjr396a1amlYCNAD8nGPK2KIgWY3XMaXEJgYuBA==
-----END CERTIFICATE-----
Generated at Sun Mar 1 16:24:19 2026 by rpki-client