Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/PZOfftV6f8xfQlgeHGofh0B3-dE.roa
File: PZOfftV6f8xfQlgeHGofh0B3-dE.roa (raw, json)
Hash identifier: PAfqFF0lvZdGFR1hczCr491bYJa/MQaSSiPyZ4nhKZQ=
Subject key identifier: 3D:93:9F:7E:D5:7A:7F:CC:5F:42:58:1E:1C:6A:1F:87:40:77:F9:D1
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019D42B51C1391717622C4DC6F163103B94F
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/PZOfftV6f8xfQlgeHGofh0B3-dE.roa
Signing time: Tue 31 Mar 2026 07:04:18 +0000
ROA not before: Tue 31 Mar 2026 07:04:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9009
IP address blocks: 192.36.39.0/24 maxlen: 24
192.36.57.0/24 maxlen: 24
192.71.227.0/24 maxlen: 24
192.71.247.0/24 maxlen: 24
192.71.249.0/24 maxlen: 24
192.121.22.0/24 maxlen: 24
192.121.23.0/24 maxlen: 24
192.121.46.0/23 maxlen: 24
192.121.46.0/24 maxlen: 24
192.121.47.0/24 maxlen: 24
192.121.162.0/24 maxlen: 24
192.121.170.0/24 maxlen: 24
194.14.208.0/24 maxlen: 24
194.14.217.0/24 maxlen: 24
194.68.26.0/24 maxlen: 24
194.68.27.0/24 maxlen: 24
194.68.44.0/24 maxlen: 24
194.71.126.0/24 maxlen: 24
194.71.227.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 20:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:42:b5:1c:13:91:71:76:22:c4:dc:6f:16:31:03:b9:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Mar 31 07:04:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3d939f7ed57a7fcc5f42581e1c6a1f874077f9d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:12:c9:91:fd:7e:b6:38:93:48:01:cd:4c:18:
f3:81:11:aa:0b:17:c2:82:5c:5e:15:8a:0a:f9:eb:
f4:21:e5:21:83:a5:65:26:18:2c:06:17:dd:13:f8:
3a:5f:33:ce:77:c3:5f:66:71:2e:ff:eb:b4:fc:d4:
96:ac:b8:d1:ea:ea:b3:f1:79:b9:a1:a6:69:4d:79:
4a:d4:85:b5:78:6e:54:42:6c:81:30:b6:c2:23:c3:
91:49:04:f3:e2:ae:78:bb:3d:1f:2f:fa:70:53:38:
be:bb:bd:31:f3:fd:ea:ea:9b:15:90:90:b0:77:9c:
81:dc:77:18:9c:42:20:40:97:4b:de:13:c5:1e:92:
02:dd:ab:63:6c:2e:31:ef:42:ff:b5:f0:34:de:82:
f2:f8:e5:e0:77:a2:16:f1:53:53:15:22:d3:11:72:
6f:79:33:86:58:0e:9b:d7:8a:07:c5:61:57:bd:75:
10:4e:5f:2b:6b:ce:72:62:72:7f:28:52:da:29:e0:
74:bf:2c:6d:90:41:83:c4:94:59:46:d5:9c:9b:be:
51:35:98:78:bc:c0:19:d6:7d:de:3e:4b:98:43:7a:
02:0d:3f:1e:53:45:4c:26:cf:a7:71:2b:0e:0f:66:
ee:95:98:49:35:b1:b8:d7:35:0e:49:76:04:bb:89:
1f:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:93:9F:7E:D5:7A:7F:CC:5F:42:58:1E:1C:6A:1F:87:40:77:F9:D1
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/PZOfftV6f8xfQlgeHGofh0B3-dE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.39.0/24
192.36.57.0/24
192.71.227.0/24
192.71.247.0/24
192.71.249.0/24
192.121.22.0/23
192.121.46.0/23
192.121.162.0/24
192.121.170.0/24
194.14.208.0/24
194.14.217.0/24
194.68.26.0/23
194.68.44.0/24
194.71.126.0/24
194.71.227.0/24
Signature Algorithm: sha256WithRSAEncryption
40:52:d7:0d:61:d1:50:63:12:92:29:0c:31:a0:cb:52:51:17:
3f:d0:c4:0b:0b:67:af:44:f2:f4:2a:48:27:cf:7d:b3:38:4b:
ed:9f:2d:9d:5e:48:78:68:50:3d:74:ba:67:2c:8b:33:cd:a9:
9f:f1:ad:b0:5a:5f:48:df:cb:50:4a:08:ce:84:81:a5:79:b6:
61:4c:51:f5:28:bb:a2:49:e5:49:8a:c1:03:40:d9:c0:b4:02:
31:bc:ff:8b:13:a5:0d:e7:0a:ed:e9:fb:80:4c:7e:33:fb:e3:
9a:80:7b:71:9a:04:08:2b:e7:9e:f4:47:1e:7d:85:71:c0:2b:
ac:bb:0c:c3:1b:7f:77:9a:8b:89:44:be:a0:cb:58:da:16:28:
10:f9:23:28:d3:bc:61:63:7d:0d:97:23:ab:f0:16:00:00:67:
30:8c:ff:0b:18:83:c0:ff:01:46:72:72:a3:6e:16:a8:92:b5:
e2:ff:3f:8f:96:84:45:69:eb:1c:7b:38:cb:5e:10:d5:fc:02:
54:98:0e:5e:2e:a6:fc:d6:64:0d:21:1f:8a:bc:2d:c5:4f:ff:
79:3c:fc:58:23:92:c0:c2:df:a4:54:3c:7f:3f:52:c0:63:fa:
dc:c4:81:70:34:15:af:29:57:e7:b2:3f:b3:40:3f:f9:fe:db:
c3:0d:d9:c7
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZ1CtRwTkXF2IsTcbxYxA7lPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMzMxMDcwNDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDkzOWY3ZWQ1N2E3ZmNjNWY0MjU4MWUxYzZhMWY4NzQwNzdmOWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hLJkf1+tjiTSAHNTBjzgRGqCxfC
glxeFYoK+ev0IeUhg6VlJhgsBhfdE/g6XzPOd8NfZnEu/+u0/NSWrLjR6uqz8Xm5
oaZpTXlK1IW1eG5UQmyBMLbCI8ORSQTz4q54uz0fL/pwUzi+u70x8/3q6psVkJCw
d5yB3HcYnEIgQJdL3hPFHpIC3atjbC4x70L/tfA03oLy+OXgd6IW8VNTFSLTEXJv
eTOGWA6b14oHxWFXvXUQTl8ra85yYnJ/KFLaKeB0vyxtkEGDxJRZRtWcm75RNZh4
vMAZ1n3ePkuYQ3oCDT8eU0VMJs+ncSsOD2bulZhJNbG41zUOSXYEu4kfawIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFD2Tn37Ven/MX0JYHhxqH4dAd/nRMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvUFpPZmZ0VjZmOHhmUWxnZUhHb2ZoMEIzLWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAwCQnAwQA
wCQ5AwQAwEfjAwQAwEf3AwQAwEf5AwQBwHkWAwQBwHkuAwQAwHmiAwQAwHmqAwQA
wg7QAwQAwg7ZAwQBwkQaAwQAwkQsAwQAwkd+AwQAwkfjMA0GCSqGSIb3DQEBCwUA
A4IBAQBAUtcNYdFQYxKSKQwxoMtSURc/0MQLC2evRPL0Kkgnz32zOEvtny2dXkh4
aFA9dLpnLIszzamf8a2wWl9I38tQSgjOhIGlebZhTFH1KLuiSeVJisEDQNnAtAIx
vP+LE6UN5wrt6fuATH4z++OagHtxmgQIK+ee9EcefYVxwCusuwzDG393mouJRL6g
y1jaFigQ+SMo07xhY30NlyOr8BYAAGcwjP8LGIPA/wFGcnKjbhaokrXi/z+PloRF
aescezjLXhDV/AJUmA5eLqb81mQNIR+KvC3FT/95PPxYI5LAwt+kVDx/P1LAY/rc
xIFwNBWvKVfnsj+zQD/5/tvDDdnH
-----END CERTIFICATE-----
Generated at Fri Apr 17 01:36:44 2026 by rpki-client