Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/ZaUpH66Vsau2pi4E9-JxtQL4Ugk.roa
File: ZaUpH66Vsau2pi4E9-JxtQL4Ugk.roa (raw, json)
Hash identifier: 5jkuZaWjiWaof3s8WP///20zxRF9XyokcKKTG2txPU8=
Subject key identifier: 65:A5:29:1F:AE:95:B1:AB:B6:A6:2E:04:F7:E2:71:B5:02:F8:52:09
Certificate issuer: /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial: 019DA264133D285ED6A51C62CDBF7E445657
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/ZaUpH66Vsau2pi4E9-JxtQL4Ugk.roa
Signing time: Sat 18 Apr 2026 20:59:20 +0000
ROA not before: Sat 18 Apr 2026 20:59:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3320
IP address blocks: 87.76.171.0/24 maxlen: 24
87.76.172.0/24 maxlen: 24
87.76.174.0/24 maxlen: 24
87.76.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:a2:64:13:3d:28:5e:d6:a5:1c:62:cd:bf:7e:44:56:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
Validity
Not Before: Apr 18 20:59:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=65a5291fae95b1abb6a62e04f7e271b502f85209
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:93:51:a0:53:70:a9:f2:d3:25:7e:8c:3d:17:
43:54:53:47:d1:ab:5a:40:6c:6e:c7:3d:05:80:90:
a0:47:a5:ef:9b:0f:c5:9a:b4:46:6a:bc:9a:5b:b7:
91:d6:3f:93:a1:29:84:16:1c:a8:d0:ed:69:1d:b5:
d6:e7:bf:f8:ee:0e:f7:60:35:61:4f:7e:f4:e2:49:
2f:dc:37:31:17:bc:1b:ba:9f:51:84:9e:bc:62:9f:
74:04:d1:6b:0c:c1:45:f3:4e:92:2c:68:50:a9:6c:
0b:6f:ee:2f:fc:f1:c6:6b:b0:b2:68:5f:97:9b:d0:
fd:7c:4c:05:43:0e:8d:ba:2d:02:e3:b6:9a:70:81:
ad:db:f3:55:d6:33:ed:bf:1c:5f:18:b5:fd:6e:75:
8d:ad:59:71:bf:e4:ef:b8:38:b1:6e:54:ea:a3:44:
fa:57:7e:f2:e5:00:e1:f7:57:10:a7:1d:7f:19:67:
0d:25:00:ad:82:2d:c2:6f:c6:f8:e7:4e:71:33:07:
f6:79:3a:04:ee:76:77:cd:c1:4a:43:a0:fb:56:62:
d4:bf:95:46:e3:b1:82:ee:1e:ff:5a:e6:19:ca:35:
42:f4:9b:ff:46:15:3a:cf:1a:8c:69:a8:21:3a:f9:
8b:b6:61:b0:c6:86:90:aa:06:62:6d:17:df:51:d4:
42:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:A5:29:1F:AE:95:B1:AB:B6:A6:2E:04:F7:E2:71:B5:02:F8:52:09
X509v3 Authority Key Identifier:
keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/ZaUpH66Vsau2pi4E9-JxtQL4Ugk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.76.171.0-87.76.172.255
87.76.174.0/23
Signature Algorithm: sha256WithRSAEncryption
28:5a:11:fa:6b:60:d1:29:e7:35:a5:d5:e8:aa:d4:15:1b:12:
9c:79:de:04:df:24:ec:a3:fd:e8:21:c4:20:74:ca:5f:bb:ac:
e8:4f:59:a3:61:25:77:bf:25:26:81:21:f6:0a:69:72:75:61:
6e:34:5b:0e:2e:33:f0:ca:b6:08:e4:8a:44:e0:32:4e:c8:15:
a8:e0:a0:48:ea:bb:a5:25:04:46:80:93:5f:93:97:37:43:7a:
b9:90:10:02:53:1a:8c:4d:02:ab:99:83:9f:d4:43:ed:7c:54:
79:75:69:cc:f6:d3:98:c6:2c:9c:9b:94:8b:58:68:81:2e:81:
31:d4:0c:c2:d3:9f:73:dd:f1:e9:7f:21:f3:e5:8b:f7:d7:67:
3b:fb:9c:99:43:e5:22:b8:8a:33:18:1b:f6:54:ab:14:68:31:
56:72:43:fb:47:c0:55:a3:0d:0e:06:a5:66:76:2a:89:9c:80:
42:cf:ef:c6:7b:d3:ac:87:de:dc:e0:85:fa:b1:28:0f:d7:86:
9b:40:fc:61:59:33:3b:10:a1:15:76:72:20:7e:12:3f:9f:82:
41:c2:b2:26:40:0e:4c:ef:4d:2d:2b:3c:f6:9b:2d:d0:23:6f:
40:f8:25:fc:b0:c0:e6:8b:a3:96:66:f5:09:91:27:3a:b4:3c:
21:9f:18:18
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ2iZBM9KF7WpRxizb9+RFZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNDE4MjA1OTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWE1MjkxZmFlOTViMWFiYjZhNjJlMDRmN2UyNzFiNTAyZjg1MjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpNRoFNwqfLTJX6MPRdDVFNH0ata
QGxuxz0FgJCgR6Xvmw/FmrRGaryaW7eR1j+ToSmEFhyo0O1pHbXW57/47g73YDVh
T3704kkv3DcxF7wbup9RhJ68Yp90BNFrDMFF806SLGhQqWwLb+4v/PHGa7CyaF+X
m9D9fEwFQw6Nui0C47aacIGt2/NV1jPtvxxfGLX9bnWNrVlxv+TvuDixblTqo0T6
V37y5QDh91cQpx1/GWcNJQCtgi3Cb8b4505xMwf2eToE7nZ3zcFKQ6D7VmLUv5VG
47GC7h7/WuYZyjVC9Jv/RhU6zxqMaaghOvmLtmGwxoaQqgZibRffUdRCSQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGWlKR+ulbGrtqYuBPficbUC+FIJMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvWmFVcEg2NlZzYXUycGk0RTktSnh0UUw0VWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABXTKsD
BABXTKwDBAFXTK4wDQYJKoZIhvcNAQELBQADggEBAChaEfprYNEp5zWl1eiq1BUb
Epx53gTfJOyj/eghxCB0yl+7rOhPWaNhJXe/JSaBIfYKaXJ1YW40Ww4uM/DKtgjk
ikTgMk7IFajgoEjqu6UlBEaAk1+TlzdDermQEAJTGoxNAquZg5/UQ+18VHl1acz2
05jGLJyblItYaIEugTHUDMLTn3Pd8el/IfPli/fXZzv7nJlD5SK4ijMYG/ZUqxRo
MVZyQ/tHwFWjDQ4GpWZ2KomcgELP78Z706yH3tzghfqxKA/XhptA/GFZMzsQoRV2
ciB+Ej+fgkHCsiZADkzvTS0rPPabLdAjb0D4JfywwOaLo5Zm9QmRJzq0PCGfGBg=
-----END CERTIFICATE-----
Generated at Sun Apr 19 11:12:25 2026 by rpki-client