Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/z4NQNKVm6yPErYn2MF0joNOAjb8.roa
File: z4NQNKVm6yPErYn2MF0joNOAjb8.roa (raw, json)
Hash identifier: uYdkE7Gen/nXRx3uYSu0lTx+P8/il8mwRP5bhcvXxeQ=
Subject key identifier: CF:83:50:34:A5:66:EB:23:C4:AD:89:F6:30:5D:23:A0:D3:80:8D:BF
Certificate issuer: /CN=ae52db82090b343f89f7c637cf41a94bcfd4346a
Certificate serial: 019D85DFA6CD9577DA66282CFFE5C8F39C8F
Authority key identifier: AE:52:DB:82:09:0B:34:3F:89:F7:C6:37:CF:41:A9:4B:CF:D4:34:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rlLbggkLND-J98Y3z0GpS8_UNGo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/z4NQNKVm6yPErYn2MF0joNOAjb8.roa
Signing time: Mon 13 Apr 2026 08:05:20 +0000
ROA not before: Mon 13 Apr 2026 08:05:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34674
IP address blocks: 128.140.176.0/21 maxlen: 21
128.140.176.0/22 maxlen: 22
128.140.176.0/23 maxlen: 23
128.140.178.0/23 maxlen: 23
128.140.180.0/22 maxlen: 22
128.140.180.0/23 maxlen: 23
128.140.182.0/23 maxlen: 23
128.140.184.0/23 maxlen: 23
128.140.184.0/24 maxlen: 24
128.140.185.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/rlLbggkLND-J98Y3z0GpS8_UNGo.crl
rsync://rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/rlLbggkLND-J98Y3z0GpS8_UNGo.mft
rsync://rpki.ripe.net/repository/DEFAULT/rlLbggkLND-J98Y3z0GpS8_UNGo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 11:01:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:85:df:a6:cd:95:77:da:66:28:2c:ff:e5:c8:f3:9c:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ae52db82090b343f89f7c637cf41a94bcfd4346a
Validity
Not Before: Apr 13 08:05:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cf835034a566eb23c4ad89f6305d23a0d3808dbf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:9e:40:a6:69:22:7b:52:15:12:57:71:25:5b:
e0:46:33:89:a9:3a:87:2b:00:05:8a:c0:21:a9:17:
22:1f:c3:4a:45:c6:c0:47:cb:45:3f:16:b5:ef:69:
93:92:b2:e2:e5:84:ea:8a:73:56:a3:cf:86:d5:8b:
25:59:46:37:89:73:ee:1b:84:1a:e6:ce:80:8a:a3:
88:27:82:a7:0c:32:80:05:25:b8:ab:c2:97:ee:de:
63:95:f2:f7:c6:a9:32:1a:e3:1f:d3:8f:d8:6e:06:
10:f2:f3:18:c6:c4:a2:1f:d2:55:ec:41:8b:15:44:
3e:6b:5e:50:6a:96:d6:63:b6:9b:28:d6:24:cc:3d:
12:95:54:d0:1c:ed:45:d7:0f:d1:83:b2:bd:12:87:
69:76:7c:60:f0:59:22:0b:f8:4c:4f:a9:4c:48:e0:
89:61:01:be:9e:b8:1c:ed:1d:04:0d:bf:95:f4:c6:
d1:bb:61:28:f1:cf:bf:8d:d8:a6:82:5b:69:ae:14:
87:fc:d1:07:96:7e:62:de:9d:a1:d3:df:c5:f7:d4:
7c:1e:d6:df:e3:03:68:12:06:c8:7f:f3:e0:a7:b2:
28:a9:fb:3d:d6:94:57:5e:4d:ef:61:7a:53:f2:c6:
2f:b4:28:b7:0e:8f:61:18:dd:0d:e0:80:b3:df:19:
09:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:83:50:34:A5:66:EB:23:C4:AD:89:F6:30:5D:23:A0:D3:80:8D:BF
X509v3 Authority Key Identifier:
keyid:AE:52:DB:82:09:0B:34:3F:89:F7:C6:37:CF:41:A9:4B:CF:D4:34:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rlLbggkLND-J98Y3z0GpS8_UNGo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/z4NQNKVm6yPErYn2MF0joNOAjb8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/rlLbggkLND-J98Y3z0GpS8_UNGo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
128.140.176.0-128.140.185.255
Signature Algorithm: sha256WithRSAEncryption
4b:ba:a9:9f:95:01:85:96:e7:7c:38:2d:51:0c:00:b7:06:b2:
3a:a4:d6:c4:82:34:a9:c9:a6:d0:b5:15:31:58:e8:72:c2:7a:
ca:4b:74:4a:2c:d8:d2:c3:90:60:7b:57:48:73:c7:5c:94:d3:
b5:63:06:77:90:a4:d1:b6:49:c8:9a:17:0b:54:c5:c7:63:32:
c6:c9:61:03:06:66:73:16:46:4e:18:43:16:2d:08:2b:9a:6e:
2f:f3:e7:5a:90:c4:87:be:33:61:1b:7c:99:6e:71:02:54:d6:
8f:24:03:4f:47:37:d1:16:36:2c:e7:9c:bd:50:a9:af:4d:13:
57:23:83:d4:53:b6:8e:6f:ae:4c:c7:d5:ad:c8:7f:20:53:a9:
39:f1:34:06:1f:fa:2e:24:3c:e9:14:ef:c8:9b:fd:25:f4:3d:
ca:ad:f6:db:36:24:c7:aa:9a:33:1e:75:12:00:05:0f:a3:c2:
ef:11:8b:a6:81:cb:5e:1e:b5:b7:41:5c:a9:9d:a0:c6:c4:dc:
56:bd:8a:1b:1b:7e:8b:3f:24:d0:ad:fa:a3:c9:a9:54:82:57:
54:0e:b1:ed:e6:e0:79:ee:ca:05:65:9a:32:19:41:66:77:ab:
a2:d9:dd:00:84:28:29:42:65:bc:f7:b1:8a:62:61:4e:df:ce:
cc:4a:b4:44
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ2F36bNlXfaZigs/+XI85yPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNTJkYjgyMDkwYjM0M2Y4OWY3YzYzN2NmNDFhOTRiY2Zk
NDM0NmEwHhcNMjYwNDEzMDgwNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjgzNTAzNGE1NjZlYjIzYzRhZDg5ZjYzMDVkMjNhMGQzODA4ZGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp5Apmkie1IVEldxJVvgRjOJqTqH
KwAFisAhqRciH8NKRcbAR8tFPxa172mTkrLi5YTqinNWo8+G1YslWUY3iXPuG4Qa
5s6AiqOIJ4KnDDKABSW4q8KX7t5jlfL3xqkyGuMf04/YbgYQ8vMYxsSiH9JV7EGL
FUQ+a15QapbWY7abKNYkzD0SlVTQHO1F1w/Rg7K9Eodpdnxg8FkiC/hMT6lMSOCJ
YQG+nrgc7R0EDb+V9MbRu2Eo8c+/jdimgltprhSH/NEHln5i3p2h09/F99R8Htbf
4wNoEgbIf/Pgp7Ioqfs91pRXXk3vYXpT8sYvtCi3Do9hGN0N4ICz3xkJlQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM+DUDSlZusjxK2J9jBdI6DTgI2/MB8GA1UdIwQY
MBaAFK5S24IJCzQ/iffGN89BqUvP1DRqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmxMYmdna0xORC1KOThZM3owR3BTOF9VTkdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9iY2YxNjctYjYxOC00OGQzLTlhNGUt
ZDdiNjA2M2RjYTM3LzEvejROUU5LVm02eVBFclluMk1GMGpvTk9BamI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9iY2YxNjctYjYxOC00OGQzLTlhNGUtZDdiNjA2M2RjYTM3
LzEvcmxMYmdna0xORC1KOThZM3owR3BTOF9VTkdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBASAjLAD
BAGAjLgwDQYJKoZIhvcNAQELBQADggEBAEu6qZ+VAYWW53w4LVEMALcGsjqk1sSC
NKnJptC1FTFY6HLCespLdEos2NLDkGB7V0hzx1yU07VjBneQpNG2SciaFwtUxcdj
MsbJYQMGZnMWRk4YQxYtCCuabi/z51qQxIe+M2EbfJlucQJU1o8kA09HN9EWNizn
nL1Qqa9NE1cjg9RTto5vrkzH1a3IfyBTqTnxNAYf+i4kPOkU78ib/SX0Pcqt9ts2
JMeqmjMedRIABQ+jwu8Ri6aBy14etbdBXKmdoMbE3Fa9ihsbfos/JNCt+qPJqVSC
V1QOse3m4HnuygVlmjIZQWZ3q6LZ3QCEKClCZbz3sYpiYU7fzsxKtEQ=
-----END CERTIFICATE-----
Generated at Fri Apr 17 20:59:39 2026 by rpki-client