Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7s8Zd4ojiKtZ9DGR5Pd0PnhYYoc.roa
File: 7s8Zd4ojiKtZ9DGR5Pd0PnhYYoc.roa (raw, json)
Hash identifier: UzKpuxfOPy68fW95fKfvWl7CL59JMmKXeRepdx93Bls=
Subject key identifier: EE:CF:19:77:8A:23:88:AB:59:F4:31:91:E4:F7:74:3E:78:58:62:87
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 019D75FCE2376E9CCD9F246A1944196A4DAF
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7s8Zd4ojiKtZ9DGR5Pd0PnhYYoc.roa
Signing time: Fri 10 Apr 2026 06:03:20 +0000
ROA not before: Fri 10 Apr 2026 06:03:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 5065
IP address blocks: 2.58.168.0/24 maxlen: 24
2.58.169.0/24 maxlen: 24
77.242.150.0/24 maxlen: 24
77.242.156.0/24 maxlen: 24
77.242.158.0/24 maxlen: 24
83.137.159.0/24 maxlen: 24
88.151.57.0/24 maxlen: 24
88.151.58.0/24 maxlen: 24
88.209.217.0/24 maxlen: 24
92.52.214.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 06:00:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:75:fc:e2:37:6e:9c:cd:9f:24:6a:19:44:19:6a:4d:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Apr 10 06:03:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=eecf19778a2388ab59f43191e4f7743e78586287
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:77:a8:18:b3:ad:51:78:f0:a0:e8:f5:bb:c9:
a8:3e:26:2c:f4:c9:ba:a4:a7:9d:f8:9c:03:f5:3f:
3e:0d:c7:38:84:05:5f:09:10:8e:46:97:7f:37:f9:
ac:6c:0d:c1:27:fa:7b:9b:86:22:02:59:59:d0:07:
f0:ec:84:10:79:37:b7:c5:d8:fb:d6:14:09:67:66:
f7:36:18:cd:ca:1a:cf:0e:0e:9b:af:f9:f8:bd:dc:
dd:cc:4c:fb:ef:bf:52:83:a8:1c:ff:54:d7:ce:0b:
f6:c0:d2:38:b7:c7:17:ec:de:07:58:35:d4:0e:ae:
b9:45:11:93:05:ed:9c:8e:de:66:a3:60:74:ce:d7:
64:69:e1:1e:00:d1:8a:25:a1:4c:59:64:03:80:9f:
ad:e0:d5:a3:09:a4:d7:a6:bd:36:98:bc:02:28:24:
73:87:54:d5:67:60:a8:8b:3e:a7:50:6a:c2:e6:75:
e9:d0:ba:74:38:27:d7:a1:8a:8c:35:9d:80:c1:f7:
4e:5c:fc:4e:1c:32:3a:89:89:a7:92:f5:5c:77:41:
f0:c8:a4:3a:1f:66:74:e5:66:f6:8a:4f:2d:f0:2c:
38:6e:4f:5f:4b:27:09:3b:b0:09:0d:2e:1e:dd:7c:
cc:5b:28:8e:c5:0f:d5:0e:51:f6:ef:e4:ff:03:b0:
5e:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:CF:19:77:8A:23:88:AB:59:F4:31:91:E4:F7:74:3E:78:58:62:87
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7s8Zd4ojiKtZ9DGR5Pd0PnhYYoc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.168.0/23
77.242.150.0/24
77.242.156.0/24
77.242.158.0/24
83.137.159.0/24
88.151.57.0-88.151.58.255
88.209.217.0/24
92.52.214.0/24
Signature Algorithm: sha256WithRSAEncryption
bc:35:a9:4c:9a:93:59:6e:f8:09:f0:1a:b7:0b:ad:48:54:50:
2d:4c:e0:aa:6c:1d:9b:11:21:63:36:5b:d8:c8:fa:43:be:c4:
47:48:68:9b:59:18:55:b3:3a:41:5a:a2:e9:76:9d:3b:ec:42:
a1:05:e3:6d:17:6e:84:4d:81:65:2e:b9:83:a4:8a:be:ac:cd:
64:a2:50:f4:f8:6f:1c:9d:e5:ef:01:e5:9f:15:dc:17:bc:29:
39:51:0e:29:4d:fe:57:a8:94:ab:26:e7:cd:47:e9:34:2a:06:
ea:16:e4:90:98:92:20:8d:e1:b3:6f:27:70:72:75:0a:88:bd:
90:18:02:33:7e:5c:fe:00:5b:ff:dc:c9:3e:69:8d:24:8e:53:
6d:5e:29:67:c1:dd:90:c6:ea:93:26:be:57:f4:76:39:dd:ae:
17:37:95:2b:6b:90:2a:a7:fd:33:16:58:d0:3d:0f:5f:6b:6a:
b9:97:4a:cb:1f:8b:94:a4:ce:76:19:05:d7:db:64:06:9c:46:
c5:e2:90:24:70:bd:09:0f:9f:d6:d1:55:3d:f6:6a:c7:6c:31:
58:79:a8:4f:f9:f6:8f:c8:8d:7e:98:cc:c4:b3:c6:44:21:51:
7a:d6:1a:d1:a2:7a:93:38:53:49:b9:5d:9e:49:41:95:8e:5b:
2f:8f:18:b2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZ11/OI3bpzNnyRqGUQZak2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjYwNDEwMDYwMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWNmMTk3NzhhMjM4OGFiNTlmNDMxOTFlNGY3NzQzZTc4NTg2Mjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0neoGLOtUXjwoOj1u8moPiYs9Mm6
pKed+JwD9T8+Dcc4hAVfCRCORpd/N/msbA3BJ/p7m4YiAllZ0Afw7IQQeTe3xdj7
1hQJZ2b3NhjNyhrPDg6br/n4vdzdzEz7779Sg6gc/1TXzgv2wNI4t8cX7N4HWDXU
Dq65RRGTBe2cjt5mo2B0ztdkaeEeANGKJaFMWWQDgJ+t4NWjCaTXpr02mLwCKCRz
h1TVZ2Coiz6nUGrC5nXp0Lp0OCfXoYqMNZ2AwfdOXPxOHDI6iYmnkvVcd0HwyKQ6
H2Z05Wb2ik8t8Cw4bk9fSycJO7AJDS4e3XzMWyiOxQ/VDlH27+T/A7BeKQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFO7PGXeKI4irWfQxkeT3dD54WGKHMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvN3M4WmQ0b2ppS3RaOURHUjVQZDBQbmhZWW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBAjqoAwQA
TfKWAwQATfKcAwQATfKeAwQAU4mfMAwDBABYlzkDBABYlzoDBABY0dkDBABcNNYw
DQYJKoZIhvcNAQELBQADggEBALw1qUyak1lu+AnwGrcLrUhUUC1M4KpsHZsRIWM2
W9jI+kO+xEdIaJtZGFWzOkFaoul2nTvsQqEF420XboRNgWUuuYOkir6szWSiUPT4
bxyd5e8B5Z8V3Be8KTlRDilN/leolKsm581H6TQqBuoW5JCYkiCN4bNvJ3BydQqI
vZAYAjN+XP4AW//cyT5pjSSOU21eKWfB3ZDG6pMmvlf0djndrhc3lStrkCqn/TMW
WNA9D19rarmXSssfi5SkznYZBdfbZAacRsXikCRwvQkPn9bRVT32asdsMVh5qE/5
9o/IjX6YzMSzxkQhUXrWGtGiepM4U0m5XZ5JQZWOWy+PGLI=
-----END CERTIFICATE-----
Generated at Fri Apr 17 11:18:45 2026 by rpki-client