Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/NT-Zm1ShmF3l8FG3GB31c5rrrUs.roa
File: NT-Zm1ShmF3l8FG3GB31c5rrrUs.roa (raw, json)
Hash identifier: dLEUj9+Kag2jCJRLQ27uAAHKwQ4/KzeJgESDq/N6rA4=
Subject key identifier: 35:3F:99:9B:54:A1:98:5D:E5:F0:51:B7:18:1D:F5:73:9A:EB:AD:4B
Certificate issuer: /CN=4b98127943e7175734964010c89ef821416a31b3
Certificate serial: 019D67EA5D0D568E8515E87ABE3314B1689D
Authority key identifier: 4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/NT-Zm1ShmF3l8FG3GB31c5rrrUs.roa
Signing time: Tue 07 Apr 2026 12:28:25 +0000
ROA not before: Tue 07 Apr 2026 12:28:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 31.64.0.0/14 maxlen: 14
31.68.0.0/15 maxlen: 15
31.71.0.0/16 maxlen: 16
31.72.0.0/13 maxlen: 13
31.99.64.0/18 maxlen: 18
31.99.128.0/18 maxlen: 18
31.99.208.0/20 maxlen: 20
31.99.224.0/19 maxlen: 19
91.110.128.0/17 maxlen: 17
178.98.0.0/15 maxlen: 15
178.107.32.0/19 maxlen: 19
178.107.64.0/18 maxlen: 18
178.107.128.0/17 maxlen: 17
185.102.192.0/22 maxlen: 22
185.102.196.0/22 maxlen: 22
185.102.200.0/22 maxlen: 22
194.36.212.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.crl
rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.mft
rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 08 Apr 2026 12:28:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:67:ea:5d:0d:56:8e:85:15:e8:7a:be:33:14:b1:68:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b98127943e7175734964010c89ef821416a31b3
Validity
Not Before: Apr 7 12:28:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=353f999b54a1985de5f051b7181df5739aebad4b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:a5:0d:37:5f:72:70:4d:69:6d:93:7f:85:e0:
f8:7c:75:2a:3c:39:a7:59:04:bf:6c:42:1c:96:8d:
79:1b:39:f7:72:8c:3a:bc:d2:dd:ea:44:06:d1:ce:
77:9d:6c:36:d1:5d:f0:1d:a3:38:e6:70:15:84:13:
2e:77:7f:cc:17:c9:63:7e:31:3e:b0:17:86:ca:6c:
c0:b1:14:f1:59:6c:82:e4:92:c3:0b:24:c5:2c:44:
b5:c1:8a:81:1b:d5:05:87:b8:53:f5:ae:13:13:e6:
f9:84:bc:41:78:ae:69:56:05:0d:c8:75:e0:76:bd:
e5:24:9c:05:91:dc:ff:18:2c:8b:60:af:72:e8:23:
cb:a3:d1:37:c1:24:85:fc:f4:ce:f7:d1:b1:de:81:
1c:dc:44:48:37:74:76:bb:c6:ae:d4:ad:d9:49:85:
a3:f9:8e:1d:81:12:c2:bc:60:d3:c6:0e:18:84:6d:
d2:7e:83:bf:cc:a6:14:24:01:8c:27:fb:d3:40:4b:
f7:f2:67:f7:7c:a6:3a:a0:47:41:a1:75:8e:1c:55:
33:c5:cc:cd:85:b6:15:dc:b6:36:b7:a5:b5:7d:cc:
a9:4f:ab:9a:60:bf:99:3c:95:44:bf:f3:4f:7d:81:
85:f8:65:56:a9:08:75:93:1b:53:94:8e:04:2b:89:
66:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:3F:99:9B:54:A1:98:5D:E5:F0:51:B7:18:1D:F5:73:9A:EB:AD:4B
X509v3 Authority Key Identifier:
keyid:4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/NT-Zm1ShmF3l8FG3GB31c5rrrUs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.64.0.0-31.69.255.255
31.71.0.0-31.79.255.255
31.99.64.0-31.99.191.255
31.99.208.0-31.99.255.255
91.110.128.0/17
178.98.0.0/15
178.107.32.0-178.107.255.255
185.102.192.0-185.102.203.255
194.36.212.0/22
Signature Algorithm: sha256WithRSAEncryption
0a:ba:f4:9e:de:dc:fb:70:67:1e:f5:03:06:3f:b3:8f:7e:3b:
5d:1d:aa:a3:b5:cd:90:bd:73:c7:00:a2:7d:be:48:f0:c0:32:
16:bb:eb:2d:28:3a:ca:7f:b6:9d:51:eb:6d:e1:18:5a:c1:1f:
4f:75:39:a2:5a:dc:d0:b0:cd:fc:59:10:4b:fb:00:c5:5a:1f:
ce:81:70:7c:7e:79:3c:c2:1f:2e:fa:73:b0:92:93:7d:4d:f3:
c5:22:f7:01:f7:40:b9:f9:4f:1a:70:da:4a:61:33:a0:6c:fb:
64:ac:e9:46:d8:1b:e0:c1:77:bb:95:ae:5d:bf:6b:15:ef:25:
71:ca:99:da:a9:f6:5f:38:49:cf:f1:eb:d8:40:c3:1f:c8:d0:
8f:da:90:7a:c3:c0:41:bb:59:54:eb:aa:4f:21:b0:e0:19:74:
54:fc:ff:d4:b5:0a:58:54:4b:d3:2e:35:15:d8:94:d4:78:7a:
bb:51:cb:b0:b4:de:97:6a:bb:29:46:b2:ad:e4:b1:80:07:0d:
14:a6:e2:73:2c:14:63:72:4c:a4:4c:95:69:cd:65:9e:58:cc:
99:dd:9f:d6:da:3a:e2:d2:69:51:d1:af:6c:3b:53:85:63:c5:
29:3f:d2:3f:82:73:78:74:19:b0:06:85:9a:3c:7c:35:4e:8e:
c5:f5:94:70
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZ1n6l0NVo6FFeh6vjMUsWidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTgxMjc5NDNlNzE3NTczNDk2NDAxMGM4OWVmODIxNDE2
YTMxYjMwHhcNMjYwNDA3MTIyODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTNmOTk5YjU0YTE5ODVkZTVmMDUxYjcxODFkZjU3MzlhZWJhZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKUNN19ycE1pbZN/heD4fHUqPDmn
WQS/bEIclo15Gzn3cow6vNLd6kQG0c53nWw20V3wHaM45nAVhBMud3/MF8ljfjE+
sBeGymzAsRTxWWyC5JLDCyTFLES1wYqBG9UFh7hT9a4TE+b5hLxBeK5pVgUNyHXg
dr3lJJwFkdz/GCyLYK9y6CPLo9E3wSSF/PTO99Gx3oEc3ERIN3R2u8au1K3ZSYWj
+Y4dgRLCvGDTxg4YhG3SfoO/zKYUJAGMJ/vTQEv38mf3fKY6oEdBoXWOHFUzxczN
hbYV3LY2t6W1fcypT6uaYL+ZPJVEv/NPfYGF+GVWqQh1kxtTlI4EK4lmdwIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFDU/mZtUoZhd5fBRtxgd9XOa661LMB8GA1UdIwQY
MBaAFEuYEnlD5xdXNJZAEMie+CFBajGzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2Njgt
NjIxNzkyZjdlNTZhLzEvTlQtWm0xU2htRjNsOEZHM0dCMzFjNXJyclVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2NjgtNjIxNzkyZjdlNTZh
LzEvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBlBAIAATBfMAoDAwYfQAMD
AR9EMAoDAwAfRwMDBB9AMAwDBAYfY0ADBAYfY4AwCwMEBB9j0AMDAh9gAwQHW26A
AwMBsmIwCwMEBbJrIAMDArJoMAwDBAa5ZsADBAK5ZsgDBALCJNQwDQYJKoZIhvcN
AQELBQADggEBAAq69J7e3PtwZx71AwY/s49+O10dqqO1zZC9c8cAon2+SPDAMha7
6y0oOsp/tp1R623hGFrBH091OaJa3NCwzfxZEEv7AMVaH86BcHx+eTzCHy76c7CS
k31N88Ui9wH3QLn5Txpw2kphM6Bs+2Ss6UbYG+DBd7uVrl2/axXvJXHKmdqp9l84
Sc/x69hAwx/I0I/akHrDwEG7WVTrqk8hsOAZdFT8/9S1ClhUS9MuNRXYlNR4ertR
y7C03pdquylGsq3ksYAHDRSm4nMsFGNyTKRMlWnNZZ5YzJndn9baOuLSaVHRr2w7
U4VjxSk/0j+Cc3h0GbAGhZo8fDVOjsX1lHA=
-----END CERTIFICATE-----
Generated at Tue Apr 7 19:41:53 2026 by rpki-client