Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/ZM3NnUF6UrHsYWg874QSJMv3LVQ.roa
File: ZM3NnUF6UrHsYWg874QSJMv3LVQ.roa (raw, json)
Hash identifier: U0mmm5WylI1aW5jQ5uN9xR9+rLvFkZvRgOuHb7F4UHs=
Subject key identifier: 64:CD:CD:9D:41:7A:52:B1:EC:61:68:3C:EF:84:12:24:CB:F7:2D:54
Certificate issuer: /CN=7a8bae923305a71c526a6fcf57c29d6c16a4269e
Certificate serial: 019CD89776F30B0938BE0B1E4A7B5B1EE18A
Authority key identifier: 7A:8B:AE:92:33:05:A7:1C:52:6A:6F:CF:57:C2:9D:6C:16:A4:26:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eouukjMFpxxSam_PV8KdbBakJp4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/ZM3NnUF6UrHsYWg874QSJMv3LVQ.roa
Signing time: Tue 10 Mar 2026 16:32:10 +0000
ROA not before: Tue 10 Mar 2026 16:32:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 55201
IP address blocks: 2a10:da40::/29 maxlen: 48
2a10:dbc0::/29 maxlen: 48
2a10:dc40::/29 maxlen: 48
2a10:dcc0::/29 maxlen: 48
2a10:dd40::/29 maxlen: 48
2a10:ddc0::/29 maxlen: 48
2a10:de40::/29 maxlen: 48
2a10:dec0::/29 maxlen: 48
2a12:4d80::/29 maxlen: 48
2a12:b280::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/eouukjMFpxxSam_PV8KdbBakJp4.crl
rsync://rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/eouukjMFpxxSam_PV8KdbBakJp4.mft
rsync://rpki.ripe.net/repository/DEFAULT/eouukjMFpxxSam_PV8KdbBakJp4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Mar 2026 07:00:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d8:97:76:f3:0b:09:38:be:0b:1e:4a:7b:5b:1e:e1:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7a8bae923305a71c526a6fcf57c29d6c16a4269e
Validity
Not Before: Mar 10 16:32:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=64cdcd9d417a52b1ec61683cef841224cbf72d54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:ad:e5:86:89:dc:4d:e2:78:50:e1:b3:e5:97:
09:fb:05:24:38:d5:aa:b1:89:62:f6:26:22:67:5c:
de:4d:1e:fc:f1:c1:dc:01:ea:16:34:e8:91:ae:04:
37:16:c8:39:1e:fa:9e:3c:a2:71:22:27:9c:95:31:
f3:1d:39:ba:ed:ae:11:41:7d:db:65:f9:3f:8a:6d:
e5:17:4b:3c:de:3b:47:a2:7f:e0:96:b7:26:b4:f9:
e8:2c:9e:9a:25:9b:c0:c4:a2:d9:bf:a6:11:69:3f:
b5:37:e6:8d:bf:08:7d:b8:6e:37:99:73:4a:31:f4:
36:f1:8a:ec:65:e6:5e:6c:5a:1a:a6:55:85:05:91:
01:83:24:b1:2a:15:7a:db:e1:2e:ba:bf:52:51:80:
21:6f:93:bc:87:0e:87:7d:f1:70:10:49:fc:11:73:
42:94:ea:73:22:86:60:a6:0c:be:87:3d:bd:9e:96:
82:be:40:34:12:5f:cc:81:6d:59:8d:7c:3d:f5:9d:
42:cd:ae:f8:e7:65:bd:50:ab:02:8a:02:b2:ca:e5:
b4:65:9a:83:60:69:b9:c2:e0:96:cc:2f:f1:2b:f3:
4b:a0:1b:a6:6f:aa:d8:ee:ba:13:6e:ff:f1:2a:2d:
49:26:ec:b1:50:57:25:08:56:4f:55:f9:28:a5:83:
48:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:CD:CD:9D:41:7A:52:B1:EC:61:68:3C:EF:84:12:24:CB:F7:2D:54
X509v3 Authority Key Identifier:
keyid:7A:8B:AE:92:33:05:A7:1C:52:6A:6F:CF:57:C2:9D:6C:16:A4:26:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eouukjMFpxxSam_PV8KdbBakJp4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/ZM3NnUF6UrHsYWg874QSJMv3LVQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/eouukjMFpxxSam_PV8KdbBakJp4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a10:da40::/29
2a10:dbc0::/29
2a10:dc40::/29
2a10:dcc0::/29
2a10:dd40::/29
2a10:ddc0::/29
2a10:de40::/29
2a10:dec0::/29
2a12:4d80::/29
2a12:b280::/29
Signature Algorithm: sha256WithRSAEncryption
7a:74:06:99:48:24:8b:5d:ce:0c:dc:06:c2:03:b4:18:58:ef:
4c:b6:5b:a6:1e:6e:1e:8e:fb:44:27:4e:8b:a4:2b:69:e3:27:
8a:8c:b9:02:11:2f:56:db:97:99:54:b8:8b:b4:74:a5:32:26:
a1:60:87:4e:ff:d2:09:05:52:15:c2:ef:f9:d4:99:8b:f5:c6:
bc:c6:ee:3e:0d:14:16:a2:c8:e8:1e:2c:4d:bd:53:f6:17:d8:
a6:35:e7:11:40:f0:8b:16:7d:5c:7d:79:a8:3c:21:62:57:d6:
48:4d:0f:81:cc:e8:0b:47:3d:10:d6:d3:6f:39:f6:6d:52:a6:
a3:6e:f0:6a:43:33:3a:83:76:19:75:96:ee:05:d3:63:0c:c3:
99:f6:56:bb:ca:73:77:ef:fb:8a:6b:68:b7:29:e5:5d:5c:43:
32:0c:d0:2e:03:1b:64:8b:e4:6a:21:11:ef:2c:50:10:93:06:
73:4b:bc:a8:ad:9a:0b:80:2e:d9:2d:b8:2a:31:95:f7:09:ad:
42:41:a3:66:7d:8d:15:83:0e:5d:26:c1:4a:e8:9f:c3:81:1c:
42:6c:2d:f8:9c:89:c6:ec:a6:32:0a:53:33:8f:37:2f:da:72:
0e:75:6b:82:5a:f3:76:91:ac:2c:07:cb:25:00:f4:0e:0a:cb:
e0:65:85:b6
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZzYl3bzCwk4vgseSntbHuGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhOGJhZTkyMzMwNWE3MWM1MjZhNmZjZjU3YzI5ZDZjMTZh
NDI2OWUwHhcNMjYwMzEwMTYzMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGNkY2Q5ZDQxN2E1MmIxZWM2MTY4M2NlZjg0MTIyNGNiZjcyZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAta3lhoncTeJ4UOGz5ZcJ+wUkONWq
sYli9iYiZ1zeTR788cHcAeoWNOiRrgQ3Fsg5HvqePKJxIieclTHzHTm67a4RQX3b
Zfk/im3lF0s83jtHon/glrcmtPnoLJ6aJZvAxKLZv6YRaT+1N+aNvwh9uG43mXNK
MfQ28YrsZeZebFoaplWFBZEBgySxKhV62+Euur9SUYAhb5O8hw6HffFwEEn8EXNC
lOpzIoZgpgy+hz29npaCvkA0El/MgW1ZjXw99Z1Cza7452W9UKsCigKyyuW0ZZqD
YGm5wuCWzC/xK/NLoBumb6rY7roTbv/xKi1JJuyxUFclCFZPVfkopYNIHQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFGTNzZ1BelKx7GFoPO+EEiTL9y1UMB8GA1UdIwQY
MBaAFHqLrpIzBaccUmpvz1fCnWwWpCaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZW91dWtqTUZweHhTYW1fUFY4S2RiQmFrSnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yYTFlNWMtMTAxMC00MDk4LTk0Yzkt
ZGUwYzU3MGJhODUwLzEvWk0zTm5VRjZVckhzWVdnODc0UVNKTXYzTFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yYTFlNWMtMTAxMC00MDk4LTk0YzktZGUwYzU3MGJhODUw
LzEvZW91dWtqTUZweHhTYW1fUFY4S2RiQmFrSnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUDKhDaQAMF
AyoQ28ADBQMqENxAAwUDKhDcwAMFAyoQ3UADBQMqEN3AAwUDKhDeQAMFAyoQ3sAD
BQMqEk2AAwUDKhKygDANBgkqhkiG9w0BAQsFAAOCAQEAenQGmUgki13ODNwGwgO0
GFjvTLZbph5uHo77RCdOi6QraeMnioy5AhEvVtuXmVS4i7R0pTImoWCHTv/SCQVS
FcLv+dSZi/XGvMbuPg0UFqLI6B4sTb1T9hfYpjXnEUDwixZ9XH15qDwhYlfWSE0P
gczoC0c9ENbTbzn2bVKmo27wakMzOoN2GXWW7gXTYwzDmfZWu8pzd+/7imtotynl
XVxDMgzQLgMbZIvkaiER7yxQEJMGc0u8qK2aC4Au2S24KjGV9wmtQkGjZn2NFYMO
XSbBSuifw4EcQmwt+JyJxuymMgpTM483L9pyDnVrglrzdpGsLAfLJQD0DgrL4GWF
tg==
-----END CERTIFICATE-----
Generated at Fri Mar 13 17:27:12 2026 by rpki-client