Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/360fdd-76ae-41f1-98c0-2b275043719f/1/ZZTFmfbdMQ6snkjprGV8Heyn37E.roa
File: ZZTFmfbdMQ6snkjprGV8Heyn37E.roa (raw, json)
Hash identifier: lKKyBMRX1vPM6siDs8lqYfEIzSGcaMWz+LcZio2IfVk=
Subject key identifier: 65:94:C5:99:F6:DD:31:0E:AC:9E:48:E9:AC:65:7C:1D:EC:A7:DF:B1
Certificate issuer: /CN=cc5911433ba206f450ac9bd065c86c96608401c1
Certificate serial: 019D359D59CBF2C0CD3250C45562145A9C1F
Authority key identifier: CC:59:11:43:3B:A2:06:F4:50:AC:9B:D0:65:C8:6C:96:60:84:01:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zFkRQzuiBvRQrJvQZchslmCEAcE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/360fdd-76ae-41f1-98c0-2b275043719f/1/ZZTFmfbdMQ6snkjprGV8Heyn37E.roa
Signing time: Sat 28 Mar 2026 18:03:17 +0000
ROA not before: Sat 28 Mar 2026 18:03:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13002
IP address blocks: 194.0.104.0/24 maxlen: 24
194.0.107.0/24 maxlen: 24
213.159.96.0/19 maxlen: 19
213.159.113.0/24 maxlen: 24
213.159.118.0/24 maxlen: 24
213.159.119.0/24 maxlen: 24
213.159.122.0/24 maxlen: 24
213.159.124.0/24 maxlen: 24
213.159.125.0/24 maxlen: 24
213.159.127.0/24 maxlen: 24
2a0a:c400:100::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2a/360fdd-76ae-41f1-98c0-2b275043719f/1/zFkRQzuiBvRQrJvQZchslmCEAcE.crl
rsync://rpki.ripe.net/repository/DEFAULT/2a/360fdd-76ae-41f1-98c0-2b275043719f/1/zFkRQzuiBvRQrJvQZchslmCEAcE.mft
rsync://rpki.ripe.net/repository/DEFAULT/zFkRQzuiBvRQrJvQZchslmCEAcE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Mar 2026 12:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:35:9d:59:cb:f2:c0:cd:32:50:c4:55:62:14:5a:9c:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cc5911433ba206f450ac9bd065c86c96608401c1
Validity
Not Before: Mar 28 18:03:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6594c599f6dd310eac9e48e9ac657c1deca7dfb1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:95:14:2b:15:ef:1d:39:8f:7e:83:3b:40:de:
83:b7:ed:af:66:d4:a7:4a:52:ed:92:23:e0:0b:72:
48:ce:db:d5:fa:88:c2:36:22:f7:30:78:a2:50:b2:
86:2e:0a:a0:2c:01:54:db:b8:0e:01:6a:1c:57:d6:
16:be:b5:a6:61:4b:f0:49:51:30:c9:17:26:7b:dc:
e3:ec:e1:b7:c8:98:41:b7:a5:81:38:e7:92:ce:fc:
7f:2d:67:4f:2f:88:e9:cc:b3:17:aa:44:c6:84:9a:
b0:6d:e2:51:d6:8b:a2:f7:54:eb:f2:9c:67:28:17:
53:f8:ea:9b:dc:4d:4e:df:03:d6:c2:ca:6a:32:f3:
ac:8a:2f:46:b8:cc:98:34:d7:78:00:9b:c0:af:8a:
1e:4c:09:0d:38:36:a1:7f:ef:fb:af:e4:f6:cd:a7:
74:eb:b2:0e:36:67:7d:38:f2:4b:34:56:ef:65:d6:
85:90:32:aa:28:b0:dd:8e:44:85:b9:5d:94:8a:cd:
39:95:f6:77:a6:20:8f:8d:e5:b0:4a:cf:15:4d:99:
8f:d3:ee:9e:e6:31:06:b9:06:ab:59:9a:43:16:f6:
42:14:05:06:5d:ed:ee:a2:bb:21:1b:5e:80:99:90:
cf:38:b6:41:98:75:64:bc:4b:5a:2d:68:cf:3a:02:
62:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:94:C5:99:F6:DD:31:0E:AC:9E:48:E9:AC:65:7C:1D:EC:A7:DF:B1
X509v3 Authority Key Identifier:
keyid:CC:59:11:43:3B:A2:06:F4:50:AC:9B:D0:65:C8:6C:96:60:84:01:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zFkRQzuiBvRQrJvQZchslmCEAcE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/360fdd-76ae-41f1-98c0-2b275043719f/1/ZZTFmfbdMQ6snkjprGV8Heyn37E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/360fdd-76ae-41f1-98c0-2b275043719f/1/zFkRQzuiBvRQrJvQZchslmCEAcE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.0.104.0/24
194.0.107.0/24
213.159.96.0/19
IPv6:
2a0a:c400:100::/40
Signature Algorithm: sha256WithRSAEncryption
8e:90:53:98:44:ed:ff:47:f1:fa:b2:69:78:51:a1:04:c1:c4:
e3:b8:0f:b0:f6:e7:a3:f4:fe:a9:aa:8f:0b:fa:5d:c6:37:bc:
ef:7c:61:d2:bb:f8:bf:d1:cc:df:ea:68:a4:0b:62:8a:dc:4f:
88:e4:be:f6:f6:c2:0d:a9:06:c0:c5:31:50:6c:c3:02:40:04:
8a:92:44:ae:fb:7b:aa:18:4e:ec:b4:43:92:c2:82:f2:7d:60:
e5:5f:fc:a4:45:95:f0:02:ab:aa:d5:3b:f0:86:00:6d:5f:23:
c2:3b:f4:d3:86:ea:15:6d:32:85:86:28:96:c0:75:7b:c8:3e:
70:2d:d1:c2:66:3e:16:a6:6c:94:1b:f9:c4:ea:1f:86:13:b7:
da:d3:d1:b1:f4:80:5e:fa:79:cd:e4:80:20:fc:f4:47:da:9a:
22:61:44:62:45:2c:fc:cf:1c:79:f0:90:df:b2:cf:34:a5:5d:
09:d8:c1:2b:0b:23:32:35:9a:1a:4e:3e:8b:96:3a:83:a8:25:
00:81:52:29:e5:0f:0e:78:6a:10:a3:6a:49:66:d1:79:62:52:
96:29:53:c7:a0:1f:69:0d:97:36:21:37:88:d3:48:66:0c:a6:
10:9f:f2:98:5e:03:83:c2:7b:e1:22:a9:15:e3:b7:a2:7e:22:
d1:86:75:08
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZ01nVnL8sDNMlDEVWIUWpwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNTkxMTQzM2JhMjA2ZjQ1MGFjOWJkMDY1Yzg2Yzk2NjA4
NDAxYzEwHhcNMjYwMzI4MTgwMzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTk0YzU5OWY2ZGQzMTBlYWM5ZTQ4ZTlhYzY1N2MxZGVjYTdkZmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JUUKxXvHTmPfoM7QN6Dt+2vZtSn
SlLtkiPgC3JIztvV+ojCNiL3MHiiULKGLgqgLAFU27gOAWocV9YWvrWmYUvwSVEw
yRcme9zj7OG3yJhBt6WBOOeSzvx/LWdPL4jpzLMXqkTGhJqwbeJR1oui91Tr8pxn
KBdT+Oqb3E1O3wPWwspqMvOsii9GuMyYNNd4AJvAr4oeTAkNODahf+/7r+T2zad0
67IONmd9OPJLNFbvZdaFkDKqKLDdjkSFuV2Uis05lfZ3piCPjeWwSs8VTZmP0+6e
5jEGuQarWZpDFvZCFAUGXe3uorshG16AmZDPOLZBmHVkvEtaLWjPOgJiLQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFGWUxZn23TEOrJ5I6axlfB3sp9+xMB8GA1UdIwQY
MBaAFMxZEUM7ogb0UKyb0GXIbJZghAHBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekZrUlF6dWlCdlJRckp2UVpjaHNsbUNFQWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zNjBmZGQtNzZhZS00MWYxLTk4YzAt
MmIyNzUwNDM3MTlmLzEvWlpURm1mYmRNUTZzbmtqcHJHVjhIZXluMzdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zNjBmZGQtNzZhZS00MWYxLTk4YzAtMmIyNzUwNDM3MTlm
LzEvekZrUlF6dWlCdlJRckp2UVpjaHNsbUNFQWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAYBAIAATASAwQAwgBoAwQA
wgBrAwQF1Z9gMA4EAgACMAgDBgAqCsQAATANBgkqhkiG9w0BAQsFAAOCAQEAjpBT
mETt/0fx+rJpeFGhBMHE47gPsPbno/T+qaqPC/pdxje873xh0rv4v9HM3+popAti
itxPiOS+9vbCDakGwMUxUGzDAkAEipJErvt7qhhO7LRDksKC8n1g5V/8pEWV8AKr
qtU78IYAbV8jwjv004bqFW0yhYYolsB1e8g+cC3RwmY+FqZslBv5xOofhhO32tPR
sfSAXvp5zeSAIPz0R9qaImFEYkUs/M8cefCQ37LPNKVdCdjBKwsjMjWaGk4+i5Y6
g6glAIFSKeUPDnhqEKNqSWbReWJSlilTx6AfaQ2XNiE3iNNIZgymEJ/ymF4Dg8J7
4SKpFeO3on4i0YZ1CA==
-----END CERTIFICATE-----
Generated at Sun Mar 29 19:49:48 2026 by rpki-client