Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/ZbSMtU36ykIrlVNp2VK8NgG5pVE.roa
File: ZbSMtU36ykIrlVNp2VK8NgG5pVE.roa (raw, json)
Hash identifier: sH8ut9Rj+IdHM5ZsAXPpIAl8TDiv4KxH+jfISb7fbXA=
Subject key identifier: 65:B4:8C:B5:4D:FA:CA:42:2B:95:53:69:D9:52:BC:36:01:B9:A5:51
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 019A173028C878BA9E2B9A4EFD5A6749359E
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/ZbSMtU36ykIrlVNp2VK8NgG5pVE.roa
Signing time: Fri 24 Oct 2025 17:07:03 +0000
ROA not before: Fri 24 Oct 2025 17:07:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207023
IP address blocks: 37.97.116.0/22 maxlen: 24
91.229.147.0/24 maxlen: 24
91.232.18.0/24 maxlen: 24
91.234.122.0/23 maxlen: 24
176.116.238.0/23 maxlen: 24
176.118.200.0/22 maxlen: 22
176.118.204.0/22 maxlen: 22
192.162.186.0/23 maxlen: 24
194.33.64.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 06:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:17:30:28:c8:78:ba:9e:2b:9a:4e:fd:5a:67:49:35:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Oct 24 17:07:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=65b48cb54dfaca422b955369d952bc3601b9a551
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:e1:61:1b:34:0a:a5:bb:ba:77:8d:fc:42:91:
9c:14:06:34:9a:23:a6:24:39:b9:85:01:84:17:62:
64:a1:56:29:d3:09:7f:31:f0:66:52:4b:bb:4a:2c:
70:6a:b1:47:14:93:40:d9:ea:79:54:8a:ad:4b:9c:
86:de:6d:4d:61:50:51:50:85:05:9f:93:9c:47:c2:
f4:1d:b7:59:3f:37:8d:12:bb:ee:bc:78:a0:99:67:
0d:c8:a2:09:5b:67:f2:95:78:ed:dd:29:23:cc:46:
df:c6:8f:32:68:89:c1:ea:f9:fc:1c:09:88:13:8b:
c3:cf:11:dd:8e:c3:ea:69:74:c1:6a:cc:a2:50:5b:
55:dd:aa:cc:2d:90:b3:0e:d0:f2:76:34:8c:71:d7:
85:48:61:34:1e:67:35:83:19:61:6e:ee:d7:b1:35:
88:89:dc:c7:2b:06:ce:55:60:9b:32:fd:6d:75:ba:
99:00:b2:15:25:ca:72:10:bf:d7:4c:61:3d:4f:33:
17:bb:c8:ce:93:e6:6b:29:6c:b4:b9:52:3c:09:21:
37:3c:31:e6:ee:54:be:c7:dd:6b:85:43:44:da:4c:
c9:e8:ca:49:e0:d6:16:52:ee:95:be:ac:3f:21:91:
24:b8:56:58:ad:b5:5e:e6:4e:7c:bd:53:d4:0e:fa:
02:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:B4:8C:B5:4D:FA:CA:42:2B:95:53:69:D9:52:BC:36:01:B9:A5:51
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/ZbSMtU36ykIrlVNp2VK8NgG5pVE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.116.0/22
91.229.147.0/24
91.232.18.0/24
91.234.122.0/23
176.116.238.0/23
176.118.200.0/21
192.162.186.0/23
194.33.64.0/23
Signature Algorithm: sha256WithRSAEncryption
4e:78:e1:89:ce:33:cc:3d:0c:9a:89:89:dd:09:6b:df:32:3b:
ba:59:a8:40:d5:e9:4f:3d:c2:f7:9e:c0:d4:67:26:0b:19:72:
27:3c:b5:93:a9:37:24:9b:6f:cd:38:98:5d:8a:47:ac:f5:5b:
dc:60:95:ba:12:74:a6:e9:2a:b6:b8:2e:c8:bc:29:90:c5:3d:
0a:b6:39:87:dd:10:b0:9f:5d:8b:3d:c9:8a:a7:5c:4d:70:b3:
47:b8:6d:93:a1:49:0c:cc:ec:75:f9:a9:0e:ef:61:4d:25:4d:
d4:85:7a:41:3f:ff:f4:7c:44:3f:58:17:5d:c0:30:8c:e2:e6:
97:df:75:60:60:93:9d:f6:10:49:48:53:86:be:8e:82:78:a2:
f8:04:c1:86:58:61:a1:22:98:0f:a1:e9:99:e7:f1:2f:e7:28:
31:9a:ff:42:01:55:0b:38:8d:44:a6:c3:3c:8d:37:40:24:38:
2b:a4:10:36:d9:88:3d:bd:44:df:16:eb:cb:16:1e:24:f3:65:
3a:e0:de:a1:b2:f0:3f:da:2b:3c:0a:54:1b:86:d5:23:7b:51:
18:ed:8d:83:1b:19:46:b4:66:e4:79:bd:e6:16:3a:f6:45:2e:
c7:6c:c7:98:bd:4b:06:92:98:75:40:0f:4d:2c:be:d4:ea:57:
3b:0e:75:6e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZoXMCjIeLqeK5pO/VpnSTWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUxMDI0MTcwNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWI0OGNiNTRkZmFjYTQyMmI5NTUzNjlkOTUyYmMzNjAxYjlhNTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuFhGzQKpbu6d438QpGcFAY0miOm
JDm5hQGEF2JkoVYp0wl/MfBmUku7SixwarFHFJNA2ep5VIqtS5yG3m1NYVBRUIUF
n5OcR8L0HbdZPzeNErvuvHigmWcNyKIJW2fylXjt3SkjzEbfxo8yaInB6vn8HAmI
E4vDzxHdjsPqaXTBasyiUFtV3arMLZCzDtDydjSMcdeFSGE0Hmc1gxlhbu7XsTWI
idzHKwbOVWCbMv1tdbqZALIVJcpyEL/XTGE9TzMXu8jOk+ZrKWy0uVI8CSE3PDHm
7lS+x91rhUNE2kzJ6MpJ4NYWUu6Vvqw/IZEkuFZYrbVe5k58vVPUDvoCewIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGW0jLVN+spCK5VTadlSvDYBuaVRMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvWmJTTXRVMzZ5a0lybFZOcDJWSzhOZ0c1cFZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCJWF0AwQA
W+WTAwQAW+gSAwQBW+p6AwQBsHTuAwQDsHbIAwQBwKK6AwQBwiFAMA0GCSqGSIb3
DQEBCwUAA4IBAQBOeOGJzjPMPQyaiYndCWvfMju6WahA1elPPcL3nsDUZyYLGXIn
PLWTqTckm2/NOJhdikes9VvcYJW6EnSm6Sq2uC7IvCmQxT0KtjmH3RCwn12LPcmK
p1xNcLNHuG2ToUkMzOx1+akO72FNJU3UhXpBP//0fEQ/WBddwDCM4uaX33VgYJOd
9hBJSFOGvo6CeKL4BMGGWGGhIpgPoemZ5/Ev5ygxmv9CAVULOI1EpsM8jTdAJDgr
pBA22Yg9vUTfFuvLFh4k82U64N6hsvA/2is8ClQbhtUje1EY7Y2DGxlGtGbkeb3m
Fjr2RS7HbMeYvUsGkph1QA9NLL7U6lc7DnVu
-----END CERTIFICATE-----
Generated at Tue Oct 28 14:29:32 2025 by rpki-client