Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/Z2r7taNlksaIA_BapGfcq-AzfPY.roa
File: Z2r7taNlksaIA_BapGfcq-AzfPY.roa (raw, json)
Hash identifier: tSioYRJgqg/vsE95GOMs+XL7xqTRy7Mtz6dqflcuUTY=
Subject key identifier: 67:6A:FB:B5:A3:65:92:C6:88:03:F0:5A:A4:67:DC:AB:E0:33:7C:F6
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019D4F884CB386A3FBF56B0B643F6C2500A7
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/Z2r7taNlksaIA_BapGfcq-AzfPY.roa
Signing time: Thu 02 Apr 2026 18:50:25 +0000
ROA not before: Thu 02 Apr 2026 18:50:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 15830
IP address blocks: 137.31.38.0/24 maxlen: 24
137.31.39.0/24 maxlen: 24
137.31.40.0/24 maxlen: 24
137.31.41.0/24 maxlen: 24
137.31.42.0/24 maxlen: 24
159.254.25.0/24 maxlen: 24
159.254.26.0/24 maxlen: 24
159.254.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 15:27:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:4f:88:4c:b3:86:a3:fb:f5:6b:0b:64:3f:6c:25:00:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Apr 2 18:50:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=676afbb5a36592c68803f05aa467dcabe0337cf6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:84:81:2e:b8:8a:30:fd:87:e9:e1:c1:d8:5b:
5d:39:ea:4b:0c:5f:24:5e:fb:e4:67:a3:a3:3b:cc:
86:de:a8:61:f1:93:87:f1:c5:ec:fb:c2:18:29:3c:
6a:dd:aa:eb:b0:00:12:53:2f:14:7f:68:bb:cb:90:
84:af:8b:03:a4:46:e2:88:fd:4a:88:68:46:c6:18:
1c:c4:80:9b:bd:72:21:88:97:71:d4:37:00:ff:85:
ce:b8:5e:4a:25:e5:42:ab:01:56:97:b2:9f:2e:c2:
80:00:eb:8f:71:42:1c:ad:25:eb:32:66:d4:15:e2:
82:93:af:0f:f4:95:ab:e2:41:0a:a8:c7:1c:60:f3:
e6:be:4c:78:bd:2a:ed:06:35:23:87:27:59:cb:ac:
f1:14:58:83:28:01:fa:7c:39:3e:9f:49:43:1b:b6:
e9:44:89:77:8b:44:a2:40:ea:27:fe:62:55:57:f5:
e6:09:b2:64:af:a8:5f:75:1a:ce:9f:cb:a5:9b:ef:
b4:e1:9b:e3:7d:eb:af:23:09:d6:e4:74:dc:e6:5c:
6f:7f:bf:03:f9:ac:ba:4e:ef:3f:12:62:e1:3f:8f:
a1:d8:36:c0:63:08:cc:c3:57:6e:1d:59:8f:ab:4d:
db:f4:0c:f1:0c:d3:09:cd:67:ee:b1:be:a8:17:2f:
64:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:6A:FB:B5:A3:65:92:C6:88:03:F0:5A:A4:67:DC:AB:E0:33:7C:F6
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/Z2r7taNlksaIA_BapGfcq-AzfPY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
137.31.38.0-137.31.42.255
159.254.25.0-159.254.26.255
159.254.28.0/24
Signature Algorithm: sha256WithRSAEncryption
95:c7:1a:09:07:7a:7a:3a:80:f9:54:fd:3b:66:79:a3:a3:2f:
36:fa:14:4c:7d:0e:1a:05:af:f7:b0:9d:5a:37:8d:fc:67:ab:
77:89:c2:f9:29:22:b0:5d:9a:b8:73:b4:9b:73:3f:31:7d:23:
6c:2e:1e:af:66:db:af:97:4a:51:68:be:03:c1:89:7b:b5:57:
91:44:6e:30:04:8f:70:2b:93:ed:f9:ec:68:8b:24:83:da:c2:
e4:06:61:7d:ce:f5:95:c4:d1:a3:1e:e2:53:2c:be:1c:4b:44:
29:c0:c5:9c:7f:e2:50:23:8d:53:db:a1:2a:67:cb:b6:9f:4e:
f1:ab:74:1d:c5:5c:9d:46:fa:60:27:3a:c0:88:31:f4:02:73:
ca:70:ce:20:d7:3d:ea:60:46:8c:23:06:2e:af:33:6c:ec:b8:
9a:75:70:a9:ad:9a:52:2c:c8:b8:d4:eb:22:4d:67:ca:59:8a:
6e:37:72:93:a6:fc:c3:56:1c:36:3a:c7:a3:1e:e1:b6:3c:78:
12:9d:c5:e6:11:88:0b:fc:37:e6:03:1b:3d:80:95:70:13:36:
9f:0f:66:3b:29:b9:7f:e2:a6:72:60:f0:65:33:c6:f0:e5:a0:
b4:3a:1f:6d:a2:3c:cc:d4:d3:a6:a3:a1:a7:1d:4a:38:02:99:
f4:54:3b:6a
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZ1PiEyzhqP79WsLZD9sJQCnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjYwNDAyMTg1MDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzZhZmJiNWEzNjU5MmM2ODgwM2YwNWFhNDY3ZGNhYmUwMzM3Y2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoISBLriKMP2H6eHB2FtdOepLDF8k
XvvkZ6OjO8yG3qhh8ZOH8cXs+8IYKTxq3arrsAASUy8Uf2i7y5CEr4sDpEbiiP1K
iGhGxhgcxICbvXIhiJdx1DcA/4XOuF5KJeVCqwFWl7KfLsKAAOuPcUIcrSXrMmbU
FeKCk68P9JWr4kEKqMccYPPmvkx4vSrtBjUjhydZy6zxFFiDKAH6fDk+n0lDG7bp
RIl3i0SiQOon/mJVV/XmCbJkr6hfdRrOn8ulm++04ZvjfeuvIwnW5HTc5lxvf78D
+ay6Tu8/EmLhP4+h2DbAYwjMw1duHVmPq03b9AzxDNMJzWfusb6oFy9kAwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFGdq+7WjZZLGiAPwWqRn3KvgM3z2MB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvWjJyN3RhTmxrc2FJQV9CYXBHZmNxLUF6ZlBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAGJHyYD
BACJHyowDAMEAJ/+GQMEAJ/+GgMEAJ/+HDANBgkqhkiG9w0BAQsFAAOCAQEAlcca
CQd6ejqA+VT9O2Z5o6MvNvoUTH0OGgWv97CdWjeN/Gerd4nC+SkisF2auHO0m3M/
MX0jbC4er2bbr5dKUWi+A8GJe7VXkURuMASPcCuT7fnsaIskg9rC5AZhfc71lcTR
ox7iUyy+HEtEKcDFnH/iUCONU9uhKmfLtp9O8at0HcVcnUb6YCc6wIgx9AJzynDO
INc96mBGjCMGLq8zbOy4mnVwqa2aUizIuNTrIk1nylmKbjdyk6b8w1YcNjrHox7h
tjx4Ep3F5hGIC/w35gMbPYCVcBM2nw9mOym5f+KmcmDwZTPG8OWgtDofbaI8zNTT
pqOhpx1KOAKZ9FQ7ag==
-----END CERTIFICATE-----
Generated at Sat Apr 18 00:57:19 2026 by rpki-client