Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/zszDY8EXcW-NR0428bjppMBC0l8.roa
File: zszDY8EXcW-NR0428bjppMBC0l8.roa (raw, json)
Hash identifier: bccTrdZww9/RmWqt/6W5qfbow/tDyIJgG1Aw75wfKK8=
Subject key identifier: CE:CC:C3:63:C1:17:71:6F:8D:47:4E:36:F1:B8:E9:A4:C0:42:D2:5F
Certificate issuer: /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial: 019DA3D5F2B1D9ED0DADF7FDE5BE62958116
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/zszDY8EXcW-NR0428bjppMBC0l8.roa
Signing time: Sun 19 Apr 2026 03:43:20 +0000
ROA not before: Sun 19 Apr 2026 03:43:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209178
IP address blocks: 103.100.168.0/24 maxlen: 24
185.233.19.0/24 maxlen: 24
185.235.165.0/24 maxlen: 24
2a06:da40::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Apr 2026 09:01:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:a3:d5:f2:b1:d9:ed:0d:ad:f7:fd:e5:be:62:95:81:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Validity
Not Before: Apr 19 03:43:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ceccc363c117716f8d474e36f1b8e9a4c042d25f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:c9:71:70:eb:03:0f:a9:e2:56:4d:96:36:fa:
1a:80:b8:31:a6:21:dc:a2:61:d5:0d:15:89:85:8e:
63:aa:b9:39:eb:72:0b:d0:81:a3:51:5d:5a:6a:78:
3a:4d:ba:f8:da:aa:1f:e5:b8:66:5b:97:b2:78:da:
14:78:b4:14:47:99:5e:7d:dc:db:34:9a:2c:91:de:
1a:ea:af:01:95:73:40:3b:92:f4:ea:13:93:be:65:
57:57:7a:3b:54:4a:07:0d:00:30:36:e9:05:f8:25:
ff:6f:b5:8a:ab:b3:43:cc:46:6b:52:87:a2:4c:d2:
ba:56:1c:42:83:79:6f:aa:ab:4c:af:01:18:44:de:
d7:b0:1a:c1:31:97:b1:6d:7c:a8:b1:f9:c0:1a:da:
ad:40:64:76:91:ef:2e:8f:c8:fb:9b:1a:b0:4e:d9:
a1:76:8f:73:ec:f1:7b:25:50:fe:ac:dd:b2:c8:8f:
30:79:56:fa:00:9f:1a:cd:8e:a8:50:ad:9d:81:22:
08:ac:d3:9f:42:4c:2c:bd:43:99:21:fb:1c:dc:30:
c5:9c:a8:a3:60:26:ff:88:f5:96:f0:48:f0:99:5a:
a7:a6:43:be:f9:d5:06:4c:2b:7d:1c:64:da:4f:8c:
7d:70:01:1a:bd:b2:fd:b6:bb:62:c7:10:58:71:17:
38:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:CC:C3:63:C1:17:71:6F:8D:47:4E:36:F1:B8:E9:A4:C0:42:D2:5F
X509v3 Authority Key Identifier:
keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/zszDY8EXcW-NR0428bjppMBC0l8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.100.168.0/24
185.233.19.0/24
185.235.165.0/24
IPv6:
2a06:da40::/40
Signature Algorithm: sha256WithRSAEncryption
6f:c2:87:54:77:57:9f:7e:32:d2:e6:81:94:16:bf:0c:7e:68:
79:16:c9:c7:24:44:4f:f1:f6:6e:64:85:fc:74:13:37:da:ca:
45:e1:f3:04:70:47:70:ca:58:f8:0f:96:5f:bd:9f:4b:1b:27:
fc:cf:a8:75:cd:a6:04:59:b8:63:78:5b:49:b5:2c:28:36:96:
97:6e:e1:d0:52:38:7b:25:e8:69:b6:1b:42:76:09:a1:f5:57:
44:97:fe:69:e9:ca:5f:3c:b2:f9:59:fa:9b:73:00:8a:52:e7:
5c:ee:a2:39:b6:ef:f2:55:2a:05:a9:a3:94:af:4f:ca:1e:a8:
d9:a3:68:68:db:d2:90:80:be:55:fb:77:01:b9:4d:82:78:4a:
9a:9b:aa:93:82:5f:4e:5f:d4:b5:56:1c:67:c8:e5:66:21:2a:
3e:35:31:01:a5:4e:2d:04:1a:61:dc:03:f0:d8:49:e7:55:22:
68:0e:62:a2:b6:28:eb:20:11:e9:3b:a7:f3:81:27:6b:88:6b:
09:51:b1:f1:2d:b0:af:63:9e:a0:e4:da:fe:7c:18:a1:ce:60:
13:0f:f2:d9:8c:65:cb:1a:8b:85:3d:2f:f5:73:0f:c1:c9:e3:
72:44:a4:10:ee:f8:53:ad:b7:5f:57:6c:cd:01:61:f7:25:e9:
64:8b:2f:29
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZ2j1fKx2e0Nrff95b5ilYEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwNDE5MDM0MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWNjYzM2M2MxMTc3MTZmOGQ0NzRlMzZmMWI4ZTlhNGMwNDJkMjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlclxcOsDD6niVk2WNvoagLgxpiHc
omHVDRWJhY5jqrk563IL0IGjUV1aang6Tbr42qof5bhmW5eyeNoUeLQUR5lefdzb
NJoskd4a6q8BlXNAO5L06hOTvmVXV3o7VEoHDQAwNukF+CX/b7WKq7NDzEZrUoei
TNK6VhxCg3lvqqtMrwEYRN7XsBrBMZexbXyosfnAGtqtQGR2ke8uj8j7mxqwTtmh
do9z7PF7JVD+rN2yyI8weVb6AJ8azY6oUK2dgSIIrNOfQkwsvUOZIfsc3DDFnKij
YCb/iPWW8EjwmVqnpkO++dUGTCt9HGTaT4x9cAEavbL9trtixxBYcRc4uQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFM7Mw2PBF3FvjUdONvG46aTAQtJfMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvenN6RFk4RVhjVy1OUjA0MjhianBwTUJDMGw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAYBAIAATASAwQAZ2SoAwQA
uekTAwQAueulMA4EAgACMAgDBgAqBtpAADANBgkqhkiG9w0BAQsFAAOCAQEAb8KH
VHdXn34y0uaBlBa/DH5oeRbJxyRET/H2bmSF/HQTN9rKReHzBHBHcMpY+A+WX72f
Sxsn/M+odc2mBFm4Y3hbSbUsKDaWl27h0FI4eyXoabYbQnYJofVXRJf+aenKXzyy
+Vn6m3MAilLnXO6iObbv8lUqBamjlK9Pyh6o2aNoaNvSkIC+Vft3AblNgnhKmpuq
k4JfTl/UtVYcZ8jlZiEqPjUxAaVOLQQaYdwD8NhJ51UiaA5iorYo6yAR6Tun84En
a4hrCVGx8S2wr2OeoOTa/nwYoc5gEw/y2YxlyxqLhT0v9XMPwcnjckSkEO74U623
X1dszQFh9yXpZIsvKQ==
-----END CERTIFICATE-----
Generated at Tue Apr 21 20:14:40 2026 by rpki-client