Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dNznR1-S7vVnFASVh_hci4jZkMQ.roa
File: dNznR1-S7vVnFASVh_hci4jZkMQ.roa (raw, json)
Hash identifier: zQ1QJ64mxnosKyQobzETFihGQBbENfar+9z/U7xN1lc=
Subject key identifier: 74:DC:E7:47:5F:92:EE:F5:67:14:04:95:87:F8:5C:8B:88:D9:90:C4
Certificate issuer: /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial: 019CB81012C90933BC9D1EDAE731BE387151
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dNznR1-S7vVnFASVh_hci4jZkMQ.roa
Signing time: Wed 04 Mar 2026 08:56:27 +0000
ROA not before: Wed 04 Mar 2026 08:56:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16097
IP address blocks: 129.233.172.0/24 maxlen: 24
129.233.216.0/24 maxlen: 24
153.96.26.0/24 maxlen: 24
153.96.27.0/24 maxlen: 24
153.96.84.0/23 maxlen: 23
153.96.86.0/24 maxlen: 24
153.96.132.0/24 maxlen: 24
192.44.4.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Mar 2026 13:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:b8:10:12:c9:09:33:bc:9d:1e:da:e7:31:be:38:71:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
Validity
Not Before: Mar 4 08:56:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=74dce7475f92eef56714049587f85c8b88d990c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:f7:73:60:24:a8:04:3a:fd:e0:a8:2a:2e:e7:
92:ee:b2:1f:92:b1:d0:c5:b5:41:da:db:c2:30:3e:
d6:0f:e1:21:8e:74:7d:3e:f9:d5:a4:3f:d1:f5:ec:
aa:6e:2d:7c:a5:4b:35:01:13:58:6d:d6:12:8b:8b:
57:ec:0e:60:8d:58:33:80:67:88:fa:22:7d:a8:d5:
01:13:08:96:58:ac:00:63:3e:62:1b:ef:74:c3:fe:
fe:d5:34:63:09:6b:2d:b1:19:7a:2b:56:9e:f5:b3:
f3:5a:1b:d1:5b:67:aa:92:0c:15:46:5a:d9:82:78:
7f:df:5c:df:bd:b8:da:05:d3:5a:e7:dd:4e:32:8e:
96:a7:3d:53:84:f8:d7:05:c7:38:7e:a2:27:13:09:
24:21:3c:1f:f0:9b:cc:10:81:36:6d:3c:bd:21:a9:
d8:44:96:87:cb:12:44:3d:98:39:6d:08:9f:e7:89:
e1:df:14:32:d2:15:a0:89:5c:86:c0:f9:00:f4:a7:
45:87:b8:10:96:1d:52:06:d9:dc:7e:b4:14:20:c0:
65:a4:77:f9:01:31:dd:71:fc:8c:e2:ef:bc:14:cd:
83:33:80:5f:b5:df:a0:a7:d7:6d:3f:9e:da:bb:d6:
b4:02:d8:25:e0:bf:d0:4a:a0:9a:22:1a:ee:64:c3:
08:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:DC:E7:47:5F:92:EE:F5:67:14:04:95:87:F8:5C:8B:88:D9:90:C4
X509v3 Authority Key Identifier:
keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dNznR1-S7vVnFASVh_hci4jZkMQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
129.233.172.0/24
129.233.216.0/24
153.96.26.0/23
153.96.84.0-153.96.86.255
153.96.132.0/24
192.44.4.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:51:6f:9c:d6:1b:ae:74:e2:d0:63:35:e1:d1:ef:66:82:30:
11:6d:63:b4:27:b6:05:a4:9e:3b:36:ab:f8:d3:c3:1c:24:17:
70:5d:1f:39:96:a4:8d:2d:ae:74:35:4a:33:4c:a3:4b:3c:23:
9f:8a:ca:74:4d:d4:1b:d9:65:c2:ce:51:7c:65:19:7d:09:ee:
69:47:ce:98:36:9c:db:55:9c:1d:7f:5c:69:01:0e:49:26:f4:
29:5d:dc:56:14:50:07:14:80:85:92:18:aa:e7:3d:47:97:79:
a2:9a:bd:3f:1a:d9:2f:64:1e:66:33:71:1b:aa:b6:ba:00:24:
74:34:a1:43:a7:8c:c9:3c:d8:06:29:3e:1d:ca:18:9d:6f:9c:
34:be:00:76:7b:89:79:97:29:74:0b:4a:5e:a9:25:ce:37:11:
35:3b:65:a5:ed:db:5b:10:0e:89:d5:f2:93:fd:d7:59:b8:ed:
71:34:ce:23:fd:2d:db:8c:30:39:82:bd:67:29:3e:5f:3c:e8:
03:44:ad:87:d9:b6:c9:b2:aa:49:d0:24:ec:9a:5b:08:7e:3a:
eb:3b:2e:68:b4:60:52:02:fb:40:32:0a:01:3e:6b:7c:8a:fb:
9b:e7:46:17:88:bb:d3:6b:32:b8:f0:5b:3d:9b:20:86:cc:af:
51:57:60:bf
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZy4EBLJCTO8nR7a5zG+OHFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjYwMzA0MDg1NjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGRjZTc0NzVmOTJlZWY1NjcxNDA0OTU4N2Y4NWM4Yjg4ZDk5MGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfdzYCSoBDr94KgqLueS7rIfkrHQ
xbVB2tvCMD7WD+EhjnR9PvnVpD/R9eyqbi18pUs1ARNYbdYSi4tX7A5gjVgzgGeI
+iJ9qNUBEwiWWKwAYz5iG+90w/7+1TRjCWstsRl6K1ae9bPzWhvRW2eqkgwVRlrZ
gnh/31zfvbjaBdNa591OMo6Wpz1ThPjXBcc4fqInEwkkITwf8JvMEIE2bTy9IanY
RJaHyxJEPZg5bQif54nh3xQy0hWgiVyGwPkA9KdFh7gQlh1SBtncfrQUIMBlpHf5
ATHdcfyM4u+8FM2DM4Bftd+gp9dtP57au9a0Atgl4L/QSqCaIhruZMMIVQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFHTc50dfku71ZxQElYf4XIuI2ZDEMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvZE56blIxLVM3dlZuRkFTVmhfaGNpNGpaa01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAgemsAwQA
genYAwQBmWAaMAwDBAKZYFQDBACZYFYDBACZYIQDBADALAQwDQYJKoZIhvcNAQEL
BQADggEBAI1Rb5zWG6504tBjNeHR72aCMBFtY7QntgWknjs2q/jTwxwkF3BdHzmW
pI0trnQ1SjNMo0s8I5+KynRN1BvZZcLOUXxlGX0J7mlHzpg2nNtVnB1/XGkBDkkm
9Cld3FYUUAcUgIWSGKrnPUeXeaKavT8a2S9kHmYzcRuqtroAJHQ0oUOnjMk82AYp
Ph3KGJ1vnDS+AHZ7iXmXKXQLSl6pJc43ETU7ZaXt21sQDonV8pP911m47XE0ziP9
LduMMDmCvWcpPl886ANErYfZtsmyqknQJOyaWwh+Ous7Lmi0YFIC+0AyCgE+a3yK
+5vnRheIu9NrMrjwWz2bIIbMr1FXYL8=
-----END CERTIFICATE-----
Generated at Sat Mar 7 22:35:41 2026 by rpki-client