Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Z0KEycEOr9GR98MEOI9cdAvs9Qs.roa
File: Z0KEycEOr9GR98MEOI9cdAvs9Qs.roa (raw, json)
Hash identifier: /6U6fQdQZbNfGlQXHbMGFP6S99upDRJymFTCBehDe5I=
Subject key identifier: 67:42:84:C9:C1:0E:AF:D1:91:F7:C3:04:38:8F:5C:74:0B:EC:F5:0B
Certificate issuer: /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial: 019DC0E94B2F3D3A890C8FEEED193E4E30C8
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Z0KEycEOr9GR98MEOI9cdAvs9Qs.roa
Signing time: Fri 24 Apr 2026 19:13:27 +0000
ROA not before: Fri 24 Apr 2026 19:13:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 206174
IP address blocks: 2a0d:d3c0::/29 maxlen: 29
2a0d:e240::/32 maxlen: 32
2a0d:f5c0::/29 maxlen: 29
2a0e:8c0::/29 maxlen: 29
2a11:b4c2::/32 maxlen: 32
2a12:2801::/32 maxlen: 32
2a12:cf81::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 17:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:c0:e9:4b:2f:3d:3a:89:0c:8f:ee:ed:19:3e:4e:30:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Validity
Not Before: Apr 24 19:13:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=674284c9c10eafd191f7c304388f5c740becf50b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:46:52:f0:47:cb:48:12:05:aa:f3:4e:df:66:
ad:fb:75:58:6e:15:d7:aa:25:af:14:3e:4b:17:ce:
37:02:b7:b1:e6:09:67:2d:97:3e:2b:9d:71:d6:9d:
34:0d:71:79:98:90:86:3f:50:19:02:e1:32:2a:83:
30:80:dd:2e:57:cc:20:37:cc:b3:85:05:9f:ad:ef:
76:5c:6f:f4:66:f0:31:c1:2c:2b:ed:09:3d:58:63:
2a:3e:31:2b:11:c5:8e:aa:3a:1c:67:9d:08:d2:47:
29:c6:f4:41:b5:20:49:e1:a7:d1:59:04:d2:dc:78:
20:18:ce:ca:11:80:0d:2b:28:f3:a5:3a:66:d1:53:
70:8e:16:75:a6:23:05:37:37:a8:72:cf:a8:0c:c2:
2f:63:90:a7:3f:dc:23:5c:dd:93:0a:ca:c9:fb:7c:
ed:57:47:8a:af:65:31:c2:23:fd:b9:25:18:20:9c:
48:b7:19:49:ce:68:0b:95:40:1e:ad:bc:80:e9:32:
a4:94:72:2c:8e:03:c4:10:8e:dc:0d:a6:aa:eb:ee:
7d:ca:75:1d:89:e6:9d:2c:dc:a2:22:f2:f4:f0:26:
c5:db:0b:dc:f3:1b:c3:6b:6d:5d:75:85:20:35:61:
7e:05:a0:ab:28:3f:39:9c:28:77:95:e5:db:07:08:
8c:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:42:84:C9:C1:0E:AF:D1:91:F7:C3:04:38:8F:5C:74:0B:EC:F5:0B
X509v3 Authority Key Identifier:
keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Z0KEycEOr9GR98MEOI9cdAvs9Qs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:d3c0::/29
2a0d:e240::/32
2a0d:f5c0::/29
2a0e:8c0::/29
2a11:b4c2::/32
2a12:2801::/32
2a12:cf81::/32
Signature Algorithm: sha256WithRSAEncryption
48:53:46:7f:ce:b8:2d:04:f1:27:58:f7:9a:04:86:5f:f1:3c:
6f:07:34:7b:c1:2e:78:7c:a3:6f:25:63:00:88:92:0e:85:a8:
4d:3e:8d:5a:6a:f6:53:84:3e:75:c4:23:ae:9d:88:d4:f9:ab:
9c:b8:cf:b7:84:67:f4:c7:ec:50:ff:8e:ac:b2:13:49:f3:87:
0a:b5:4e:49:89:e3:91:e7:ce:6f:ad:a0:b7:d3:ea:88:af:0f:
a6:2f:5a:ce:08:1a:d7:94:6f:28:d5:9c:69:c7:65:da:bc:ac:
36:cd:dd:23:f7:ed:8f:2b:f9:f3:79:be:1e:cd:a9:c6:4b:e6:
23:a9:a6:be:8c:94:44:f6:57:94:b9:5d:03:93:c8:96:4a:4e:
12:d4:6d:f6:60:9a:dd:aa:91:42:e9:0e:55:00:58:fa:ec:9c:
6c:b0:c6:30:00:c8:ed:71:65:be:f7:18:b8:28:95:36:20:6b:
77:1f:d3:a6:d3:87:7f:a0:16:96:cd:2a:73:bf:4e:fa:67:d4:
5b:ee:0c:24:91:70:80:2f:af:ea:17:54:7e:b4:b6:66:71:62:
32:2c:43:c4:c5:c1:2b:cb:f0:a9:0e:33:6a:98:55:b3:74:e2:
dc:6d:77:c8:eb:a1:96:3c:e3:71:d8:f1:4b:0d:02:2b:d3:4c:
62:b4:bb:89
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZ3A6UsvPTqJDI/u7Rk+TjDIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNDI0MTkxMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQyODRjOWMxMGVhZmQxOTFmN2MzMDQzODhmNWM3NDBiZWNmNTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kZS8EfLSBIFqvNO32at+3VYbhXX
qiWvFD5LF843Arex5glnLZc+K51x1p00DXF5mJCGP1AZAuEyKoMwgN0uV8wgN8yz
hQWfre92XG/0ZvAxwSwr7Qk9WGMqPjErEcWOqjocZ50I0kcpxvRBtSBJ4afRWQTS
3HggGM7KEYANKyjzpTpm0VNwjhZ1piMFNzeocs+oDMIvY5CnP9wjXN2TCsrJ+3zt
V0eKr2UxwiP9uSUYIJxItxlJzmgLlUAerbyA6TKklHIsjgPEEI7cDaaq6+59ynUd
ieadLNyiIvL08CbF2wvc8xvDa21ddYUgNWF+BaCrKD85nCh3leXbBwiMwwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFGdChMnBDq/RkffDBDiPXHQL7PULMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvWjBLRXljRU9yOUdSOThNRU9JOWNkQXZzOVFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUDKg3TwAMF
ACoN4kADBQMqDfXAAwUDKg4IwAMFACoRtMIDBQAqEigBAwUAKhLPgTANBgkqhkiG
9w0BAQsFAAOCAQEASFNGf864LQTxJ1j3mgSGX/E8bwc0e8EueHyjbyVjAIiSDoWo
TT6NWmr2U4Q+dcQjrp2I1PmrnLjPt4Rn9MfsUP+OrLITSfOHCrVOSYnjkefOb62g
t9PqiK8Ppi9azgga15RvKNWcacdl2rysNs3dI/ftjyv583m+Hs2pxkvmI6mmvoyU
RPZXlLldA5PIlkpOEtRt9mCa3aqRQukOVQBY+uycbLDGMADI7XFlvvcYuCiVNiBr
dx/TptOHf6AWls0qc79O+mfUW+4MJJFwgC+v6hdUfrS2ZnFiMixDxMXBK8vwqQ4z
aphVs3Ti3G13yOuhljzjcdjxSw0CK9NMYrS7iQ==
-----END CERTIFICATE-----
Generated at Mon Apr 27 21:55:12 2026 by rpki-client