Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/NZ0G-kIduF-3C-nKnynqIynSSIk.roa
File: NZ0G-kIduF-3C-nKnynqIynSSIk.roa (raw, json)
Hash identifier: K9JIzMiGYauBbtw2cmE7gfMO7HIfX2IE9Qq2+hqFjqc=
Subject key identifier: 35:9D:06:FA:42:1D:B8:5F:B7:0B:E9:CA:9F:29:EA:23:29:D2:48:89
Certificate issuer: /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial: 019D6C78AA11F42DFFB0F1D53D3D46F27213
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/NZ0G-kIduF-3C-nKnynqIynSSIk.roa
Signing time: Wed 08 Apr 2026 09:42:20 +0000
ROA not before: Wed 08 Apr 2026 09:42:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 62.72.162.0/23 maxlen: 23
62.72.164.0/22 maxlen: 22
62.72.164.0/23 maxlen: 23
62.72.168.0/24 maxlen: 24
62.72.174.0/24 maxlen: 24
62.72.176.0/24 maxlen: 24
81.21.1.0/24 maxlen: 24
81.21.2.0/23 maxlen: 23
81.21.4.0/22 maxlen: 24
176.57.50.0/24 maxlen: 24
176.57.63.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 14 Apr 2026 14:30:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:6c:78:aa:11:f4:2d:ff:b0:f1:d5:3d:3d:46:f2:72:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
Validity
Not Before: Apr 8 09:42:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=359d06fa421db85fb70be9ca9f29ea2329d24889
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:84:f8:a7:82:d3:fb:9b:11:ba:2e:92:1b:2c:
c0:0e:4d:2f:69:c2:5e:b5:27:04:ad:47:e5:5e:a9:
49:69:5c:ec:03:12:5f:26:05:21:d1:3b:7f:59:c3:
b4:ad:5d:b0:cb:d3:6f:ae:83:4b:33:49:5b:e5:61:
78:d5:45:9f:97:0e:79:1a:2e:77:f0:44:66:2d:b4:
b7:1c:54:4d:b0:20:08:9b:10:0f:74:6b:5a:18:d4:
72:a8:82:9e:85:b2:71:e8:91:a4:6e:91:5e:e6:9e:
b2:27:2c:06:bc:59:6b:ad:6f:e7:4f:3d:1a:6f:23:
d6:57:ac:d5:a1:f8:ff:59:f6:56:c3:42:11:d5:d4:
e9:70:5c:ce:d1:30:8b:eb:2e:7f:85:08:08:9c:ae:
c6:84:b1:8b:bf:88:ca:5b:a9:a0:6d:ab:3d:53:54:
e6:29:57:e6:b0:2d:7c:03:38:0f:ce:14:8b:2c:e2:
34:cf:f9:a0:64:22:d8:22:50:50:aa:1e:db:b4:e6:
c0:57:94:47:1f:68:94:67:34:dc:11:52:5c:10:b8:
d7:f0:56:a1:eb:2c:7d:66:34:9a:e8:98:7b:9a:4b:
88:29:a4:66:5a:ca:72:a6:ce:49:83:90:8a:74:75:
45:45:d9:be:3b:e0:8c:d4:65:75:98:7e:46:ac:d6:
85:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:9D:06:FA:42:1D:B8:5F:B7:0B:E9:CA:9F:29:EA:23:29:D2:48:89
X509v3 Authority Key Identifier:
keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/NZ0G-kIduF-3C-nKnynqIynSSIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.72.162.0-62.72.168.255
62.72.174.0/24
62.72.176.0/24
81.21.1.0-81.21.7.255
176.57.50.0/24
176.57.63.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:40:8f:69:5f:f7:12:4f:5f:f0:ca:23:fc:76:d3:24:c1:b7:
7b:6c:88:7c:50:65:68:b4:fc:9a:48:41:89:4a:99:f3:b9:97:
07:88:bf:00:e4:27:2d:1c:1a:1a:76:d4:4a:d8:75:11:26:34:
d4:b7:de:44:36:d9:9a:c3:fb:8b:ce:89:8e:1f:37:23:ec:c0:
9e:59:69:c7:b2:81:50:c4:bc:e1:53:9f:65:68:75:50:16:3c:
fa:12:5a:e4:28:59:61:b3:9a:0e:b3:10:8d:9e:3a:96:f0:d7:
75:14:07:85:48:bc:01:ae:43:a8:49:83:d7:01:89:f2:d7:ce:
9b:e1:51:10:4f:d0:38:e8:40:35:cb:e1:7a:85:40:2f:dd:5e:
22:66:b9:e9:d6:25:0b:e9:4a:a7:29:df:8e:97:7e:55:2e:96:
bb:b6:48:19:00:83:5c:50:a1:27:8a:4f:63:80:3d:1a:0c:ab:
1a:63:77:36:d7:3c:7c:c8:dc:89:ea:17:e8:cb:2f:a7:c2:6b:
3c:a5:39:47:6f:61:27:3d:9a:ce:a8:55:bf:63:a0:43:05:eb:
e3:14:9a:8e:b7:be:6d:a9:65:47:d6:4f:75:3d:0c:c3:b4:5c:
27:c9:cc:af:1b:e3:7b:b9:7b:61:81:af:5d:01:50:a0:d5:3d:
d0:a7:4a:e6
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZ1seKoR9C3/sPHVPT1G8nITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjYwNDA4MDk0MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTlkMDZmYTQyMWRiODVmYjcwYmU5Y2E5ZjI5ZWEyMzI5ZDI0ODg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYT4p4LT+5sRui6SGyzADk0vacJe
tScErUflXqlJaVzsAxJfJgUh0Tt/WcO0rV2wy9NvroNLM0lb5WF41UWflw55Gi53
8ERmLbS3HFRNsCAImxAPdGtaGNRyqIKehbJx6JGkbpFe5p6yJywGvFlrrW/nTz0a
byPWV6zVofj/WfZWw0IR1dTpcFzO0TCL6y5/hQgInK7GhLGLv4jKW6mgbas9U1Tm
KVfmsC18AzgPzhSLLOI0z/mgZCLYIlBQqh7btObAV5RHH2iUZzTcEVJcELjX8Fah
6yx9ZjSa6Jh7mkuIKaRmWspyps5Jg5CKdHVFRdm+O+CM1GV1mH5GrNaFcwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFDWdBvpCHbhftwvpyp8p6iMp0kiJMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvTlowRy1rSWR1Ri0zQy1uS255bnFJeW5TU0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBAE+SKID
BAA+SKgDBAA+SK4DBAA+SLAwDAMEAFEVAQMEA1EVAAMEALA5MgMEALA5PzANBgkq
hkiG9w0BAQsFAAOCAQEAf0CPaV/3Ek9f8Moj/HbTJMG3e2yIfFBlaLT8mkhBiUqZ
87mXB4i/AOQnLRwaGnbUSth1ESY01LfeRDbZmsP7i86Jjh83I+zAnllpx7KBUMS8
4VOfZWh1UBY8+hJa5ChZYbOaDrMQjZ46lvDXdRQHhUi8Aa5DqEmD1wGJ8tfOm+FR
EE/QOOhANcvheoVAL91eIma56dYlC+lKpynfjpd+VS6Wu7ZIGQCDXFChJ4pPY4A9
GgyrGmN3Ntc8fMjcieoX6Msvp8JrPKU5R29hJz2azqhVv2OgQwXr4xSajre+ball
R9ZPdT0Mw7RcJ8nMrxvje7l7YYGvXQFQoNU90KdK5g==
-----END CERTIFICATE-----
Generated at Mon Apr 13 17:34:08 2026 by rpki-client