Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/lzu4y4Q9shg3DRtmoqkB30BoyZg.roa
File: lzu4y4Q9shg3DRtmoqkB30BoyZg.roa (raw, json)
Hash identifier: 9Emdq207YisuGB08EG5mDj1cnqOhy/o2dL8p/ARvqCg=
Subject key identifier: 97:3B:B8:CB:84:3D:B2:18:37:0D:1B:66:A2:A9:01:DF:40:68:C9:98
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 019E393A84A0DC257030DB611B0A665A2169
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/lzu4y4Q9shg3DRtmoqkB30BoyZg.roa
Signing time: Mon 18 May 2026 03:56:36 +0000
ROA not before: Mon 18 May 2026 03:56:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 5650
IP address blocks: 9.249.16.0/21 maxlen: 21
9.249.64.0/21 maxlen: 21
9.249.76.0/22 maxlen: 22
9.249.80.0/20 maxlen: 20
9.249.104.0/22 maxlen: 22
9.249.112.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 May 2026 17:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:39:3a:84:a0:dc:25:70:30:db:61:1b:0a:66:5a:21:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: May 18 03:56:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=973bb8cb843db218370d1b66a2a901df4068c998
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:95:d0:e3:04:36:bf:78:22:32:6c:b1:50:e7:
2e:cf:32:73:51:1a:9f:4a:a6:28:69:27:14:6d:87:
4f:9c:18:20:1e:e8:85:02:22:51:e0:18:c6:04:e4:
76:06:60:43:09:2e:e4:13:36:81:5f:ab:a0:51:4f:
c6:2f:4a:5e:1e:62:dc:99:99:e5:ad:0c:b4:bc:2b:
28:b3:9b:9f:47:68:54:e2:1b:23:d1:9d:4a:7d:4b:
0d:b6:63:28:24:9e:4d:c1:e7:17:d5:32:e6:35:f0:
b9:4f:e0:f7:2a:5a:e0:22:8a:07:2a:73:c7:20:8e:
2d:e5:96:0f:de:1c:66:fc:7b:90:a0:31:1f:a9:93:
bd:c2:e3:d3:f4:98:34:a1:95:4e:fa:45:5d:47:1b:
cd:bc:75:07:22:42:4a:82:79:68:8c:50:58:0c:5d:
64:12:10:c6:0f:ad:2e:4b:af:cd:c1:1d:67:67:66:
d5:69:79:ed:52:27:ea:8a:a5:42:12:67:4e:3b:b5:
1a:dc:19:c0:23:2b:35:57:14:c2:50:63:70:18:e7:
ca:09:1f:e9:a0:2a:0b:10:ae:a8:af:de:cf:b3:8d:
0e:3c:93:5c:3d:00:b8:79:06:42:05:2b:c3:31:13:
5e:4b:3e:fe:51:47:2d:79:eb:70:1e:b0:1f:fc:01:
a8:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:3B:B8:CB:84:3D:B2:18:37:0D:1B:66:A2:A9:01:DF:40:68:C9:98
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/lzu4y4Q9shg3DRtmoqkB30BoyZg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
9.249.16.0/21
9.249.64.0/21
9.249.76.0-9.249.95.255
9.249.104.0/22
9.249.112.0/20
Signature Algorithm: sha256WithRSAEncryption
61:c0:38:ff:cb:06:59:65:8c:2d:41:41:5d:e7:6f:07:74:23:
ee:7d:4d:dd:a8:0e:6a:bd:b7:85:87:46:6f:1a:44:3a:8e:2f:
c2:43:e3:ce:f4:70:dc:15:2f:95:02:15:02:e5:d8:d8:cd:f5:
bb:2b:09:78:5d:9a:61:ee:53:dd:b8:0d:2d:97:7f:07:69:b7:
20:56:7d:27:f7:62:27:78:5c:57:95:9f:ed:c9:7a:9c:b5:df:
6c:3e:38:63:08:91:a5:ac:79:c1:63:0c:92:8c:c7:ed:70:94:
22:8d:33:b7:a2:4c:5a:18:00:fd:f8:d1:78:f6:56:a2:54:9e:
63:92:06:a6:ee:e5:88:49:ae:55:d7:3c:f1:93:75:ac:5d:cc:
5a:4b:35:7f:47:a0:0b:72:67:96:36:14:d6:95:c8:a2:d9:17:
39:00:9c:9c:57:86:4c:a7:04:65:5b:10:07:10:53:e8:69:c5:
a1:7a:6b:62:a5:b7:d3:6c:db:55:9a:7f:68:65:9c:da:55:06:
52:af:40:8a:1b:02:c5:da:fa:7c:0b:45:03:45:61:43:a7:72:
f6:f3:53:19:74:65:61:4a:43:12:f6:7c:ae:96:c9:9e:e0:90:
d9:15:4d:14:9d:47:25:b7:f2:d9:4d:86:19:87:9b:2e:6e:69:
68:59:09:74
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZ45OoSg3CVwMNthGwpmWiFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjYwNTE4MDM1NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzNiYjhjYjg0M2RiMjE4MzcwZDFiNjZhMmE5MDFkZjQwNjhjOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZXQ4wQ2v3giMmyxUOcuzzJzURqf
SqYoaScUbYdPnBggHuiFAiJR4BjGBOR2BmBDCS7kEzaBX6ugUU/GL0peHmLcmZnl
rQy0vCsos5ufR2hU4hsj0Z1KfUsNtmMoJJ5NwecX1TLmNfC5T+D3KlrgIooHKnPH
II4t5ZYP3hxm/HuQoDEfqZO9wuPT9Jg0oZVO+kVdRxvNvHUHIkJKgnlojFBYDF1k
EhDGD60uS6/NwR1nZ2bVaXntUifqiqVCEmdOO7Ua3BnAIys1VxTCUGNwGOfKCR/p
oCoLEK6or97Ps40OPJNcPQC4eQZCBSvDMRNeSz7+UUcteetwHrAf/AGohwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFJc7uMuEPbIYNw0bZqKpAd9AaMmYMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvbHp1NHk0UTlzaGczRFJ0bW9xa0IzMEJveVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQDCfkQAwQD
CflAMAwDBAIJ+UwDBAUJ+UADBAIJ+WgDBAQJ+XAwDQYJKoZIhvcNAQELBQADggEB
AGHAOP/LBllljC1BQV3nbwd0I+59Td2oDmq9t4WHRm8aRDqOL8JD4870cNwVL5UC
FQLl2NjN9bsrCXhdmmHuU924DS2XfwdptyBWfSf3Yid4XFeVn+3Jepy132w+OGMI
kaWsecFjDJKMx+1wlCKNM7eiTFoYAP340Xj2VqJUnmOSBqbu5YhJrlXXPPGTdaxd
zFpLNX9HoAtyZ5Y2FNaVyKLZFzkAnJxXhkynBGVbEAcQU+hpxaF6a2Klt9Ns21Wa
f2hlnNpVBlKvQIobAsXa+nwLRQNFYUOncvbzUxl0ZWFKQxL2fK6WyZ7gkNkVTRSd
RyW38tlNhhmHmy5uaWhZCXQ=
-----END CERTIFICATE-----
Generated at Tue May 26 00:53:42 2026 by rpki-client