Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/ZcmPuUcJ-uWadMEb7d7DH0U6Sng.roa
File: ZcmPuUcJ-uWadMEb7d7DH0U6Sng.roa (raw, json)
Hash identifier: VM0I5pmXHbVnNBlqkwc8P5AQG5ppgz3fNLG8j2PWjI8=
Subject key identifier: 65:C9:8F:B9:47:09:FA:E5:9A:74:C1:1B:ED:DE:C3:1F:45:3A:4A:78
Certificate issuer: /CN=1e514098a5a9736cda4303e0495e94652390aa91
Certificate serial: 019CDD441A0D6EC34AEFF6E910FB42D9E24C
Authority key identifier: 1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/ZcmPuUcJ-uWadMEb7d7DH0U6Sng.roa
Signing time: Wed 11 Mar 2026 14:19:13 +0000
ROA not before: Wed 11 Mar 2026 14:19:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208959
IP address blocks: 45.86.221.0/24 maxlen: 24
46.232.210.0/23 maxlen: 23
150.251.116.0/22 maxlen: 22
185.207.164.0/22 maxlen: 22
185.207.164.0/24 maxlen: 24
185.207.165.0/24 maxlen: 24
185.207.166.0/23 maxlen: 23
185.207.166.0/24 maxlen: 24
185.207.167.0/24 maxlen: 24
216.163.184.0/22 maxlen: 24
216.163.186.0/24 maxlen: 24
2a11:b00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl
rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.mft
rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 18 Mar 2026 00:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:dd:44:1a:0d:6e:c3:4a:ef:f6:e9:10:fb:42:d9:e2:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e514098a5a9736cda4303e0495e94652390aa91
Validity
Not Before: Mar 11 14:19:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=65c98fb94709fae59a74c11beddec31f453a4a78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:0d:8d:26:f1:6e:9a:fe:5d:6f:25:1c:68:2c:
31:cd:4a:19:47:64:5b:69:5f:3b:7f:86:a3:e1:ae:
c8:22:c6:5a:2e:aa:47:9f:bd:f2:56:ec:2b:47:bd:
a5:ef:22:f2:d7:f1:e0:e2:09:6d:76:7e:e6:f2:f2:
43:dc:85:9a:b4:ff:c1:f7:10:60:98:c2:d8:cf:3e:
0a:86:fe:2f:87:d0:db:1c:68:3f:c3:d9:d9:88:e6:
15:cc:61:00:c1:75:27:2d:63:85:7a:4a:b8:a8:44:
7c:fb:58:1e:5a:f6:bf:a0:19:16:5b:68:05:67:1e:
f3:78:71:00:d3:5b:e5:44:25:ef:00:e7:66:97:fa:
26:0a:84:89:56:4e:74:b8:de:48:61:fb:9c:cc:7e:
e4:db:84:ef:08:d8:0f:90:bf:e0:45:0f:f3:a5:28:
9b:6a:c5:da:8f:8a:81:f9:e8:29:c0:92:9d:51:4c:
1e:96:cb:fd:ac:f4:91:e1:06:f2:a3:67:89:d9:c7:
e6:45:3e:15:3a:b3:48:c7:19:61:c6:8f:85:9d:34:
6f:21:06:8c:4e:b2:ed:4a:ec:54:a6:d6:f6:d2:6c:
3a:9e:10:d8:54:94:36:b6:79:87:43:d9:1d:5f:47:
0e:8e:0a:9d:d3:0a:89:40:6c:90:08:62:bf:88:88:
33:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:C9:8F:B9:47:09:FA:E5:9A:74:C1:1B:ED:DE:C3:1F:45:3A:4A:78
X509v3 Authority Key Identifier:
keyid:1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/ZcmPuUcJ-uWadMEb7d7DH0U6Sng.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.221.0/24
46.232.210.0/23
150.251.116.0/22
185.207.164.0/22
216.163.184.0/22
IPv6:
2a11:b00::/29
Signature Algorithm: sha256WithRSAEncryption
61:0b:e6:5c:06:f4:75:b2:3a:0e:d4:ac:34:6f:98:f5:b6:09:
9b:ea:c4:05:9c:90:92:4d:4d:ee:34:ce:cc:1c:24:e1:41:66:
62:d0:c8:7e:04:73:4e:79:bb:a4:6c:1a:d3:6c:36:e8:04:a0:
32:0b:07:97:3f:06:3d:54:5a:6f:d2:0a:17:ae:28:62:ac:9d:
71:fc:1a:36:58:79:bb:99:b8:ca:c7:17:90:63:30:48:6f:30:
6d:5c:b4:49:7b:0f:f2:ac:eb:dd:94:95:0c:cf:5c:9e:16:1e:
be:07:f2:77:03:e0:87:40:07:45:bc:58:80:22:e9:c4:44:7f:
5c:98:9e:2b:ec:05:f6:fc:84:03:ef:ca:c8:5a:12:de:04:e6:
ba:14:00:5e:2e:7d:a8:50:c9:d2:ac:a3:33:86:48:e2:3a:8d:
5a:17:c2:29:4d:a5:9a:0d:fd:f4:4f:09:18:12:fb:29:ba:27:
7e:4b:f1:33:eb:76:93:ac:4d:fc:35:ee:2a:c2:80:15:b8:56:
1c:5c:09:e2:b7:fb:58:0c:8b:72:f4:5a:e3:b8:c2:97:5d:72:
90:3d:3d:ab:5a:31:f4:15:af:ac:4a:51:69:15:24:d1:a1:13:
e8:5c:cf:0c:53:23:87:29:ea:3f:79:b8:95:c1:04:c9:89:17:
22:78:b3:54
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZzdRBoNbsNK7/bpEPtC2eJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNTE0MDk4YTVhOTczNmNkYTQzMDNlMDQ5NWU5NDY1MjM5
MGFhOTEwHhcNMjYwMzExMTQxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWM5OGZiOTQ3MDlmYWU1OWE3NGMxMWJlZGRlYzMxZjQ1M2E0YTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Q2NJvFumv5dbyUcaCwxzUoZR2Rb
aV87f4aj4a7IIsZaLqpHn73yVuwrR72l7yLy1/Hg4gltdn7m8vJD3IWatP/B9xBg
mMLYzz4Khv4vh9DbHGg/w9nZiOYVzGEAwXUnLWOFekq4qER8+1geWva/oBkWW2gF
Zx7zeHEA01vlRCXvAOdml/omCoSJVk50uN5IYfuczH7k24TvCNgPkL/gRQ/zpSib
asXaj4qB+egpwJKdUUwelsv9rPSR4Qbyo2eJ2cfmRT4VOrNIxxlhxo+FnTRvIQaM
TrLtSuxUptb20mw6nhDYVJQ2tnmHQ9kdX0cOjgqd0wqJQGyQCGK/iIgzeQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFGXJj7lHCfrlmnTBG+3ewx9FOkp4MB8GA1UdIwQY
MBaAFB5RQJilqXNs2kMD4ElelGUjkKqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQt
ODU0MzgxNjg2YzdiLzEvWmNtUHVVY0otdVdhZE1FYjdkN0RIMFU2U25nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQtODU0MzgxNjg2Yzdi
LzEvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQALVbdAwQB
LujSAwQClvt0AwQCuc+kAwQC2KO4MA0EAgACMAcDBQMqEQsAMA0GCSqGSIb3DQEB
CwUAA4IBAQBhC+ZcBvR1sjoO1Kw0b5j1tgmb6sQFnJCSTU3uNM7MHCThQWZi0Mh+
BHNOebukbBrTbDboBKAyCweXPwY9VFpv0goXrihirJ1x/Bo2WHm7mbjKxxeQYzBI
bzBtXLRJew/yrOvdlJUMz1yeFh6+B/J3A+CHQAdFvFiAIunERH9cmJ4r7AX2/IQD
78rIWhLeBOa6FABeLn2oUMnSrKMzhkjiOo1aF8IpTaWaDf30TwkYEvspuid+S/Ez
63aTrE38Ne4qwoAVuFYcXAnit/tYDIty9FrjuMKXXXKQPT2rWjH0Fa+sSlFpFSTR
oRPoXM8MUyOHKeo/ebiVwQTJiRcieLNU
-----END CERTIFICATE-----
Generated at Tue Mar 17 09:23:19 2026 by rpki-client