Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/zKHKP0O_JAhj6XOxwNuTszaqh6k.roa
File: zKHKP0O_JAhj6XOxwNuTszaqh6k.roa (raw, json)
Hash identifier: Q54EW/AKpB+vat4d155859kni9XwwMRhbmbZWQKovBk=
Subject key identifier: CC:A1:CA:3F:43:BF:24:08:63:E9:73:B1:C0:DB:93:B3:36:AA:87:A9
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019DB51862A5F0EE367913F370F0788AD0C2
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/zKHKP0O_JAhj6XOxwNuTszaqh6k.roa
Signing time: Wed 22 Apr 2026 12:09:27 +0000
ROA not before: Wed 22 Apr 2026 12:09:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 1257
IP address blocks: 192.71.180.0/24 maxlen: 24
192.71.220.0/24 maxlen: 24
193.180.207.0/24 maxlen: 24
193.180.240.0/24 maxlen: 24
193.180.247.0/24 maxlen: 24
193.181.2.0/24 maxlen: 24
193.183.165.0/24 maxlen: 24
193.234.16.0/24 maxlen: 24
193.234.87.0/24 maxlen: 24
193.234.177.0/24 maxlen: 24
193.235.80.0/24 maxlen: 24
193.235.82.0/24 maxlen: 24
194.14.15.0/24 maxlen: 24
194.68.174.0/23 maxlen: 23
194.68.238.0/24 maxlen: 24
194.71.104.0/23 maxlen: 23
194.71.104.0/24 maxlen: 24
194.71.105.0/24 maxlen: 24
194.71.178.0/24 maxlen: 24
194.71.179.0/24 maxlen: 24
194.71.248.0/21 maxlen: 24
194.103.24.0/22 maxlen: 24
194.103.206.0/24 maxlen: 24
194.132.60.0/24 maxlen: 24
194.132.128.0/22 maxlen: 22
2a01:280:310::/48 maxlen: 48
2a01:280:360::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Apr 2026 14:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b5:18:62:a5:f0:ee:36:79:13:f3:70:f0:78:8a:d0:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Apr 22 12:09:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cca1ca3f43bf240863e973b1c0db93b336aa87a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:57:5c:9a:e0:17:31:6d:c5:db:6c:3b:9a:cf:
ba:00:2c:14:14:e7:3d:f6:d1:81:a3:01:c9:1f:2c:
5d:b8:0c:0d:27:04:af:52:09:b3:cc:b5:c1:55:55:
ea:6d:2b:a2:e6:44:02:b0:03:b1:e4:09:96:18:6e:
91:d2:ef:48:f8:cc:e8:23:50:1d:7c:0a:a0:66:22:
e2:b3:dd:5b:68:24:5e:16:18:58:7f:df:88:54:0b:
bc:60:98:82:a3:ff:37:c2:16:be:e4:0b:bf:d2:ac:
2b:2f:d2:fe:d5:59:5a:cc:3c:f4:e1:f9:59:6b:9f:
3d:74:27:bd:60:fe:b2:53:3a:c3:26:8f:b7:72:53:
e3:6b:41:1f:f1:a0:d9:f9:a3:0e:64:3c:74:dd:90:
14:20:9d:b6:31:a0:27:ac:75:b2:e4:d9:6a:2e:56:
23:a0:18:84:57:8b:f2:fe:28:dd:a0:a9:12:6b:bb:
36:1b:db:5b:31:d6:4a:8c:7c:b7:0e:1c:a1:dc:6e:
38:0b:28:d5:38:8e:d3:e3:8c:ac:ae:c8:d3:cf:f4:
bf:07:60:e9:79:71:e8:12:8b:d0:c8:26:98:42:84:
a2:94:e0:79:0e:03:10:8d:39:b7:f2:fe:66:68:4c:
be:56:e9:09:05:c4:00:40:96:a9:76:62:81:68:a9:
9b:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:A1:CA:3F:43:BF:24:08:63:E9:73:B1:C0:DB:93:B3:36:AA:87:A9
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/zKHKP0O_JAhj6XOxwNuTszaqh6k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.71.180.0/24
192.71.220.0/24
193.180.207.0/24
193.180.240.0/24
193.180.247.0/24
193.181.2.0/24
193.183.165.0/24
193.234.16.0/24
193.234.87.0/24
193.234.177.0/24
193.235.80.0/24
193.235.82.0/24
194.14.15.0/24
194.68.174.0/23
194.68.238.0/24
194.71.104.0/23
194.71.178.0/23
194.71.248.0/21
194.103.24.0/22
194.103.206.0/24
194.132.60.0/24
194.132.128.0/22
IPv6:
2a01:280:310::/48
2a01:280:360::/48
Signature Algorithm: sha256WithRSAEncryption
38:b3:91:95:3e:98:25:67:ca:f3:e2:61:51:42:6f:dc:c2:41:
a5:ba:ec:61:45:03:23:e4:ac:ea:23:51:ba:60:ed:5b:b3:61:
f3:3b:7c:7b:aa:99:b5:f0:17:43:ee:d8:34:9d:fb:b2:b2:0c:
83:9e:75:9d:02:7d:25:a2:62:45:f5:ae:eb:67:2e:a7:3e:40:
a7:3e:57:c2:07:fd:e9:f8:d2:05:cc:01:d3:43:94:c3:69:bc:
7c:36:53:8c:be:e4:22:8e:e1:ec:58:d0:64:0a:35:cf:67:a6:
49:67:aa:c8:29:ef:79:12:04:74:6d:d7:fb:ba:de:82:27:fa:
f6:bf:b3:7b:8b:50:e2:cd:ec:21:ab:62:11:39:fb:9c:59:e5:
d9:e6:50:d4:45:10:49:04:c0:d5:eb:fe:92:06:2d:96:43:66:
5f:c7:ea:32:34:16:8c:be:2b:57:92:aa:39:fe:77:8d:b1:c7:
d3:7d:5c:07:28:25:6a:9f:29:ed:ba:06:af:7a:2d:12:5d:b1:
a3:9f:00:2f:a0:98:f8:b4:05:0c:2c:a9:ac:89:8f:14:e7:f0:
e4:7e:f5:76:2a:85:34:b7:75:b1:76:3a:7c:e7:4c:a3:b8:78:
2a:97:17:89:a4:c0:0b:0e:33:91:78:71:73:50:66:39:e1:e0:
81:1a:a8:ee
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAZ21GGKl8O42eRPzcPB4itDCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwNDIyMTIwOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2ExY2EzZjQzYmYyNDA4NjNlOTczYjFjMGRiOTNiMzM2YWE4N2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1dcmuAXMW3F22w7ms+6ACwUFOc9
9tGBowHJHyxduAwNJwSvUgmzzLXBVVXqbSui5kQCsAOx5AmWGG6R0u9I+MzoI1Ad
fAqgZiLis91baCReFhhYf9+IVAu8YJiCo/83wha+5Au/0qwrL9L+1VlazDz04flZ
a589dCe9YP6yUzrDJo+3clPja0Ef8aDZ+aMOZDx03ZAUIJ22MaAnrHWy5NlqLlYj
oBiEV4vy/ijdoKkSa7s2G9tbMdZKjHy3Dhyh3G44CyjVOI7T44ysrsjTz/S/B2Dp
eXHoEovQyCaYQoSilOB5DgMQjTm38v5maEy+VukJBcQAQJapdmKBaKmb1QIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFMyhyj9DvyQIY+lzscDbk7M2qoepMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvektIS1AwT19KQWhqNlhPeHdOdVRzemFxaDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG7BggrBgEFBQcBBwEB/wSBqzCBqDCBiwQCAAEwgYQDBADA
R7QDBADAR9wDBADBtM8DBADBtPADBADBtPcDBADBtQIDBADBt6UDBADB6hADBADB
6lcDBADB6rEDBADB61ADBADB61IDBADCDg8DBAHCRK4DBADCRO4DBAHCR2gDBAHC
R7IDBAPCR/gDBALCZxgDBADCZ84DBADChDwDBALChIAwGAQCAAIwEgMHACoBAoAD
EAMHACoBAoADYDANBgkqhkiG9w0BAQsFAAOCAQEAOLORlT6YJWfK8+JhUUJv3MJB
pbrsYUUDI+Ss6iNRumDtW7Nh8zt8e6qZtfAXQ+7YNJ37srIMg551nQJ9JaJiRfWu
62cupz5Apz5Xwgf96fjSBcwB00OUw2m8fDZTjL7kIo7h7FjQZAo1z2emSWeqyCnv
eRIEdG3X+7regif69r+ze4tQ4s3sIatiETn7nFnl2eZQ1EUQSQTA1ev+kgYtlkNm
X8fqMjQWjL4rV5KqOf53jbHH031cByglap8p7boGr3otEl2xo58AL6CY+LQFDCyp
rImPFOfw5H71diqFNLd1sXY6fOdMo7h4KpcXiaTACw4zkXhxc1BmOeHggRqo7g==
-----END CERTIFICATE-----
Generated at Mon Apr 27 00:13:40 2026 by rpki-client