Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/rz5uBOc1POwdmiJe9oocEXldft8.roa
File: rz5uBOc1POwdmiJe9oocEXldft8.roa (raw, json)
Hash identifier: EGP2681JiranWbTUkXheRuxRQs30G79rtgOge2Sht0A=
Subject key identifier: AF:3E:6E:04:E7:35:3C:EC:1D:9A:22:5E:F6:8A:1C:11:79:5D:7E:DF
Certificate issuer: /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial: 019D99FE6A775B3E5B1AD2E6C562FD66B019
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/rz5uBOc1POwdmiJe9oocEXldft8.roa
Signing time: Fri 17 Apr 2026 05:51:20 +0000
ROA not before: Fri 17 Apr 2026 05:51:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 85.115.208.0/23 maxlen: 24
85.115.210.0/23 maxlen: 24
85.115.210.0/24 maxlen: 24
213.145.68.0/23 maxlen: 23
213.145.70.0/23 maxlen: 24
213.145.72.0/21 maxlen: 24
213.145.82.0/24 maxlen: 24
213.145.84.0/23 maxlen: 23
213.145.86.0/23 maxlen: 23
213.145.88.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 20:00:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:99:fe:6a:77:5b:3e:5b:1a:d2:e6:c5:62:fd:66:b0:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Validity
Not Before: Apr 17 05:51:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=af3e6e04e7353cec1d9a225ef68a1c11795d7edf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:53:64:fe:52:bb:89:0e:ca:07:b2:55:bc:3b:
87:9b:16:71:38:8a:a7:5e:8c:bc:96:dd:3d:21:6e:
15:8a:a4:a4:33:04:54:64:02:01:4c:5f:5d:66:df:
d8:16:15:1f:12:43:fc:51:28:07:be:f1:59:63:04:
a9:23:a1:d5:6a:77:43:17:d0:e4:cd:4d:38:c9:51:
64:99:60:e9:12:f1:e0:7a:9f:18:2b:a0:e4:aa:a8:
c1:63:3d:b1:3d:a6:a2:ef:8f:96:ac:b2:f0:5c:d5:
f5:47:fe:c4:85:87:98:60:34:1e:61:1a:ab:5c:1a:
9e:03:99:8c:51:e4:50:01:e5:20:d8:4a:7a:45:16:
4b:12:b8:19:c2:d6:7f:24:44:84:a6:e0:b9:df:da:
b3:e0:98:93:16:77:35:c9:d0:33:89:52:13:a7:76:
31:62:2f:b8:56:02:74:c7:16:48:7a:6b:1f:63:05:
93:c4:b0:22:1d:cf:21:f1:fc:f4:38:38:a4:c3:74:
af:32:d7:00:96:1e:c7:f3:fb:5e:9f:5e:c5:7f:b2:
da:8b:bd:d4:00:45:0a:06:ce:76:66:78:2b:cc:c0:
3c:0c:95:f3:39:f8:72:3c:81:91:61:58:34:c3:d0:
d2:c8:33:4b:99:73:b9:5c:59:3c:59:b6:c6:0b:cc:
f7:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:3E:6E:04:E7:35:3C:EC:1D:9A:22:5E:F6:8A:1C:11:79:5D:7E:DF
X509v3 Authority Key Identifier:
keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/rz5uBOc1POwdmiJe9oocEXldft8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.115.208.0/22
213.145.68.0-213.145.79.255
213.145.82.0/24
213.145.84.0-213.145.89.255
Signature Algorithm: sha256WithRSAEncryption
96:c4:9e:68:0e:4f:42:df:a8:cc:cc:99:ed:73:94:d7:cd:8c:
6f:ad:2f:14:2d:65:3b:24:fa:e7:e4:66:c2:e9:67:88:51:7c:
f9:05:11:6f:8f:63:94:58:50:b4:38:99:0c:a8:4e:19:3f:13:
98:94:fe:62:36:47:f1:e1:9e:3d:81:43:dc:23:44:fb:b9:49:
b7:4d:db:3d:80:61:84:8b:9c:54:bf:5a:8b:79:9a:12:8d:b2:
4d:51:7c:8f:c2:85:91:d0:13:9c:4d:19:3b:9e:0f:bd:7b:f0:
62:08:72:8a:4a:2f:16:02:89:8c:f9:24:30:be:1b:0f:8b:24:
fb:a9:28:18:06:5d:73:19:8c:1e:d9:60:ed:88:ad:67:c4:18:
5c:d1:fb:5c:12:ca:af:67:ff:33:12:14:d2:e8:04:91:93:e3:
a6:2d:5d:e8:f9:14:cc:33:a2:4a:ff:49:3e:65:03:f5:4f:1a:
8f:d6:ec:2e:f3:2b:17:7b:fd:c9:85:c4:11:79:99:90:04:1b:
3d:89:39:4d:1b:23:39:c2:b2:d5:d8:6c:af:22:c0:ad:13:cb:
a4:d0:b9:c0:00:2a:8f:9e:58:a3:43:f8:49:04:e8:7a:ba:79:
a5:18:95:3b:37:79:96:0a:51:5d:15:65:18:14:b9:d4:e8:be:
36:e2:f1:46
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZ2Z/mp3Wz5bGtLmxWL9ZrAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjYwNDE3MDU1MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjNlNmUwNGU3MzUzY2VjMWQ5YTIyNWVmNjhhMWMxMTc5NWQ3ZWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVNk/lK7iQ7KB7JVvDuHmxZxOIqn
Xoy8lt09IW4ViqSkMwRUZAIBTF9dZt/YFhUfEkP8USgHvvFZYwSpI6HVandDF9Dk
zU04yVFkmWDpEvHgep8YK6DkqqjBYz2xPaai74+WrLLwXNX1R/7EhYeYYDQeYRqr
XBqeA5mMUeRQAeUg2Ep6RRZLErgZwtZ/JESEpuC539qz4JiTFnc1ydAziVITp3Yx
Yi+4VgJ0xxZIemsfYwWTxLAiHc8h8fz0ODikw3SvMtcAlh7H8/ten17Ff7Lai73U
AEUKBs52ZngrzMA8DJXzOfhyPIGRYVg0w9DSyDNLmXO5XFk8WbbGC8z3lQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFK8+bgTnNTzsHZoiXvaKHBF5XX7fMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvcno1dUJPYzFQT3dkbWlKZTlvb2NFWGxkZnQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCVXPQMAwD
BALVkUQDBATVkUADBADVkVIwDAMEAtWRVAMEAdWRWDANBgkqhkiG9w0BAQsFAAOC
AQEAlsSeaA5PQt+ozMyZ7XOU182Mb60vFC1lOyT65+RmwulniFF8+QURb49jlFhQ
tDiZDKhOGT8TmJT+YjZH8eGePYFD3CNE+7lJt03bPYBhhIucVL9ai3maEo2yTVF8
j8KFkdATnE0ZO54PvXvwYghyikovFgKJjPkkML4bD4sk+6koGAZdcxmMHtlg7Yit
Z8QYXNH7XBLKr2f/MxIU0ugEkZPjpi1d6PkUzDOiSv9JPmUD9U8aj9bsLvMrF3v9
yYXEEXmZkAQbPYk5TRsjOcKy1dhsryLArRPLpNC5wAAqj55Yo0P4SQToerp5pRiV
Ozd5lgpRXRVlGBS51Oi+NuLxRg==
-----END CERTIFICATE-----
Generated at Mon Apr 20 04:47:05 2026 by rpki-client