Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/3oec_TyMXwngpMvuUxwQnKRoElI.roa
File: 3oec_TyMXwngpMvuUxwQnKRoElI.roa (raw, json)
Hash identifier: TFcbDBit8LDG31OcoB8NyufVnMw0bC4YlIBYjbX5HV4=
Subject key identifier: DE:87:9C:FD:3C:8C:5F:09:E0:A4:CB:EE:53:1C:10:9C:A4:68:12:52
Certificate issuer: /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial: 019DD982C14C212AF959CBDA03B741747361
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/3oec_TyMXwngpMvuUxwQnKRoElI.roa
Signing time: Wed 29 Apr 2026 13:51:58 +0000
ROA not before: Wed 29 Apr 2026 13:51:58 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200019
IP address blocks: 87.120.244.0/24 maxlen: 24
132.243.160.0/22 maxlen: 24
132.243.166.0/23 maxlen: 24
132.243.172.0/22 maxlen: 24
212.52.6.0/24 maxlen: 24
213.111.160.0/22 maxlen: 22
213.111.164.0/22 maxlen: 22
213.111.168.0/22 maxlen: 22
213.111.172.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 23:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d9:82:c1:4c:21:2a:f9:59:cb:da:03:b7:41:74:73:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Validity
Not Before: Apr 29 13:51:58 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=de879cfd3c8c5f09e0a4cbee531c109ca4681252
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:60:39:26:ca:46:54:a4:16:4e:37:e6:e6:1e:
ed:aa:be:a2:8a:ef:4b:08:76:69:d9:78:de:09:1f:
9a:45:d2:75:fa:ff:e0:32:da:e9:15:85:c8:b5:44:
f2:65:85:b0:09:51:73:7c:08:b3:6c:fa:e4:af:74:
9c:1c:86:7f:a0:a2:12:39:d7:a6:91:c5:96:f0:b0:
69:dc:00:96:4c:80:4b:77:02:c8:32:01:03:bb:f2:
d6:c7:96:d6:28:03:bb:d0:bf:17:28:82:e6:06:21:
23:60:4e:b1:a3:9e:43:33:82:4c:18:60:59:ca:a4:
5e:c8:10:be:a5:ca:2f:20:38:eb:2f:f6:bd:47:03:
6a:7a:65:f9:0d:de:7c:b5:25:d4:e3:21:ad:70:7c:
e3:d0:97:2c:96:e8:2e:ae:f6:64:2d:23:b5:ce:87:
7c:5f:06:4f:45:1b:3e:f5:76:1f:f7:fa:76:9b:81:
a2:7b:fa:68:fd:dc:2c:ac:0f:cd:4a:c8:a8:f9:08:
a0:d4:f0:5b:8a:d6:88:29:32:05:21:97:c5:8e:a6:
db:73:67:22:c0:7b:13:00:b0:81:67:c7:4d:c6:0e:
c7:fb:1d:d4:2b:c7:c2:4d:ee:ef:4d:14:80:28:24:
b6:b3:ee:92:b8:78:3b:3a:23:1e:56:de:8a:97:72:
83:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:87:9C:FD:3C:8C:5F:09:E0:A4:CB:EE:53:1C:10:9C:A4:68:12:52
X509v3 Authority Key Identifier:
keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/3oec_TyMXwngpMvuUxwQnKRoElI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.244.0/24
132.243.160.0/22
132.243.166.0/23
132.243.172.0/22
212.52.6.0/24
213.111.160.0/20
Signature Algorithm: sha256WithRSAEncryption
a9:d3:d1:36:9d:c8:9b:76:8f:74:2e:47:ee:32:6f:e2:d9:c4:
bb:b2:3d:a8:a3:b9:0f:bd:c9:62:d2:cd:35:31:57:3d:9c:b9:
58:04:34:1e:5a:c0:37:43:8f:bc:7f:08:32:f5:58:d3:35:9d:
24:5f:b0:17:b2:e2:4d:06:14:35:9b:24:1d:c5:a6:5b:37:fa:
b9:53:6c:f3:df:8a:09:b6:fe:83:3e:45:2a:ae:96:2e:8f:4f:
80:86:d5:ec:8d:53:d2:2e:e1:96:5a:40:52:85:01:8a:10:c0:
70:85:3f:9c:21:fb:47:9e:1f:5d:36:ae:07:31:b7:d7:7b:fe:
15:a0:a8:96:13:c0:f6:ba:b3:37:6a:c5:fd:fa:b3:33:e3:46:
64:21:71:6f:d5:e2:4c:84:b8:af:3c:dd:54:aa:c2:b3:16:80:
41:df:a0:1a:e2:c0:99:08:cd:c1:87:1f:79:b0:54:8e:73:e9:
50:83:43:85:09:c3:14:48:50:78:c1:a3:db:9d:f9:f3:bd:f9:
c9:cb:23:da:13:56:fa:65:de:bf:3f:b2:aa:b5:f0:f9:27:2a:
52:73:9e:a0:4b:49:59:12:e1:63:48:3b:40:4f:15:f2:ec:bf:
4e:6f:37:ea:31:46:0d:57:60:5c:bc:f1:26:64:e6:3d:97:19:
80:04:59:d3
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ3ZgsFMISr5WcvaA7dBdHNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjYwNDI5MTM1MTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTg3OWNmZDNjOGM1ZjA5ZTBhNGNiZWU1MzFjMTA5Y2E0NjgxMjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2A5JspGVKQWTjfm5h7tqr6iiu9L
CHZp2XjeCR+aRdJ1+v/gMtrpFYXItUTyZYWwCVFzfAizbPrkr3ScHIZ/oKISOdem
kcWW8LBp3ACWTIBLdwLIMgEDu/LWx5bWKAO70L8XKILmBiEjYE6xo55DM4JMGGBZ
yqReyBC+pcovIDjrL/a9RwNqemX5Dd58tSXU4yGtcHzj0JcslugurvZkLSO1zod8
XwZPRRs+9XYf9/p2m4Gie/po/dwsrA/NSsio+Qig1PBbitaIKTIFIZfFjqbbc2ci
wHsTALCBZ8dNxg7H+x3UK8fCTe7vTRSAKCS2s+6SuHg7OiMeVt6Kl3KDwQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFN6HnP08jF8J4KTL7lMcEJykaBJSMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvM29lY19UeU1Yd25ncE12dVV4d1FuS1JvRWxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAV3j0AwQC
hPOgAwQBhPOmAwQChPOsAwQA1DQGAwQE1W+gMA0GCSqGSIb3DQEBCwUAA4IBAQCp
09E2ncibdo90LkfuMm/i2cS7sj2oo7kPvcli0s01MVc9nLlYBDQeWsA3Q4+8fwgy
9VjTNZ0kX7AXsuJNBhQ1myQdxaZbN/q5U2zz34oJtv6DPkUqrpYuj0+AhtXsjVPS
LuGWWkBShQGKEMBwhT+cIftHnh9dNq4HMbfXe/4VoKiWE8D2urM3asX9+rMz40Zk
IXFv1eJMhLivPN1UqsKzFoBB36Aa4sCZCM3Bhx95sFSOc+lQg0OFCcMUSFB4waPb
nfnzvfnJyyPaE1b6Zd6/P7KqtfD5JypSc56gS0lZEuFjSDtATxXy7L9ObzfqMUYN
V2BcvPEmZOY9lxmABFnT
-----END CERTIFICATE-----
Generated at Wed May 13 04:16:59 2026 by rpki-client