Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/F7OazNxmHQIZG_1NbQyBZDuRfp0.roa
File: F7OazNxmHQIZG_1NbQyBZDuRfp0.roa (raw, json)
Hash identifier: kfyCu9kGmBZWf6iCvzc+imifHO9IEOu6CS+tqE1Bls8=
Subject key identifier: 17:B3:9A:CC:DC:66:1D:02:19:1B:FD:4D:6D:0C:81:64:3B:91:7E:9D
Certificate issuer: /CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Certificate serial: 019D0B66A61A386B1D995D153DF36B21085E
Authority key identifier: 86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/F7OazNxmHQIZG_1NbQyBZDuRfp0.roa
Signing time: Fri 20 Mar 2026 13:19:29 +0000
ROA not before: Fri 20 Mar 2026 13:19:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 50224
IP address blocks: 87.121.222.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
2a11:3a06::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.mft
rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0b:66:a6:1a:38:6b:1d:99:5d:15:3d:f3:6b:21:08:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Validity
Not Before: Mar 20 13:19:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=17b39accdc661d02191bfd4d6d0c81643b917e9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:05:ae:03:13:16:b3:8a:71:49:03:16:28:dd:
7f:7f:8d:0f:8e:af:0c:77:ea:bb:6e:1b:a3:b8:6f:
c4:98:b4:72:07:c9:e7:97:9e:a1:93:5e:4a:d9:8a:
78:18:e5:59:41:22:79:07:67:fa:68:de:14:4f:5e:
20:82:28:eb:6a:64:99:51:64:5c:17:b9:0e:a7:0c:
33:5d:92:f0:4f:13:f5:12:7d:69:75:b3:63:b8:dd:
fd:f5:77:0b:4b:5d:ab:fd:1d:ea:17:ee:0a:c2:f5:
d8:50:72:1f:2d:02:2d:2c:a3:ac:6a:c1:4d:32:c5:
d8:64:b9:c2:85:2e:c4:11:87:74:9f:99:f4:ac:e6:
ba:27:4e:79:bf:d1:9a:dc:14:96:95:69:54:06:30:
33:33:1a:d4:48:96:21:04:9b:91:28:3b:82:59:72:
ea:be:47:35:e8:bc:f2:70:eb:11:d3:4a:f3:92:e7:
d7:62:ed:28:55:4d:87:ea:f3:fa:e3:9e:b2:df:fd:
48:82:eb:df:cb:68:03:cf:f1:b7:b1:5a:67:0d:c7:
f3:15:d6:6d:5c:03:05:9f:c7:0e:1a:87:31:cd:d0:
ac:17:8c:2a:02:58:26:e9:a7:67:fe:2a:30:05:52:
28:f5:0c:ce:d0:34:eb:0d:16:91:c7:13:e2:a2:a0:
d6:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:B3:9A:CC:DC:66:1D:02:19:1B:FD:4D:6D:0C:81:64:3B:91:7E:9D
X509v3 Authority Key Identifier:
keyid:86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/F7OazNxmHQIZG_1NbQyBZDuRfp0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.222.0/24
94.103.125.0/24
IPv6:
2a11:3a06::/32
Signature Algorithm: sha256WithRSAEncryption
9c:de:0d:99:bf:31:49:6c:ef:39:b5:ed:58:cf:e2:22:9a:89:
02:f1:e8:70:69:1f:8d:5a:4e:1f:3b:e9:08:8e:f4:43:07:c3:
8b:df:8e:6b:49:95:f8:9c:42:dc:2a:66:12:eb:30:e1:28:6e:
fd:e9:80:b2:1f:6d:09:8f:4c:86:1e:5e:37:20:3b:1a:79:d9:
68:f7:56:54:36:09:71:e0:d4:7c:bf:4c:55:c3:7e:6b:70:35:
2e:9c:28:a4:fe:3a:1b:b9:3f:11:a9:92:8e:84:4e:1c:29:94:
e7:94:2f:69:b2:eb:7c:9a:c4:e4:1e:fd:41:95:d8:9f:15:32:
2c:7b:6b:47:8e:d1:b9:fa:97:c1:58:74:82:2a:c3:b5:84:bd:
10:7b:c6:3b:b9:33:13:6a:cf:63:53:9c:15:64:b5:cd:5e:cc:
82:95:f7:c4:49:50:b8:49:16:01:a4:cb:57:21:a0:23:24:8d:
0d:03:7d:e6:8a:85:5e:7f:89:62:a3:bf:bf:b3:fc:02:00:68:
49:4b:dd:b0:2b:0b:64:b4:a0:7c:26:20:8c:38:e6:0d:37:f6:
69:44:99:bc:57:7f:65:c7:7c:ea:84:42:54:af:47:f4:28:0a:
43:5d:d7:24:cf:df:7d:36:ed:74:a9:da:ec:cb:93:f9:27:ed:
eb:4c:9c:e6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ0LZqYaOGsdmV0VPfNrIQheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTcwMzM5YzJiYzY2NGQ2MDBmYTk4YjgwNjEyNjlkNDhl
NGYyYzYwHhcNMjYwMzIwMTMxOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2IzOWFjY2RjNjYxZDAyMTkxYmZkNGQ2ZDBjODE2NDNiOTE3ZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAWuAxMWs4pxSQMWKN1/f40Pjq8M
d+q7bhujuG/EmLRyB8nnl56hk15K2Yp4GOVZQSJ5B2f6aN4UT14ggijramSZUWRc
F7kOpwwzXZLwTxP1En1pdbNjuN399XcLS12r/R3qF+4KwvXYUHIfLQItLKOsasFN
MsXYZLnChS7EEYd0n5n0rOa6J055v9Ga3BSWlWlUBjAzMxrUSJYhBJuRKDuCWXLq
vkc16LzycOsR00rzkufXYu0oVU2H6vP6456y3/1Iguvfy2gDz/G3sVpnDcfzFdZt
XAMFn8cOGocxzdCsF4wqAlgm6adn/iowBVIo9QzO0DTrDRaRxxPioqDWRQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBezmszcZh0CGRv9TW0MgWQ7kX6dMB8GA1UdIwQY
MBaAFIYXAznCvGZNYA+pi4BhJp1I5PLGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMt
NzRkOTFjZGJlMTk1LzEvRjdPYXpOeG1IUUlaR18xTmJReUJaRHVSZnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMtNzRkOTFjZGJlMTk1
LzEvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAV3neAwQA
Xmd9MA0EAgACMAcDBQAqEToGMA0GCSqGSIb3DQEBCwUAA4IBAQCc3g2ZvzFJbO85
te1Yz+IimokC8ehwaR+NWk4fO+kIjvRDB8OL345rSZX4nELcKmYS6zDhKG796YCy
H20Jj0yGHl43IDsaedlo91ZUNglx4NR8v0xVw35rcDUunCik/jobuT8RqZKOhE4c
KZTnlC9psut8msTkHv1BldifFTIse2tHjtG5+pfBWHSCKsO1hL0Qe8Y7uTMTas9j
U5wVZLXNXsyClffESVC4SRYBpMtXIaAjJI0NA33mioVef4lio7+/s/wCAGhJS92w
KwtktKB8JiCMOOYNN/ZpRJm8V39lx3zqhEJUr0f0KApDXdckz999Nu10qdrsy5P5
J+3rTJzm
-----END CERTIFICATE-----
Generated at Wed Mar 25 23:01:16 2026 by rpki-client