Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2C7OBWYMlPCAUPizxwDdFqyr2D4.roa
File: 2C7OBWYMlPCAUPizxwDdFqyr2D4.roa (raw, json)
Hash identifier: y2f0S9l/aG0/RaE0wH1r7OEsVJG9F+ZytkNMwYXxqKM=
Subject key identifier: D8:2E:CE:05:66:0C:94:F0:80:50:F8:B3:C7:00:DD:16:AC:AB:D8:3E
Certificate issuer: /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial: 019C2D33C4CB492B703A01951A3D87957AE4
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2C7OBWYMlPCAUPizxwDdFqyr2D4.roa
Signing time: Thu 05 Feb 2026 09:48:13 +0000
ROA not before: Thu 05 Feb 2026 09:48:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3356
IP address blocks: 87.83.96.0/20 maxlen: 22
109.204.102.0/24 maxlen: 24
109.204.114.0/24 maxlen: 24
109.204.127.0/24 maxlen: 24
195.40.20.0/23 maxlen: 23
212.134.75.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 09:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:2d:33:c4:cb:49:2b:70:3a:01:95:1a:3d:87:95:7a:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e20b034e2c497b1884488def106972704765029
Validity
Not Before: Feb 5 09:48:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d82ece05660c94f08050f8b3c700dd16acabd83e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:71:72:47:72:f2:07:7f:c8:1c:33:71:c0:9c:
42:fa:29:8a:96:b2:73:a6:54:c7:97:48:cd:86:3d:
1c:f1:54:07:93:c4:48:83:a6:f6:38:63:9f:c0:b4:
1a:7b:36:0d:d4:35:e0:bc:80:47:83:51:af:c4:06:
03:84:66:1a:e8:f9:86:04:68:97:fe:b2:71:5a:e5:
8a:5c:49:60:10:d7:d8:d0:ac:5b:48:11:ca:9a:2c:
67:6c:e7:63:66:ad:7f:ec:e8:cf:fb:a5:e9:1a:f8:
87:9a:ed:6b:73:99:86:b7:dc:59:65:3a:9a:4b:f9:
f3:76:75:f3:0d:70:05:b0:55:8a:0c:f5:0f:1a:a0:
c8:fa:cc:0d:ba:0f:6f:b0:ca:a1:08:b9:03:9f:56:
d0:03:9d:7b:05:5d:d8:ba:c1:3e:e8:c0:c8:8a:25:
84:f2:35:fd:48:fa:31:b7:33:0e:d5:39:ef:57:14:
4b:4c:8a:4f:77:c0:2c:ee:07:de:f9:b3:57:e1:21:
e8:39:00:25:fd:e6:03:a4:90:f1:fc:1f:8c:5c:27:
fb:2c:c6:9e:e2:59:57:60:f0:fd:72:d3:e2:5c:36:
8f:ed:79:aa:da:21:d2:89:05:5d:a6:5c:62:a8:fd:
d3:75:ef:2d:cf:70:f8:60:28:a4:99:ec:6f:c3:77:
9b:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:2E:CE:05:66:0C:94:F0:80:50:F8:B3:C7:00:DD:16:AC:AB:D8:3E
X509v3 Authority Key Identifier:
keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/2C7OBWYMlPCAUPizxwDdFqyr2D4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.83.96.0/20
109.204.102.0/24
109.204.114.0/24
109.204.127.0/24
195.40.20.0/23
212.134.75.0/24
Signature Algorithm: sha256WithRSAEncryption
37:fd:21:f5:3c:68:e5:56:f1:df:c1:b2:7f:f1:6e:57:5c:89:
5f:59:6b:e1:c0:16:ce:80:2a:ec:f0:a9:cc:df:2b:b7:9d:a5:
92:a1:61:83:bf:99:8a:96:1d:91:63:77:96:f9:07:03:93:19:
b3:d9:00:a7:b9:37:bb:bb:8c:98:b2:5a:7f:21:cf:52:d1:b5:
1d:2b:50:11:68:49:27:1c:8e:79:ab:25:66:92:38:39:ca:6a:
58:e4:2a:93:9d:dd:3d:f0:ae:94:95:6b:5a:2a:dc:24:03:85:
1a:30:32:75:cb:77:4b:12:74:43:00:36:34:68:47:51:9a:65:
86:1a:7a:04:3b:ec:48:b3:7b:83:3b:ad:92:3c:02:ac:7d:42:
cf:fc:ae:5f:eb:2f:00:4e:bb:d6:72:08:7c:50:9f:0e:8b:d8:
aa:f0:e1:69:d2:21:b3:f2:b3:35:1b:05:eb:b4:01:cd:c4:d9:
e4:f6:9d:d7:92:a9:e4:34:46:c4:27:27:b1:23:47:89:d9:76:
81:18:9c:db:ce:1e:9f:ed:ee:42:f4:4f:6c:f1:72:70:0a:16:
86:45:ef:84:7d:bf:e1:89:f4:65:f8:19:3e:d3:39:cb:39:7f:
37:23:08:aa:09:e6:2a:ad:d0:d6:5a:3c:9c:53:af:cd:77:e4:
0b:df:59:1a
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZwtM8TLSStwOgGVGj2HlXrkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMjA1MDk0ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODJlY2UwNTY2MGM5NGYwODA1MGY4YjNjNzAwZGQxNmFjYWJkODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8HFyR3LyB3/IHDNxwJxC+imKlrJz
plTHl0jNhj0c8VQHk8RIg6b2OGOfwLQaezYN1DXgvIBHg1GvxAYDhGYa6PmGBGiX
/rJxWuWKXElgENfY0KxbSBHKmixnbOdjZq1/7OjP+6XpGviHmu1rc5mGt9xZZTqa
S/nzdnXzDXAFsFWKDPUPGqDI+swNug9vsMqhCLkDn1bQA517BV3YusE+6MDIiiWE
8jX9SPoxtzMO1TnvVxRLTIpPd8As7gfe+bNX4SHoOQAl/eYDpJDx/B+MXCf7LMae
4llXYPD9ctPiXDaP7Xmq2iHSiQVdplxiqP3Tde8tz3D4YCikmexvw3ebjQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNguzgVmDJTwgFD4s8cA3Rasq9g+MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvMkM3T0JXWU1sUENBVVBpenh3RGRGcXlyMkQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQEV1NgAwQA
bcxmAwQAbcxyAwQAbcx/AwQBwygUAwQA1IZLMA0GCSqGSIb3DQEBCwUAA4IBAQA3
/SH1PGjlVvHfwbJ/8W5XXIlfWWvhwBbOgCrs8KnM3yu3naWSoWGDv5mKlh2RY3eW
+QcDkxmz2QCnuTe7u4yYslp/Ic9S0bUdK1ARaEknHI55qyVmkjg5ympY5CqTnd09
8K6UlWtaKtwkA4UaMDJ1y3dLEnRDADY0aEdRmmWGGnoEO+xIs3uDO62SPAKsfULP
/K5f6y8ATrvWcgh8UJ8Oi9iq8OFp0iGz8rM1GwXrtAHNxNnk9p3XkqnkNEbEJyex
I0eJ2XaBGJzbzh6f7e5C9E9s8XJwChaGRe+Efb/hifRl+Bk+0znLOX83IwiqCeYq
rdDWWjycU6/Nd+QL31ka
-----END CERTIFICATE-----
Generated at Mon Mar 2 14:51:11 2026 by rpki-client