Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/oeonqH87-WRgPMzNKpaunDyyQ1c.roa
File: oeonqH87-WRgPMzNKpaunDyyQ1c.roa (raw, json)
Hash identifier: OTtp2bVz2wdDOLbTqhDFs92F7LVqqjlWePzKQSgb29k=
Subject key identifier: A1:EA:27:A8:7F:3B:F9:64:60:3C:CC:CD:2A:96:AE:9C:3C:B2:43:57
Certificate issuer: /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial: 019D49645815032D79DBA4CA3C16BFAB276C
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/oeonqH87-WRgPMzNKpaunDyyQ1c.roa
Signing time: Wed 01 Apr 2026 14:13:26 +0000
ROA not before: Wed 01 Apr 2026 14:13:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 3257
IP address blocks: 79.121.200.0/21 maxlen: 21
82.110.32.0/20 maxlen: 20
85.189.72.0/21 maxlen: 24
86.53.152.0/21 maxlen: 24
86.53.160.0/22 maxlen: 24
86.53.180.0/22 maxlen: 24
86.53.184.0/21 maxlen: 24
87.86.48.0/20 maxlen: 24
95.177.63.0/24 maxlen: 24
95.177.67.0/24 maxlen: 24
95.177.74.0/24 maxlen: 24
95.177.85.0/24 maxlen: 24
194.6.104.0/21 maxlen: 24
195.40.22.0/23 maxlen: 23
195.40.24.0/23 maxlen: 23
195.72.176.0/21 maxlen: 24
212.134.20.0/24 maxlen: 24
212.134.27.0/24 maxlen: 24
212.135.6.0/23 maxlen: 23
213.177.226.0/23 maxlen: 24
213.177.230.0/23 maxlen: 24
213.177.234.0/23 maxlen: 24
213.177.238.0/23 maxlen: 24
213.177.242.0/23 maxlen: 24
213.177.246.0/23 maxlen: 24
213.177.250.0/23 maxlen: 24
213.177.252.0/24 maxlen: 24
213.177.253.0/24 maxlen: 24
213.177.254.0/24 maxlen: 24
213.177.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:49:64:58:15:03:2d:79:db:a4:ca:3c:16:bf:ab:27:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e20b034e2c497b1884488def106972704765029
Validity
Not Before: Apr 1 14:13:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a1ea27a87f3bf964603ccccd2a96ae9c3cb24357
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:72:4b:77:8c:d8:a9:db:26:6a:5a:93:ae:06:
40:e9:f1:47:2d:72:c3:84:e2:5f:4c:b2:eb:dd:04:
e7:df:65:c2:e2:f1:86:dd:d3:5a:a6:f5:e6:fc:68:
7c:ff:2d:a9:09:11:8c:28:95:c8:8f:00:ec:23:01:
6d:4a:fd:e6:13:46:77:bc:47:9f:b6:e4:c6:f6:5c:
15:22:9d:b5:ea:ca:da:7f:da:5d:34:29:70:c3:4b:
43:46:c1:2f:0f:22:0b:b4:c3:1b:6a:48:d3:ad:a3:
bb:d4:4e:f5:df:c9:77:0f:01:f1:a1:69:35:77:87:
e2:08:81:3d:19:a5:2b:8e:b8:ac:19:c1:ca:53:dc:
af:49:36:f6:7e:3d:24:3d:48:96:05:f9:b5:62:1f:
9a:7f:5f:ea:98:ba:6d:8b:c6:57:6d:00:a3:a1:40:
f5:bf:5c:d5:67:1d:a1:f8:b3:01:dc:db:ca:c6:a4:
d5:cf:6c:66:79:50:87:67:d0:2f:7b:36:51:82:15:
b0:75:1a:16:b1:4b:41:01:b3:d3:a8:be:25:d5:80:
96:7a:88:f7:7c:d6:6b:53:7d:f7:1b:fa:9c:f7:de:
bb:d1:be:67:29:09:4c:ab:8d:8f:88:14:fa:f8:fd:
0c:c3:8a:90:9b:c9:af:54:25:60:6e:a1:f0:41:bd:
b9:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:EA:27:A8:7F:3B:F9:64:60:3C:CC:CD:2A:96:AE:9C:3C:B2:43:57
X509v3 Authority Key Identifier:
keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/oeonqH87-WRgPMzNKpaunDyyQ1c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.121.200.0/21
82.110.32.0/20
85.189.72.0/21
86.53.152.0-86.53.163.255
86.53.180.0-86.53.191.255
87.86.48.0/20
95.177.63.0/24
95.177.67.0/24
95.177.74.0/24
95.177.85.0/24
194.6.104.0/21
195.40.22.0-195.40.25.255
195.72.176.0/21
212.134.20.0/24
212.134.27.0/24
212.135.6.0/23
213.177.226.0/23
213.177.230.0/23
213.177.234.0/23
213.177.238.0/23
213.177.242.0/23
213.177.246.0/23
213.177.250.0-213.177.255.255
Signature Algorithm: sha256WithRSAEncryption
61:49:5c:60:a3:e2:c2:8c:e3:a5:67:d2:73:a0:36:82:1f:69:
d3:1a:39:0a:28:4b:48:a3:70:b5:b4:0f:25:39:bd:87:b4:40:
ef:4b:06:8d:fc:f0:f7:e3:07:4f:06:65:ea:9c:c5:5d:ce:05:
9d:50:44:ac:ae:48:81:e0:9f:5d:f4:0e:82:0b:c9:52:6e:c3:
d4:0e:f3:93:fe:d4:44:d3:3b:4c:b4:49:0f:c8:c2:3d:71:37:
1f:7e:9d:1e:b3:73:14:29:45:33:da:52:49:98:8b:ea:8d:77:
8a:52:7e:c4:dd:6f:ba:f1:08:46:8d:5d:c0:6c:3a:b8:0d:82:
a9:58:b9:e8:88:3e:43:e2:fc:85:52:97:5e:38:69:21:c2:c2:
38:4a:df:df:fc:dd:20:1b:0d:c7:3d:91:f3:e9:41:5d:ac:a0:
55:ad:c4:39:72:38:19:01:1c:94:15:53:e3:2c:35:cd:12:64:
83:ce:85:f1:42:29:37:42:bf:6e:9c:cd:5d:b0:fd:0e:bd:89:
73:a4:cd:88:85:3f:b4:b0:b7:35:3a:68:19:d4:71:7e:64:0a:
1e:99:52:11:1b:73:5a:24:75:75:51:e3:a8:a8:2e:90:8d:b8:
19:44:f3:b1:0c:ee:f3:df:3d:dc:a2:7f:6f:7e:6c:1a:82:3a:
4f:61:2d:d7
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgISAZ1JZFgVAy1526TKPBa/qydsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNDAxMTQxMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWVhMjdhODdmM2JmOTY0NjAzY2NjY2QyYTk2YWU5YzNjYjI0MzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA63JLd4zYqdsmalqTrgZA6fFHLXLD
hOJfTLLr3QTn32XC4vGG3dNapvXm/Gh8/y2pCRGMKJXIjwDsIwFtSv3mE0Z3vEef
tuTG9lwVIp216sraf9pdNClww0tDRsEvDyILtMMbakjTraO71E7138l3DwHxoWk1
d4fiCIE9GaUrjrisGcHKU9yvSTb2fj0kPUiWBfm1Yh+af1/qmLpti8ZXbQCjoUD1
v1zVZx2h+LMB3NvKxqTVz2xmeVCHZ9AvezZRghWwdRoWsUtBAbPTqL4l1YCWeoj3
fNZrU333G/qc99670b5nKQlMq42PiBT6+P0Mw4qQm8mvVCVgbqHwQb25swIDAQAB
o4ICsTCCAq0wHQYDVR0OBBYEFKHqJ6h/O/lkYDzMzSqWrpw8skNXMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvb2VvbnFIODctV1JnUE16TktwYXVuRHl5UTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHGBggrBgEFBQcBBwEB/wSBtjCBszCBsAQCAAEwgakDBANP
ecgDBARSbiADBANVvUgwDAMEA1Y1mAMEAlY1oDAMAwQCVjW0AwQGVjWAAwQEV1Yw
AwQAX7E/AwQAX7FDAwQAX7FKAwQAX7FVAwQDwgZoMAwDBAHDKBYDBAHDKBgDBAPD
SLADBADUhhQDBADUhhsDBAHUhwYDBAHVseIDBAHVseYDBAHVseoDBAHVse4DBAHV
sfIDBAHVsfYwCwMEAdWx+gMDAdWwMA0GCSqGSIb3DQEBCwUAA4IBAQBhSVxgo+LC
jOOlZ9JzoDaCH2nTGjkKKEtIo3C1tA8lOb2HtEDvSwaN/PD34wdPBmXqnMVdzgWd
UESsrkiB4J9d9A6CC8lSbsPUDvOT/tRE0ztMtEkPyMI9cTcffp0es3MUKUUz2lJJ
mIvqjXeKUn7E3W+68QhGjV3AbDq4DYKpWLnoiD5D4vyFUpdeOGkhwsI4St/f/N0g
Gw3HPZHz6UFdrKBVrcQ5cjgZARyUFVPjLDXNEmSDzoXxQik3Qr9unM1dsP0OvYlz
pM2IhT+0sLc1OmgZ1HF+ZAoemVIRG3NaJHV1UeOoqC6QjbgZRPOxDO7z3z3con9v
fmwagjpPYS3X
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:28:34 2026 by rpki-client