Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/to_ofhJSBNbkzmbX8fX9qE_8lKo.roa
File: to_ofhJSBNbkzmbX8fX9qE_8lKo.roa (raw, json)
Hash identifier: bfC84eXvuOlFJes6YefZeJwxEKuegCO63Uo8o5gtw7M=
Subject key identifier: B6:8F:E8:7E:12:52:04:D6:E4:CE:66:D7:F1:F5:FD:A8:4F:FC:94:AA
Certificate issuer: /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial: 019EAD12D1318C3FE59BCC9F9BE79B76B8D7
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/to_ofhJSBNbkzmbX8fX9qE_8lKo.roa
Signing time: Tue 09 Jun 2026 15:49:12 +0000
ROA not before: Tue 09 Jun 2026 15:49:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197210
IP address blocks: 87.83.0.0/24 maxlen: 24
87.85.99.0/24 maxlen: 24
87.85.138.0/24 maxlen: 24
87.85.164.0/24 maxlen: 24
87.85.253.0/24 maxlen: 24
87.85.255.0/24 maxlen: 24
87.86.92.0/24 maxlen: 24
87.86.95.0/24 maxlen: 24
87.86.188.0/24 maxlen: 24
87.86.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 08:20:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:ad:12:d1:31:8c:3f:e5:9b:cc:9f:9b:e7:9b:76:b8:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e20b034e2c497b1884488def106972704765029
Validity
Not Before: Jun 9 15:49:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b68fe87e125204d6e4ce66d7f1f5fda84ffc94aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:25:d5:a3:fb:6e:41:c0:a8:1e:59:dd:51:cd:
b8:f6:e2:e9:8d:ae:45:f9:5a:9c:06:16:5e:1c:7d:
6e:74:5e:4f:f1:84:6d:fd:5e:23:8f:56:a5:26:a9:
fa:82:25:f8:8a:7b:0c:4d:2b:56:8f:ab:18:f3:d2:
c3:1e:11:e7:62:8f:9a:5a:ba:0f:8c:07:e3:f2:e5:
cb:93:d4:36:b3:4a:1d:29:16:dd:49:05:c2:9a:08:
1a:c1:26:f4:da:63:af:c3:78:60:e0:84:4b:e8:c0:
e7:fd:af:6a:ad:d5:10:ce:42:69:d4:82:75:7c:83:
dd:e6:2f:71:d1:72:be:df:6f:d3:42:32:a0:9f:f9:
7f:28:32:92:46:2e:76:34:56:5b:a4:c4:16:1a:66:
2f:f4:c5:db:10:4e:13:78:9f:2d:4f:e9:df:f2:8f:
3e:a0:21:3c:cb:56:7a:59:13:ed:45:b2:2b:7a:d9:
08:19:f0:ac:cb:64:40:b8:de:f6:ae:cf:15:12:45:
78:d4:c7:e7:9b:39:d6:e6:78:2b:93:cb:1e:08:9a:
dc:c7:e9:b4:eb:c6:0f:69:fd:f8:54:3b:d1:13:2e:
26:57:25:53:32:ce:11:68:58:1c:88:49:29:3b:c2:
75:26:05:17:95:cb:5c:55:03:45:15:0f:46:95:b9:
00:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:8F:E8:7E:12:52:04:D6:E4:CE:66:D7:F1:F5:FD:A8:4F:FC:94:AA
X509v3 Authority Key Identifier:
keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/to_ofhJSBNbkzmbX8fX9qE_8lKo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.83.0.0/24
87.85.99.0/24
87.85.138.0/24
87.85.164.0/24
87.85.253.0/24
87.85.255.0/24
87.86.92.0/24
87.86.95.0/24
87.86.188.0/24
87.86.191.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:84:03:1f:1a:51:3d:76:62:69:55:4f:e0:af:ca:e1:ab:88:
5e:7a:bc:c2:cd:61:14:10:f9:34:2d:0e:61:d5:51:d7:3b:20:
f2:7f:34:07:fd:7f:25:9c:94:33:1f:37:9d:41:ff:cc:9b:de:
be:e7:93:f9:50:c2:f8:8e:1d:65:c0:67:f1:91:29:81:25:44:
66:da:0e:12:47:1e:f8:b3:d3:ec:93:2f:0a:27:08:d3:c6:60:
4c:29:55:96:e9:9d:3e:27:53:88:8d:9e:bf:9b:38:1c:9e:24:
b4:8a:0e:e5:f3:2d:d8:c3:86:12:8d:56:49:9f:55:ee:05:03:
7b:72:85:c9:f2:af:3f:ce:04:50:94:67:ed:7a:28:1e:68:57:
8d:0f:30:a9:2e:ef:60:69:1a:48:e4:44:a7:57:71:5d:2c:0a:
d5:31:bc:cc:65:0b:0e:cd:25:99:4c:6a:e1:1a:0f:8e:c8:88:
2f:f3:e5:82:26:f4:49:ea:5d:31:8c:7c:da:0d:54:ac:5a:c7:
93:7f:fb:c5:05:16:ce:be:1f:aa:d7:13:f5:c1:a2:6e:b9:ea:
fc:18:82:8d:0d:bf:10:0c:a7:b6:51:aa:ed:58:b1:3d:ff:85:
a3:fa:ef:ef:c4:7c:20:ea:54:5b:2a:fc:d6:8a:79:39:7b:b5:
55:0a:92:ff
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZ6tEtExjD/lm8yfm+ebdrjXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjA5MTU0OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjhmZTg3ZTEyNTIwNGQ2ZTRjZTY2ZDdmMWY1ZmRhODRmZmM5NGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CXVo/tuQcCoHlndUc249uLpja5F
+VqcBhZeHH1udF5P8YRt/V4jj1alJqn6giX4insMTStWj6sY89LDHhHnYo+aWroP
jAfj8uXLk9Q2s0odKRbdSQXCmggawSb02mOvw3hg4IRL6MDn/a9qrdUQzkJp1IJ1
fIPd5i9x0XK+32/TQjKgn/l/KDKSRi52NFZbpMQWGmYv9MXbEE4TeJ8tT+nf8o8+
oCE8y1Z6WRPtRbIretkIGfCsy2RAuN72rs8VEkV41MfnmznW5ngrk8seCJrcx+m0
68YPaf34VDvREy4mVyVTMs4RaFgciEkpO8J1JgUXlctcVQNFFQ9GlbkAYwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLaP6H4SUgTW5M5m1/H1/ahP/JSqMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvdG9fb2ZoSlNCTmJrem1iWDhmWDlxRV84bEtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAV1MAAwQA
V1VjAwQAV1WKAwQAV1WkAwQAV1X9AwQAV1X/AwQAV1ZcAwQAV1ZfAwQAV1a8AwQA
V1a/MA0GCSqGSIb3DQEBCwUAA4IBAQBOhAMfGlE9dmJpVU/gr8rhq4heerzCzWEU
EPk0LQ5h1VHXOyDyfzQH/X8lnJQzHzedQf/Mm96+55P5UML4jh1lwGfxkSmBJURm
2g4SRx74s9Psky8KJwjTxmBMKVWW6Z0+J1OIjZ6/mzgcniS0ig7l8y3Yw4YSjVZJ
n1XuBQN7coXJ8q8/zgRQlGfteigeaFeNDzCpLu9gaRpI5ESnV3FdLArVMbzMZQsO
zSWZTGrhGg+OyIgv8+WCJvRJ6l0xjHzaDVSsWseTf/vFBRbOvh+q1xP1waJuuer8
GIKNDb8QDKe2UartWLE9/4Wj+u/vxHwg6lRbKvzWink5e7VVCpL/
-----END CERTIFICATE-----
Generated at Sat Jun 13 13:11:32 2026 by rpki-client