Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/97cc-LB3rG13dxTaENx-7JYBPe0.roa
File: 97cc-LB3rG13dxTaENx-7JYBPe0.roa (raw, json)
Hash identifier: iCkgIpMzGk+/4CscuxSSD1lD7KaBFSyKku9u86QVkmw=
Subject key identifier: F7:B7:1C:F8:B0:77:AC:6D:77:77:14:DA:10:DC:7E:EC:96:01:3D:ED
Certificate issuer: /CN=c8acf59abd4abbfbf830a060225a96a2179a2694
Certificate serial: 019C7AAD0BF326E80CF7E2E2F4AFAC4175D8
Authority key identifier: C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/97cc-LB3rG13dxTaENx-7JYBPe0.roa
Signing time: Fri 20 Feb 2026 10:51:27 +0000
ROA not before: Fri 20 Feb 2026 10:51:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 35625
IP address blocks: 37.16.78.0/24 maxlen: 24
37.235.88.0/21 maxlen: 24
45.15.204.0/22 maxlen: 24
45.85.132.0/24 maxlen: 24
45.88.140.0/22 maxlen: 24
45.138.192.0/22 maxlen: 24
46.29.120.0/21 maxlen: 24
85.208.216.0/22 maxlen: 24
89.21.88.0/21 maxlen: 21
91.212.236.0/24 maxlen: 24
91.229.136.0/24 maxlen: 24
94.158.180.0/22 maxlen: 24
109.71.136.0/21 maxlen: 24
109.197.240.0/21 maxlen: 24
109.205.0.0/21 maxlen: 24
185.31.148.0/22 maxlen: 24
185.39.168.0/22 maxlen: 24
185.71.148.0/22 maxlen: 24
185.75.140.0/22 maxlen: 24
185.117.18.0/23 maxlen: 24
185.161.44.0/22 maxlen: 24
185.167.76.0/24 maxlen: 24
185.181.4.0/22 maxlen: 24
185.218.212.0/22 maxlen: 24
185.220.72.0/22 maxlen: 24
185.227.0.0/22 maxlen: 24
185.230.96.0/22 maxlen: 24
185.246.26.0/24 maxlen: 24
185.246.96.0/22 maxlen: 24
185.252.156.0/22 maxlen: 24
193.176.64.0/22 maxlen: 24
194.88.112.0/21 maxlen: 24
194.126.178.0/24 maxlen: 24
195.90.116.0/22 maxlen: 24
195.190.27.0/24 maxlen: 24
2a00:ba60::/32 maxlen: 32
2a00:ba61::/32 maxlen: 32
2a00:ba62::/32 maxlen: 32
2a00:ba67::/32 maxlen: 32
2a01:6600:2e00::/40 maxlen: 40
2a01:6603::/32 maxlen: 32
2a01:6604::/32 maxlen: 32
2a01:6605::/32 maxlen: 32
2a02:21c8::/32 maxlen: 32
2a09:8c40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 13:01:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:7a:ad:0b:f3:26:e8:0c:f7:e2:e2:f4:af:ac:41:75:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c8acf59abd4abbfbf830a060225a96a2179a2694
Validity
Not Before: Feb 20 10:51:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f7b71cf8b077ac6d777714da10dc7eec96013ded
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:12:71:f7:9d:77:7a:e2:1f:6a:b2:f3:f5:5d:
85:38:5b:a1:4b:0f:e0:48:cb:f3:f0:b3:96:1b:c4:
89:d1:07:d2:0e:46:be:8e:db:25:17:76:dd:29:0e:
dc:97:55:87:7c:2e:ba:48:3c:41:12:fd:ec:76:3f:
da:82:fc:9f:29:a9:e8:93:12:a6:9a:9a:30:dd:3f:
df:b7:b1:03:dd:65:f2:59:d2:7d:f3:66:3c:34:ff:
8d:f5:13:44:d0:51:08:a2:69:66:77:c8:b8:ec:aa:
aa:96:32:39:dd:23:d9:23:45:92:22:59:16:9a:3b:
90:e8:de:56:a6:d1:72:e6:02:98:39:36:77:de:33:
d7:ee:ee:e5:9f:90:97:43:c4:b1:4c:33:01:81:e7:
35:36:f1:c3:27:87:eb:77:92:f2:90:a9:11:c6:f2:
27:63:77:94:b6:0f:60:48:3e:f9:4f:08:49:5d:06:
e0:02:f6:23:57:64:a5:66:51:31:bf:d9:07:b3:52:
f4:c2:61:31:76:70:81:18:b2:9c:b0:f9:28:46:42:
30:e2:63:ae:11:f5:ac:0b:07:e0:f5:35:c7:5d:b6:
6e:3d:7d:6f:88:55:c8:a0:6b:bf:02:23:b7:17:85:
cd:4b:bc:77:d1:2d:7d:e9:3e:40:3d:60:d6:ee:10:
37:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:B7:1C:F8:B0:77:AC:6D:77:77:14:DA:10:DC:7E:EC:96:01:3D:ED
X509v3 Authority Key Identifier:
keyid:C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/97cc-LB3rG13dxTaENx-7JYBPe0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.16.78.0/24
37.235.88.0/21
45.15.204.0/22
45.85.132.0/24
45.88.140.0/22
45.138.192.0/22
46.29.120.0/21
85.208.216.0/22
89.21.88.0/21
91.212.236.0/24
91.229.136.0/24
94.158.180.0/22
109.71.136.0/21
109.197.240.0/21
109.205.0.0/21
185.31.148.0/22
185.39.168.0/22
185.71.148.0/22
185.75.140.0/22
185.117.18.0/23
185.161.44.0/22
185.167.76.0/24
185.181.4.0/22
185.218.212.0/22
185.220.72.0/22
185.227.0.0/22
185.230.96.0/22
185.246.26.0/24
185.246.96.0/22
185.252.156.0/22
193.176.64.0/22
194.88.112.0/21
194.126.178.0/24
195.90.116.0/22
195.190.27.0/24
IPv6:
2a00:ba60::-2a00:ba62:ffff:ffff:ffff:ffff:ffff:ffff
2a00:ba67::/32
2a01:6600:2e00::/40
2a01:6603::-2a01:6605:ffff:ffff:ffff:ffff:ffff:ffff
2a02:21c8::/32
2a09:8c40::/29
Signature Algorithm: sha256WithRSAEncryption
08:55:cc:24:43:d5:41:e0:4e:26:11:3d:7e:46:59:0c:a0:22:
3e:cb:3e:17:a7:ed:2a:e2:a5:2b:6c:53:49:24:fc:98:71:7d:
08:91:16:5b:77:b8:4e:bb:1a:19:12:85:c3:d1:b0:95:16:69:
52:4c:b8:9a:a4:a0:5a:4a:65:27:e5:eb:19:50:d6:61:eb:ac:
f6:d1:94:1f:68:2f:4d:e6:7c:55:b6:1e:f0:58:20:11:64:3b:
ae:db:77:8d:98:e5:d3:47:59:a8:1c:2e:cb:87:2d:59:b0:a1:
99:79:ed:5b:d2:1e:33:65:9c:35:f2:6a:60:f6:44:06:43:68:
c8:15:74:24:fc:6f:0d:c9:d4:70:a1:90:a6:e3:b5:9f:84:8b:
be:b3:98:f7:39:e4:c2:de:b4:e3:69:65:cc:ca:83:e6:d5:8e:
cd:d9:76:01:bf:c8:8b:fc:86:3a:b1:2e:e9:f4:d5:fa:dd:d4:
e5:cb:63:b6:62:45:bd:0d:24:9d:f9:fd:b3:07:29:e7:4c:dc:
a5:47:ad:5f:88:78:d5:ff:7a:99:9b:c7:0f:19:01:1a:99:4d:
f7:ab:5c:37:88:12:71:26:11:ed:1a:c5:79:1c:23:85:cb:06:
6c:e6:8d:c2:29:ec:c3:bb:df:df:b0:c1:a6:0f:3c:03:5c:46:
bd:48:0a:08
-----BEGIN CERTIFICATE-----
MIIGFjCCBP6gAwIBAgISAZx6rQvzJugM9+Li9K+sQXXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YWNmNTlhYmQ0YWJiZmJmODMwYTA2MDIyNWE5NmEyMTc5
YTI2OTQwHhcNMjYwMjIwMTA1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2I3MWNmOGIwNzdhYzZkNzc3NzE0ZGExMGRjN2VlYzk2MDEzZGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxJx9513euIfarLz9V2FOFuhSw/g
SMvz8LOWG8SJ0QfSDka+jtslF3bdKQ7cl1WHfC66SDxBEv3sdj/agvyfKanokxKm
mpow3T/ft7ED3WXyWdJ982Y8NP+N9RNE0FEIomlmd8i47KqqljI53SPZI0WSIlkW
mjuQ6N5WptFy5gKYOTZ33jPX7u7ln5CXQ8SxTDMBgec1NvHDJ4frd5LykKkRxvIn
Y3eUtg9gSD75TwhJXQbgAvYjV2SlZlExv9kHs1L0wmExdnCBGLKcsPkoRkIw4mOu
EfWsCwfg9TXHXbZuPX1viFXIoGu/AiO3F4XNS7x30S196T5APWDW7hA3aQIDAQAB
o4IDIjCCAx4wHQYDVR0OBBYEFPe3HPiwd6xtd3cU2hDcfuyWAT3tMB8GA1UdIwQY
MBaAFMis9Zq9Srv7+DCgYCJalqIXmiaUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQt
ODM4ZWJmNDEyYTYxLzEvOTdjYy1MQjNyRzEzZHhUYUVOeC03SllCUGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQtODM4ZWJmNDEyYTYx
LzEveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNgYIKwYBBQUHAQcBAf8EggElMIIBITCB2QQCAAEwgdID
BAAlEE4DBAMl61gDBAItD8wDBAAtVYQDBAItWIwDBAItisADBAMuHXgDBAJV0NgD
BANZFVgDBABb1OwDBABb5YgDBAJenrQDBANtR4gDBANtxfADBANtzQADBAK5H5QD
BAK5J6gDBAK5R5QDBAK5S4wDBAG5dRIDBAK5oSwDBAC5p0wDBAK5tQQDBAK52tQD
BAK53EgDBAK54wADBAK55mADBAC59hoDBAK59mADBAK5/JwDBALBsEADBAPCWHAD
BADCfrIDBALDWnQDBADDvhswQwQCAAIwPTAOAwUFKgC6YAMFACoAumIDBQAqALpn
AwYAKgFmAC4wDgMFACoBZgMDBQEqAWYEAwUAKgIhyAMFAyoJjEAwDQYJKoZIhvcN
AQELBQADggEBAAhVzCRD1UHgTiYRPX5GWQygIj7LPhen7SripStsU0kk/JhxfQiR
Flt3uE67GhkShcPRsJUWaVJMuJqkoFpKZSfl6xlQ1mHrrPbRlB9oL03mfFW2HvBY
IBFkO67bd42Y5dNHWagcLsuHLVmwoZl57VvSHjNlnDXyamD2RAZDaMgVdCT8bw3J
1HChkKbjtZ+Ei76zmPc55MLetONpZczKg+bVjs3ZdgG/yIv8hjqxLun01frd1OXL
Y7ZiRb0NJJ35/bMHKedM3KVHrV+IeNX/epmbxw8ZARqZTferXDeIEnEmEe0axXkc
I4XLBmzmjcIp7MO739+wwaYPPANcRr1ICgg=
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:51:06 2026 by rpki-client