Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bsh-KrUHp15DixM24wKgrrVsTzU.roa
File: bsh-KrUHp15DixM24wKgrrVsTzU.roa (raw, json)
Hash identifier: u84yUs+5hrVrSWK2zvG22aaMXHoGmX8ym2iz7UBAj74=
Subject key identifier: 6E:C8:7E:2A:B5:07:A7:5E:43:8B:13:36:E3:02:A0:AE:B5:6C:4F:35
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019C9427AD6EE701604D98F0BDD1BCCD3101
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bsh-KrUHp15DixM24wKgrrVsTzU.roa
Signing time: Wed 25 Feb 2026 09:35:54 +0000
ROA not before: Wed 25 Feb 2026 09:35:54 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 63199
IP address blocks: 84.245.17.0/24 maxlen: 24
84.245.22.0/24 maxlen: 24
87.101.0.0/24 maxlen: 24
185.227.74.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:94:27:ad:6e:e7:01:60:4d:98:f0:bd:d1:bc:cd:31:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 25 09:35:54 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6ec87e2ab507a75e438b1336e302a0aeb56c4f35
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:4c:37:ca:dc:80:36:46:55:0f:84:69:bd:88:
e0:7e:fb:49:7f:c1:52:ee:62:9d:0e:45:cd:5e:dc:
4c:24:42:da:6b:70:1c:4a:82:75:9a:76:cf:67:dc:
bb:52:eb:f4:ca:bf:51:fc:8c:d2:bc:05:55:3c:a8:
56:2d:77:c5:97:4b:d9:76:65:f4:45:54:84:a3:b0:
d2:64:c0:5f:a8:f3:06:70:fc:1c:71:f7:75:eb:4e:
83:72:7b:ea:e5:5b:1c:0f:b0:9c:84:14:82:8c:a4:
99:66:71:96:e7:74:a0:4d:45:97:d0:de:55:bd:a4:
37:89:ec:63:02:8f:75:15:7a:b8:14:eb:57:dd:b5:
ce:f8:46:88:7e:1c:96:6b:09:2f:4c:7f:4a:a3:f9:
39:a7:9f:4d:db:0d:69:c4:c1:ed:ff:7c:ab:25:6b:
15:1f:ad:1b:3e:4e:9d:dc:52:2f:91:ca:c1:74:52:
24:fb:01:21:db:fe:0a:7d:c7:16:e3:cd:78:db:b6:
96:41:d2:46:bb:9a:d0:d0:d9:d2:c0:e3:1a:45:01:
61:fc:bb:13:e7:65:6c:3a:92:4a:d1:19:00:b7:ec:
18:16:df:6c:a2:4a:ea:7e:8f:72:fd:fb:b0:d8:71:
d3:b6:7e:44:86:c4:3c:7e:72:58:b0:8d:e4:6a:0a:
dc:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:C8:7E:2A:B5:07:A7:5E:43:8B:13:36:E3:02:A0:AE:B5:6C:4F:35
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bsh-KrUHp15DixM24wKgrrVsTzU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.245.17.0/24
84.245.22.0/24
87.101.0.0/24
185.227.74.0/24
Signature Algorithm: sha256WithRSAEncryption
88:e4:a7:fb:ee:e7:6a:d5:60:15:58:d5:9d:0b:34:53:4c:c1:
00:17:9e:2d:b1:a1:e4:ef:aa:37:af:10:c1:ef:56:36:f0:f3:
67:f8:21:6a:80:86:aa:db:ff:92:d7:81:74:a1:14:fd:21:bb:
3d:ae:bb:92:10:8e:8f:68:89:2a:4e:d8:38:72:5d:71:41:bc:
66:d9:20:3c:9b:cb:79:34:5c:5f:38:e3:44:ac:38:fa:29:4a:
d4:a4:9a:94:70:10:7b:a0:30:49:b7:ac:68:5a:c4:57:0b:91:
95:57:32:74:02:e4:4c:2c:70:7f:17:e5:92:35:06:64:9b:bf:
fc:1c:cc:d9:96:4b:3a:60:75:24:40:38:1c:b6:ad:b4:62:4a:
74:4b:ab:fe:d1:61:6c:5a:49:9c:f7:aa:de:00:23:d4:f5:88:
f2:df:88:f5:37:8c:29:a2:a2:b7:15:d4:81:bd:41:32:0e:ee:
a5:aa:3a:62:71:9f:27:b3:21:ba:5f:09:c4:f7:9b:ce:1d:18:
21:26:b2:fd:f6:47:8d:39:2e:65:9e:81:0f:9b:7b:4e:14:68:
de:fb:0d:49:61:7b:bc:d1:f7:a8:3f:13:dd:83:2c:4f:6b:ab:
28:d9:31:3d:72:ea:93:4e:0a:74:21:71:86:7b:57:c3:ff:42:
2a:33:41:90
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZyUJ61u5wFgTZjwvdG8zTEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMjI1MDkzNTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWM4N2UyYWI1MDdhNzVlNDM4YjEzMzZlMzAyYTBhZWI1NmM0ZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ew3ytyANkZVD4RpvYjgfvtJf8FS
7mKdDkXNXtxMJELaa3AcSoJ1mnbPZ9y7Uuv0yr9R/IzSvAVVPKhWLXfFl0vZdmX0
RVSEo7DSZMBfqPMGcPwccfd1606Dcnvq5VscD7CchBSCjKSZZnGW53SgTUWX0N5V
vaQ3iexjAo91FXq4FOtX3bXO+EaIfhyWawkvTH9Ko/k5p59N2w1pxMHt/3yrJWsV
H60bPk6d3FIvkcrBdFIk+wEh2/4KfccW481427aWQdJGu5rQ0NnSwOMaRQFh/LsT
52VsOpJK0RkAt+wYFt9sokrqfo9y/fuw2HHTtn5EhsQ8fnJYsI3kagrcLQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFG7Ifiq1B6deQ4sTNuMCoK61bE81MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYnNoLUtyVUhwMTVEaXhNMjR3S2dyclZzVHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVPURAwQA
VPUWAwQAV2UAAwQAueNKMA0GCSqGSIb3DQEBCwUAA4IBAQCI5Kf77udq1WAVWNWd
CzRTTMEAF54tsaHk76o3rxDB71Y28PNn+CFqgIaq2/+S14F0oRT9Ibs9rruSEI6P
aIkqTtg4cl1xQbxm2SA8m8t5NFxfOONErDj6KUrUpJqUcBB7oDBJt6xoWsRXC5GV
VzJ0AuRMLHB/F+WSNQZkm7/8HMzZlks6YHUkQDgctq20Ykp0S6v+0WFsWkmc96re
ACPU9Yjy34j1N4wpoqK3FdSBvUEyDu6lqjpicZ8nsyG6XwnE95vOHRghJrL99keN
OS5lnoEPm3tOFGje+w1JYXu80feoPxPdgyxPa6so2TE9cuqTTgp0IXGGe1fD/0Iq
M0GQ
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:26:53 2026 by rpki-client