Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/rxFdQ8wHm79-KwtfCQQduhZ5MX4.roa
File: rxFdQ8wHm79-KwtfCQQduhZ5MX4.roa (raw, json)
Hash identifier: 4fE5VLNDidIj7JkBBuOBn6AqwpO9aA+OzOMLJ27mh8o=
Subject key identifier: AF:11:5D:43:CC:07:9B:BF:7E:2B:0B:5F:09:04:1D:BA:16:79:31:7E
Certificate issuer: /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial: 019C911EE4E2CCF22F9A38FE9FCFAFF80148
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/rxFdQ8wHm79-KwtfCQQduhZ5MX4.roa
Signing time: Tue 24 Feb 2026 19:27:26 +0000
ROA not before: Tue 24 Feb 2026 19:27:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 49608
IP address blocks: 87.76.216.0/24 maxlen: 24
87.76.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:91:1e:e4:e2:cc:f2:2f:9a:38:fe:9f:cf:af:f8:01:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
Validity
Not Before: Feb 24 19:27:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=af115d43cc079bbf7e2b0b5f09041dba1679317e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:d8:46:c6:1d:cd:08:b8:05:46:23:67:72:0e:
01:30:50:e1:99:a5:d8:91:f1:e7:97:1d:10:00:b8:
44:dc:0d:53:fb:58:8f:e2:dc:b9:dc:3c:8f:7b:76:
69:62:a3:08:68:fc:1d:aa:3d:12:6a:2d:1b:69:52:
08:be:df:5a:4f:0e:f3:90:e4:36:f7:bd:a9:53:8c:
c2:73:45:33:41:ea:99:d7:94:8a:37:c1:5c:0e:1c:
ca:55:62:71:de:46:ec:d2:c8:6b:85:ec:f7:9b:68:
b6:f7:6e:07:b6:17:17:27:75:80:00:9a:03:74:46:
b9:46:23:36:cb:9e:28:02:61:d3:97:3b:49:cf:34:
c1:10:75:e8:87:f4:de:79:28:9a:50:2f:45:83:c5:
13:fd:0e:25:f7:96:a7:fa:a5:ae:14:22:65:67:64:
e6:46:0d:47:36:7f:f0:7f:3a:1f:4f:2a:7a:ed:b7:
46:77:69:97:1e:51:49:8b:25:2a:34:71:5f:c9:fa:
71:4d:85:ba:b9:8a:19:51:ed:bd:11:be:41:56:69:
00:ea:cc:e7:c3:c9:3b:c0:82:d8:5f:a0:41:67:fa:
af:e8:01:7f:f3:a4:95:5a:a5:fe:73:9b:90:3f:9e:
99:0d:60:1c:24:62:a0:9b:d3:51:00:ba:76:c1:62:
00:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:11:5D:43:CC:07:9B:BF:7E:2B:0B:5F:09:04:1D:BA:16:79:31:7E
X509v3 Authority Key Identifier:
keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/rxFdQ8wHm79-KwtfCQQduhZ5MX4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.76.216.0/24
87.76.223.0/24
Signature Algorithm: sha256WithRSAEncryption
82:94:66:ee:46:b4:f3:46:09:21:c5:b0:83:a1:7a:45:0b:be:
bb:e9:ab:f1:2c:16:27:cf:a5:48:32:aa:d3:2d:b0:a1:38:14:
7f:1f:7b:a2:16:a8:2a:a9:92:19:91:4b:b7:a2:3f:03:6b:c4:
ae:44:43:b8:56:d4:a2:53:13:b2:30:60:8f:5c:cc:28:a6:00:
62:98:38:7f:f7:41:35:dd:96:44:ca:69:8c:99:42:82:a2:ff:
c5:55:02:d4:fa:c7:f6:05:e0:64:f1:e8:ba:3d:b9:f0:45:12:
bf:67:49:73:60:13:f4:dd:9a:a2:b8:f7:6c:2a:c1:5a:20:59:
15:bb:1b:f9:09:98:c4:3b:0d:34:3b:e2:8c:8c:ea:54:64:fd:
ac:42:7f:01:d5:49:34:8f:b5:9c:27:af:9a:ea:eb:9e:19:6f:
59:de:51:60:03:02:4c:43:13:ea:3e:e0:f2:64:c7:c1:d3:b7:
47:2e:23:89:d8:71:7c:4f:a0:1e:03:54:5f:fe:fa:d7:5b:30:
2a:06:bb:90:02:fb:ef:d6:bb:1f:2c:0a:b0:38:96:f4:a1:7c:
21:ae:8e:44:78:da:89:46:9f:33:45:1c:a6:75:a0:4a:73:cc:
24:b7:f3:32:52:82:9f:f2:99:33:9c:4d:ec:c6:21:13:99:23:
36:74:ec:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyRHuTizPIvmjj+n8+v+AFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwMjI0MTkyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjExNWQ0M2NjMDc5YmJmN2UyYjBiNWYwOTA0MWRiYTE2NzkzMTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9hGxh3NCLgFRiNncg4BMFDhmaXY
kfHnlx0QALhE3A1T+1iP4ty53DyPe3ZpYqMIaPwdqj0Sai0baVIIvt9aTw7zkOQ2
972pU4zCc0UzQeqZ15SKN8FcDhzKVWJx3kbs0shrhez3m2i2924HthcXJ3WAAJoD
dEa5RiM2y54oAmHTlztJzzTBEHXoh/TeeSiaUC9Fg8UT/Q4l95an+qWuFCJlZ2Tm
Rg1HNn/wfzofTyp67bdGd2mXHlFJiyUqNHFfyfpxTYW6uYoZUe29Eb5BVmkA6szn
w8k7wILYX6BBZ/qv6AF/86SVWqX+c5uQP56ZDWAcJGKgm9NRALp2wWIA5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK8RXUPMB5u/fisLXwkEHboWeTF+MB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvcnhGZFE4d0htNzktS3d0ZkNRUWR1aFo1TVg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV0zYAwQA
V0zfMA0GCSqGSIb3DQEBCwUAA4IBAQCClGbuRrTzRgkhxbCDoXpFC7676avxLBYn
z6VIMqrTLbChOBR/H3uiFqgqqZIZkUu3oj8Da8SuREO4VtSiUxOyMGCPXMwopgBi
mDh/90E13ZZEymmMmUKCov/FVQLU+sf2BeBk8ei6PbnwRRK/Z0lzYBP03ZqiuPds
KsFaIFkVuxv5CZjEOw00O+KMjOpUZP2sQn8B1Uk0j7WcJ6+a6uueGW9Z3lFgAwJM
QxPqPuDyZMfB07dHLiOJ2HF8T6AeA1Rf/vrXWzAqBruQAvvv1rsfLAqwOJb0oXwh
ro5EeNqJRp8zRRymdaBKc8wkt/MyUoKf8pkznE3sxiETmSM2dOzw
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:27:07 2026 by rpki-client