Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/hHgL4WgE2D2tkf9XKXzxcgvVlpw.roa
File: hHgL4WgE2D2tkf9XKXzxcgvVlpw.roa (raw, json)
Hash identifier: fInx3epgs9miiU9sVBL10AxZq5vOraw4C+V7V62SNH4=
Subject key identifier: 84:78:0B:E1:68:04:D8:3D:AD:91:FF:57:29:7C:F1:72:0B:D5:96:9C
Certificate issuer: /CN=521f0cba10daa302e3b167cee5395f742f530b09
Certificate serial: 019DFE5A48C90A8C08B6F80CF1EC64BDCD44
Authority key identifier: 52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/hHgL4WgE2D2tkf9XKXzxcgvVlpw.roa
Signing time: Wed 06 May 2026 17:33:42 +0000
ROA not before: Wed 06 May 2026 17:33:42 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9304
IP address blocks: 87.76.178.0/24 maxlen: 24
87.76.189.0/24 maxlen: 24
87.76.190.0/24 maxlen: 24
87.76.210.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.mft
rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 23:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:fe:5a:48:c9:0a:8c:08:b6:f8:0c:f1:ec:64:bd:cd:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=521f0cba10daa302e3b167cee5395f742f530b09
Validity
Not Before: May 6 17:33:42 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=84780be16804d83dad91ff57297cf1720bd5969c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:73:bb:e6:b5:51:c6:71:c6:8f:6d:8f:70:fb:
20:d6:1a:61:cd:b8:43:5a:c6:af:52:0b:7f:b4:db:
49:ed:c4:47:6c:5d:86:cd:96:2b:46:35:db:86:b0:
ac:98:8e:dc:a6:0d:63:5d:21:95:32:6c:b5:01:3c:
88:c7:f4:ea:90:06:92:49:dc:ca:70:a4:ce:62:fb:
6d:c2:67:98:88:c6:83:2c:26:29:07:49:61:f2:33:
12:e7:f3:4f:26:8e:26:90:89:5c:0d:a1:14:6f:2e:
3e:29:c1:e4:a1:97:c4:3a:d9:c3:97:92:f6:ee:16:
4c:6b:06:8c:fa:99:11:9d:c6:d3:a9:d7:b9:03:ff:
31:4e:28:ab:63:1b:c2:8c:8c:ae:18:0c:1b:c3:4e:
ce:41:48:4d:9e:14:1f:bb:f8:5f:49:e9:22:05:99:
7a:b9:3d:00:55:ec:ea:06:02:23:9b:e2:a1:ba:ec:
6b:37:d7:bf:60:3d:f3:af:9a:e9:a0:1a:ae:24:af:
08:56:a4:d8:7f:5d:a6:d2:df:9a:29:b5:48:85:3a:
96:70:33:ea:cc:22:e5:fe:15:46:40:17:f3:70:bc:
26:23:16:9e:5c:db:fa:88:86:ae:9c:e7:21:bd:8c:
15:f7:86:b6:82:01:65:5c:f4:dc:5d:25:7e:78:4e:
49:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:78:0B:E1:68:04:D8:3D:AD:91:FF:57:29:7C:F1:72:0B:D5:96:9C
X509v3 Authority Key Identifier:
keyid:52:1F:0C:BA:10:DA:A3:02:E3:B1:67:CE:E5:39:5F:74:2F:53:0B:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh8MuhDaowLjsWfO5TlfdC9TCwk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/hHgL4WgE2D2tkf9XKXzxcgvVlpw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/68ce36-74e4-443b-aef1-3bb8b075d69f/1/Uh8MuhDaowLjsWfO5TlfdC9TCwk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.76.178.0/24
87.76.189.0-87.76.190.255
87.76.210.0/24
Signature Algorithm: sha256WithRSAEncryption
82:c3:60:37:c1:74:14:f9:b7:3e:af:11:a0:97:ea:76:4c:45:
92:e5:56:aa:97:3e:54:4d:6e:ad:6d:87:de:04:db:6a:38:b8:
24:8d:16:4b:95:32:2b:9c:51:2a:ff:95:8c:47:63:22:e5:4e:
dc:a0:ba:ed:21:a9:03:35:bd:0c:c0:72:01:2e:2b:bb:0e:4b:
17:a3:51:91:25:9c:dc:05:e6:1f:c8:58:92:a6:f4:63:9a:25:
53:f8:1f:a3:7d:44:b2:19:63:7e:64:0e:3b:12:05:fa:32:cd:
5e:f8:bf:ca:80:d7:42:90:66:1e:a3:fb:87:b0:14:8f:32:bd:
fc:2f:c2:d8:ed:ff:05:4b:5b:e1:40:aa:7f:24:5a:fd:b5:49:
a4:5f:0e:0c:a1:5a:8b:ae:5b:27:6f:c4:df:95:6f:f8:83:cc:
f8:ec:d8:87:1c:36:eb:7b:a7:dd:4b:03:6e:30:44:f1:e3:3b:
fb:77:6b:5a:ed:7c:db:63:38:b4:c9:c1:b9:5f:d9:12:1b:22:
37:b5:0d:f4:00:47:3c:aa:4b:9a:f2:36:2f:bd:4b:97:9b:25:
00:3c:6d:dd:10:b9:d6:34:ef:6b:8c:3b:0f:35:16:35:d7:76:
60:7e:e9:fb:48:ba:cf:d7:85:ba:0e:1f:17:4f:73:ba:81:96:
15:4b:e0:c5
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ3+WkjJCowItvgM8exkvc1EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWYwY2JhMTBkYWEzMDJlM2IxNjdjZWU1Mzk1Zjc0MmY1
MzBiMDkwHhcNMjYwNTA2MTczMzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDc4MGJlMTY4MDRkODNkYWQ5MWZmNTcyOTdjZjE3MjBiZDU5NjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHO75rVRxnHGj22PcPsg1hphzbhD
WsavUgt/tNtJ7cRHbF2GzZYrRjXbhrCsmI7cpg1jXSGVMmy1ATyIx/TqkAaSSdzK
cKTOYvttwmeYiMaDLCYpB0lh8jMS5/NPJo4mkIlcDaEUby4+KcHkoZfEOtnDl5L2
7hZMawaM+pkRncbTqde5A/8xTiirYxvCjIyuGAwbw07OQUhNnhQfu/hfSekiBZl6
uT0AVezqBgIjm+KhuuxrN9e/YD3zr5rpoBquJK8IVqTYf12m0t+aKbVIhTqWcDPq
zCLl/hVGQBfzcLwmIxaeXNv6iIaunOchvYwV94a2ggFlXPTcXSV+eE5J0QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIR4C+FoBNg9rZH/Vyl88XIL1ZacMB8GA1UdIwQY
MBaAFFIfDLoQ2qMC47FnzuU5X3QvUwsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEt
M2JiOGIwNzVkNjlmLzEvaEhnTDRXZ0UyRDJ0a2Y5WEtYenhjZ3ZWbHB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82OGNlMzYtNzRlNC00NDNiLWFlZjEtM2JiOGIwNzVkNjlm
LzEvVWg4TXVoRGFvd0xqc1dmTzVUbGZkQzlUQ3drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAV0yyMAwD
BABXTL0DBABXTL4DBABXTNIwDQYJKoZIhvcNAQELBQADggEBAILDYDfBdBT5tz6v
EaCX6nZMRZLlVqqXPlRNbq1th94E22o4uCSNFkuVMiucUSr/lYxHYyLlTtyguu0h
qQM1vQzAcgEuK7sOSxejUZElnNwF5h/IWJKm9GOaJVP4H6N9RLIZY35kDjsSBfoy
zV74v8qA10KQZh6j+4ewFI8yvfwvwtjt/wVLW+FAqn8kWv21SaRfDgyhWouuWydv
xN+Vb/iDzPjs2IccNut7p91LA24wRPHjO/t3a1rtfNtjOLTJwblf2RIbIje1DfQA
RzyqS5ryNi+9S5ebJQA8bd0QudY072uMOw81FjXXdmB+6ftIus/XhboOHxdPc7qB
lhVL4MU=
-----END CERTIFICATE-----
Generated at Wed May 13 09:47:46 2026 by rpki-client