Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/hrbEjs63rlg9CXl4g7G5mgv-RqA.roa
File: hrbEjs63rlg9CXl4g7G5mgv-RqA.roa (raw, json)
Hash identifier: Vn4Q2C74wZsb2HWkUQIo9qyiOlvy2sNf/LHIwsqyFPw=
Subject key identifier: 86:B6:C4:8E:CE:B7:AE:58:3D:09:79:78:83:B1:B9:9A:0B:FE:46:A0
Certificate issuer: /CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
Certificate serial: 019D8C76F7BBB4689EDF11163B590C773830
Authority key identifier: 4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/hrbEjs63rlg9CXl4g7G5mgv-RqA.roa
Signing time: Tue 14 Apr 2026 14:48:20 +0000
ROA not before: Tue 14 Apr 2026 14:48:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42861
IP address blocks: 185.149.144.0/22 maxlen: 22
185.157.120.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl
rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:8c:76:f7:bb:b4:68:9e:df:11:16:3b:59:0c:77:38:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
Validity
Not Before: Apr 14 14:48:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=86b6c48eceb7ae583d09797883b1b99a0bfe46a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:a2:f8:ed:63:31:6b:75:98:b9:97:d6:87:61:
fd:c0:50:c9:60:2c:5e:b4:70:04:01:21:3d:33:45:
8d:68:02:91:cb:12:14:bf:57:92:03:88:c3:34:94:
9c:1e:5f:c0:1a:f1:77:7b:8b:50:62:4c:45:69:aa:
4b:9f:cf:c9:dc:8e:18:26:e2:f2:74:fe:64:2a:cc:
21:0b:de:4d:6e:94:90:20:30:31:13:67:bf:bf:65:
8f:0f:b6:56:ad:a0:f5:ab:5e:ef:61:b2:aa:dd:53:
dd:05:ac:44:d4:63:c6:c0:c4:e9:83:71:84:62:85:
f8:9e:7e:94:9e:82:70:b9:fe:a4:c8:40:23:7c:2c:
5e:29:e7:94:e5:a6:e7:aa:c5:48:4b:ed:b6:ef:f6:
0b:40:c6:da:44:53:71:af:23:06:89:81:ef:03:e4:
ab:36:31:6a:ec:93:8a:07:47:98:8d:d7:4a:97:9b:
6b:2d:a4:6f:0b:54:76:04:a0:41:f5:c2:88:ea:76:
82:fc:60:69:28:1f:61:ad:66:b2:a6:6e:bb:26:4a:
6e:9d:9c:c2:0f:12:46:c1:86:ac:f7:f7:ce:7d:fd:
da:b2:99:a0:15:4c:e4:b3:93:85:04:44:63:ee:60:
89:d6:52:f5:fc:85:82:1f:65:83:0f:3b:12:cd:1d:
04:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:B6:C4:8E:CE:B7:AE:58:3D:09:79:78:83:B1:B9:9A:0B:FE:46:A0
X509v3 Authority Key Identifier:
keyid:4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/hrbEjs63rlg9CXl4g7G5mgv-RqA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.149.144.0/22
185.157.120.0/24
Signature Algorithm: sha256WithRSAEncryption
85:96:7c:12:6a:ca:07:c1:89:10:65:b8:e4:ff:2f:7f:51:f3:
40:f8:ed:a0:4d:f5:f5:e2:13:82:5b:48:75:5a:f0:4e:24:b4:
4a:a2:b8:65:97:be:aa:01:b4:da:0d:1b:23:cc:2c:a1:ca:d4:
15:87:82:0a:2a:02:7a:df:77:1b:7b:ac:2a:99:79:6f:46:eb:
e4:08:cb:08:23:7a:6c:ae:2d:e6:c3:1b:91:89:71:a6:65:34:
90:fd:41:5c:e8:8f:b4:41:e4:3b:83:40:31:bd:6a:78:12:a1:
1e:37:13:67:cd:60:bb:1e:72:2e:bb:b9:74:c6:ba:e4:52:a9:
fc:8b:c0:f1:43:38:68:21:0f:2e:15:d6:40:1b:23:8c:44:0d:
3f:d5:44:d2:db:a9:8c:df:87:db:e9:bc:9f:24:27:2e:67:a0:
23:a8:8d:38:56:85:c7:18:99:47:70:d3:18:9d:f5:17:4f:2d:
9f:67:2a:ee:42:d9:f2:b1:12:f8:73:99:95:e0:9f:4d:5e:0d:
57:e9:fc:2a:b3:69:a8:6f:f1:c3:18:70:3c:71:de:3c:87:f1:
08:3d:63:96:e7:47:38:af:e3:b5:4c:5b:06:95:b3:f8:1c:c5:
46:67:df:8f:1d:34:df:33:d3:19:8e:20:c2:74:b1:e6:19:ff:
b4:9d:70:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2Mdve7tGie3xEWO1kMdzgwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmQzMGIwMTVlYzRlZjFiMGQzYzY0MzQ3YzhkMWI1OTgy
OTNmODEwHhcNMjYwNDE0MTQ0ODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmI2YzQ4ZWNlYjdhZTU4M2QwOTc5Nzg4M2IxYjk5YTBiZmU0NmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6L47WMxa3WYuZfWh2H9wFDJYCxe
tHAEASE9M0WNaAKRyxIUv1eSA4jDNJScHl/AGvF3e4tQYkxFaapLn8/J3I4YJuLy
dP5kKswhC95NbpSQIDAxE2e/v2WPD7ZWraD1q17vYbKq3VPdBaxE1GPGwMTpg3GE
YoX4nn6UnoJwuf6kyEAjfCxeKeeU5abnqsVIS+227/YLQMbaRFNxryMGiYHvA+Sr
NjFq7JOKB0eYjddKl5trLaRvC1R2BKBB9cKI6naC/GBpKB9hrWaypm67JkpunZzC
DxJGwYas9/fOff3aspmgFUzks5OFBERj7mCJ1lL1/IWCH2WDDzsSzR0EywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIa2xI7Ot65YPQl5eIOxuZoL/kagMB8GA1UdIwQY
MBaAFE8tMLAV7E7xsNPGQ0fI0bWYKT+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjkt
NDM1MWJiZjc0YzBjLzEvaHJiRWpzNjNybGc5Q1hsNGc3RzVtZ3YtUnFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjktNDM1MWJiZjc0YzBj
LzEvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZWQAwQA
uZ14MA0GCSqGSIb3DQEBCwUAA4IBAQCFlnwSasoHwYkQZbjk/y9/UfNA+O2gTfX1
4hOCW0h1WvBOJLRKorhll76qAbTaDRsjzCyhytQVh4IKKgJ633cbe6wqmXlvRuvk
CMsII3psri3mwxuRiXGmZTSQ/UFc6I+0QeQ7g0AxvWp4EqEeNxNnzWC7HnIuu7l0
xrrkUqn8i8DxQzhoIQ8uFdZAGyOMRA0/1UTS26mM34fb6byfJCcuZ6AjqI04VoXH
GJlHcNMYnfUXTy2fZyruQtnysRL4c5mV4J9NXg1X6fwqs2mob/HDGHA8cd48h/EI
PWOW50c4r+O1TFsGlbP4HMVGZ9+PHTTfM9MZjiDCdLHmGf+0nXBg
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:12:09 2026 by rpki-client