Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/d27567-710c-48cd-9e5d-3002df825d5d/1/hBZaHAyGtqRnE1DvLWWpXGTmsPU.roa
File: hBZaHAyGtqRnE1DvLWWpXGTmsPU.roa (raw, json)
Hash identifier: hJDZYJp6gaUMZ+FxtfpKN3lHq8XA9oWvb1C80fIulho=
Subject key identifier: 84:16:5A:1C:0C:86:B6:A4:67:13:50:EF:2D:65:A9:5C:64:E6:B0:F5
Certificate issuer: /CN=1e7e08d56475bae407a4f2bca8e89a0997685a3a
Certificate serial: 019B7E38460A08B52F6A340F7CA78E688F85
Authority key identifier: 1E:7E:08:D5:64:75:BA:E4:07:A4:F2:BC:A8:E8:9A:09:97:68:5A:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Hn4I1WR1uuQHpPK8qOiaCZdoWjo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/d27567-710c-48cd-9e5d-3002df825d5d/1/hBZaHAyGtqRnE1DvLWWpXGTmsPU.roa
Signing time: Fri 02 Jan 2026 10:19:35 +0000
ROA not before: Fri 02 Jan 2026 10:19:35 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 34525
IP address blocks: 83.175.144.0/20 maxlen: 22
91.224.120.0/23 maxlen: 23
109.231.0.0/18 maxlen: 18
109.231.0.0/20 maxlen: 22
109.231.16.0/20 maxlen: 22
109.231.48.0/21 maxlen: 22
185.13.232.0/22 maxlen: 22
2a00:1ce8::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/26/d27567-710c-48cd-9e5d-3002df825d5d/1/Hn4I1WR1uuQHpPK8qOiaCZdoWjo.crl
rsync://rpki.ripe.net/repository/DEFAULT/26/d27567-710c-48cd-9e5d-3002df825d5d/1/Hn4I1WR1uuQHpPK8qOiaCZdoWjo.mft
rsync://rpki.ripe.net/repository/DEFAULT/Hn4I1WR1uuQHpPK8qOiaCZdoWjo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 16:01:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7e:38:46:0a:08:b5:2f:6a:34:0f:7c:a7:8e:68:8f:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e7e08d56475bae407a4f2bca8e89a0997685a3a
Validity
Not Before: Jan 2 10:19:35 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=84165a1c0c86b6a4671350ef2d65a95c64e6b0f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:72:ff:52:e0:5a:8f:1c:af:38:90:f6:ec:a1:
b7:21:5a:a5:10:ae:d7:83:36:91:c0:cf:d2:98:5e:
f4:fc:8a:b0:85:d3:d2:52:d5:a2:ad:49:82:a8:93:
34:04:6c:c5:eb:98:e9:da:ec:7f:fe:6f:5e:57:b9:
0c:04:e8:40:fb:61:6d:5e:21:b5:1a:4c:f1:73:00:
63:cc:f5:9f:77:a2:a9:ee:5c:9f:9f:0f:9e:9e:a9:
69:db:03:31:4b:de:27:11:4a:7b:b3:dd:d0:fb:c5:
44:27:66:91:b5:0f:a2:1b:0e:71:84:9c:25:a6:4d:
fa:4e:5a:7a:cd:4a:ec:18:97:9f:b8:28:b6:6c:59:
dc:bd:6f:3d:61:3c:31:e6:a6:42:7d:70:08:b2:16:
11:19:c9:95:96:24:28:fb:3f:5e:be:bc:73:c6:87:
ab:dd:b6:2e:7a:16:79:10:d7:52:ef:59:f5:00:fe:
9a:9f:f8:20:73:74:7d:d8:f2:31:38:c7:49:e6:ca:
7b:e8:26:1f:5c:46:46:66:6f:85:2d:25:95:aa:3c:
aa:bc:c0:5b:f9:63:e4:94:bd:68:2f:3f:9c:9a:5a:
bd:7d:94:cd:0e:86:50:37:c7:90:a4:3c:82:48:5a:
d4:d0:76:60:6e:10:0e:49:d7:3f:10:36:d1:3b:95:
fd:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:16:5A:1C:0C:86:B6:A4:67:13:50:EF:2D:65:A9:5C:64:E6:B0:F5
X509v3 Authority Key Identifier:
keyid:1E:7E:08:D5:64:75:BA:E4:07:A4:F2:BC:A8:E8:9A:09:97:68:5A:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hn4I1WR1uuQHpPK8qOiaCZdoWjo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/d27567-710c-48cd-9e5d-3002df825d5d/1/hBZaHAyGtqRnE1DvLWWpXGTmsPU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/d27567-710c-48cd-9e5d-3002df825d5d/1/Hn4I1WR1uuQHpPK8qOiaCZdoWjo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.175.144.0/20
91.224.120.0/23
109.231.0.0/18
185.13.232.0/22
IPv6:
2a00:1ce8::/32
Signature Algorithm: sha256WithRSAEncryption
7a:67:48:f8:d8:60:69:98:3c:f7:5d:7c:f1:c5:27:ec:b5:1d:
b1:41:76:b7:26:21:be:ed:0d:db:e3:cb:f8:5b:ed:b2:c4:94:
ae:b4:bf:fa:d2:04:0b:80:0a:f9:dc:4b:3b:27:55:97:95:fb:
d2:43:2d:2c:5f:4b:86:43:a4:de:a7:02:b5:62:57:c0:19:dc:
ec:66:a6:78:89:77:63:7a:30:be:01:15:47:19:1b:41:6e:22:
c3:ac:03:9e:5f:4d:17:8e:7e:c2:5a:eb:e0:a7:64:ef:ee:b5:
c5:56:91:3e:ad:53:ff:8f:4a:25:e3:5a:c8:1c:f0:d5:e7:95:
24:93:18:f1:e2:2b:c4:ec:75:9d:0f:43:d7:09:4c:9b:38:3a:
c5:6d:89:33:2c:8c:3a:99:12:3c:9d:90:a8:15:21:44:f6:6a:
53:a8:c4:a2:be:80:39:f7:a6:8d:a6:85:a5:fa:98:20:55:2e:
bd:03:39:f6:22:49:c0:15:0c:60:e6:e5:26:45:32:2f:92:76:
c6:e8:8e:df:d4:ed:5b:08:f3:72:1b:46:43:3c:91:f1:27:df:
c8:ac:54:f2:08:3e:50:d2:3a:47:e8:e2:d0:26:1b:e5:cc:59:
43:19:82:91:cb:05:37:dd:d7:3b:45:34:cb:fa:08:af:9a:4e:
50:51:b5:8b
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZt+OEYKCLUvajQPfKeOaI+FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlN2UwOGQ1NjQ3NWJhZTQwN2E0ZjJiY2E4ZTg5YTA5OTc2
ODVhM2EwHhcNMjYwMTAyMTAxOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDE2NWExYzBjODZiNmE0NjcxMzUwZWYyZDY1YTk1YzY0ZTZiMGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3L/UuBajxyvOJD27KG3IVqlEK7X
gzaRwM/SmF70/IqwhdPSUtWirUmCqJM0BGzF65jp2ux//m9eV7kMBOhA+2FtXiG1
GkzxcwBjzPWfd6Kp7lyfnw+enqlp2wMxS94nEUp7s93Q+8VEJ2aRtQ+iGw5xhJwl
pk36Tlp6zUrsGJefuCi2bFncvW89YTwx5qZCfXAIshYRGcmVliQo+z9evrxzxoer
3bYuehZ5ENdS71n1AP6an/ggc3R92PIxOMdJ5sp76CYfXEZGZm+FLSWVqjyqvMBb
+WPklL1oLz+cmlq9fZTNDoZQN8eQpDyCSFrU0HZgbhAOSdc/EDbRO5X9lwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFIQWWhwMhrakZxNQ7y1lqVxk5rD1MB8GA1UdIwQY
MBaAFB5+CNVkdbrkB6TyvKjomgmXaFo6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG40STFXUjF1dVFIcFBLOHFPaWFDWmRvV2pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9kMjc1NjctNzEwYy00OGNkLTllNWQt
MzAwMmRmODI1ZDVkLzEvaEJaYUhBeUd0cVJuRTFEdkxXV3BYR1Rtc1BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9kMjc1NjctNzEwYy00OGNkLTllNWQtMzAwMmRmODI1ZDVk
LzEvSG40STFXUjF1dVFIcFBLOHFPaWFDWmRvV2pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEU6+QAwQB
W+B4AwQGbecAAwQCuQ3oMA0EAgACMAcDBQAqABzoMA0GCSqGSIb3DQEBCwUAA4IB
AQB6Z0j42GBpmDz3XXzxxSfstR2xQXa3JiG+7Q3b48v4W+2yxJSutL/60gQLgAr5
3Es7J1WXlfvSQy0sX0uGQ6TepwK1YlfAGdzsZqZ4iXdjejC+ARVHGRtBbiLDrAOe
X00Xjn7CWuvgp2Tv7rXFVpE+rVP/j0ol41rIHPDV55Ukkxjx4ivE7HWdD0PXCUyb
ODrFbYkzLIw6mRI8nZCoFSFE9mpTqMSivoA596aNpoWl+pggVS69Azn2IknAFQxg
5uUmRTIvknbG6I7f1O1bCPNyG0ZDPJHxJ9/IrFTyCD5Q0jpH6OLQJhvlzFlDGYKR
ywU33dc7RTTL+givmk5QUbWL
-----END CERTIFICATE-----
Generated at Tue Mar 3 02:03:38 2026 by rpki-client