Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/vmahc-gH9xY8uloECYneObmRUwo.roa
File: vmahc-gH9xY8uloECYneObmRUwo.roa (raw, json)
Hash identifier: 6npTr2kUzSthDDmcUqv6TyudZTdNiJRtH1eH8fs3DyI=
Subject key identifier: BE:66:A1:73:E8:07:F7:16:3C:BA:5A:04:09:89:DE:39:B9:91:53:0A
Certificate issuer: /CN=a40a081fba8fb33efb46259ef93f6878d70150eb
Certificate serial: 019C7097F57C794608971C7CC5EC3688CC31
Authority key identifier: A4:0A:08:1F:BA:8F:B3:3E:FB:46:25:9E:F9:3F:68:78:D7:01:50:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pAoIH7qPsz77RiWe-T9oeNcBUOs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/vmahc-gH9xY8uloECYneObmRUwo.roa
Signing time: Wed 18 Feb 2026 11:52:12 +0000
ROA not before: Wed 18 Feb 2026 11:52:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 13335
IP address blocks: 195.234.204.0/24 maxlen: 24
195.234.205.0/24 maxlen: 24
195.234.206.0/24 maxlen: 24
195.234.207.0/24 maxlen: 24
2001:67c:2620::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/pAoIH7qPsz77RiWe-T9oeNcBUOs.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/pAoIH7qPsz77RiWe-T9oeNcBUOs.mft
rsync://rpki.ripe.net/repository/DEFAULT/pAoIH7qPsz77RiWe-T9oeNcBUOs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:70:97:f5:7c:79:46:08:97:1c:7c:c5:ec:36:88:cc:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a40a081fba8fb33efb46259ef93f6878d70150eb
Validity
Not Before: Feb 18 11:52:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=be66a173e807f7163cba5a040989de39b991530a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:e1:61:19:98:0c:e5:c7:8d:e8:7e:3a:87:d0:
63:c4:0f:97:74:47:5a:44:f2:f9:be:97:cd:4a:d3:
60:6c:63:88:f0:5d:6c:09:56:e6:31:16:92:58:0b:
b8:6d:a4:f8:8f:e5:60:ef:9c:92:d4:17:d7:32:0f:
75:87:f4:6c:b7:45:d3:0a:c7:f9:fe:55:65:f4:75:
45:27:df:45:37:8b:dc:99:6a:af:c1:bf:64:33:12:
44:b7:c0:56:a3:2d:84:0a:a6:ee:ba:5d:99:59:48:
be:1c:67:ea:2f:61:e5:4a:c2:2e:b5:50:17:4e:5c:
4d:6a:10:64:00:7d:54:c6:a7:14:79:22:75:55:99:
62:46:81:aa:ec:07:5b:a1:52:ed:ed:42:7e:37:9a:
3b:4d:86:f1:b9:dd:44:47:e4:7b:5c:76:e9:92:df:
b6:24:5c:a0:48:d5:52:aa:9d:f7:a3:d1:27:be:e7:
a5:36:58:61:8d:c6:26:dc:b7:19:b9:97:8c:27:17:
f7:50:5b:79:60:81:21:ba:c6:0d:b7:64:dc:10:a6:
6b:c1:a8:2a:f4:83:89:bb:a4:f6:d2:23:bf:51:ff:
bc:60:d2:85:0f:79:43:1c:62:53:86:ff:2a:c9:db:
c5:63:15:5a:92:10:74:33:7b:97:45:ff:56:26:3a:
c7:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:66:A1:73:E8:07:F7:16:3C:BA:5A:04:09:89:DE:39:B9:91:53:0A
X509v3 Authority Key Identifier:
keyid:A4:0A:08:1F:BA:8F:B3:3E:FB:46:25:9E:F9:3F:68:78:D7:01:50:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pAoIH7qPsz77RiWe-T9oeNcBUOs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/vmahc-gH9xY8uloECYneObmRUwo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/cb27a0-94d2-49aa-85ea-ae91e4662d93/1/pAoIH7qPsz77RiWe-T9oeNcBUOs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.234.204.0/22
IPv6:
2001:67c:2620::/48
Signature Algorithm: sha256WithRSAEncryption
82:07:aa:cc:63:14:7b:e2:4a:79:f2:17:5c:63:d7:74:5f:62:
c1:b9:04:fe:0f:c7:d3:18:64:aa:5e:63:e1:c7:a5:d0:2f:26:
53:4c:84:98:9b:4c:f4:61:0a:51:43:1f:d1:55:02:39:68:e3:
10:05:c6:fa:73:b2:6d:78:d1:57:fd:41:af:76:e8:51:d9:a8:
4b:98:18:81:a9:e2:6d:e6:ca:30:1a:d7:56:9b:23:98:18:a0:
bf:17:2f:38:1a:63:eb:29:89:8c:99:77:bb:26:35:fe:60:6e:
72:98:a1:9a:9f:bf:38:93:37:ad:be:f8:d9:5e:b0:5f:f1:02:
60:9c:8e:57:1e:a7:bb:eb:6f:09:82:ef:21:5d:97:d2:10:15:
c4:09:8f:ea:4d:2d:10:a3:62:dc:56:83:5d:51:33:b0:dc:28:
09:da:35:82:d8:20:b2:6c:76:61:0e:64:42:ac:d1:44:97:35:
66:55:06:ea:76:48:15:8a:82:23:fd:fc:3b:e9:2c:40:35:91:
dc:aa:f4:ed:7a:ca:a7:00:15:12:29:42:27:88:19:39:65:ec:
d5:e5:5a:f5:e2:2d:db:33:29:06:d8:d9:a2:8b:8c:99:01:49:
20:1c:80:25:2e:97:b9:5e:b1:ad:b2:47:7c:f4:b0:f6:56:70:
16:88:a8:ee
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZxwl/V8eUYIlxx8xew2iMwxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MGEwODFmYmE4ZmIzM2VmYjQ2MjU5ZWY5M2Y2ODc4ZDcw
MTUwZWIwHhcNMjYwMjE4MTE1MjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTY2YTE3M2U4MDdmNzE2M2NiYTVhMDQwOTg5ZGUzOWI5OTE1MzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+FhGZgM5ceN6H46h9BjxA+XdEda
RPL5vpfNStNgbGOI8F1sCVbmMRaSWAu4baT4j+Vg75yS1BfXMg91h/Rst0XTCsf5
/lVl9HVFJ99FN4vcmWqvwb9kMxJEt8BWoy2ECqbuul2ZWUi+HGfqL2HlSsIutVAX
TlxNahBkAH1UxqcUeSJ1VZliRoGq7AdboVLt7UJ+N5o7TYbxud1ER+R7XHbpkt+2
JFygSNVSqp33o9EnvuelNlhhjcYm3LcZuZeMJxf3UFt5YIEhusYNt2TcEKZrwagq
9IOJu6T20iO/Uf+8YNKFD3lDHGJThv8qydvFYxVakhB0M3uXRf9WJjrHNQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL5moXPoB/cWPLpaBAmJ3jm5kVMKMB8GA1UdIwQY
MBaAFKQKCB+6j7M++0Ylnvk/aHjXAVDrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEFvSUg3cVBzejc3UmlXZS1UOW9lTmNCVU9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9jYjI3YTAtOTRkMi00OWFhLTg1ZWEt
YWU5MWU0NjYyZDkzLzEvdm1haGMtZ0g5eFk4dWxvRUNZbmVPYm1SVXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9jYjI3YTAtOTRkMi00OWFhLTg1ZWEtYWU5MWU0NjYyZDkz
LzEvcEFvSUg3cVBzejc3UmlXZS1UOW9lTmNCVU9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCw+rMMA8E
AgACMAkDBwAgAQZ8JiAwDQYJKoZIhvcNAQELBQADggEBAIIHqsxjFHviSnnyF1xj
13RfYsG5BP4Px9MYZKpeY+HHpdAvJlNMhJibTPRhClFDH9FVAjlo4xAFxvpzsm14
0Vf9Qa926FHZqEuYGIGp4m3myjAa11abI5gYoL8XLzgaY+spiYyZd7smNf5gbnKY
oZqfvziTN62++NlesF/xAmCcjlcep7vrbwmC7yFdl9IQFcQJj+pNLRCjYtxWg11R
M7DcKAnaNYLYILJsdmEOZEKs0USXNWZVBup2SBWKgiP9/DvpLEA1kdyq9O16yqcA
FRIpQieIGTll7NXlWvXiLdszKQbY2aKLjJkBSSAcgCUul7lesa2yR3z0sPZWcBaI
qO4=
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:37:38 2026 by rpki-client