Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/HCLMfVSYMXhaXPDTQeNyUs3_km0.roa
File: HCLMfVSYMXhaXPDTQeNyUs3_km0.roa (raw, json)
Hash identifier: qS9rBLPDOBtr9IKEEF8WbooTuAl7SLlqT29bHOmlbUM=
Subject key identifier: 1C:22:CC:7D:54:98:31:78:5A:5C:F0:D3:41:E3:72:52:CD:FF:92:6D
Certificate issuer: /CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Certificate serial: 019D75F84DBDDA61A425E9DAA6396C961662
Authority key identifier: F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/HCLMfVSYMXhaXPDTQeNyUs3_km0.roa
Signing time: Fri 10 Apr 2026 05:58:20 +0000
ROA not before: Fri 10 Apr 2026 05:58:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 58172
IP address blocks: 85.116.176.0/24 maxlen: 24
85.116.177.0/24 maxlen: 24
85.116.178.0/24 maxlen: 24
85.116.179.0/24 maxlen: 24
85.116.180.0/24 maxlen: 24
85.116.181.0/24 maxlen: 24
85.116.183.0/24 maxlen: 24
85.116.184.0/24 maxlen: 24
85.116.185.0/24 maxlen: 24
85.116.186.0/23 maxlen: 23
85.116.188.0/23 maxlen: 23
85.116.188.0/24 maxlen: 24
85.116.189.0/24 maxlen: 24
85.116.190.0/24 maxlen: 24
85.116.191.0/24 maxlen: 24
91.132.148.0/24 maxlen: 24
91.132.149.0/24 maxlen: 24
91.132.150.0/24 maxlen: 24
91.132.151.0/24 maxlen: 24
91.239.101.0/24 maxlen: 24
128.127.96.0/24 maxlen: 24
128.127.97.0/24 maxlen: 24
128.127.98.0/24 maxlen: 24
128.127.99.0/24 maxlen: 24
128.127.100.0/24 maxlen: 24
128.127.101.0/24 maxlen: 24
128.127.102.0/24 maxlen: 24
128.127.103.0/24 maxlen: 24
178.20.176.0/24 maxlen: 24
178.20.177.0/24 maxlen: 24
178.20.178.0/24 maxlen: 24
178.20.179.0/24 maxlen: 24
178.20.180.0/24 maxlen: 24
178.20.181.0/24 maxlen: 24
178.20.182.0/24 maxlen: 24
178.20.183.0/24 maxlen: 24
2a04:3b00::/36 maxlen: 36
2a04:3b00:100::/48 maxlen: 48
2a04:3b00:1000::/37 maxlen: 37
2a04:3b00:1800::/37 maxlen: 37
2a04:3b00:2000::/37 maxlen: 37
2a04:3b00:2800::/37 maxlen: 37
2a04:3b00:3000::/37 maxlen: 37
2a04:3b00:3800::/37 maxlen: 37
2a04:3b00:4000::/37 maxlen: 37
2a04:3b00:4800::/37 maxlen: 37
2a04:3b00:5000::/37 maxlen: 37
2a04:3b00:5800::/37 maxlen: 37
2a04:3b00:6000::/37 maxlen: 37
2a04:3b00:6800::/37 maxlen: 37
2a04:3b00:7000::/37 maxlen: 37
2a04:3b00:7800::/37 maxlen: 37
2a04:3b00:8000::/37 maxlen: 37
2a04:3b00:8800::/37 maxlen: 37
2a04:3b00:9000::/37 maxlen: 37
2a04:3b00:9800::/37 maxlen: 37
2a04:3b00:a000::/37 maxlen: 37
2a04:3b01::/44 maxlen: 44
2a04:3b01:800::/44 maxlen: 44
2a04:3b01:1800::/44 maxlen: 44
2a04:3b01:2800::/44 maxlen: 44
2a04:3b01:3800::/44 maxlen: 44
2a04:3b01:6000::/44 maxlen: 44
2a04:3b02:420::/44 maxlen: 44
2a04:3b02:c20::/44 maxlen: 44
2a04:3b02:1c20::/44 maxlen: 44
2a04:3b02:2c20::/44 maxlen: 44
2a04:3b02:3c20::/44 maxlen: 44
2a04:3b02:5c20::/44 maxlen: 44
2a04:3b02:6420::/44 maxlen: 44
2a04:3b02:8420::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.mft
rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:75:f8:4d:bd:da:61:a4:25:e9:da:a6:39:6c:96:16:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Validity
Not Before: Apr 10 05:58:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1c22cc7d549831785a5cf0d341e37252cdff926d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:b8:d7:d4:33:51:00:de:3b:ab:bc:ee:a8:9e:
41:3f:40:0f:39:3a:8e:1d:b8:71:d3:30:d5:16:0b:
dd:c9:d7:93:ed:0a:02:99:1f:a5:82:d2:9d:38:e8:
27:1b:95:bf:dd:92:91:c0:0c:83:ae:b6:b5:31:ea:
92:1b:9d:d2:55:48:97:ce:c0:94:81:93:8d:2c:a2:
64:73:a4:65:3c:f0:9b:17:f2:8b:65:d4:e4:a2:0a:
7d:6a:37:1a:06:b4:e0:b5:90:93:aa:48:39:7a:6f:
27:67:42:0a:a0:9f:d8:1e:5a:99:83:0c:97:f7:93:
d5:06:67:43:f5:e7:02:57:73:16:14:36:a2:e1:ef:
45:1e:50:e2:98:06:40:a7:bf:2c:da:40:c1:4b:21:
06:11:10:db:be:4b:73:e3:07:9b:8d:26:42:af:52:
9f:d3:78:90:ef:ca:76:5a:5b:73:a5:96:a9:2f:0a:
36:6a:20:02:42:3f:53:7e:0a:a9:ac:61:a2:f6:09:
5e:73:25:63:90:e2:30:e3:3a:cb:47:7d:1e:3c:4d:
64:4a:a1:18:2a:45:28:e7:a3:69:02:a4:b3:0d:0c:
78:ea:96:51:eb:e2:2e:f4:25:81:53:73:29:1b:e5:
26:78:2f:ce:3c:34:e9:67:52:ca:1b:98:15:95:9b:
47:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:22:CC:7D:54:98:31:78:5A:5C:F0:D3:41:E3:72:52:CD:FF:92:6D
X509v3 Authority Key Identifier:
keyid:F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/HCLMfVSYMXhaXPDTQeNyUs3_km0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.116.176.0-85.116.181.255
85.116.183.0-85.116.191.255
91.132.148.0/22
91.239.101.0/24
128.127.96.0/21
178.20.176.0/21
IPv6:
2a04:3b00::-2a04:3b00:a7ff:ffff:ffff:ffff:ffff:ffff
2a04:3b01::/44
2a04:3b01:800::/44
2a04:3b01:1800::/44
2a04:3b01:2800::/44
2a04:3b01:3800::/44
2a04:3b01:6000::/44
2a04:3b02:420::/44
2a04:3b02:c20::/44
2a04:3b02:1c20::/44
2a04:3b02:2c20::/44
2a04:3b02:3c20::/44
2a04:3b02:5c20::/44
2a04:3b02:6420::/44
2a04:3b02:8420::/44
Signature Algorithm: sha256WithRSAEncryption
8c:ed:a5:2e:35:0f:67:0e:40:81:d8:96:9a:4d:2f:f0:a6:34:
1d:50:7d:6e:01:12:96:89:8e:96:f5:13:35:54:7d:2e:fe:0e:
bb:fb:f2:cd:79:2a:8c:50:82:94:c4:0e:4a:51:54:fa:20:f8:
01:45:b7:d8:95:84:43:1e:eb:b0:30:84:31:e4:eb:89:39:38:
64:58:9e:58:8b:5a:bd:99:4d:82:6c:df:b5:73:48:cd:87:9d:
30:d4:26:cf:4d:98:41:6d:12:7d:f5:0a:1d:99:5d:07:4f:9e:
93:04:b3:3b:f4:5f:c2:81:0e:a5:42:0f:97:3b:a5:46:c8:97:
bb:5a:2d:0c:8c:2c:3c:58:a8:b0:fe:4f:4b:67:8e:c8:f0:06:
23:11:0b:5e:c3:b0:17:e7:12:56:44:63:d8:63:67:86:99:47:
f4:02:20:ef:34:13:46:f3:08:6c:89:da:fc:19:bc:3e:20:f3:
6e:32:c9:63:d4:a1:64:a6:cd:e7:00:36:0e:72:2a:f1:cc:27:
08:6d:ab:55:ff:ea:71:09:f3:26:1f:83:e2:ae:d0:7f:c2:de:
cc:2a:aa:72:dc:83:12:85:8f:ec:fa:9c:76:e2:10:63:6c:94:
55:1f:55:16:ae:b9:1b:bb:01:0d:bd:b1:30:48:54:c8:25:5e:
e8:96:db:07
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgISAZ11+E292mGkJenapjlslhZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzExMzQxM2QwZGY1YjhmYTA2OTAxMWVlYjEwOWYwNjdi
NTU3OWEwHhcNMjYwNDEwMDU1ODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzIyY2M3ZDU0OTgzMTc4NWE1Y2YwZDM0MWUzNzI1MmNkZmY5MjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrjX1DNRAN47q7zuqJ5BP0APOTqO
Hbhx0zDVFgvdydeT7QoCmR+lgtKdOOgnG5W/3ZKRwAyDrra1MeqSG53SVUiXzsCU
gZONLKJkc6RlPPCbF/KLZdTkogp9ajcaBrTgtZCTqkg5em8nZ0IKoJ/YHlqZgwyX
95PVBmdD9ecCV3MWFDai4e9FHlDimAZAp78s2kDBSyEGERDbvktz4webjSZCr1Kf
03iQ78p2WltzpZapLwo2aiACQj9TfgqprGGi9glecyVjkOIw4zrLR30ePE1kSqEY
KkUo56NpAqSzDQx46pZR6+Iu9CWBU3MpG+UmeC/OPDTpZ1LKG5gVlZtHGQIDAQAB
o4IC0jCCAs4wHQYDVR0OBBYEFBwizH1UmDF4Wlzw00HjclLN/5JtMB8GA1UdIwQY
MBaAFPDBE0E9DfW4+gaQEe6xCfBntVeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUt
NTAyNjFiMTE5MTZiLzEvSENMTWZWU1lNWGhhWFBEVFFlTnlVczNfa20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUtNTAyNjFiMTE5MTZi
LzEvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHnBggrBgEFBQcBBwEB/wSB1zCB1DA6BAIAATA0MAwDBARV
dLADBAFVdLQwDAMEAFV0twMEBlV0gAMEAluElAMEAFvvZQMEA4B/YAMEA7IUsDCB
lQQCAAIwgY4wDgMEACoEOwMGAyoEOwCgAwcEKgQ7AQAAAwcEKgQ7AQgAAwcEKgQ7
ARgAAwcEKgQ7ASgAAwcEKgQ7ATgAAwcEKgQ7AWAAAwcEKgQ7AgQgAwcEKgQ7Agwg
AwcEKgQ7AhwgAwcEKgQ7AiwgAwcEKgQ7AjwgAwcEKgQ7AlwgAwcEKgQ7AmQgAwcE
KgQ7AoQgMA0GCSqGSIb3DQEBCwUAA4IBAQCM7aUuNQ9nDkCB2JaaTS/wpjQdUH1u
ARKWiY6W9RM1VH0u/g67+/LNeSqMUIKUxA5KUVT6IPgBRbfYlYRDHuuwMIQx5OuJ
OThkWJ5Yi1q9mU2CbN+1c0jNh50w1CbPTZhBbRJ99QodmV0HT56TBLM79F/CgQ6l
Qg+XO6VGyJe7Wi0MjCw8WKiw/k9LZ47I8AYjEQtew7AX5xJWRGPYY2eGmUf0AiDv
NBNG8whsidr8Gbw+IPNuMslj1KFkps3nADYOcirxzCcIbatV/+pxCfMmH4PirtB/
wt7MKqpy3IMShY/s+px24hBjbJRVH1UWrrkbuwENvbEwSFTIJV7oltsH
-----END CERTIFICATE-----
Generated at Fri Apr 17 22:33:37 2026 by rpki-client