Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/hZ5RcEtaRKOyRGRHHaGLm6BC8iA.roa
File: hZ5RcEtaRKOyRGRHHaGLm6BC8iA.roa (raw, json)
Hash identifier: NJb2UgVw2Dcf+y5j+m0kPKp7tmZnY9FpcgWSA4t/1bA=
Subject key identifier: 85:9E:51:70:4B:5A:44:A3:B2:44:64:47:1D:A1:8B:9B:A0:42:F2:20
Certificate issuer: /CN=02cc691476a6e7895b0e456116444f91937bf01e
Certificate serial: 019B7BA4F9350C3F17EB5D014A0BC0656B1F
Authority key identifier: 02:CC:69:14:76:A6:E7:89:5B:0E:45:61:16:44:4F:91:93:7B:F0:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AsxpFHam54lbDkVhFkRPkZN78B4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/hZ5RcEtaRKOyRGRHHaGLm6BC8iA.roa
Signing time: Thu 01 Jan 2026 22:19:27 +0000
ROA not before: Thu 01 Jan 2026 22:19:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 8319
IP address blocks: 194.153.151.0/24 maxlen: 24
195.158.32.0/19 maxlen: 24
195.250.48.0/24 maxlen: 24
212.218.0.0/16 maxlen: 24
212.218.153.0/24 maxlen: 24
2001:4cd8::/32 maxlen: 64
2001:4cd9::/32 maxlen: 64
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/AsxpFHam54lbDkVhFkRPkZN78B4.crl
rsync://rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/AsxpFHam54lbDkVhFkRPkZN78B4.mft
rsync://rpki.ripe.net/repository/DEFAULT/AsxpFHam54lbDkVhFkRPkZN78B4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7b:a4:f9:35:0c:3f:17:eb:5d:01:4a:0b:c0:65:6b:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02cc691476a6e7895b0e456116444f91937bf01e
Validity
Not Before: Jan 1 22:19:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=859e51704b5a44a3b24464471da18b9ba042f220
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:10:17:d2:d1:b2:0d:6a:e6:be:91:7f:8b:f1:
46:8f:91:10:50:7f:4d:bc:a6:4a:f0:a5:93:8b:e3:
0d:36:73:5b:14:07:22:a7:97:01:39:55:90:4a:ed:
9b:7d:3e:b4:b0:a0:54:c0:c8:da:1d:72:e2:97:41:
09:52:8e:ed:6f:5a:9e:c4:a2:7d:0e:6d:34:71:3e:
99:26:83:b2:47:7c:99:98:4b:b9:53:af:74:ce:37:
85:77:11:a1:25:23:8f:22:9a:0a:2e:9a:e5:71:83:
35:ff:85:b7:33:7e:c8:28:eb:5c:9a:56:6f:ea:a4:
b9:49:44:d9:be:b9:95:03:b9:a0:9e:ed:4e:d9:cc:
64:35:db:99:ff:e4:c2:91:23:fb:8b:15:ee:32:85:
c9:12:e4:ea:47:b0:f0:2b:65:fc:ad:18:34:4f:ea:
96:e5:e6:e6:ae:47:11:94:6b:7f:23:9a:62:9c:23:
18:18:b0:42:46:65:27:a7:c8:e6:c4:e2:60:c8:2e:
31:03:a3:e2:81:bf:79:09:5e:7e:7d:19:e2:ad:4f:
cf:71:de:86:53:4f:92:93:4a:57:8e:01:a7:24:99:
47:8b:4b:0f:2c:4c:71:a2:bd:6a:de:71:68:5b:0d:
3b:61:43:f8:88:bc:64:78:4b:19:08:3e:a8:42:63:
ab:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:9E:51:70:4B:5A:44:A3:B2:44:64:47:1D:A1:8B:9B:A0:42:F2:20
X509v3 Authority Key Identifier:
keyid:02:CC:69:14:76:A6:E7:89:5B:0E:45:61:16:44:4F:91:93:7B:F0:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AsxpFHam54lbDkVhFkRPkZN78B4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/hZ5RcEtaRKOyRGRHHaGLm6BC8iA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/9a6860-224f-4b34-a9b6-bc192bb73025/1/AsxpFHam54lbDkVhFkRPkZN78B4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.153.151.0/24
195.158.32.0/19
195.250.48.0/24
212.218.0.0/16
IPv6:
2001:4cd8::/31
Signature Algorithm: sha256WithRSAEncryption
30:d3:11:eb:57:c9:f1:8d:2d:bb:73:2f:ee:dd:59:be:92:46:
f3:45:29:50:b9:db:9a:9d:60:f2:d9:46:0d:b6:be:f7:4d:32:
ca:c5:c8:8c:ca:64:7d:fd:57:46:8a:7f:a8:89:f9:cc:5d:e9:
4d:a2:9f:62:66:43:60:5c:99:8a:b0:76:4c:6d:26:c6:a1:75:
c2:71:c2:14:52:a4:ef:8b:27:de:f5:3e:0b:38:19:00:bd:37:
81:cb:3d:c3:9d:82:ae:c9:43:a0:69:93:b4:4d:0a:ae:60:af:
6d:9b:01:da:fd:21:8b:5a:90:73:84:24:8f:6e:ae:7e:c6:c2:
4c:d9:e6:37:38:a1:eb:e2:98:14:b8:6b:00:21:45:01:fe:52:
d6:c5:f5:eb:dc:9c:ef:80:13:7b:1f:13:4a:b9:c8:c4:2f:0c:
1e:80:0c:be:15:9d:f5:9b:20:2c:89:2a:cf:8b:9d:95:c2:87:
be:02:f2:f5:f4:12:ec:1c:0c:8d:77:33:87:f4:db:28:0f:75:
a2:65:44:fe:cb:6b:c0:7c:28:9c:19:9b:44:12:09:14:d7:60:
d9:22:02:c5:9a:d0:79:d5:2c:f6:98:cc:2a:4b:0c:16:1a:4f:
56:2d:d9:ae:ae:b3:5f:2c:0c:8e:c7:e2:f2:0f:e5:a3:8d:df:
08:6f:2d:ea
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZt7pPk1DD8X610BSgvAZWsfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyY2M2OTE0NzZhNmU3ODk1YjBlNDU2MTE2NDQ0ZjkxOTM3
YmYwMWUwHhcNMjYwMTAxMjIxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTllNTE3MDRiNWE0NGEzYjI0NDY0NDcxZGExOGI5YmEwNDJmMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBAX0tGyDWrmvpF/i/FGj5EQUH9N
vKZK8KWTi+MNNnNbFAcip5cBOVWQSu2bfT60sKBUwMjaHXLil0EJUo7tb1qexKJ9
Dm00cT6ZJoOyR3yZmEu5U690zjeFdxGhJSOPIpoKLprlcYM1/4W3M37IKOtcmlZv
6qS5SUTZvrmVA7mgnu1O2cxkNduZ/+TCkSP7ixXuMoXJEuTqR7DwK2X8rRg0T+qW
5ebmrkcRlGt/I5pinCMYGLBCRmUnp8jmxOJgyC4xA6Pigb95CV5+fRnirU/Pcd6G
U0+Sk0pXjgGnJJlHi0sPLExxor1q3nFoWw07YUP4iLxkeEsZCD6oQmOrlQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFIWeUXBLWkSjskRkRx2hi5ugQvIgMB8GA1UdIwQY
MBaAFALMaRR2pueJWw5FYRZET5GTe/AeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXN4cEZIYW01NGxiRGtWaEZrUlBrWk43OEI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS85YTY4NjAtMjI0Zi00YjM0LWE5YjYt
YmMxOTJiYjczMDI1LzEvaFo1UmNFdGFSS095UkdSSEhhR0xtNkJDOGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS85YTY4NjAtMjI0Zi00YjM0LWE5YjYtYmMxOTJiYjczMDI1
LzEvQXN4cEZIYW01NGxiRGtWaEZrUlBrWk43OEI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAdBAIAATAXAwQAwpmXAwQF
w54gAwQAw/owAwMA1NowDQQCAAIwBwMFASABTNgwDQYJKoZIhvcNAQELBQADggEB
ADDTEetXyfGNLbtzL+7dWb6SRvNFKVC525qdYPLZRg22vvdNMsrFyIzKZH39V0aK
f6iJ+cxd6U2in2JmQ2BcmYqwdkxtJsahdcJxwhRSpO+LJ971Pgs4GQC9N4HLPcOd
gq7JQ6Bpk7RNCq5gr22bAdr9IYtakHOEJI9urn7GwkzZ5jc4oevimBS4awAhRQH+
UtbF9evcnO+AE3sfE0q5yMQvDB6ADL4VnfWbICyJKs+LnZXCh74C8vX0EuwcDI13
M4f02ygPdaJlRP7La8B8KJwZm0QSCRTXYNkiAsWa0HnVLPaYzCpLDBYaT1Yt2a6u
s18sDI7H4vIP5aON3whvLeo=
-----END CERTIFICATE-----
Generated at Mon Mar 2 07:37:12 2026 by rpki-client