Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/hpL47SCSZrlNealKIc7LnC9PZp0.roa
File: hpL47SCSZrlNealKIc7LnC9PZp0.roa (raw, json)
Hash identifier: aYpQwmMiUXEwJ5X39H8U0kkfHeCdBOKpUZxQ3nISq/k=
Subject key identifier: 86:92:F8:ED:20:92:66:B9:4D:79:A9:4A:21:CE:CB:9C:2F:4F:66:9D
Certificate issuer: /CN=96ff45e6de48bfc0397dacad83a84831db7952d1
Certificate serial: 019B79ECB85684FF8BBFFC7CCC0B8A9AA54A
Authority key identifier: 96:FF:45:E6:DE:48:BF:C0:39:7D:AC:AD:83:A8:48:31:DB:79:52:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lv9F5t5Iv8A5faytg6hIMdt5UtE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/hpL47SCSZrlNealKIc7LnC9PZp0.roa
Signing time: Thu 01 Jan 2026 14:18:35 +0000
ROA not before: Thu 01 Jan 2026 14:18:35 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 205638
IP address blocks: 45.137.112.0/23 maxlen: 23
45.137.112.0/24 maxlen: 24
45.137.113.0/24 maxlen: 24
45.137.115.0/24 maxlen: 24
193.143.64.0/24 maxlen: 24
193.143.65.0/24 maxlen: 24
193.143.66.0/24 maxlen: 24
193.143.67.0/24 maxlen: 24
212.233.84.0/23 maxlen: 23
212.233.84.0/24 maxlen: 24
212.233.85.0/24 maxlen: 24
212.233.86.0/23 maxlen: 23
212.233.86.0/24 maxlen: 24
212.233.87.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/lv9F5t5Iv8A5faytg6hIMdt5UtE.crl
rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/lv9F5t5Iv8A5faytg6hIMdt5UtE.mft
rsync://rpki.ripe.net/repository/DEFAULT/lv9F5t5Iv8A5faytg6hIMdt5UtE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 05:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:79:ec:b8:56:84:ff:8b:bf:fc:7c:cc:0b:8a:9a:a5:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96ff45e6de48bfc0397dacad83a84831db7952d1
Validity
Not Before: Jan 1 14:18:35 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8692f8ed209266b94d79a94a21cecb9c2f4f669d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:89:e3:ec:81:e9:82:92:e7:da:9d:25:4e:c3:
0c:af:b9:4d:cb:c5:ca:1a:25:82:15:fe:68:04:0d:
2d:1d:71:53:5d:96:49:d0:43:48:7e:90:b2:56:9e:
fc:93:81:31:ec:69:65:10:cd:f0:18:16:61:21:97:
27:12:1e:3a:a9:88:72:70:f5:d8:12:9b:7a:24:0b:
af:ab:8f:d5:63:1b:73:8a:d1:e4:ca:b7:e2:6f:5c:
c8:0b:2a:70:57:f7:3c:44:ed:90:b6:91:42:41:45:
4c:05:cb:7b:1a:7a:a1:6c:ea:76:4b:68:b6:7c:22:
58:25:6d:83:91:5d:e6:7e:3d:7b:76:96:14:9b:cd:
f0:75:1a:a9:75:56:91:02:50:2a:95:d0:4a:8a:12:
00:f3:5b:e7:f7:d1:e5:b6:00:ea:2a:39:f9:c8:69:
94:22:85:ca:29:3d:1c:0f:bd:e7:e7:53:28:6a:8c:
52:7e:34:d6:bd:3b:5f:33:3e:71:e3:66:d2:9e:28:
11:11:da:84:79:17:5b:c5:32:96:c1:84:26:78:13:
fa:44:91:96:3b:a3:00:17:6b:77:b6:fe:8f:9e:f9:
f2:f0:73:8d:1d:f3:f5:86:6d:08:cc:ca:f0:1d:19:
92:c5:3c:95:9c:6c:42:27:76:08:7a:d1:57:ef:bd:
24:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:92:F8:ED:20:92:66:B9:4D:79:A9:4A:21:CE:CB:9C:2F:4F:66:9D
X509v3 Authority Key Identifier:
keyid:96:FF:45:E6:DE:48:BF:C0:39:7D:AC:AD:83:A8:48:31:DB:79:52:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lv9F5t5Iv8A5faytg6hIMdt5UtE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/hpL47SCSZrlNealKIc7LnC9PZp0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/6c7b28-f2ce-445f-8f90-0f5d3797a325/1/lv9F5t5Iv8A5faytg6hIMdt5UtE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.137.112.0/23
45.137.115.0/24
193.143.64.0/22
212.233.84.0/22
Signature Algorithm: sha256WithRSAEncryption
0d:78:ef:31:5d:4d:81:85:29:c1:d1:c1:f4:75:1b:1d:9c:8b:
17:ab:9b:8f:f2:93:93:51:e6:da:df:bd:02:d6:28:20:54:3a:
5c:59:02:2f:48:6c:2f:22:95:16:82:7f:66:5f:b6:21:53:b6:
c7:de:54:39:9e:74:70:4d:6b:5e:83:28:68:69:38:fd:65:75:
87:a2:d7:cb:77:e5:e7:44:42:d5:47:e5:a8:f0:8e:01:7f:da:
22:3c:1b:11:3b:f0:00:6b:10:0d:8b:05:09:08:6e:72:e1:68:
60:71:20:23:7d:97:df:76:10:49:ce:09:47:18:4a:d1:40:45:
59:39:69:1f:55:65:37:bb:c9:4b:ec:26:d6:fc:20:60:dd:af:
0e:69:9a:2a:0d:db:06:38:b8:e5:1c:2b:99:24:0b:42:3d:41:
cb:11:70:bc:5b:96:9c:77:bd:4d:13:58:cc:03:17:6d:d5:33:
6d:0c:b5:f8:e7:fe:a1:b4:d0:a2:c7:e8:fb:ae:8c:b4:89:10:
44:f9:cc:73:ca:88:91:f8:d8:f6:8b:dd:46:bc:6b:46:b8:e1:
e1:99:c7:a6:97:47:bb:18:95:3a:73:88:eb:52:43:29:0b:3c:
55:64:d9:69:69:4d:f6:92:45:99:03:8f:f8:5b:79:70:d1:ef:
b4:fa:e8:65
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZt57LhWhP+Lv/x8zAuKmqVKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZmY0NWU2ZGU0OGJmYzAzOTdkYWNhZDgzYTg0ODMxZGI3
OTUyZDEwHhcNMjYwMTAxMTQxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjkyZjhlZDIwOTI2NmI5NGQ3OWE5NGEyMWNlY2I5YzJmNGY2NjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYnj7IHpgpLn2p0lTsMMr7lNy8XK
GiWCFf5oBA0tHXFTXZZJ0ENIfpCyVp78k4Ex7GllEM3wGBZhIZcnEh46qYhycPXY
Ept6JAuvq4/VYxtzitHkyrfib1zICypwV/c8RO2QtpFCQUVMBct7GnqhbOp2S2i2
fCJYJW2DkV3mfj17dpYUm83wdRqpdVaRAlAqldBKihIA81vn99HltgDqKjn5yGmU
IoXKKT0cD73n51MoaoxSfjTWvTtfMz5x42bSnigREdqEeRdbxTKWwYQmeBP6RJGW
O6MAF2t3tv6Pnvny8HONHfP1hm0IzMrwHRmSxTyVnGxCJ3YIetFX770k3QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIaS+O0gkma5TXmpSiHOy5wvT2adMB8GA1UdIwQY
MBaAFJb/RebeSL/AOX2srYOoSDHbeVLRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHY5RjV0NUl2OEE1ZmF5dGc2aElNZHQ1VXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS82YzdiMjgtZjJjZS00NDVmLThmOTAt
MGY1ZDM3OTdhMzI1LzEvaHBMNDdTQ1NacmxOZWFsS0ljN0xuQzlQWnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS82YzdiMjgtZjJjZS00NDVmLThmOTAtMGY1ZDM3OTdhMzI1
LzEvbHY5RjV0NUl2OEE1ZmF5dGc2aElNZHQ1VXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBLYlwAwQA
LYlzAwQCwY9AAwQC1OlUMA0GCSqGSIb3DQEBCwUAA4IBAQANeO8xXU2BhSnB0cH0
dRsdnIsXq5uP8pOTUeba370C1iggVDpcWQIvSGwvIpUWgn9mX7YhU7bH3lQ5nnRw
TWtegyhoaTj9ZXWHotfLd+XnRELVR+Wo8I4Bf9oiPBsRO/AAaxANiwUJCG5y4Whg
cSAjfZffdhBJzglHGErRQEVZOWkfVWU3u8lL7CbW/CBg3a8OaZoqDdsGOLjlHCuZ
JAtCPUHLEXC8W5acd71NE1jMAxdt1TNtDLX45/6htNCix+j7roy0iRBE+cxzyoiR
+Nj2i91GvGtGuOHhmceml0e7GJU6c4jrUkMpCzxVZNlpaU32kkWZA4/4W3lw0e+0
+uhl
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:12:03 2026 by rpki-client