Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3s4MAFpFDAHKNxTe31_GbqZYlq4.roa
File: 3s4MAFpFDAHKNxTe31_GbqZYlq4.roa (raw, json)
Hash identifier: 5pX+sRYDyWsNhcbGXgn/Ax4AEeBsYUVvLcZYCwAYzUE=
Subject key identifier: DE:CE:0C:00:5A:45:0C:01:CA:37:14:DE:DF:5F:C6:6E:A6:58:96:AE
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019E3441097B6D0185F6A7737053219E095A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3s4MAFpFDAHKNxTe31_GbqZYlq4.roa
Signing time: Sun 17 May 2026 04:45:37 +0000
ROA not before: Sun 17 May 2026 04:45:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212238
IP address blocks: 2.26.157.0/24 maxlen: 24
2.26.164.0/24 maxlen: 24
2.26.253.0/24 maxlen: 24
2.27.103.0/24 maxlen: 24
31.76.178.0/23 maxlen: 24
31.76.238.0/23 maxlen: 24
31.76.248.0/24 maxlen: 24
31.77.239.0/24 maxlen: 24
144.31.10.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:34:41:09:7b:6d:01:85:f6:a7:73:70:53:21:9e:09:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: May 17 04:45:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dece0c005a450c01ca3714dedf5fc66ea65896ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:b2:79:7d:8e:55:66:24:4d:32:62:d6:2c:f8:
6c:8c:97:d5:1e:41:9a:37:8c:6f:cc:52:ab:83:6f:
5d:e7:0e:ca:b0:66:a9:f5:1f:cc:38:a7:fd:d9:8f:
18:12:95:ab:89:9c:a2:88:47:e6:b1:31:dd:e1:1d:
f0:48:d4:45:e4:7e:44:aa:7d:0c:7f:66:d9:f1:a7:
9e:71:9b:fc:76:66:7a:54:a2:07:06:93:27:d3:b6:
ac:71:fc:3b:7b:bf:7f:07:79:43:fa:f5:63:49:10:
b8:c9:79:47:d5:d9:06:68:da:8c:8e:35:1a:32:23:
0e:b8:95:2f:ff:0a:b6:f9:8a:ce:9b:78:49:3d:31:
40:e3:a7:fc:15:db:64:2e:cb:d9:de:8c:c2:9e:02:
36:07:c0:11:c0:c6:b8:f5:60:10:b9:d3:16:31:d9:
83:2e:7e:e6:c5:f0:aa:8d:bb:c7:5e:f9:43:e8:f7:
1f:62:2f:09:2d:f9:6d:37:07:fd:f8:4d:9e:ec:81:
19:78:00:71:3d:d3:b8:27:8e:c9:56:33:2e:72:37:
99:1e:4f:4f:52:43:e8:a0:03:cb:77:0c:5d:d1:5d:
90:96:84:3d:d1:52:1a:6d:9f:09:de:4a:9f:28:49:
5e:7c:4e:fe:d5:31:e1:af:99:ae:08:cc:b6:93:40:
74:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:CE:0C:00:5A:45:0C:01:CA:37:14:DE:DF:5F:C6:6E:A6:58:96:AE
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3s4MAFpFDAHKNxTe31_GbqZYlq4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.157.0/24
2.26.164.0/24
2.26.253.0/24
2.27.103.0/24
31.76.178.0/23
31.76.238.0/23
31.76.248.0/24
31.77.239.0/24
144.31.10.0/24
Signature Algorithm: sha256WithRSAEncryption
6c:7e:77:ec:a7:5f:bb:45:22:80:a6:f3:0a:54:57:f7:7a:d6:
99:dc:eb:87:8e:a1:ed:c0:c2:cf:fd:af:ff:3d:31:3b:94:4e:
66:b5:27:6a:a1:b2:54:08:21:dc:c4:b8:87:48:80:56:9a:2e:
76:20:7c:26:04:08:18:e0:a1:0b:13:e9:30:dd:c5:ae:dd:d2:
41:3b:a3:14:31:86:6e:f6:af:75:a9:f8:ac:c8:fc:fc:f4:95:
10:45:e1:08:d4:48:f1:8d:70:29:4c:99:9e:60:c6:a5:d4:8c:
77:df:24:aa:a5:2d:5b:0c:7b:16:54:3f:e4:17:a7:9d:af:3f:
bf:3b:ff:cd:c2:ee:c0:65:01:f2:01:50:ab:68:ce:ce:6f:2f:
33:78:ea:64:7a:5e:b1:95:79:3e:e2:cc:a0:42:db:0e:d1:93:
5e:b8:ed:2d:d9:f9:f0:0b:ba:01:92:ec:62:b4:39:4b:32:4e:
ef:ef:4e:9d:1a:70:54:aa:9f:df:c0:b9:86:c5:d2:84:e5:c6:
04:1b:b9:f0:47:07:97:b2:2d:7f:1a:55:f0:f4:fd:be:f5:48:
6a:ad:8a:81:6e:63:2a:a6:7b:58:48:84:f5:3a:05:3a:00:1d:
04:e9:73:60:3f:59:f5:43:67:04:24:81:18:75:da:1e:b9:ba:
a4:4b:2c:28
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZ40QQl7bQGF9qdzcFMhnglaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTE3MDQ0NTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWNlMGMwMDVhNDUwYzAxY2EzNzE0ZGVkZjVmYzY2ZWE2NTg5NmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7J5fY5VZiRNMmLWLPhsjJfVHkGa
N4xvzFKrg29d5w7KsGap9R/MOKf92Y8YEpWriZyiiEfmsTHd4R3wSNRF5H5Eqn0M
f2bZ8aeecZv8dmZ6VKIHBpMn07ascfw7e79/B3lD+vVjSRC4yXlH1dkGaNqMjjUa
MiMOuJUv/wq2+YrOm3hJPTFA46f8FdtkLsvZ3ozCngI2B8ARwMa49WAQudMWMdmD
Ln7mxfCqjbvHXvlD6PcfYi8JLfltNwf9+E2e7IEZeABxPdO4J47JVjMucjeZHk9P
UkPooAPLdwxd0V2QloQ90VIabZ8J3kqfKElefE7+1THhr5muCMy2k0B00QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFN7ODABaRQwByjcU3t9fxm6mWJauMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvM3M0TUFGcEZEQUhLTnhUZTMxX0dicVpZbHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAAhqdAwQA
AhqkAwQAAhr9AwQAAhtnAwQBH0yyAwQBH0zuAwQAH0z4AwQAH03vAwQAkB8KMA0G
CSqGSIb3DQEBCwUAA4IBAQBsfnfsp1+7RSKApvMKVFf3etaZ3OuHjqHtwMLP/a//
PTE7lE5mtSdqobJUCCHcxLiHSIBWmi52IHwmBAgY4KELE+kw3cWu3dJBO6MUMYZu
9q91qfisyPz89JUQReEI1EjxjXApTJmeYMal1Ix33ySqpS1bDHsWVD/kF6edrz+/
O//Nwu7AZQHyAVCraM7Oby8zeOpkel6xlXk+4sygQtsO0ZNeuO0t2fnwC7oBkuxi
tDlLMk7v706dGnBUqp/fwLmGxdKE5cYEG7nwRweXsi1/GlXw9P2+9UhqrYqBbmMq
pntYSIT1OgU6AB0E6XNgP1n1Q2cEJIEYddoeubqkSywo
-----END CERTIFICATE-----
Generated at Sat Jun 13 08:04:44 2026 by rpki-client