Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9f2P_5b3xrbcyFfHYioU9mYxqbs.roa
File: 9f2P_5b3xrbcyFfHYioU9mYxqbs.roa (raw, json)
Hash identifier: xTEqJie57pl9NTxChCEe+fWZ2seLr81vCemryYPXNlg=
Subject key identifier: F5:FD:8F:FF:96:F7:C6:B6:DC:C8:57:C7:62:2A:14:F6:66:31:A9:BB
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019CA0CABEDE54C2089654D97636AE714486
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9f2P_5b3xrbcyFfHYioU9mYxqbs.roa
Signing time: Fri 27 Feb 2026 20:29:27 +0000
ROA not before: Fri 27 Feb 2026 20:29:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 401152
IP address blocks: 144.31.8.0/23 maxlen: 24
144.31.110.0/24 maxlen: 24
144.31.160.0/22 maxlen: 24
144.31.235.0/24 maxlen: 24
144.31.236.0/24 maxlen: 24
150.241.69.0/24 maxlen: 24
193.23.192.0/24 maxlen: 24
193.23.198.0/24 maxlen: 24
193.23.204.0/22 maxlen: 22
193.23.212.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:a0:ca:be:de:54:c2:08:96:54:d9:76:36:ae:71:44:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Feb 27 20:29:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f5fd8fff96f7c6b6dcc857c7622a14f66631a9bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:26:81:12:fb:de:c7:be:b6:96:bc:4f:84:6b:
c2:0d:c5:e1:e4:4f:25:81:07:51:ec:81:f2:24:40:
19:d8:61:b6:2d:7e:57:5a:91:e2:f6:53:ea:b0:99:
a4:18:68:65:07:f3:d5:c9:80:c5:8b:da:a7:9f:40:
36:1a:7a:50:a0:58:b6:75:e1:73:bc:7a:a4:2c:14:
1f:b1:c2:6c:8d:3f:35:67:63:38:a3:41:2f:29:9b:
5a:2a:40:8f:92:c4:3c:96:0d:67:1c:50:d4:c2:d2:
30:cf:54:56:8f:49:c8:29:7e:6f:37:5f:2b:92:7a:
47:5c:cc:a0:53:b5:6c:cf:71:79:fb:c2:f5:8f:d6:
35:7a:b6:9f:9c:bc:d7:03:98:b1:c5:af:74:67:bd:
14:5b:f7:11:26:fb:28:7b:28:0d:55:39:f0:2e:3f:
bd:f9:29:55:ba:80:81:41:48:43:55:f7:28:b8:b8:
01:c6:7d:c2:2f:7e:27:7f:68:e6:d3:c1:d2:cb:fa:
8a:b0:c3:c4:71:d3:58:78:16:aa:32:db:27:50:6d:
4b:b3:dc:b2:de:1c:55:e1:29:d7:7d:bf:29:4d:5d:
90:b5:4b:91:5b:8f:bf:bb:97:06:96:f9:6e:ea:ae:
6d:13:90:36:b8:cf:1b:df:59:ee:1b:e7:0c:62:2e:
7b:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:FD:8F:FF:96:F7:C6:B6:DC:C8:57:C7:62:2A:14:F6:66:31:A9:BB
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9f2P_5b3xrbcyFfHYioU9mYxqbs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
144.31.8.0/23
144.31.110.0/24
144.31.160.0/22
144.31.235.0-144.31.236.255
150.241.69.0/24
193.23.192.0/24
193.23.198.0/24
193.23.204.0/22
193.23.212.0/22
Signature Algorithm: sha256WithRSAEncryption
81:8f:b8:dc:53:bc:c1:e8:d9:4f:95:4e:87:5a:11:5a:b7:d5:
5f:56:f3:06:66:e3:5b:80:ec:2c:5f:b3:f6:bd:3a:d5:48:b8:
7d:aa:29:d9:b7:bd:dc:44:f2:45:15:5c:2c:63:dd:ff:14:b7:
73:d1:c2:9b:f9:b9:40:c1:22:e2:1c:04:ec:7e:da:e2:b5:48:
de:34:d7:5d:aa:07:3e:30:8b:f2:51:2b:c7:92:b1:81:75:1d:
99:7d:d5:15:85:ec:87:6b:e9:a7:6f:9a:b9:bc:40:b6:11:78:
ea:6c:02:f2:4f:ee:a7:8d:3b:a6:17:2a:93:f9:7b:9a:7b:44:
59:16:aa:b3:17:e1:0d:01:e6:c7:3e:d8:a6:43:90:1a:0c:0a:
84:3b:ef:70:52:31:f2:de:9d:9a:82:c1:b3:f9:c5:d4:3e:4d:
0d:e4:21:7b:55:69:9d:10:06:76:3a:b5:94:e3:13:43:22:9b:
a3:d7:02:0f:43:01:b7:60:8f:cf:b2:a1:bb:57:f1:5b:43:3f:
3d:d8:d7:73:a9:20:ee:c3:c6:b1:9c:61:52:da:b5:ea:b8:e7:
e1:ab:ae:2b:1c:3e:50:3c:0c:d1:24:6a:d9:6a:ef:08:5b:44:
7f:e1:99:49:40:39:b8:9d:0b:a9:ab:a2:11:14:ce:46:ef:37:
d6:3c:5c:30
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZygyr7eVMIIllTZdjaucUSGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjI3MjAyOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWZkOGZmZjk2ZjdjNmI2ZGNjODU3Yzc2MjJhMTRmNjY2MzFhOWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyaBEvvex762lrxPhGvCDcXh5E8l
gQdR7IHyJEAZ2GG2LX5XWpHi9lPqsJmkGGhlB/PVyYDFi9qnn0A2GnpQoFi2deFz
vHqkLBQfscJsjT81Z2M4o0EvKZtaKkCPksQ8lg1nHFDUwtIwz1RWj0nIKX5vN18r
knpHXMygU7Vsz3F5+8L1j9Y1erafnLzXA5ixxa90Z70UW/cRJvsoeygNVTnwLj+9
+SlVuoCBQUhDVfcouLgBxn3CL34nf2jm08HSy/qKsMPEcdNYeBaqMtsnUG1Ls9yy
3hxV4SnXfb8pTV2QtUuRW4+/u5cGlvlu6q5tE5A2uM8b31nuG+cMYi57jwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPX9j/+W98a23MhXx2IqFPZmMam7MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOWYyUF81YjN4cmJjeUZmSFlpb1U5bVl4cWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQBkB8IAwQA
kB9uAwQCkB+gMAwDBACQH+sDBACQH+wDBACW8UUDBADBF8ADBADBF8YDBALBF8wD
BALBF9QwDQYJKoZIhvcNAQELBQADggEBAIGPuNxTvMHo2U+VTodaEVq31V9W8wZm
41uA7Cxfs/a9OtVIuH2qKdm3vdxE8kUVXCxj3f8Ut3PRwpv5uUDBIuIcBOx+2uK1
SN40112qBz4wi/JRK8eSsYF1HZl91RWF7Idr6advmrm8QLYReOpsAvJP7qeNO6YX
KpP5e5p7RFkWqrMX4Q0B5sc+2KZDkBoMCoQ773BSMfLenZqCwbP5xdQ+TQ3kIXtV
aZ0QBnY6tZTjE0Mim6PXAg9DAbdgj8+yobtX8VtDPz3Y13OpIO7DxrGcYVLateq4
5+GrriscPlA8DNEkatlq7whbRH/hmUlAObidC6mrohEUzkbvN9Y8XDA=
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:52:53 2026 by rpki-client