Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HEHXYu8g3rbO1KmgRDrbnL2pZh0.roa
File: HEHXYu8g3rbO1KmgRDrbnL2pZh0.roa (raw, json)
Hash identifier: ZLBc4kF1t+IpGspXAu9idpzVFhVatP3bVD2A+53Frio=
Subject key identifier: 1C:41:D7:62:EF:20:DE:B6:CE:D4:A9:A0:44:3A:DB:9C:BD:A9:66:1D
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D73157B3FD526DAC94FA14C4A6A6D7633
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HEHXYu8g3rbO1KmgRDrbnL2pZh0.roa
Signing time: Thu 09 Apr 2026 16:31:20 +0000
ROA not before: Thu 09 Apr 2026 16:31:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207957
IP address blocks: 2.26.88.0/24 maxlen: 24
2.26.89.0/24 maxlen: 24
2.26.90.0/24 maxlen: 24
2.26.91.0/24 maxlen: 24
2.26.92.0/24 maxlen: 24
2.26.93.0/24 maxlen: 24
64.188.89.0/24 maxlen: 24
64.188.90.0/24 maxlen: 24
64.188.98.0/24 maxlen: 24
64.188.127.0/24 maxlen: 24
77.239.107.0/24 maxlen: 24
144.31.15.0/24 maxlen: 24
144.31.49.0/24 maxlen: 24
144.31.50.0/24 maxlen: 24
144.31.51.0/24 maxlen: 24
144.31.57.0/24 maxlen: 24
144.31.82.0/24 maxlen: 24
144.31.83.0/24 maxlen: 24
144.31.93.0/24 maxlen: 24
144.31.103.0/24 maxlen: 24
144.31.107.0/24 maxlen: 24
144.31.108.0/24 maxlen: 24
144.31.109.0/24 maxlen: 24
144.31.213.0/24 maxlen: 24
144.31.214.0/24 maxlen: 24
144.31.216.0/24 maxlen: 24
144.31.217.0/24 maxlen: 24
144.31.218.0/24 maxlen: 24
144.31.219.0/24 maxlen: 24
144.31.239.0/24 maxlen: 24
144.31.240.0/24 maxlen: 24
144.31.241.0/24 maxlen: 24
144.31.242.0/24 maxlen: 24
144.31.243.0/24 maxlen: 24
144.31.249.0/24 maxlen: 24
150.241.72.0/24 maxlen: 24
150.241.73.0/24 maxlen: 24
150.241.74.0/24 maxlen: 24
150.241.75.0/24 maxlen: 24
150.241.82.0/24 maxlen: 24
150.241.83.0/24 maxlen: 24
150.241.100.0/24 maxlen: 24
150.241.101.0/24 maxlen: 24
150.241.102.0/24 maxlen: 24
150.241.103.0/24 maxlen: 24
185.170.153.0/24 maxlen: 24
185.170.154.0/24 maxlen: 24
193.23.195.0/24 maxlen: 24
193.23.200.0/24 maxlen: 24
193.23.202.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 14:47:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:73:15:7b:3f:d5:26:da:c9:4f:a1:4c:4a:6a:6d:76:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 9 16:31:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1c41d762ef20deb6ced4a9a0443adb9cbda9661d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:60:c9:bd:c3:36:49:bf:07:8b:1a:aa:49:2b:
f8:4c:b4:b9:4a:1d:47:a4:2d:9c:83:75:2a:78:48:
86:3f:f5:8d:c5:78:8e:28:90:25:09:2e:05:83:f8:
e9:b6:bd:7e:fa:6d:7b:23:ea:d7:18:23:4a:65:93:
c5:57:03:7d:b3:2b:6b:8a:d8:87:8f:78:6a:83:7b:
c3:ac:4d:99:38:6d:53:ad:66:ce:03:19:12:31:d9:
1f:3b:66:0f:3b:24:fa:82:3c:81:96:64:37:8b:08:
02:89:2a:a9:4f:10:af:3b:a2:15:79:59:2f:98:44:
00:4b:a2:f0:53:6e:a5:b7:c3:25:ba:6d:02:ea:a1:
fc:c0:d3:7d:71:04:cf:82:42:97:17:f2:9d:b9:5a:
5c:3d:08:9e:46:7e:31:7f:93:d1:0f:0a:fb:f9:56:
ce:5d:ea:ae:e3:f4:9e:1c:a4:0e:a1:3c:31:64:ba:
7e:32:fb:fc:76:78:17:f8:20:6a:03:d5:f1:d3:3f:
53:24:f5:42:6b:85:b9:7b:b4:1d:08:76:f4:27:20:
6e:b3:8e:4d:fc:4a:6b:1e:e2:05:f0:cd:eb:68:55:
96:65:4d:c0:50:bf:5d:26:a5:91:65:81:a8:95:82:
50:64:fa:56:ca:4b:32:4b:da:a4:c1:58:b6:8a:58:
d9:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:41:D7:62:EF:20:DE:B6:CE:D4:A9:A0:44:3A:DB:9C:BD:A9:66:1D
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HEHXYu8g3rbO1KmgRDrbnL2pZh0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.88.0-2.26.93.255
64.188.89.0-64.188.90.255
64.188.98.0/24
64.188.127.0/24
77.239.107.0/24
144.31.15.0/24
144.31.49.0-144.31.51.255
144.31.57.0/24
144.31.82.0/23
144.31.93.0/24
144.31.103.0/24
144.31.107.0-144.31.109.255
144.31.213.0-144.31.214.255
144.31.216.0/22
144.31.239.0-144.31.243.255
144.31.249.0/24
150.241.72.0/22
150.241.82.0/23
150.241.100.0/22
185.170.153.0-185.170.154.255
193.23.195.0/24
193.23.200.0/24
193.23.202.0/24
Signature Algorithm: sha256WithRSAEncryption
bb:5a:17:0e:2e:0e:c3:b2:85:b7:2f:02:0c:c1:66:a3:6c:a6:
da:5c:dc:98:39:e9:63:4e:c4:e6:15:aa:cf:1c:38:e5:90:1f:
da:db:80:be:74:18:a1:dd:78:2f:5e:d2:eb:d2:61:e7:ab:53:
f3:e3:65:6a:6f:20:68:02:3d:b6:3a:0b:79:f7:26:c3:73:27:
4d:b9:da:63:7b:68:56:30:db:86:1d:1e:50:e4:60:2c:16:db:
8e:ca:c8:91:c2:94:09:a2:44:ba:a4:b5:2f:77:7a:b7:78:6e:
24:5e:bb:c7:1c:6d:19:01:0f:2e:bb:88:17:77:02:0d:25:fa:
bb:eb:01:f9:d6:80:56:20:28:0f:10:f4:3c:3a:37:0a:94:4b:
01:c3:ae:f7:78:92:08:24:52:50:1c:c9:93:5b:54:2e:79:0c:
0a:75:e1:d0:e2:f9:75:3a:42:66:c6:dd:a5:23:5d:5a:31:be:
d3:b6:a1:4d:e1:ab:a8:d3:25:4b:fc:fd:2e:13:e2:7c:46:9e:
d4:49:eb:3d:af:fa:c1:12:f9:2a:63:bf:9c:e1:0d:03:df:40:
15:79:af:e3:58:9d:d8:eb:21:2a:38:ae:6f:35:c2:4f:ca:fa:
9f:b2:ef:b5:e4:cd:7e:7c:ae:05:5c:ee:58:6f:fb:e1:e7:1c:
ca:4a:83:fd
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAZ1zFXs/1SbayU+hTEpqbXYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDA5MTYzMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzQxZDc2MmVmMjBkZWI2Y2VkNGE5YTA0NDNhZGI5Y2JkYTk2NjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2DJvcM2Sb8HixqqSSv4TLS5Sh1H
pC2cg3UqeEiGP/WNxXiOKJAlCS4Fg/jptr1++m17I+rXGCNKZZPFVwN9sytritiH
j3hqg3vDrE2ZOG1TrWbOAxkSMdkfO2YPOyT6gjyBlmQ3iwgCiSqpTxCvO6IVeVkv
mEQAS6LwU26lt8Mlum0C6qH8wNN9cQTPgkKXF/KduVpcPQieRn4xf5PRDwr7+VbO
Xequ4/SeHKQOoTwxZLp+Mvv8dngX+CBqA9Xx0z9TJPVCa4W5e7QdCHb0JyBus45N
/EprHuIF8M3raFWWZU3AUL9dJqWRZYGolYJQZPpWyksyS9qkwVi2iljZWwIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFBxB12LvIN62ztSpoEQ625y9qWYdMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSEVIWFl1OGczcmJPMUttZ1JEcmJuTDJwWmgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHfBggrBgEFBQcBBwEB/wSBzzCBzDCByQQCAAEwgcIwDAME
AwIaWAMEAQIaXDAMAwQAQLxZAwQAQLxaAwQAQLxiAwQAQLx/AwQATe9rAwQAkB8P
MAwDBACQHzEDBAKQHzADBACQHzkDBAGQH1IDBACQH10DBACQH2cwDAMEAJAfawME
AZAfbDAMAwQAkB/VAwQAkB/WAwQCkB/YMAwDBACQH+8DBAKQH/ADBACQH/kDBAKW
8UgDBAGW8VIDBAKW8WQwDAMEALmqmQMEALmqmgMEAMEXwwMEAMEXyAMEAMEXyjAN
BgkqhkiG9w0BAQsFAAOCAQEAu1oXDi4Ow7KFty8CDMFmo2ym2lzcmDnpY07E5hWq
zxw45ZAf2tuAvnQYod14L17S69Jh56tT8+Nlam8gaAI9tjoLefcmw3MnTbnaY3to
VjDbhh0eUORgLBbbjsrIkcKUCaJEuqS1L3d6t3huJF67xxxtGQEPLruIF3cCDSX6
u+sB+daAViAoDxD0PDo3CpRLAcOu93iSCCRSUBzJk1tULnkMCnXh0OL5dTpCZsbd
pSNdWjG+07ahTeGrqNMlS/z9LhPifEae1EnrPa/6wRL5KmO/nOENA99AFXmv41id
2OshKjiubzXCT8r6n7LvteTNfnyuBVzuWG/74eccykqD/Q==
-----END CERTIFICATE-----
Generated at Fri Apr 17 18:50:28 2026 by rpki-client