Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/NSasxQ8f1G--qCNkioM6gbE7_Mk.roa
File: NSasxQ8f1G--qCNkioM6gbE7_Mk.roa (raw, json)
Hash identifier: MSeOT2PDwIHPqXToy0Xn6N3MHGSy0PNzqAaVfK460uY=
Subject key identifier: 35:26:AC:C5:0F:1F:D4:6F:BE:A8:23:64:8A:83:3A:81:B1:3B:FC:C9
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D8955E5DAB5FD95EA45E6EDBF8381216E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/NSasxQ8f1G--qCNkioM6gbE7_Mk.roa
Signing time: Tue 14 Apr 2026 00:13:21 +0000
ROA not before: Tue 14 Apr 2026 00:13:21 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 198250
IP address blocks: 2.26.152.0/24 maxlen: 24
2.26.154.0/24 maxlen: 24
2.26.172.0/24 maxlen: 24
2.27.98.0/24 maxlen: 24
2.27.165.0/24 maxlen: 24
144.31.39.0/24 maxlen: 24
144.31.146.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 14:47:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:89:55:e5:da:b5:fd:95:ea:45:e6:ed:bf:83:81:21:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 14 00:13:21 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=3526acc50f1fd46fbea823648a833a81b13bfcc9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:71:04:f3:c1:3a:aa:2d:a1:7e:b2:47:2d:ff:
bd:e6:9d:8e:6d:0b:81:fe:a3:4d:61:26:89:ea:0c:
2b:bd:46:ed:ca:fd:92:9f:9f:6f:f2:96:8d:93:d4:
45:c1:0d:46:f2:7a:f5:20:f3:e6:e0:a0:c1:6f:16:
35:35:1e:64:74:b7:17:69:b6:f2:4c:ff:30:0f:9b:
1c:5a:65:43:c8:98:15:16:34:eb:31:6b:2a:ae:97:
40:7c:88:1b:c0:83:10:02:6b:d5:29:ae:4b:2e:da:
c2:95:bb:81:61:3d:a8:b6:cc:4c:d4:f8:57:fb:91:
75:d6:cf:e5:04:f9:a8:5f:42:3d:b8:02:58:fa:9f:
34:dd:e2:90:23:28:8c:2a:c8:21:74:34:90:a2:d0:
aa:3c:72:2e:a0:60:63:87:42:4d:3b:91:d3:0f:e1:
9e:e6:6e:c9:22:d8:4b:0c:d3:e6:b1:c7:1a:3d:00:
73:c1:b3:59:8d:2e:a1:dd:d8:d1:ff:40:3e:21:9c:
7b:1b:f2:ac:03:31:60:0b:6d:66:ea:69:32:3b:49:
45:ca:e7:07:74:20:6f:81:fd:f7:11:d6:b7:c7:44:
8a:46:a9:9b:36:de:9f:b9:12:eb:07:b8:9c:34:36:
b9:e3:3d:48:17:fa:0a:bd:f1:75:30:35:ab:01:98:
6b:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:26:AC:C5:0F:1F:D4:6F:BE:A8:23:64:8A:83:3A:81:B1:3B:FC:C9
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/NSasxQ8f1G--qCNkioM6gbE7_Mk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.152.0/24
2.26.154.0/24
2.26.172.0/24
2.27.98.0/24
2.27.165.0/24
144.31.39.0/24
144.31.146.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:ce:a3:ab:fb:77:aa:3f:ca:09:5e:ef:ee:2c:5d:cf:06:04:
96:3b:c8:b2:89:77:91:fb:47:d9:92:48:6d:61:e8:f3:16:e5:
9e:8c:8b:3e:f6:35:2f:27:91:cd:40:ba:82:7e:0c:cb:62:6d:
09:8a:cb:aa:ca:f5:7b:5e:02:6d:56:f9:ea:9d:a1:e8:7c:f3:
8c:42:be:ca:85:c6:58:2e:b0:41:68:5c:9c:f3:b0:2a:9f:b5:
d5:e3:32:b2:8e:4b:ad:78:86:60:c5:de:9f:17:1b:95:3d:ca:
43:f1:ca:b3:d7:e2:9e:03:bc:1a:af:08:bd:4f:a7:2b:75:3f:
df:87:d3:0f:c1:39:5c:03:ed:4c:04:63:f0:13:e6:7a:b5:ac:
51:e7:e4:c7:1e:29:c3:48:b4:d1:b5:03:f5:7c:ef:fd:7c:6b:
84:d6:70:8a:6c:65:ac:ad:be:5a:fe:4c:ea:29:f4:90:f6:4a:
fd:1a:42:b3:fc:31:74:c0:a4:64:e8:97:de:b1:04:f0:e6:06:
b9:4e:dc:ff:82:3a:27:2f:fe:f0:b8:65:82:e7:9c:34:3f:98:
01:52:1d:24:a4:5e:0e:08:63:02:73:23:aa:c2:73:fe:60:95:
e7:2a:8e:3d:5c:8d:ec:5a:83:cd:41:ca:b2:c1:78:8f:d8:e9:
32:ae:ac:9a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZ2JVeXatf2V6kXm7b+DgSFuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE0MDAxMzIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTI2YWNjNTBmMWZkNDZmYmVhODIzNjQ4YTgzM2E4MWIxM2JmY2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7HEE88E6qi2hfrJHLf+95p2ObQuB
/qNNYSaJ6gwrvUbtyv2Sn59v8paNk9RFwQ1G8nr1IPPm4KDBbxY1NR5kdLcXabby
TP8wD5scWmVDyJgVFjTrMWsqrpdAfIgbwIMQAmvVKa5LLtrClbuBYT2otsxM1PhX
+5F11s/lBPmoX0I9uAJY+p803eKQIyiMKsghdDSQotCqPHIuoGBjh0JNO5HTD+Ge
5m7JIthLDNPmsccaPQBzwbNZjS6h3djR/0A+IZx7G/KsAzFgC21m6mkyO0lFyucH
dCBvgf33Eda3x0SKRqmbNt6fuRLrB7icNDa54z1IF/oKvfF1MDWrAZhrJwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFDUmrMUPH9RvvqgjZIqDOoGxO/zJMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTlNhc3hROGYxRy0tcUNOa2lvTTZnYkU3X01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAAhqYAwQA
AhqaAwQAAhqsAwQAAhtiAwQAAhulAwQAkB8nAwQAkB+SMA0GCSqGSIb3DQEBCwUA
A4IBAQAtzqOr+3eqP8oJXu/uLF3PBgSWO8iyiXeR+0fZkkhtYejzFuWejIs+9jUv
J5HNQLqCfgzLYm0JisuqyvV7XgJtVvnqnaHofPOMQr7KhcZYLrBBaFyc87Aqn7XV
4zKyjkuteIZgxd6fFxuVPcpD8cqz1+KeA7warwi9T6crdT/fh9MPwTlcA+1MBGPw
E+Z6taxR5+THHinDSLTRtQP1fO/9fGuE1nCKbGWsrb5a/kzqKfSQ9kr9GkKz/DF0
wKRk6JfesQTw5ga5Ttz/gjonL/7wuGWC55w0P5gBUh0kpF4OCGMCcyOqwnP+YJXn
Ko49XI3sWoPNQcqywXiP2Okyrqya
-----END CERTIFICATE-----
Generated at Fri Apr 17 18:24:50 2026 by rpki-client