Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OAtjgbgSSrSFKyCHEbYoeCj_0PA.roa
File: OAtjgbgSSrSFKyCHEbYoeCj_0PA.roa (raw, json)
Hash identifier: k4fDDzWuRHg5YSdir1ZamysjSHl01jqJLQ0BJ0CtrGQ=
Subject key identifier: 38:0B:63:81:B8:12:4A:B4:85:2B:20:87:11:B6:28:78:28:FF:D0:F0
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D5480F43F37910E67AA7C73456F7F5C5E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OAtjgbgSSrSFKyCHEbYoeCj_0PA.roa
Signing time: Fri 03 Apr 2026 18:00:30 +0000
ROA not before: Fri 03 Apr 2026 18:00:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16509
IP address blocks: 2.26.200.0/21 maxlen: 24
2.26.208.0/21 maxlen: 24
2.27.218.0/23 maxlen: 24
2.27.220.0/23 maxlen: 24
2.27.222.0/23 maxlen: 24
2.27.239.0/24 maxlen: 24
2.27.240.0/24 maxlen: 24
2.27.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:54:80:f4:3f:37:91:0e:67:aa:7c:73:45:6f:7f:5c:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 3 18:00:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=380b6381b8124ab4852b208711b6287828ffd0f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:ca:b6:43:60:08:bf:91:31:85:95:14:63:8b:
53:51:3e:a1:14:09:c0:82:44:17:93:fb:19:30:98:
67:43:53:99:bc:ff:4a:cd:57:b8:0e:28:fa:00:19:
37:a9:7b:f5:31:8c:97:ba:ec:46:85:36:3c:e0:23:
a2:63:9f:e0:03:2b:4f:cb:81:aa:4b:ec:59:1a:25:
ae:c9:5c:16:10:48:af:f5:b1:46:7e:79:c9:54:2b:
55:8c:98:8c:50:e2:fe:8d:56:8b:18:70:ee:53:6f:
f9:bc:9d:4f:83:21:ae:9a:ae:91:19:d7:52:1d:1e:
dd:f2:1c:e5:4d:ac:1e:48:a9:31:1c:45:22:f9:1f:
0f:19:19:dc:20:46:73:64:59:ef:12:a1:98:cd:fb:
ce:8f:79:07:aa:4f:5f:e2:fc:92:91:84:5a:dd:6e:
65:5f:09:9f:b7:99:68:5c:c8:2a:7f:9e:40:4e:70:
a7:b5:5f:40:0a:ed:3d:1f:98:95:62:9a:e2:40:20:
1b:0a:14:50:b6:56:1f:5c:49:19:5c:8c:e5:67:28:
03:db:b6:6b:8d:88:d5:15:b6:88:7e:1b:b1:d0:94:
f3:d5:58:31:69:b0:5a:87:ed:dd:b1:61:bc:11:70:
17:53:4d:39:e4:2f:c7:57:e6:79:1b:cb:c8:31:0c:
39:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:0B:63:81:B8:12:4A:B4:85:2B:20:87:11:B6:28:78:28:FF:D0:F0
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OAtjgbgSSrSFKyCHEbYoeCj_0PA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.200.0-2.26.215.255
2.27.218.0-2.27.223.255
2.27.239.0-2.27.240.255
2.27.254.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:f8:29:69:93:57:13:d3:72:5b:8f:30:76:0e:ab:26:75:81:
3b:16:95:9f:42:05:04:02:75:52:c9:2c:e7:32:8f:59:f9:64:
e5:84:b8:f0:7a:0d:0e:eb:eb:40:89:57:5d:84:ba:e2:6f:50:
76:e3:3e:cf:d3:8a:48:5b:da:ce:70:be:f6:d8:63:3d:4b:4e:
b4:d4:4d:1c:48:21:77:ee:f0:cd:46:ea:73:f2:5a:7b:0b:1d:
f0:bf:1b:0d:29:21:1b:1d:8b:b9:e1:4c:db:03:c9:37:8c:91:
77:7c:35:b8:8c:e9:10:01:ac:fa:2d:c1:d5:1e:3c:3e:a0:d1:
03:60:fb:c5:99:09:d1:05:13:85:99:47:86:a5:4f:b6:5d:cd:
ca:83:c8:b3:ef:98:8b:0e:01:40:6c:af:13:99:bb:15:12:ea:
8e:d2:f7:2b:69:6b:b0:d6:b8:22:63:44:9e:9c:78:c2:8b:5e:
5f:27:68:63:19:c0:0a:0b:a3:ad:5e:f2:cf:ec:10:0d:fc:11:
01:5b:28:b1:a9:f6:6e:30:c6:ec:eb:11:31:9a:ec:4e:34:2f:
af:9e:2d:d1:2c:0f:7d:9b:98:f2:c9:b4:20:b4:21:2b:fc:89:
2e:37:51:16:3b:54:0d:c3:a8:2d:d9:45:8b:c8:c2:c9:00:17:
23:64:d8:84
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZ1UgPQ/N5EOZ6p8c0Vvf1xeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDAzMTgwMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODBiNjM4MWI4MTI0YWI0ODUyYjIwODcxMWI2Mjg3ODI4ZmZkMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8q2Q2AIv5ExhZUUY4tTUT6hFAnA
gkQXk/sZMJhnQ1OZvP9KzVe4Dij6ABk3qXv1MYyXuuxGhTY84COiY5/gAytPy4Gq
S+xZGiWuyVwWEEiv9bFGfnnJVCtVjJiMUOL+jVaLGHDuU2/5vJ1PgyGumq6RGddS
HR7d8hzlTaweSKkxHEUi+R8PGRncIEZzZFnvEqGYzfvOj3kHqk9f4vySkYRa3W5l
Xwmft5loXMgqf55ATnCntV9ACu09H5iVYpriQCAbChRQtlYfXEkZXIzlZygD27Zr
jYjVFbaIfhux0JTz1VgxabBah+3dsWG8EXAXU0055C/HV+Z5G8vIMQw50wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDgLY4G4Ekq0hSsghxG2KHgo/9DwMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvT0F0amdiZ1NTclNGS3lDSEViWW9lQ2pfMFBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwMAwDBAMCGsgD
BAMCGtAwDAMEAQIb2gMEBQIbwDAMAwQAAhvvAwQAAhvwAwQAAhv+MA0GCSqGSIb3
DQEBCwUAA4IBAQCM+Clpk1cT03JbjzB2DqsmdYE7FpWfQgUEAnVSySznMo9Z+WTl
hLjweg0O6+tAiVddhLrib1B24z7P04pIW9rOcL722GM9S0601E0cSCF37vDNRupz
8lp7Cx3wvxsNKSEbHYu54UzbA8k3jJF3fDW4jOkQAaz6LcHVHjw+oNEDYPvFmQnR
BROFmUeGpU+2Xc3Kg8iz75iLDgFAbK8TmbsVEuqO0vcraWuw1rgiY0SenHjCi15f
J2hjGcAKC6OtXvLP7BAN/BEBWyixqfZuMMbs6xExmuxONC+vni3RLA99m5jyybQg
tCEr/IkuN1EWO1QNw6gt2UWLyMLJABcjZNiE
-----END CERTIFICATE-----
Generated at Fri Apr 17 03:34:41 2026 by rpki-client