Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/SpLUDkM08AHg5yl8NBTURxtOTas.roa
File: SpLUDkM08AHg5yl8NBTURxtOTas.roa (raw, json)
Hash identifier: 8/YCQ+4auA46A9GT1fp7bu9JC6NN9k6+9Xeqsmw6z+s=
Subject key identifier: 4A:92:D4:0E:43:34:F0:01:E0:E7:29:7C:34:14:D4:47:1B:4E:4D:AB
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019C3014C4661D815F407B569A3C6E7EF968
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/SpLUDkM08AHg5yl8NBTURxtOTas.roa
Signing time: Thu 05 Feb 2026 23:13:13 +0000
ROA not before: Thu 05 Feb 2026 23:13:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215730
IP address blocks: 64.188.91.0/24 maxlen: 24
144.31.0.0/21 maxlen: 24
144.31.11.0/24 maxlen: 24
144.31.90.0/24 maxlen: 24
144.31.94.0/24 maxlen: 24
144.31.125.0/24 maxlen: 24
144.31.128.0/23 maxlen: 24
144.31.130.0/23 maxlen: 24
193.23.193.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:30:14:c4:66:1d:81:5f:40:7b:56:9a:3c:6e:7e:f9:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Feb 5 23:13:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4a92d40e4334f001e0e7297c3414d4471b4e4dab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:cf:f0:4d:35:6e:bf:69:f2:d8:0a:c3:1f:bc:
4c:b6:13:31:6f:ed:7c:48:1a:9c:7e:5a:42:0d:ca:
bf:44:e2:0a:a6:fd:40:2c:e7:8d:82:46:5a:03:8d:
ee:30:cb:2c:b6:cc:fe:79:92:4a:2e:fc:59:7b:03:
12:de:77:e1:02:dc:29:0e:68:8a:9d:3c:f5:56:40:
bd:95:37:de:75:31:eb:97:ee:cd:69:29:23:7c:86:
0a:51:cf:a7:5c:e6:d9:31:14:c8:19:86:80:bd:29:
9d:ee:35:bb:11:36:d3:d7:67:07:b2:28:88:be:8b:
79:49:5a:1d:dd:f8:39:95:ca:87:0a:45:c0:85:f7:
db:cb:03:e8:82:7f:86:df:6f:49:d2:10:21:ab:60:
d4:81:3a:45:3d:b1:aa:8d:62:13:ba:c7:ef:17:fc:
f8:6a:88:38:57:74:75:b6:e3:68:d4:01:8b:2d:f2:
3c:71:01:ca:35:ef:ba:83:92:7c:b9:c6:08:4e:50:
d4:dc:36:37:74:29:86:6c:5f:09:04:69:a3:7d:d2:
bf:93:5b:3d:9f:7c:11:2f:29:cb:38:13:1f:97:8e:
55:e9:27:21:77:aa:ff:7b:ee:1e:a8:47:f8:13:3f:
28:37:69:17:2a:12:36:e0:44:eb:5b:5a:23:95:85:
73:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:92:D4:0E:43:34:F0:01:E0:E7:29:7C:34:14:D4:47:1B:4E:4D:AB
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/SpLUDkM08AHg5yl8NBTURxtOTas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.91.0/24
144.31.0.0/21
144.31.11.0/24
144.31.90.0/24
144.31.94.0/24
144.31.125.0/24
144.31.128.0/22
193.23.193.0/24
Signature Algorithm: sha256WithRSAEncryption
15:3c:25:1b:68:b8:f3:a0:59:fe:2d:a1:d8:23:e7:70:d1:b5:
53:92:0d:b2:c4:04:26:87:5f:c7:f6:86:da:95:3c:ee:f0:91:
2d:a8:ec:0e:84:b1:67:36:89:95:3f:81:03:13:f9:05:04:eb:
b4:b6:a2:74:36:91:48:e5:cb:38:86:40:de:3d:86:80:84:6e:
b7:b4:71:6f:8d:4e:20:66:00:af:c7:21:91:c1:45:fe:01:44:
f8:b9:9d:20:24:a5:2b:e0:e5:6b:65:98:ef:67:7b:15:e8:b6:
33:08:04:ca:7b:2f:e5:f9:e2:3b:4f:94:57:74:49:13:cf:5a:
4b:d4:94:3f:c1:37:56:e6:3a:42:0f:92:c4:43:56:d7:4a:1c:
9c:10:49:fd:bd:aa:e4:c6:30:b8:1a:c9:bb:e2:32:7e:00:f9:
f5:94:8b:45:a8:8e:16:1d:16:ac:ee:13:87:42:fe:5c:e7:6f:
79:5c:5f:d5:89:99:8c:94:81:f2:06:83:84:f2:98:3c:81:8f:
79:45:9a:bf:8c:6b:39:a8:79:5d:33:e6:98:f0:72:eb:08:f6:
fe:a5:a6:49:12:ce:eb:0b:dc:26:39:69:8e:c8:be:a1:2d:97:
41:de:35:b0:0a:c5:48:23:89:43:bf:df:ca:34:ae:a0:61:1a:
13:76:24:43
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZwwFMRmHYFfQHtWmjxufvloMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjA1MjMxMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTkyZDQwZTQzMzRmMDAxZTBlNzI5N2MzNDE0ZDQ0NzFiNGU0ZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8/wTTVuv2ny2ArDH7xMthMxb+18
SBqcflpCDcq/ROIKpv1ALOeNgkZaA43uMMsstsz+eZJKLvxZewMS3nfhAtwpDmiK
nTz1VkC9lTfedTHrl+7NaSkjfIYKUc+nXObZMRTIGYaAvSmd7jW7ETbT12cHsiiI
vot5SVod3fg5lcqHCkXAhffbywPogn+G329J0hAhq2DUgTpFPbGqjWITusfvF/z4
aog4V3R1tuNo1AGLLfI8cQHKNe+6g5J8ucYITlDU3DY3dCmGbF8JBGmjfdK/k1s9
n3wRLynLOBMfl45V6Schd6r/e+4eqEf4Ez8oN2kXKhI24ETrW1ojlYVz3QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFEqS1A5DNPAB4OcpfDQU1EcbTk2rMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvU3BMVURrTTA4QUhnNXlsOE5CVFVSeHRPVGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAQLxbAwQD
kB8AAwQAkB8LAwQAkB9aAwQAkB9eAwQAkB99AwQCkB+AAwQAwRfBMA0GCSqGSIb3
DQEBCwUAA4IBAQAVPCUbaLjzoFn+LaHYI+dw0bVTkg2yxAQmh1/H9obalTzu8JEt
qOwOhLFnNomVP4EDE/kFBOu0tqJ0NpFI5cs4hkDePYaAhG63tHFvjU4gZgCvxyGR
wUX+AUT4uZ0gJKUr4OVrZZjvZ3sV6LYzCATKey/l+eI7T5RXdEkTz1pL1JQ/wTdW
5jpCD5LEQ1bXShycEEn9varkxjC4Gsm74jJ+APn1lItFqI4WHRas7hOHQv5c5295
XF/ViZmMlIHyBoOE8pg8gY95RZq/jGs5qHldM+aY8HLrCPb+paZJEs7rC9wmOWmO
yL6hLZdB3jWwCsVII4lDv9/KNK6gYRoTdiRD
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:26:15 2026 by rpki-client