Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Y5G64OqAbofJU3c9HmuuJo-o0Eg.roa
File: Y5G64OqAbofJU3c9HmuuJo-o0Eg.roa (raw, json)
Hash identifier: DUNxkQtIeQBGb1tnezRvi85UoAsEKMATsUwlAi7Qsy4=
Subject key identifier: 63:91:BA:E0:EA:80:6E:87:C9:53:77:3D:1E:6B:AE:26:8F:A8:D0:48
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D847C6F5D5329D1EE680F087D8419E1DD
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Y5G64OqAbofJU3c9HmuuJo-o0Eg.roa
Signing time: Mon 13 Apr 2026 01:37:20 +0000
ROA not before: Mon 13 Apr 2026 01:37:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213520
IP address blocks: 2.26.24.0/22 maxlen: 24
2.26.76.0/23 maxlen: 24
2.27.24.0/23 maxlen: 24
2.27.28.0/22 maxlen: 24
64.188.68.0/22 maxlen: 24
64.188.74.0/24 maxlen: 24
64.188.104.0/22 maxlen: 24
77.239.120.0/23 maxlen: 24
144.31.16.0/23 maxlen: 24
144.31.18.0/23 maxlen: 24
144.31.62.0/23 maxlen: 24
144.31.84.0/23 maxlen: 24
144.31.116.0/23 maxlen: 24
144.31.118.0/23 maxlen: 24
144.31.122.0/23 maxlen: 24
144.31.134.0/23 maxlen: 24
144.31.138.0/23 maxlen: 24
144.31.196.0/23 maxlen: 24
144.31.232.0/24 maxlen: 24
144.31.233.0/24 maxlen: 24
150.241.64.0/24 maxlen: 24
150.241.78.0/23 maxlen: 24
193.23.197.0/24 maxlen: 24
193.23.210.0/23 maxlen: 24
193.23.218.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 14:47:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:84:7c:6f:5d:53:29:d1:ee:68:0f:08:7d:84:19:e1:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 13 01:37:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6391bae0ea806e87c953773d1e6bae268fa8d048
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:d1:4f:83:d1:a0:80:c8:2a:b1:ba:ad:6d:8d:
bf:f6:ce:30:d9:40:6f:b0:5d:84:76:20:ac:b4:f1:
c1:d8:b0:7a:64:42:d4:0f:8b:c1:44:28:ea:c1:8a:
41:f0:16:5b:a8:fd:56:ea:0a:14:cb:44:c2:02:c5:
b0:31:a2:2a:88:1c:91:a5:0c:cb:a1:16:99:89:bf:
49:8f:39:6b:8c:7d:80:38:c0:fe:f5:c7:f3:8c:6a:
87:90:88:88:a4:02:14:c6:34:ad:49:5b:d7:b3:1e:
04:18:1d:09:d2:de:78:53:0d:72:47:54:d9:ea:3a:
b2:09:ce:8f:5d:02:03:d6:d3:08:4e:94:4f:d4:f9:
f7:29:19:6f:07:a8:94:05:de:8d:c2:a9:b9:10:ac:
a0:b5:85:a0:04:30:3b:47:44:ab:10:68:75:70:cb:
e8:a2:a0:18:24:09:e6:b9:ba:b5:72:1b:0b:3d:a8:
3a:18:7e:3a:4e:71:96:e1:06:33:3a:4a:55:9b:d1:
ad:7a:cc:0d:fb:58:6f:e1:ed:6e:c0:c2:69:a9:8a:
73:49:33:52:61:6d:14:41:3b:93:c7:b2:e0:75:d2:
c7:17:8a:df:fe:e9:67:5a:80:c9:a0:a5:f7:0b:8e:
4b:1f:90:44:25:9c:b0:e0:3b:cd:4c:f8:a9:b1:9a:
e7:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:91:BA:E0:EA:80:6E:87:C9:53:77:3D:1E:6B:AE:26:8F:A8:D0:48
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Y5G64OqAbofJU3c9HmuuJo-o0Eg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.24.0/22
2.26.76.0/23
2.27.24.0/23
2.27.28.0/22
64.188.68.0/22
64.188.74.0/24
64.188.104.0/22
77.239.120.0/23
144.31.16.0/22
144.31.62.0/23
144.31.84.0/23
144.31.116.0/22
144.31.122.0/23
144.31.134.0/23
144.31.138.0/23
144.31.196.0/23
144.31.232.0/23
150.241.64.0/24
150.241.78.0/23
193.23.197.0/24
193.23.210.0/23
193.23.218.0/23
Signature Algorithm: sha256WithRSAEncryption
25:3f:c5:23:29:71:5b:02:f4:e8:7a:0b:d9:5c:a8:48:75:97:
8b:21:45:e4:62:8e:d5:fe:8e:f5:12:a3:a4:d5:da:4a:d0:b2:
15:c7:5c:cc:d3:f6:46:8f:d8:52:d8:42:44:8e:dc:c9:4d:5c:
47:91:d7:a5:3b:b1:0b:fa:d9:5b:3c:6d:8b:37:a9:b3:12:d9:
14:ff:63:83:1b:c3:80:c1:81:1c:c4:7e:85:5d:8a:0c:1f:71:
6f:32:0c:74:b8:35:93:96:9c:66:c6:d1:86:cd:6e:49:f8:7e:
31:4e:5b:a2:63:5c:ec:e9:fd:68:34:85:6f:ea:74:36:c2:15:
41:7a:f6:3b:6e:ea:d1:3d:ee:5b:a3:21:22:9f:fe:ac:91:dc:
96:71:af:86:01:6d:d1:fe:82:85:6f:1f:fe:27:f7:4e:da:1c:
6d:55:ec:e1:74:53:37:ae:bb:1b:b3:d2:6d:d3:a0:76:bf:d5:
ef:91:08:7c:e6:c0:56:82:94:79:b5:85:6e:18:c0:70:bf:ea:
a2:77:34:41:f4:d2:45:40:54:0a:bb:f8:90:43:4e:fb:c1:00:
9d:7a:ad:f6:25:22:0b:bb:c3:fc:f6:52:be:c2:d5:30:a4:e9:
6e:46:85:f7:02:48:c2:c6:e7:1a:6f:06:5e:fe:46:26:00:e9:
b2:72:e2:fd
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAZ2EfG9dUynR7mgPCH2EGeHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDEzMDEzNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzkxYmFlMGVhODA2ZTg3Yzk1Mzc3M2QxZTZiYWUyNjhmYThkMDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNFPg9GggMgqsbqtbY2/9s4w2UBv
sF2EdiCstPHB2LB6ZELUD4vBRCjqwYpB8BZbqP1W6goUy0TCAsWwMaIqiByRpQzL
oRaZib9JjzlrjH2AOMD+9cfzjGqHkIiIpAIUxjStSVvXsx4EGB0J0t54Uw1yR1TZ
6jqyCc6PXQID1tMITpRP1Pn3KRlvB6iUBd6Nwqm5EKygtYWgBDA7R0SrEGh1cMvo
oqAYJAnmubq1chsLPag6GH46TnGW4QYzOkpVm9GteswN+1hv4e1uwMJpqYpzSTNS
YW0UQTuTx7LgddLHF4rf/ulnWoDJoKX3C45LH5BEJZyw4DvNTPipsZrnSwIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFGORuuDqgG6HyVN3PR5rriaPqNBIMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWTVHNjRPcUFib2ZKVTNjOUhtdXVKby1vMEVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGhBggrBgEFBQcBBwEB/wSBkTCBjjCBiwQCAAEwgYQDBAIC
GhgDBAECGkwDBAECGxgDBAICGxwDBAJAvEQDBABAvEoDBAJAvGgDBAFN73gDBAKQ
HxADBAGQHz4DBAGQH1QDBAKQH3QDBAGQH3oDBAGQH4YDBAGQH4oDBAGQH8QDBAGQ
H+gDBACW8UADBAGW8U4DBADBF8UDBAHBF9IDBAHBF9owDQYJKoZIhvcNAQELBQAD
ggEBACU/xSMpcVsC9Oh6C9lcqEh1l4shReRijtX+jvUSo6TV2krQshXHXMzT9kaP
2FLYQkSO3MlNXEeR16U7sQv62Vs8bYs3qbMS2RT/Y4Mbw4DBgRzEfoVdigwfcW8y
DHS4NZOWnGbG0YbNbkn4fjFOW6JjXOzp/Wg0hW/qdDbCFUF69jtu6tE97lujISKf
/qyR3JZxr4YBbdH+goVvH/4n907aHG1V7OF0Uzeuuxuz0m3ToHa/1e+RCHzmwFaC
lHm1hW4YwHC/6qJ3NEH00kVAVAq7+JBDTvvBAJ16rfYlIgu7w/z2Ur7C1TCk6W5G
hfcCSMLG5xpvBl7+RiYA6bJy4v0=
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:58:58 2026 by rpki-client