Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/aFiUD-soZiktHfLFSRiAwnTuG-8.roa
File: aFiUD-soZiktHfLFSRiAwnTuG-8.roa (raw, json)
Hash identifier: 9EXPsV3mbX3VJbzln81EWyfeRMGTOYyJrhLutlpqlgU=
Subject key identifier: 68:58:94:0F:EB:28:66:29:2D:1D:F2:C5:49:18:80:C2:74:EE:1B:EF
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D3F74E3753BA3C998DD3ED4F9C14B6604
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/aFiUD-soZiktHfLFSRiAwnTuG-8.roa
Signing time: Mon 30 Mar 2026 15:55:18 +0000
ROA not before: Mon 30 Mar 2026 15:55:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 9304
IP address blocks: 2.27.118.0/24 maxlen: 24
2.27.157.0/24 maxlen: 24
2.27.158.0/24 maxlen: 24
2.27.159.0/24 maxlen: 24
2.27.214.0/23 maxlen: 24
2.27.241.0/24 maxlen: 24
2.27.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3f:74:e3:75:3b:a3:c9:98:dd:3e:d4:f9:c1:4b:66:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 30 15:55:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6858940feb2866292d1df2c5491880c274ee1bef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:92:84:6e:82:67:6e:bd:9c:ea:f2:fa:11:8f:
12:54:e0:21:52:d8:32:8d:b1:5c:ab:99:de:55:44:
32:6e:41:f6:16:a0:62:54:87:ee:18:34:04:d7:ec:
5b:d4:f0:bb:f1:00:c4:69:f5:54:21:fa:ea:54:54:
c2:5b:e5:cd:8f:2f:8f:b1:37:b3:d7:aa:17:be:ef:
a1:45:af:6c:d6:d8:21:85:d0:6c:c8:b6:0e:78:28:
f0:dd:04:06:f3:ad:1b:7a:6c:2d:b0:3a:95:ca:6a:
a7:cb:de:2a:c2:b2:6e:e1:19:24:cf:a9:39:fd:a9:
41:10:af:08:31:0b:7e:8c:a3:1a:dd:e8:ed:53:7d:
5d:73:37:b4:b9:b2:ff:a5:5e:5d:68:db:11:b7:bb:
0b:ba:d0:7d:41:56:79:ed:83:ef:85:7e:87:ab:b0:
ba:77:36:74:01:42:02:56:0e:f1:0b:93:1c:b7:c7:
f1:55:20:f0:ff:d4:59:65:c3:9c:f0:a9:95:82:a6:
04:19:f7:f2:81:d4:cf:b7:f7:9d:54:fb:a8:6b:23:
97:d4:4d:d2:93:fa:24:f7:73:d4:30:b9:f7:d0:8a:
29:d9:f6:54:1c:12:38:03:65:a1:ca:e4:6c:f9:8d:
a6:98:61:e5:da:36:9b:97:49:b1:e3:88:7a:8b:a2:
9d:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:58:94:0F:EB:28:66:29:2D:1D:F2:C5:49:18:80:C2:74:EE:1B:EF
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/aFiUD-soZiktHfLFSRiAwnTuG-8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.118.0/24
2.27.157.0-2.27.159.255
2.27.214.0/23
2.27.241.0/24
2.27.247.0/24
Signature Algorithm: sha256WithRSAEncryption
ad:6a:94:e6:20:87:67:f7:0f:06:22:10:01:99:6a:a0:c9:a4:
ee:08:89:9c:bc:83:b7:06:23:9f:26:b3:c5:89:0f:41:87:1c:
04:6e:2d:3f:e9:ee:4b:2e:6c:56:bc:29:5c:f6:b5:a1:d5:7c:
f4:5b:4d:7a:f3:ac:2d:74:da:84:62:e8:73:15:bd:b1:ba:93:
67:13:49:c3:70:6e:d2:de:9d:4b:fb:0e:c7:9f:cf:70:bd:f8:
53:56:37:b0:e3:16:e0:1b:ac:16:24:8d:83:da:ea:20:97:ab:
85:3f:29:c3:5c:08:1d:08:bf:6e:a9:5f:d5:19:7c:be:c9:1e:
cd:21:5f:ee:e2:e6:e7:bf:32:da:ef:7f:12:0a:82:65:59:d3:
e7:3a:8e:ee:4e:7b:41:ce:a7:fe:1a:91:73:a1:7b:1b:cf:e7:
a2:2a:74:c3:6f:fb:0f:98:42:ab:39:50:1f:62:df:bc:50:8e:
9f:98:cc:b6:1c:50:1d:48:99:cd:6d:b4:dc:fd:ee:80:0e:5c:
cd:62:22:45:75:14:2d:b0:f0:97:71:18:52:20:e2:fa:d8:af:
04:a4:4d:37:ae:49:91:93:a0:19:94:0d:1c:66:95:71:2f:31:
3e:09:50:62:97:82:eb:ef:d8:9b:5c:f7:2a:d7:22:9f:9e:29:
8a:42:51:45
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZ0/dON1O6PJmN0+1PnBS2YEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzMwMTU1NTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODU4OTQwZmViMjg2NjI5MmQxZGYyYzU0OTE4ODBjMjc0ZWUxYmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pKEboJnbr2c6vL6EY8SVOAhUtgy
jbFcq5neVUQybkH2FqBiVIfuGDQE1+xb1PC78QDEafVUIfrqVFTCW+XNjy+PsTez
16oXvu+hRa9s1tghhdBsyLYOeCjw3QQG860bemwtsDqVymqny94qwrJu4Rkkz6k5
/alBEK8IMQt+jKMa3ejtU31dcze0ubL/pV5daNsRt7sLutB9QVZ57YPvhX6Hq7C6
dzZ0AUICVg7xC5Mct8fxVSDw/9RZZcOc8KmVgqYEGffygdTPt/edVPuoayOX1E3S
k/ok93PUMLn30Iop2fZUHBI4A2WhyuRs+Y2mmGHl2jabl0mx44h6i6Kd+wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFGhYlA/rKGYpLR3yxUkYgMJ07hvvMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYUZpVUQtc29aaWt0SGZMRlNSaUF3blR1Ry04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAAht2MAwD
BAACG50DBAUCG4ADBAECG9YDBAACG/EDBAACG/cwDQYJKoZIhvcNAQELBQADggEB
AK1qlOYgh2f3DwYiEAGZaqDJpO4IiZy8g7cGI58ms8WJD0GHHARuLT/p7ksubFa8
KVz2taHVfPRbTXrzrC102oRi6HMVvbG6k2cTScNwbtLenUv7Dsefz3C9+FNWN7Dj
FuAbrBYkjYPa6iCXq4U/KcNcCB0Iv26pX9UZfL7JHs0hX+7i5ue/MtrvfxIKgmVZ
0+c6ju5Oe0HOp/4akXOhexvP56IqdMNv+w+YQqs5UB9i37xQjp+YzLYcUB1Imc1t
tNz97oAOXM1iIkV1FC2w8JdxGFIg4vrYrwSkTTeuSZGToBmUDRxmlXEvMT4JUGKX
guvv2Jtc9yrXIp+eKYpCUUU=
-----END CERTIFICATE-----
Generated at Fri Apr 17 06:51:52 2026 by rpki-client