Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kHMEvlLmKOpuro12qQVwkA1uMQI.roa
File: kHMEvlLmKOpuro12qQVwkA1uMQI.roa (raw, json)
Hash identifier: VJLa0DlMkyNWig7Ubn4l8v73AJaUJiiAZip+QyMCRBY=
Subject key identifier: 90:73:04:BE:52:E6:28:EA:6E:AE:8D:76:A9:05:70:90:0D:6E:31:02
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D5480F481269E078E5A4B591CD8A05442
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kHMEvlLmKOpuro12qQVwkA1uMQI.roa
Signing time: Fri 03 Apr 2026 18:00:30 +0000
ROA not before: Fri 03 Apr 2026 18:00:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 201907
IP address blocks: 2.26.200.0/21 maxlen: 24
2.26.208.0/21 maxlen: 24
2.27.218.0/23 maxlen: 24
2.27.220.0/23 maxlen: 24
2.27.222.0/23 maxlen: 24
2.27.239.0/24 maxlen: 24
2.27.240.0/24 maxlen: 24
2.27.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 16:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:54:80:f4:81:26:9e:07:8e:5a:4b:59:1c:d8:a0:54:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 3 18:00:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=907304be52e628ea6eae8d76a90570900d6e3102
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:2d:ae:d5:ad:a1:eb:02:69:20:3a:2a:af:70:
eb:68:34:60:c6:ea:c5:78:85:55:d1:a3:05:30:a4:
ee:ec:53:4d:ad:54:ed:d2:82:84:eb:9a:b3:f8:f6:
3b:c6:c7:b5:98:f1:86:cd:46:dc:51:ae:88:9a:30:
2c:43:a6:16:6b:f6:48:2f:4b:f7:49:31:66:b5:85:
23:0c:49:44:79:de:1d:00:a1:52:ff:22:be:bd:5c:
24:a0:d4:81:fd:fa:ed:fe:e2:07:a6:00:59:38:2b:
b2:2c:02:32:0f:0e:25:75:08:b7:67:04:8f:60:af:
45:97:56:1b:77:da:a7:5e:93:82:3c:0b:f1:33:e3:
36:e9:1a:cf:e0:e0:dd:00:35:12:7d:0d:65:34:22:
0b:a4:79:01:51:2e:ae:13:a3:f2:ce:76:c5:42:d0:
b0:ec:d4:d0:50:ce:0a:d7:d9:3b:f9:53:37:e2:57:
3e:e2:f5:a8:2a:90:36:d2:b0:36:6e:28:46:22:28:
97:91:37:a2:fc:8c:9f:eb:64:fa:dd:f2:d5:cd:82:
f9:f6:cf:1b:17:82:0d:ca:45:05:85:80:81:b2:16:
b3:ad:2e:96:e8:e7:9a:b3:a3:18:f0:dc:ae:77:18:
5c:6f:e3:81:bd:3d:2c:95:4f:98:c0:50:0c:35:29:
bf:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:73:04:BE:52:E6:28:EA:6E:AE:8D:76:A9:05:70:90:0D:6E:31:02
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kHMEvlLmKOpuro12qQVwkA1uMQI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.200.0-2.26.215.255
2.27.218.0-2.27.223.255
2.27.239.0-2.27.240.255
2.27.254.0/24
Signature Algorithm: sha256WithRSAEncryption
8e:b4:14:5f:08:b2:a4:f9:6f:e2:f9:44:2f:3d:c7:c9:a1:43:
c4:39:81:4f:25:e6:6b:d7:d6:84:f2:a0:0e:f4:ad:2a:a0:dc:
7c:b2:f7:8b:36:77:38:a1:0b:d6:55:69:82:48:b4:7b:99:38:
a7:dd:eb:f1:a3:83:76:59:e3:dc:6f:7c:89:48:ce:f6:c1:9d:
af:46:8e:26:ff:e2:31:cd:a3:7b:95:ee:51:4d:65:81:2c:ad:
33:ba:d9:5e:54:ed:1f:d4:b1:ed:2a:96:a8:4b:8d:f4:8a:3e:
c0:7c:24:ec:0c:d9:e2:5c:13:c4:63:da:c2:87:4a:45:cf:b9:
6a:ce:6a:fd:ae:13:80:d8:58:f1:38:65:8f:e9:9f:90:d6:d9:
6e:c9:ac:70:05:cf:17:cd:e2:bc:87:4f:ef:78:45:79:82:7c:
32:71:fd:5c:c0:77:de:5f:9e:ac:6b:db:04:ad:01:ea:ad:74:
de:d8:bf:51:85:5c:a2:0d:42:3d:5e:38:ad:85:7a:4e:56:fc:
df:b4:3c:26:94:19:32:bc:56:8e:07:a8:f8:10:5e:69:97:e7:
db:b7:0d:37:45:3e:3e:05:f7:91:4f:19:f7:9d:15:44:fc:54:
b1:04:c8:15:a3:5a:a9:ae:d2:f8:b8:7a:42:21:af:21:1a:2e:
41:76:3a:7c
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZ1UgPSBJp4HjlpLWRzYoFRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDAzMTgwMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDczMDRiZTUyZTYyOGVhNmVhZThkNzZhOTA1NzA5MDBkNmUzMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApi2u1a2h6wJpIDoqr3DraDRgxurF
eIVV0aMFMKTu7FNNrVTt0oKE65qz+PY7xse1mPGGzUbcUa6ImjAsQ6YWa/ZIL0v3
STFmtYUjDElEed4dAKFS/yK+vVwkoNSB/frt/uIHpgBZOCuyLAIyDw4ldQi3ZwSP
YK9Fl1Ybd9qnXpOCPAvxM+M26RrP4ODdADUSfQ1lNCILpHkBUS6uE6PyznbFQtCw
7NTQUM4K19k7+VM34lc+4vWoKpA20rA2bihGIiiXkTei/Iyf62T63fLVzYL59s8b
F4INykUFhYCBshazrS6W6Oeas6MY8Nyudxhcb+OBvT0slU+YwFAMNSm/3QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJBzBL5S5ijqbq6NdqkFcJANbjECMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEva0hNRXZsTG1LT3B1cm8xMnFRVndrQTF1TVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwMAwDBAMCGsgD
BAMCGtAwDAMEAQIb2gMEBQIbwDAMAwQAAhvvAwQAAhvwAwQAAhv+MA0GCSqGSIb3
DQEBCwUAA4IBAQCOtBRfCLKk+W/i+UQvPcfJoUPEOYFPJeZr19aE8qAO9K0qoNx8
sveLNnc4oQvWVWmCSLR7mTin3evxo4N2WePcb3yJSM72wZ2vRo4m/+IxzaN7le5R
TWWBLK0zutleVO0f1LHtKpaoS430ij7AfCTsDNniXBPEY9rCh0pFz7lqzmr9rhOA
2FjxOGWP6Z+Q1tluyaxwBc8XzeK8h0/veEV5gnwycf1cwHfeX56sa9sErQHqrXTe
2L9RhVyiDUI9XjithXpOVvzftDwmlBkyvFaOB6j4EF5pl+fbtw03RT4+BfeRTxn3
nRVE/FSxBMgVo1qprtL4uHpCIa8hGi5Bdjp8
-----END CERTIFICATE-----
Generated at Fri Apr 17 22:12:02 2026 by rpki-client