Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/l8rFU4i_2U_hg_rJsgMAPmoGrqU.roa
File: l8rFU4i_2U_hg_rJsgMAPmoGrqU.roa (raw, json)
Hash identifier: 5JGAFpxBNP63YyCkDRuCbAIeFnTlTgk1C5s/YJ2Uv+8=
Subject key identifier: 97:CA:C5:53:88:BF:D9:4F:E1:83:FA:C9:B2:03:00:3E:6A:06:AE:A5
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019C4DC0E6F200A387E3522757A5FFA98EA8
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/l8rFU4i_2U_hg_rJsgMAPmoGrqU.roa
Signing time: Wed 11 Feb 2026 17:30:13 +0000
ROA not before: Wed 11 Feb 2026 17:30:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216127
IP address blocks: 77.239.96.0/22 maxlen: 24
144.31.96.0/22 maxlen: 24
144.31.154.0/23 maxlen: 24
144.31.180.0/22 maxlen: 24
144.31.188.0/23 maxlen: 24
144.31.200.0/23 maxlen: 24
144.31.204.0/23 maxlen: 24
144.31.250.0/23 maxlen: 24
150.241.90.0/23 maxlen: 24
185.184.120.0/24 maxlen: 24
185.184.121.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 03:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:4d:c0:e6:f2:00:a3:87:e3:52:27:57:a5:ff:a9:8e:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Feb 11 17:30:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=97cac55388bfd94fe183fac9b203003e6a06aea5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:b8:05:74:bb:19:f8:bf:62:4c:01:ca:8e:82:
7d:17:62:79:a8:66:55:10:08:17:d6:88:88:64:99:
8f:b7:ff:2a:a8:90:3e:20:d8:20:70:b7:72:4d:a9:
7f:02:89:a0:6b:98:43:e4:04:15:53:0c:f6:f6:5e:
cd:b1:e8:df:5c:30:36:51:33:ec:31:4c:96:5c:dc:
2c:a4:8b:4b:ad:10:02:d3:bd:33:c9:b0:4b:b1:bf:
bb:66:66:84:63:c8:b3:4b:86:84:f5:6c:c6:0b:6d:
5e:9c:4c:fd:4e:af:12:fd:26:27:bc:0d:03:02:b2:
a7:1f:26:b0:16:9b:24:a9:8a:e2:ed:30:06:d4:5a:
a1:a9:70:eb:82:86:2c:35:ee:4f:0b:b3:37:8f:53:
4c:67:eb:f9:4f:ef:e2:1c:a8:51:09:c1:7b:21:cf:
78:f8:f0:41:fd:58:ca:c7:85:2a:ef:a2:34:43:7d:
c5:08:a2:d7:a7:d3:84:d1:f8:1d:5b:a7:4c:ac:30:
0a:e3:e8:c4:81:9e:52:d8:4e:32:dc:51:49:9d:e8:
48:8f:40:5c:db:3e:7b:dd:b8:60:e2:0a:db:74:0f:
42:2e:4b:c2:41:e8:dd:2b:04:02:af:0a:0e:2c:fe:
d6:79:f5:f3:bf:81:72:a9:d3:7a:00:11:5b:30:61:
bf:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:CA:C5:53:88:BF:D9:4F:E1:83:FA:C9:B2:03:00:3E:6A:06:AE:A5
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/l8rFU4i_2U_hg_rJsgMAPmoGrqU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.239.96.0/22
144.31.96.0/22
144.31.154.0/23
144.31.180.0/22
144.31.188.0/23
144.31.200.0/23
144.31.204.0/23
144.31.250.0/23
150.241.90.0/23
185.184.120.0/23
Signature Algorithm: sha256WithRSAEncryption
7a:d6:62:0d:b3:c8:44:e5:b9:d5:94:27:86:3c:58:8f:43:ef:
74:34:1a:0e:ae:ee:8f:50:5f:dd:27:aa:fe:f4:33:23:60:49:
59:b4:2f:12:d4:51:d6:f1:08:90:ca:05:07:4e:6b:47:6d:4a:
2b:72:57:63:84:24:41:0b:0e:3f:b1:5e:c9:38:91:7f:7b:94:
2f:de:66:02:53:55:6f:38:4a:fc:7c:37:0b:27:d5:18:5a:3c:
a6:cd:cc:a8:94:61:2d:57:72:43:5b:2b:8a:4b:dc:2b:ac:59:
4c:4c:e0:6b:5d:87:b1:ea:99:97:ef:35:23:2c:a4:66:1e:50:
f3:da:4d:37:0a:19:88:94:85:31:ba:84:a2:4a:15:d3:ba:c6:
4c:1b:0b:ad:71:f9:f3:b2:e9:a2:0e:0d:15:5e:41:d2:04:03:
71:10:43:18:b9:1f:9e:e9:e1:92:e4:96:9c:83:67:49:d2:7c:
a5:cc:81:50:0c:cf:87:fa:66:4c:0d:bc:38:ae:02:7e:0b:e3:
ce:38:7f:ed:93:43:a2:8b:86:90:79:5f:18:42:d8:57:98:67:
d0:05:2a:d8:5b:cd:64:26:81:05:e5:ce:97:cd:2e:77:9a:88:
bf:3d:d8:ba:7d:bf:44:8b:e3:c3:1b:27:39:15:1e:a4:ce:73:
28:e1:a9:77
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZxNwObyAKOH41InV6X/qY6oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjExMTczMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2NhYzU1Mzg4YmZkOTRmZTE4M2ZhYzliMjAzMDAzZTZhMDZhZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7gFdLsZ+L9iTAHKjoJ9F2J5qGZV
EAgX1oiIZJmPt/8qqJA+INggcLdyTal/Aomga5hD5AQVUwz29l7NsejfXDA2UTPs
MUyWXNwspItLrRAC070zybBLsb+7ZmaEY8izS4aE9WzGC21enEz9Tq8S/SYnvA0D
ArKnHyawFpskqYri7TAG1FqhqXDrgoYsNe5PC7M3j1NMZ+v5T+/iHKhRCcF7Ic94
+PBB/VjKx4Uq76I0Q33FCKLXp9OE0fgdW6dMrDAK4+jEgZ5S2E4y3FFJnehIj0Bc
2z573bhg4grbdA9CLkvCQejdKwQCrwoOLP7WefXzv4FyqdN6ABFbMGG/sQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJfKxVOIv9lP4YP6ybIDAD5qBq6lMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbDhyRlU0aV8yVV9oZ19ySnNnTUFQbW9HcnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCTe9gAwQC
kB9gAwQBkB+aAwQCkB+0AwQBkB+8AwQBkB/IAwQBkB/MAwQBkB/6AwQBlvFaAwQB
ubh4MA0GCSqGSIb3DQEBCwUAA4IBAQB61mINs8hE5bnVlCeGPFiPQ+90NBoOru6P
UF/dJ6r+9DMjYElZtC8S1FHW8QiQygUHTmtHbUorcldjhCRBCw4/sV7JOJF/e5Qv
3mYCU1VvOEr8fDcLJ9UYWjymzcyolGEtV3JDWyuKS9wrrFlMTOBrXYex6pmX7zUj
LKRmHlDz2k03ChmIlIUxuoSiShXTusZMGwutcfnzsumiDg0VXkHSBANxEEMYuR+e
6eGS5Jacg2dJ0nylzIFQDM+H+mZMDbw4rgJ+C+POOH/tk0Oii4aQeV8YQthXmGfQ
BSrYW81kJoEF5c6XzS53moi/Pdi6fb9Ei+PDGyc5FR6kznMo4al3
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:23:27 2026 by rpki-client