Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/o8YOari8iU_sxRNcPTK6CpCfO0U.roa
File: o8YOari8iU_sxRNcPTK6CpCfO0U.roa (raw, json)
Hash identifier: 0A0k6qvweMJEOhcWul/qss1kJoJK5XqjZfTxGvo3pZk=
Subject key identifier: A3:C6:0E:6A:B8:BC:89:4F:EC:C5:13:5C:3D:32:BA:0A:90:9F:3B:45
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019E98A9E3874A83EDA031AB6B5F067E670B
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/o8YOari8iU_sxRNcPTK6CpCfO0U.roa
Signing time: Fri 05 Jun 2026 16:42:11 +0000
ROA not before: Fri 05 Jun 2026 16:42:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197974
IP address blocks: 31.76.38.0/24 maxlen: 24
31.76.39.0/24 maxlen: 24
31.76.91.0/24 maxlen: 24
31.76.113.0/24 maxlen: 24
31.76.119.0/24 maxlen: 24
31.76.249.0/24 maxlen: 24
31.76.250.0/24 maxlen: 24
31.77.201.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 17:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:98:a9:e3:87:4a:83:ed:a0:31:ab:6b:5f:06:7e:67:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Jun 5 16:42:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a3c60e6ab8bc894fecc5135c3d32ba0a909f3b45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:cd:a1:6e:21:61:eb:3b:30:de:70:4b:1a:12:
f9:e0:3f:91:44:34:93:45:bb:54:de:36:4b:47:0b:
1c:8f:1d:90:20:88:1f:b0:25:a9:f2:72:d9:d4:2a:
7c:cc:f1:ca:fa:6d:ea:ba:56:8a:4c:57:d2:3f:71:
0e:f0:5d:72:67:2f:f7:1b:a1:33:a5:03:79:fa:d3:
02:e6:33:07:2f:37:65:73:cd:4a:5c:63:7b:6d:d1:
4a:8b:8e:c8:79:bb:1d:f6:bd:d4:8d:60:53:16:77:
67:bb:fc:55:47:8b:8b:0b:ae:8e:e0:41:cd:9a:c5:
d3:95:3b:ef:33:97:d4:56:01:4c:02:32:f7:ae:89:
52:b8:f2:e6:9d:b3:84:94:fc:ba:7e:20:9a:63:6e:
da:1e:a1:34:fb:7b:6e:bf:18:e0:00:2b:e4:b5:bb:
68:3c:79:2c:fa:02:e8:b7:3b:6d:8f:94:46:6d:77:
1c:2d:47:54:a8:52:ee:7e:1c:02:e3:37:cd:1d:0e:
43:6a:c6:60:9a:86:27:2a:9d:45:fe:e3:a5:e9:4d:
eb:7a:79:dd:c6:ed:83:2f:a3:9f:33:da:09:0c:23:
ee:5d:8f:c2:c7:2a:ea:26:29:61:6e:08:78:d9:f2:
7a:3c:53:3b:d7:5b:8e:76:07:bd:04:cc:d8:b4:b6:
f4:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:C6:0E:6A:B8:BC:89:4F:EC:C5:13:5C:3D:32:BA:0A:90:9F:3B:45
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/o8YOari8iU_sxRNcPTK6CpCfO0U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.76.38.0/23
31.76.91.0/24
31.76.113.0/24
31.76.119.0/24
31.76.249.0-31.76.250.255
31.77.201.0/24
Signature Algorithm: sha256WithRSAEncryption
09:9b:ed:70:a4:f3:ba:13:3e:1c:f0:ce:b3:11:0e:2b:5d:81:
9b:f8:ca:40:e3:99:19:b6:23:64:aa:79:a4:f7:a3:29:61:48:
22:9d:3b:08:3f:c7:fd:25:84:ff:8e:a5:2e:46:01:7c:b0:9b:
fb:69:cd:fc:e3:62:ce:e7:41:8a:a4:6b:0a:dd:f6:03:bb:ce:
aa:b3:f2:8e:0f:15:e6:3c:e7:43:34:95:61:3f:0e:a6:7b:88:
d6:02:d4:e3:38:b1:15:29:99:fb:de:c0:93:0a:23:be:b5:83:
2d:b6:11:eb:81:d0:8b:e5:62:dc:0e:b1:4a:e9:25:f0:ba:47:
2e:a2:a7:d9:ac:94:8b:c5:9a:14:ff:b5:9b:f1:b1:7c:77:1a:
69:1a:b7:15:94:d0:80:b8:4c:ee:40:9d:dd:a3:06:c2:52:be:
68:7b:1d:b7:60:4a:20:f4:b1:da:98:5c:97:9d:f5:cd:c6:cb:
47:07:ad:0a:25:8f:f8:0d:6d:64:e7:64:3f:2a:3f:d3:d5:e8:
77:36:42:ea:ed:d1:da:6e:65:e0:67:7c:d3:f8:b8:ff:87:fd:
8f:f5:be:5d:7d:73:a2:27:e7:10:c1:f2:8f:49:a9:c6:fe:c5:
0f:8a:f4:b9:7b:60:fd:75:d6:d9:0b:60:d5:0c:1b:fd:dc:5c:
9b:85:cd:d7
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZ6YqeOHSoPtoDGra18GfmcLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA1MTY0MjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2M2MGU2YWI4YmM4OTRmZWNjNTEzNWMzZDMyYmEwYTkwOWYzYjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA082hbiFh6zsw3nBLGhL54D+RRDST
RbtU3jZLRwscjx2QIIgfsCWp8nLZ1Cp8zPHK+m3qulaKTFfSP3EO8F1yZy/3G6Ez
pQN5+tMC5jMHLzdlc81KXGN7bdFKi47Iebsd9r3UjWBTFndnu/xVR4uLC66O4EHN
msXTlTvvM5fUVgFMAjL3rolSuPLmnbOElPy6fiCaY27aHqE0+3tuvxjgACvktbto
PHks+gLotzttj5RGbXccLUdUqFLufhwC4zfNHQ5DasZgmoYnKp1F/uOl6U3rennd
xu2DL6OfM9oJDCPuXY/CxyrqJilhbgh42fJ6PFM711uOdge9BMzYtLb0lQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFKPGDmq4vIlP7MUTXD0yugqQnztFMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbzhZT2FyaThpVV9zeFJOY1BUSzZDcENmTzBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBH0wmAwQA
H0xbAwQAH0xxAwQAH0x3MAwDBAAfTPkDBAAfTPoDBAAfTckwDQYJKoZIhvcNAQEL
BQADggEBAAmb7XCk87oTPhzwzrMRDitdgZv4ykDjmRm2I2SqeaT3oylhSCKdOwg/
x/0lhP+OpS5GAXywm/tpzfzjYs7nQYqkawrd9gO7zqqz8o4PFeY850M0lWE/DqZ7
iNYC1OM4sRUpmfvewJMKI761gy22EeuB0IvlYtwOsUrpJfC6Ry6ip9mslIvFmhT/
tZvxsXx3GmkatxWU0IC4TO5And2jBsJSvmh7HbdgSiD0sdqYXJed9c3Gy0cHrQol
j/gNbWTnZD8qP9PV6Hc2Qurt0dpuZeBnfNP4uP+H/Y/1vl19c6In5xDB8o9Jqcb+
xQ+K9Ll7YP111tkLYNUMG/3cXJuFzdc=
-----END CERTIFICATE-----
Generated at Sat Jun 13 23:04:17 2026 by rpki-client