Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tXhBPlbb1DUy4nVm5CSwAgjCRdo.roa
File: tXhBPlbb1DUy4nVm5CSwAgjCRdo.roa (raw, json)
Hash identifier: l+iHUT4cFLOIqBka3U1aUelKgJMojK2u28qEdGiDZaA=
Subject key identifier: B5:78:41:3E:56:DB:D4:35:32:E2:75:66:E4:24:B0:02:08:C2:45:DA
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D31205E361FD606EDAEF947435C57D941
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tXhBPlbb1DUy4nVm5CSwAgjCRdo.roa
Signing time: Fri 27 Mar 2026 21:08:17 +0000
ROA not before: Fri 27 Mar 2026 21:08:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215730
IP address blocks: 2.27.26.0/23 maxlen: 24
64.188.91.0/24 maxlen: 24
144.31.0.0/21 maxlen: 24
144.31.11.0/24 maxlen: 24
144.31.90.0/24 maxlen: 24
144.31.94.0/24 maxlen: 24
144.31.125.0/24 maxlen: 24
144.31.128.0/23 maxlen: 24
144.31.130.0/23 maxlen: 24
150.241.95.0/24 maxlen: 24
193.23.193.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:31:20:5e:36:1f:d6:06:ed:ae:f9:47:43:5c:57:d9:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 27 21:08:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b578413e56dbd43532e27566e424b00208c245da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:5b:39:a2:2d:d4:4d:af:4d:e2:46:8c:b2:79:
ee:99:b4:83:b8:ed:22:c1:7d:f2:c1:3d:9b:0a:ec:
19:9f:23:6d:ca:68:d7:95:2f:b8:f0:fb:74:6e:3e:
a2:b9:8d:47:01:21:9a:c8:99:d5:5a:44:b6:7c:71:
22:d6:e4:4e:c2:87:1c:fc:33:df:37:35:07:3f:e1:
0f:1d:31:fb:bf:65:b7:2b:be:16:51:b1:15:51:a7:
8c:cb:b5:f6:24:bc:a5:21:c4:77:95:55:69:78:41:
15:47:5d:46:cc:73:f6:5a:12:73:39:49:30:7f:42:
a3:3c:a8:ec:77:8c:76:b7:af:78:3c:45:9c:c8:38:
c0:32:8b:b7:b0:2e:c2:99:90:a1:5c:a1:f3:c0:ae:
10:4f:b8:d6:db:9c:3d:88:b6:8b:6e:ea:a2:31:30:
4f:cd:5e:71:6c:2f:9e:ce:72:9e:3f:2a:4d:29:ba:
d6:e7:61:2b:a1:2a:0e:4e:7e:d7:5f:a6:a3:7c:2d:
65:89:67:7c:09:0a:69:6d:07:0b:1e:eb:ec:1a:1d:
1e:30:27:99:1d:44:f3:a8:a5:f7:df:1a:30:56:20:
79:a3:4d:f5:5f:e2:7c:f7:bd:e6:26:03:75:30:b0:
5d:33:5e:a6:c9:fc:fb:d9:61:a2:c6:45:2b:5c:2d:
a7:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:78:41:3E:56:DB:D4:35:32:E2:75:66:E4:24:B0:02:08:C2:45:DA
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tXhBPlbb1DUy4nVm5CSwAgjCRdo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.26.0/23
64.188.91.0/24
144.31.0.0/21
144.31.11.0/24
144.31.90.0/24
144.31.94.0/24
144.31.125.0/24
144.31.128.0/22
150.241.95.0/24
193.23.193.0/24
Signature Algorithm: sha256WithRSAEncryption
96:ca:34:82:ad:f5:4e:cf:c7:db:53:74:61:d4:36:f3:b5:6a:
6e:2b:09:d6:12:45:85:58:13:39:fb:04:cc:f1:f5:bb:f7:68:
21:b6:b7:00:16:73:0d:87:82:7f:35:0a:50:61:be:6c:02:4d:
de:e9:55:2e:73:48:1c:c8:e9:d6:50:02:6d:a8:96:c9:26:e4:
98:de:44:a0:dd:8c:ab:d8:ac:d5:9b:90:1f:cc:94:73:2d:3c:
60:46:fc:be:c0:5c:06:75:c8:d6:64:55:6b:52:a5:32:2f:be:
a7:b8:68:b1:ba:f9:3f:d4:df:90:de:b5:cd:95:65:1e:b2:17:
25:58:56:54:95:89:fd:25:47:44:ea:59:fa:45:ec:22:f3:4e:
15:8e:d3:f6:e5:f2:4b:58:e1:ed:c2:1f:24:cf:7c:8f:75:5b:
43:16:f2:11:5e:3c:b9:f9:e9:a3:1f:57:1a:05:a6:d2:5e:ae:
7e:e5:f2:ec:dd:f9:a5:11:90:df:3f:b0:37:02:ff:24:66:2d:
1f:10:c0:44:6c:b3:d5:9a:38:6d:01:a3:8d:48:21:4b:ac:4c:
95:5d:c9:96:49:10:82:7a:c1:57:91:ce:b6:e0:9d:1c:74:c3:
a5:3a:ad:51:4a:fa:0e:84:19:00:b5:d5:62:93:ab:0a:03:90:
c5:e6:c8:6a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZ0xIF42H9YG7a75R0NcV9lBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI3MjEwODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTc4NDEzZTU2ZGJkNDM1MzJlMjc1NjZlNDI0YjAwMjA4YzI0NWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Vs5oi3UTa9N4kaMsnnumbSDuO0i
wX3ywT2bCuwZnyNtymjXlS+48Pt0bj6iuY1HASGayJnVWkS2fHEi1uROwocc/DPf
NzUHP+EPHTH7v2W3K74WUbEVUaeMy7X2JLylIcR3lVVpeEEVR11GzHP2WhJzOUkw
f0KjPKjsd4x2t694PEWcyDjAMou3sC7CmZChXKHzwK4QT7jW25w9iLaLbuqiMTBP
zV5xbC+eznKePypNKbrW52EroSoOTn7XX6ajfC1liWd8CQppbQcLHuvsGh0eMCeZ
HUTzqKX33xowViB5o031X+J8973mJgN1MLBdM16myfz72WGixkUrXC2n6wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLV4QT5W29Q1MuJ1ZuQksAIIwkXaMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdFhoQlBsYmIxRFV5NG5WbTVDU3dBZ2pDUmRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBAhsaAwQA
QLxbAwQDkB8AAwQAkB8LAwQAkB9aAwQAkB9eAwQAkB99AwQCkB+AAwQAlvFfAwQA
wRfBMA0GCSqGSIb3DQEBCwUAA4IBAQCWyjSCrfVOz8fbU3Rh1DbztWpuKwnWEkWF
WBM5+wTM8fW792ghtrcAFnMNh4J/NQpQYb5sAk3e6VUuc0gcyOnWUAJtqJbJJuSY
3kSg3Yyr2KzVm5AfzJRzLTxgRvy+wFwGdcjWZFVrUqUyL76nuGixuvk/1N+Q3rXN
lWUeshclWFZUlYn9JUdE6ln6Rewi804VjtP25fJLWOHtwh8kz3yPdVtDFvIRXjy5
+emjH1caBabSXq5+5fLs3fmlEZDfP7A3Av8kZi0fEMBEbLPVmjhtAaONSCFLrEyV
XcmWSRCCesFXkc624J0cdMOlOq1RSvoOhBkAtdVik6sKA5DF5shq
-----END CERTIFICATE-----
Generated at Fri Apr 17 12:25:24 2026 by rpki-client