Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xfdE6ZlOQ-W5rrq8SA6M1MYvpHU.roa
File: xfdE6ZlOQ-W5rrq8SA6M1MYvpHU.roa (raw, json)
Hash identifier: 8xHLPXqpVRIpjLkUUtUXhkaESMnIzydFbWoB0hhbdKU=
Subject key identifier: C5:F7:44:E9:99:4E:43:E5:B9:AE:BA:BC:48:0E:8C:D4:C6:2F:A4:75
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D54E1F14866772068A4CC38E45BCF18DB
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xfdE6ZlOQ-W5rrq8SA6M1MYvpHU.roa
Signing time: Fri 03 Apr 2026 19:46:26 +0000
ROA not before: Fri 03 Apr 2026 19:46:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212743
IP address blocks: 2.27.59.0/24 maxlen: 24
2.27.61.0/24 maxlen: 24
144.31.12.0/24 maxlen: 24
144.31.136.0/24 maxlen: 24
144.31.191.0/24 maxlen: 24
144.31.237.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 14:47:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:54:e1:f1:48:66:77:20:68:a4:cc:38:e4:5b:cf:18:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 3 19:46:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c5f744e9994e43e5b9aebabc480e8cd4c62fa475
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:54:e0:bc:89:e5:e2:9a:33:1b:a9:b2:6a:36:
5d:f2:dc:96:5d:dd:66:de:93:29:a2:8e:e7:bb:7f:
c1:b5:1c:67:7f:73:6d:4e:24:1b:fc:b2:d7:57:c5:
66:99:bd:51:ab:75:22:39:07:f2:c4:01:d4:b6:eb:
03:2f:27:9f:4e:09:97:96:75:24:98:33:b5:46:04:
6f:06:c9:ca:a7:d6:3a:67:e9:4f:f1:5c:aa:51:35:
1a:c2:9a:2d:0a:cc:a3:00:84:29:39:7b:bd:8f:b0:
79:c0:96:2e:c6:a9:71:3f:3c:44:cc:1c:7d:5b:6b:
59:63:b0:9a:3c:b2:63:b7:9c:51:d3:24:a3:af:66:
80:6b:e9:11:29:d9:b6:ff:d0:4a:10:99:f0:be:39:
8c:f6:b1:b9:96:14:da:bb:ad:37:37:c8:6e:77:25:
65:7c:48:5d:97:18:e9:49:a6:6c:60:94:cf:4f:60:
f1:f3:22:fa:b5:e5:1c:0d:2a:96:65:fb:dc:69:c3:
96:8b:6b:ac:3c:ee:90:54:2f:cb:a7:e5:92:9d:cb:
7d:f8:32:31:8c:98:4f:4d:95:55:f4:48:44:fc:ed:
a0:c7:c2:7d:ff:eb:f6:a3:d9:91:aa:be:91:9b:87:
3a:3d:ea:5e:f3:51:26:8e:6f:96:3d:4a:ef:75:63:
49:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:F7:44:E9:99:4E:43:E5:B9:AE:BA:BC:48:0E:8C:D4:C6:2F:A4:75
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xfdE6ZlOQ-W5rrq8SA6M1MYvpHU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.59.0/24
2.27.61.0/24
144.31.12.0/24
144.31.136.0/24
144.31.191.0/24
144.31.237.0/24
Signature Algorithm: sha256WithRSAEncryption
05:fe:29:bb:2e:f6:60:a8:99:31:36:c5:fe:2d:75:83:a0:c9:
4a:25:3e:9d:cb:23:2d:2a:a7:f0:a6:24:92:c7:75:85:e5:59:
22:67:bf:44:9b:cf:8b:5d:35:3f:c2:81:77:72:53:10:7f:ec:
c4:15:d6:99:18:05:31:fb:91:1c:26:27:36:c5:9a:9f:8f:39:
d8:6b:30:95:d9:38:b9:ff:ba:94:35:68:55:b7:1d:a6:35:ba:
a9:96:c3:e1:7c:e8:28:32:91:cd:6a:f2:75:e2:7e:e2:53:15:
06:0e:ae:91:7b:3b:7b:e3:86:f3:46:fe:ea:19:60:5f:5d:49:
40:13:f9:84:0d:fe:3d:12:89:eb:d6:a7:87:d4:99:26:e5:98:
d1:4e:0e:96:a5:6b:62:69:24:11:ee:fc:f7:1c:b9:47:f6:b1:
6c:41:5d:04:a9:99:cb:8d:cb:a7:79:56:88:a0:3e:54:5a:a1:
2e:ee:86:bd:be:39:f9:b8:9a:67:75:fe:d0:43:c9:4c:a8:a4:
84:fd:4a:a3:d5:48:ca:23:3f:57:24:67:36:9c:3f:a6:3a:e4:
a4:aa:f8:3d:0c:8d:b2:9a:36:76:72:64:fd:8f:f4:8f:a7:77:
f5:95:1c:83:25:50:ac:28:fa:7d:5e:1a:b9:ca:24:89:2f:a6:
15:15:88:0b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ1U4fFIZncgaKTMOORbzxjbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDAzMTk0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWY3NDRlOTk5NGU0M2U1YjlhZWJhYmM0ODBlOGNkNGM2MmZhNDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFTgvInl4pozG6myajZd8tyWXd1m
3pMpoo7nu3/BtRxnf3NtTiQb/LLXV8Vmmb1Rq3UiOQfyxAHUtusDLyefTgmXlnUk
mDO1RgRvBsnKp9Y6Z+lP8VyqUTUawpotCsyjAIQpOXu9j7B5wJYuxqlxPzxEzBx9
W2tZY7CaPLJjt5xR0ySjr2aAa+kRKdm2/9BKEJnwvjmM9rG5lhTau603N8hudyVl
fEhdlxjpSaZsYJTPT2Dx8yL6teUcDSqWZfvcacOWi2usPO6QVC/Lp+WSnct9+DIx
jJhPTZVV9EhE/O2gx8J9/+v2o9mRqr6Rm4c6Pepe81Emjm+WPUrvdWNJRQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMX3ROmZTkPlua66vEgOjNTGL6R1MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveGZkRTZabE9RLVc1cnJxOFNBNk0xTVl2cEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAAhs7AwQA
Ahs9AwQAkB8MAwQAkB+IAwQAkB+/AwQAkB/tMA0GCSqGSIb3DQEBCwUAA4IBAQAF
/im7LvZgqJkxNsX+LXWDoMlKJT6dyyMtKqfwpiSSx3WF5VkiZ79Em8+LXTU/woF3
clMQf+zEFdaZGAUx+5EcJic2xZqfjznYazCV2Ti5/7qUNWhVtx2mNbqplsPhfOgo
MpHNavJ14n7iUxUGDq6Rezt744bzRv7qGWBfXUlAE/mEDf49Eonr1qeH1Jkm5ZjR
Tg6WpWtiaSQR7vz3HLlH9rFsQV0EqZnLjcuneVaIoD5UWqEu7oa9vjn5uJpndf7Q
Q8lMqKSE/Uqj1UjKIz9XJGc2nD+mOuSkqvg9DI2ymjZ2cmT9j/SPp3f1lRyDJVCs
KPp9Xhq5yiSJL6YVFYgL
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:59:16 2026 by rpki-client