Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/w3HZKZhry-Djf9PCifUgUUGZWZ0.roa
File: w3HZKZhry-Djf9PCifUgUUGZWZ0.roa (raw, json)
Hash identifier: jl02zcTOBPAUAS1cLibcWpxbRkzCtNoLDTZ3cUIg8r8=
Subject key identifier: C3:71:D9:29:98:6B:CB:E0:E3:7F:D3:C2:89:F5:20:51:41:99:59:9D
Certificate issuer: /CN=42239fb9af128428f84fed9f358686717ed97601
Certificate serial: 019ECC788F7B60A280097132E96890A35D7F
Authority key identifier: 42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/w3HZKZhry-Djf9PCifUgUUGZWZ0.roa
Signing time: Mon 15 Jun 2026 18:08:33 +0000
ROA not before: Mon 15 Jun 2026 18:08:33 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207461
IP address blocks: 153.52.68.0/22 maxlen: 22
153.52.72.0/22 maxlen: 22
153.52.88.0/22 maxlen: 22
153.52.100.0/22 maxlen: 22
153.52.120.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl
rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.mft
rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Jun 2026 03:01:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:cc:78:8f:7b:60:a2:80:09:71:32:e9:68:90:a3:5d:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=42239fb9af128428f84fed9f358686717ed97601
Validity
Not Before: Jun 15 18:08:33 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c371d929986bcbe0e37fd3c289f520514199599d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:39:c3:de:08:24:9a:1c:03:c7:01:97:94:08:
5b:58:46:ff:d2:28:3a:9f:c9:87:81:4c:49:d5:21:
a8:34:8c:55:ba:fe:2c:6c:ba:9b:a1:eb:c9:f1:49:
bb:cc:dd:83:58:a9:27:82:bc:ba:cf:1f:8b:ee:50:
5a:97:45:dd:18:b0:6e:b6:cf:7e:a0:63:f5:79:7a:
c6:e3:b7:b3:18:e7:ff:37:b7:bd:fb:cf:82:f3:60:
5c:ac:7b:e7:84:cc:06:d6:38:27:d4:ad:74:56:b2:
95:40:a7:a6:75:0c:6e:76:83:61:01:7d:71:49:85:
18:2e:20:a7:57:c1:08:91:aa:98:f0:d7:f6:c6:46:
c1:67:76:42:09:bd:0d:88:e7:2c:51:25:b2:75:f9:
c6:96:3a:11:cd:04:e3:f6:c7:14:3b:df:47:6e:7f:
bd:bc:25:20:7a:0b:28:fd:39:e6:81:22:37:6c:0b:
c5:1c:48:c3:ca:7e:ae:4c:12:bc:5d:08:d4:d7:6e:
b2:98:a4:98:b9:5e:d4:0b:8a:f6:52:93:da:57:86:
87:58:f8:99:20:32:71:95:09:9d:ab:97:fb:52:30:
fd:d3:6c:c7:5f:89:15:0d:b1:23:26:05:7b:f6:96:
8d:ed:18:62:27:24:95:88:c3:e5:9b:53:85:c8:2f:
3e:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:71:D9:29:98:6B:CB:E0:E3:7F:D3:C2:89:F5:20:51:41:99:59:9D
X509v3 Authority Key Identifier:
keyid:42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/w3HZKZhry-Djf9PCifUgUUGZWZ0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
153.52.68.0-153.52.75.255
153.52.88.0/22
153.52.100.0/22
153.52.120.0/22
Signature Algorithm: sha256WithRSAEncryption
6c:ac:52:07:12:e5:22:53:e3:38:a0:14:89:ab:e5:65:b2:89:
a6:23:d3:da:0d:39:98:bb:c1:04:6f:5e:b6:d5:49:48:26:60:
ce:b9:05:09:9f:42:95:06:8a:4b:16:1b:a8:0d:1c:89:12:8d:
da:12:27:4a:58:59:10:4d:5d:6d:3f:90:a1:69:ea:e5:d5:a9:
7a:f0:ac:6f:7b:ff:e6:e5:46:a6:65:5d:cd:f8:82:2b:cd:83:
11:75:4b:e4:3d:d3:58:86:26:6e:b7:34:11:7a:fe:0b:a1:0f:
4e:b2:43:f3:21:2d:9d:11:58:4a:cc:8f:af:00:c2:62:6b:fd:
d8:53:68:05:49:f9:1d:32:09:fd:db:47:f5:80:ec:16:8f:bb:
0e:67:65:b6:14:ef:a6:f9:d0:1c:3f:4e:23:1a:2b:4c:38:30:
bc:5c:2d:5b:a8:46:5a:f5:02:1f:98:ff:c0:7e:fd:20:ae:cf:
39:a3:92:03:fb:fa:2b:a6:8e:59:37:0d:12:c2:65:ef:a5:d6:
e3:04:be:c2:7c:ec:5f:5c:c2:88:e4:02:cf:20:e8:73:ba:48:
d4:c6:85:83:f6:c6:d4:59:cc:0f:5d:51:ed:f4:88:95:ed:ab:
e4:cb:5f:48:1e:90:52:82:de:c2:91:dd:ba:f9:6e:56:5a:ce:
1b:40:61:71
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ7MeI97YKKACXEy6WiQo11/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMjM5ZmI5YWYxMjg0MjhmODRmZWQ5ZjM1ODY4NjcxN2Vk
OTc2MDEwHhcNMjYwNjE1MTgwODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzcxZDkyOTk4NmJjYmUwZTM3ZmQzYzI4OWY1MjA1MTQxOTk1OTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3jnD3ggkmhwDxwGXlAhbWEb/0ig6
n8mHgUxJ1SGoNIxVuv4sbLqboevJ8Um7zN2DWKkngry6zx+L7lBal0XdGLButs9+
oGP1eXrG47ezGOf/N7e9+8+C82BcrHvnhMwG1jgn1K10VrKVQKemdQxudoNhAX1x
SYUYLiCnV8EIkaqY8Nf2xkbBZ3ZCCb0NiOcsUSWydfnGljoRzQTj9scUO99Hbn+9
vCUgegso/TnmgSI3bAvFHEjDyn6uTBK8XQjU126ymKSYuV7UC4r2UpPaV4aHWPiZ
IDJxlQmdq5f7UjD902zHX4kVDbEjJgV79paN7RhiJySViMPlm1OFyC8+lQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFMNx2SmYa8vg43/Twon1IFFBmVmdMB8GA1UdIwQY
MBaAFEIjn7mvEoQo+E/tnzWGhnF+2XYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2Mt
YmM1NDAzYWMyYTk1LzEvdzNIWktaaHJ5LURqZjlQQ2lmVWdVVUdaV1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2MtYmM1NDAzYWMyYTk1
LzEvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBAKZNEQD
BAKZNEgDBAKZNFgDBAKZNGQDBAKZNHgwDQYJKoZIhvcNAQELBQADggEBAGysUgcS
5SJT4zigFImr5WWyiaYj09oNOZi7wQRvXrbVSUgmYM65BQmfQpUGiksWG6gNHIkS
jdoSJ0pYWRBNXW0/kKFp6uXVqXrwrG97/+blRqZlXc34givNgxF1S+Q901iGJm63
NBF6/guhD06yQ/MhLZ0RWErMj68AwmJr/dhTaAVJ+R0yCf3bR/WA7BaPuw5nZbYU
76b50Bw/TiMaK0w4MLxcLVuoRlr1Ah+Y/8B+/SCuzzmjkgP7+iumjlk3DRLCZe+l
1uMEvsJ87F9cwojkAs8g6HO6SNTGhYP2xtRZzA9dUe30iJXtq+TLX0gekFKC3sKR
3br5blZazhtAYXE=
-----END CERTIFICATE-----
Generated at Wed Jun 17 11:30:16 2026 by rpki-client