Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/_sfxMS4KYedYQhZqYVe0vx6U0P8.roa
File: _sfxMS4KYedYQhZqYVe0vx6U0P8.roa (raw, json)
Hash identifier: HdjrolsTl6dq9JuTpuwMz1JkQSSEytIFF+CQBCU0Dho=
Subject key identifier: FE:C7:F1:31:2E:0A:61:E7:58:42:16:6A:61:57:B4:BF:1E:94:D0:FF
Certificate issuer: /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial: 019D78958D8F8C8DF833553889C955C99687
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/_sfxMS4KYedYQhZqYVe0vx6U0P8.roa
Signing time: Fri 10 Apr 2026 18:09:20 +0000
ROA not before: Fri 10 Apr 2026 18:09:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 6079
IP address blocks: 89.28.200.0/24 maxlen: 24
89.28.201.0/24 maxlen: 24
89.28.204.0/24 maxlen: 24
89.28.206.0/24 maxlen: 24
89.28.207.0/24 maxlen: 24
152.89.193.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:78:95:8d:8f:8c:8d:f8:33:55:38:89:c9:55:c9:96:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
Validity
Not Before: Apr 10 18:09:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fec7f1312e0a61e75842166a6157b4bf1e94d0ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:bd:6b:b5:cb:7b:c4:b7:48:58:b3:ec:bb:0b:
94:b3:d3:cb:89:cb:7b:08:a5:3a:28:2e:98:87:7a:
67:4c:66:88:de:6f:9b:f1:44:c3:b7:93:e3:02:fd:
90:cd:73:9b:f1:bf:46:c5:95:fa:ab:ff:f7:a5:53:
79:d8:6a:1f:45:8e:38:ea:68:b5:9d:07:f3:05:16:
87:03:80:c7:cb:b8:b0:6a:0f:35:0e:a7:14:03:6a:
51:b3:9b:70:98:51:3d:d8:dd:de:e5:d9:fe:42:0e:
e9:0d:63:7b:8e:b9:42:7d:f5:eb:d3:1c:78:9f:a6:
8a:c8:ba:99:24:88:9c:db:60:10:62:63:d2:e2:cc:
53:dd:26:3f:a1:53:32:63:73:c2:38:1e:46:ce:c9:
92:1f:9d:8f:fa:0e:c6:c5:82:40:78:10:ab:53:c7:
3f:9b:75:58:d7:b3:27:d9:9e:4c:ad:fe:e4:67:12:
b6:80:0f:d8:f8:0c:cb:6b:a7:b1:75:b5:52:50:f0:
35:32:54:a7:25:57:d7:c4:c8:71:2b:59:49:00:7d:
e0:41:5c:e1:ef:76:66:ec:e8:ba:2b:16:42:68:9e:
b2:40:ae:d3:52:54:4f:4b:55:c9:a2:41:d9:d6:0b:
9f:dd:ce:11:57:b2:db:1e:7e:f8:83:2d:fb:30:4b:
c1:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:C7:F1:31:2E:0A:61:E7:58:42:16:6A:61:57:B4:BF:1E:94:D0:FF
X509v3 Authority Key Identifier:
keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/_sfxMS4KYedYQhZqYVe0vx6U0P8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.28.200.0/23
89.28.204.0/24
89.28.206.0/23
152.89.193.0/24
Signature Algorithm: sha256WithRSAEncryption
41:95:75:be:38:4a:60:e0:35:3b:a6:1e:62:a6:9c:c9:e2:be:
5b:ce:f8:1b:b6:80:9a:3d:63:65:42:9c:bb:a1:a2:f0:70:10:
40:78:50:b1:8b:a0:ec:0b:a8:13:f2:33:0d:80:7c:6d:75:21:
bd:a6:d4:02:33:ab:4d:55:dd:99:f1:44:03:7d:dc:d1:d0:6f:
a6:ee:3e:74:27:35:4b:22:3e:6c:7a:f2:de:3d:cf:1c:f8:97:
51:be:62:fe:5c:64:37:71:5c:5d:46:10:4d:59:a1:75:e3:83:
e3:71:63:df:32:43:8c:c5:2b:34:d1:73:92:90:c3:9e:60:1b:
3b:aa:22:b8:d6:e8:60:5a:89:2d:4b:41:e2:7b:c6:47:0c:58:
9f:6f:ae:30:1f:96:90:3c:2e:56:7d:a7:7f:1c:6a:e0:bf:d1:
6c:d0:ee:9a:08:bb:65:32:39:d2:19:fa:4d:84:47:96:37:b0:
87:9e:2e:5b:67:c4:71:62:fa:10:ea:91:04:64:76:ff:7c:59:
10:84:40:9e:6c:b5:36:cb:75:47:45:b7:3d:e5:28:a5:01:c9:
ad:57:b1:fa:c5:59:86:5a:01:13:0d:0e:b6:75:4e:63:54:d1:
48:22:17:81:93:83:40:61:2a:91:fc:48:d5:2a:37:83:d7:48:
74:d8:72:a0
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ14lY2PjI34M1U4iclVyZaHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwNDEwMTgwOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWM3ZjEzMTJlMGE2MWU3NTg0MjE2NmE2MTU3YjRiZjFlOTRkMGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo71rtct7xLdIWLPsuwuUs9PLict7
CKU6KC6Yh3pnTGaI3m+b8UTDt5PjAv2QzXOb8b9GxZX6q//3pVN52GofRY446mi1
nQfzBRaHA4DHy7iwag81DqcUA2pRs5twmFE92N3e5dn+Qg7pDWN7jrlCffXr0xx4
n6aKyLqZJIic22AQYmPS4sxT3SY/oVMyY3PCOB5GzsmSH52P+g7GxYJAeBCrU8c/
m3VY17Mn2Z5Mrf7kZxK2gA/Y+AzLa6exdbVSUPA1MlSnJVfXxMhxK1lJAH3gQVzh
73Zm7Oi6KxZCaJ6yQK7TUlRPS1XJokHZ1guf3c4RV7LbHn74gy37MEvBgQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFP7H8TEuCmHnWEIWamFXtL8elND/MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvX3NmeE1TNEtZZWRZUWhacVlWZTB2eDZVMFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBWRzIAwQA
WRzMAwQBWRzOAwQAmFnBMA0GCSqGSIb3DQEBCwUAA4IBAQBBlXW+OEpg4DU7ph5i
ppzJ4r5bzvgbtoCaPWNlQpy7oaLwcBBAeFCxi6DsC6gT8jMNgHxtdSG9ptQCM6tN
Vd2Z8UQDfdzR0G+m7j50JzVLIj5sevLePc8c+JdRvmL+XGQ3cVxdRhBNWaF144Pj
cWPfMkOMxSs00XOSkMOeYBs7qiK41uhgWoktS0Hie8ZHDFifb64wH5aQPC5Wfad/
HGrgv9Fs0O6aCLtlMjnSGfpNhEeWN7CHni5bZ8RxYvoQ6pEEZHb/fFkQhECebLU2
y3VHRbc95SilAcmtV7H6xVmGWgETDQ62dU5jVNFIIheBk4NAYSqR/EjVKjeD10h0
2HKg
-----END CERTIFICATE-----
Generated at Sun Apr 19 08:27:43 2026 by rpki-client