Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/f1457f-621f-4796-860e-9a350fd1a4ad/1/Hx4ZFK_A19H-rixHWmeNmsblWVY.roa
File: Hx4ZFK_A19H-rixHWmeNmsblWVY.roa (raw, json)
Hash identifier: qhTKdMQP/19emw8OGCQnS3QPmahlE+I8qBJjNpuJP+M=
Subject key identifier: 1F:1E:19:14:AF:C0:D7:D1:FE:AE:2C:47:5A:67:8D:9A:C6:E5:59:56
Certificate issuer: /CN=ebef95f8c4c554826de8f38ad6bba9fb74802824
Certificate serial: 019D3D5B77A2AED9C80F0F03255AC10E5626
Authority key identifier: EB:EF:95:F8:C4:C5:54:82:6D:E8:F3:8A:D6:BB:A9:FB:74:80:28:24
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6--V-MTFVIJt6POK1rup-3SAKCQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e1/f1457f-621f-4796-860e-9a350fd1a4ad/1/Hx4ZFK_A19H-rixHWmeNmsblWVY.roa
Signing time: Mon 30 Mar 2026 06:08:17 +0000
ROA not before: Mon 30 Mar 2026 06:08:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 15763
IP address blocks: 85.22.0.0/16 maxlen: 16
85.22.0.0/20 maxlen: 20
85.22.16.0/20 maxlen: 20
85.22.48.0/24 maxlen: 24
85.22.50.0/24 maxlen: 24
85.22.51.0/24 maxlen: 24
85.22.52.0/24 maxlen: 24
85.22.53.0/24 maxlen: 24
85.22.54.0/24 maxlen: 24
85.22.55.0/24 maxlen: 24
85.22.58.0/24 maxlen: 24
85.22.60.0/24 maxlen: 24
85.22.64.0/24 maxlen: 24
85.22.66.0/24 maxlen: 24
85.22.74.0/24 maxlen: 24
85.22.75.0/24 maxlen: 24
85.22.76.0/24 maxlen: 24
85.22.84.0/22 maxlen: 22
85.22.96.0/20 maxlen: 20
85.22.112.0/20 maxlen: 20
85.22.128.0/22 maxlen: 22
85.22.148.0/23 maxlen: 23
85.22.156.0/24 maxlen: 24
85.22.158.0/24 maxlen: 24
85.22.172.0/24 maxlen: 24
85.22.173.0/24 maxlen: 24
85.22.174.0/24 maxlen: 24
85.22.175.0/24 maxlen: 24
149.232.32.0/20 maxlen: 20
156.67.58.0/24 maxlen: 24
185.151.100.0/22 maxlen: 24
212.29.32.0/19 maxlen: 19
212.29.32.0/24 maxlen: 24
212.29.33.0/24 maxlen: 24
212.29.34.0/24 maxlen: 24
212.29.39.0/24 maxlen: 24
212.29.40.0/24 maxlen: 24
212.29.42.0/24 maxlen: 24
2a03:f580::/32 maxlen: 48
2a03:f580::/48 maxlen: 48
2a03:f580:1::/48 maxlen: 48
2a03:f580:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e1/f1457f-621f-4796-860e-9a350fd1a4ad/1/6--V-MTFVIJt6POK1rup-3SAKCQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/e1/f1457f-621f-4796-860e-9a350fd1a4ad/1/6--V-MTFVIJt6POK1rup-3SAKCQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/6--V-MTFVIJt6POK1rup-3SAKCQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 06:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3d:5b:77:a2:ae:d9:c8:0f:0f:03:25:5a:c1:0e:56:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ebef95f8c4c554826de8f38ad6bba9fb74802824
Validity
Not Before: Mar 30 06:08:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1f1e1914afc0d7d1feae2c475a678d9ac6e55956
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:c4:e1:44:dd:d5:6b:3e:95:2f:82:ef:bc:64:
c0:ff:7c:82:e0:81:5e:4e:e4:6e:32:42:88:a7:74:
f0:24:6f:44:71:2a:35:3b:bf:f3:57:98:d9:d7:ed:
92:b5:d5:92:b9:f3:4b:a6:81:51:aa:c7:92:98:2b:
6c:dc:45:bd:b7:37:ad:f8:13:e9:ae:74:a5:ec:45:
34:91:78:aa:6a:d0:7e:57:41:8e:5b:9c:a0:aa:6b:
df:37:3c:ea:21:f9:7c:af:d2:dc:1d:15:45:bd:2c:
a8:95:5b:ee:d8:84:8d:3e:6c:38:7a:cb:89:65:20:
28:56:40:d4:90:03:dd:fc:fb:57:d2:56:7c:48:78:
89:65:6f:f9:f9:8b:c4:67:38:71:53:26:56:c7:72:
28:47:2e:0d:ca:61:45:bb:a6:4b:ab:ed:aa:83:ce:
e6:3c:ac:95:1f:dd:0c:ba:f7:a6:a1:c5:65:29:7d:
ec:84:37:72:e7:4b:66:74:0d:a3:61:a2:fd:28:c6:
a6:80:36:9a:e6:2a:e9:9d:0e:f8:a0:ff:4b:1e:80:
45:b9:4c:55:ac:a3:a3:8e:04:75:2b:bf:4f:da:2a:
68:5b:30:76:5d:29:cb:6b:a0:09:5d:e4:69:b6:66:
a6:a1:b9:2d:49:a8:2a:22:50:14:2d:4d:65:c0:c3:
65:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:1E:19:14:AF:C0:D7:D1:FE:AE:2C:47:5A:67:8D:9A:C6:E5:59:56
X509v3 Authority Key Identifier:
keyid:EB:EF:95:F8:C4:C5:54:82:6D:E8:F3:8A:D6:BB:A9:FB:74:80:28:24
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6--V-MTFVIJt6POK1rup-3SAKCQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/f1457f-621f-4796-860e-9a350fd1a4ad/1/Hx4ZFK_A19H-rixHWmeNmsblWVY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/f1457f-621f-4796-860e-9a350fd1a4ad/1/6--V-MTFVIJt6POK1rup-3SAKCQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.22.0.0/16
149.232.32.0/20
156.67.58.0/24
185.151.100.0/22
212.29.32.0/19
IPv6:
2a03:f580::/32
Signature Algorithm: sha256WithRSAEncryption
a7:6e:af:18:12:5b:bd:92:f6:d9:36:a8:33:e5:d0:77:d0:bd:
43:e2:f0:30:d4:7c:9c:00:07:fc:cc:0f:35:00:4e:eb:1c:b3:
a8:91:0d:a8:0e:b5:c7:97:d1:00:39:ee:c3:44:52:e5:15:90:
4b:c7:f5:d1:95:dd:29:31:1a:b1:e1:d8:ee:c8:41:7e:93:14:
a9:87:55:21:80:90:ef:31:73:3c:85:44:21:14:cc:46:82:67:
ea:40:7d:43:53:52:6e:8c:16:75:a0:af:ea:35:0d:0a:1f:08:
91:76:7e:22:a0:8c:38:65:d7:8f:9b:b3:01:ad:d7:51:23:c2:
cc:e3:2f:66:42:01:27:c6:aa:fb:3a:b5:8f:9d:da:f5:f3:92:
a1:da:84:1a:c7:4e:70:f1:40:bb:3f:fc:b5:09:a0:e2:8e:eb:
ce:ac:de:60:2f:22:ce:30:61:3a:37:91:82:5d:ca:45:ee:ef:
49:e1:3d:f2:56:98:54:32:45:a7:c2:bd:9e:9f:e9:37:90:65:
3a:31:81:28:00:92:37:f0:ae:98:a5:01:82:a0:71:60:33:e9:
fc:9c:99:5e:e0:22:f7:a4:89:c1:6a:12:d8:2c:b3:31:86:b8:
40:24:ba:c0:46:44:76:c0:f9:fb:e6:55:8e:8c:fd:c6:0f:fc:
82:d9:8b:69
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZ09W3eirtnIDw8DJVrBDlYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWY5NWY4YzRjNTU0ODI2ZGU4ZjM4YWQ2YmJhOWZiNzQ4
MDI4MjQwHhcNMjYwMzMwMDYwODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjFlMTkxNGFmYzBkN2QxZmVhZTJjNDc1YTY3OGQ5YWM2ZTU1OTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcThRN3Vaz6VL4LvvGTA/3yC4IFe
TuRuMkKIp3TwJG9EcSo1O7/zV5jZ1+2StdWSufNLpoFRqseSmCts3EW9tzet+BPp
rnSl7EU0kXiqatB+V0GOW5ygqmvfNzzqIfl8r9LcHRVFvSyolVvu2ISNPmw4esuJ
ZSAoVkDUkAPd/PtX0lZ8SHiJZW/5+YvEZzhxUyZWx3IoRy4NymFFu6ZLq+2qg87m
PKyVH90MuvemocVlKX3shDdy50tmdA2jYaL9KMamgDaa5irpnQ74oP9LHoBFuUxV
rKOjjgR1K79P2ipoWzB2XSnLa6AJXeRptmamobktSagqIlAULU1lwMNl/QIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFB8eGRSvwNfR/q4sR1pnjZrG5VlWMB8GA1UdIwQY
MBaAFOvvlfjExVSCbejzita7qft0gCgkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi0tVi1NVEZWSUp0NlBPSzFydXAtM1NBS0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9mMTQ1N2YtNjIxZi00Nzk2LTg2MGUt
OWEzNTBmZDFhNGFkLzEvSHg0WkZLX0ExOUgtcml4SFdtZU5tc2JsV1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9mMTQ1N2YtNjIxZi00Nzk2LTg2MGUtOWEzNTBmZDFhNGFk
LzEvNi0tVi1NVEZWSUp0NlBPSzFydXAtM1NBS0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAjBAIAATAdAwMAVRYDBASV
6CADBACcQzoDBAK5l2QDBAXUHSAwDQQCAAIwBwMFACoD9YAwDQYJKoZIhvcNAQEL
BQADggEBAKdurxgSW72S9tk2qDPl0HfQvUPi8DDUfJwAB/zMDzUATuscs6iRDagO
tceX0QA57sNEUuUVkEvH9dGV3SkxGrHh2O7IQX6TFKmHVSGAkO8xczyFRCEUzEaC
Z+pAfUNTUm6MFnWgr+o1DQofCJF2fiKgjDhl14+bswGt11EjwszjL2ZCASfGqvs6
tY+d2vXzkqHahBrHTnDxQLs//LUJoOKO686s3mAvIs4wYTo3kYJdykXu70nhPfJW
mFQyRafCvZ6f6TeQZToxgSgAkjfwrpilAYKgcWAz6fycmV7gIvekicFqEtgsszGG
uEAkusBGRHbA+fvmVY6M/cYP/ILZi2k=
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:13:52 2026 by rpki-client