Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hlzpaZeS1PWLe-Rjmn2pAszRLOM.roa
File: hlzpaZeS1PWLe-Rjmn2pAszRLOM.roa (raw, json)
Hash identifier: Wh/vsFpS1JeA0o5kynLOV7mHCA7SaY/dav0TCGwBFvQ=
Subject key identifier: 86:5C:E9:69:97:92:D4:F5:8B:7B:E4:63:9A:7D:A9:02:CC:D1:2C:E3
Certificate issuer: /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial: 019D72929F995AC68C17BA7E95D661381DF0
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hlzpaZeS1PWLe-Rjmn2pAszRLOM.roa
Signing time: Thu 09 Apr 2026 14:08:24 +0000
ROA not before: Thu 09 Apr 2026 14:08:24 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 396540
IP address blocks: 81.19.194.0/24 maxlen: 24
81.19.194.30/32 maxlen: 32
81.19.195.0/24 maxlen: 24
81.19.195.30/32 maxlen: 32
81.19.195.31/32 maxlen: 32
185.100.0.0/24 maxlen: 24
185.100.0.53/32 maxlen: 32
2a10:eec0:abcd::/48 maxlen: 48
2a10:eec0:abcd::30/128 maxlen: 128
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:72:92:9f:99:5a:c6:8c:17:ba:7e:95:d6:61:38:1d:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Validity
Not Before: Apr 9 14:08:24 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=865ce9699792d4f58b7be4639a7da902ccd12ce3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:e4:e4:f5:06:48:f9:4e:ad:de:7a:42:55:5a:
19:0a:aa:88:0d:7f:bd:f3:21:b1:b5:15:d6:6f:a8:
52:10:81:4a:1d:f5:8d:32:c8:86:74:96:84:a6:7e:
d4:ff:26:d7:b8:38:f6:57:c0:ab:3d:15:ac:b6:a5:
6c:e8:97:a8:81:d8:e2:3f:bf:bd:fb:ce:78:1d:e2:
69:d6:a9:de:8f:96:05:69:34:5a:7b:a5:3c:9f:c6:
df:dd:57:44:8c:46:2f:ee:f0:d3:49:4d:ae:57:b9:
de:0a:90:94:28:16:e7:e0:d7:df:88:e6:b1:bc:49:
d7:b8:58:09:a6:84:12:a2:e8:5b:80:8a:f7:44:9e:
8c:a4:f7:12:74:d3:05:02:78:bd:03:54:66:79:ea:
e5:2e:83:f0:f9:14:e5:fe:bb:f3:b1:8a:9b:ad:30:
c1:62:7b:ba:50:fc:58:de:1e:f1:3d:0c:3e:e4:0b:
d2:8a:56:04:46:ec:3c:b1:cd:fc:71:10:f8:96:2e:
b2:95:0d:d3:70:e7:6e:8b:98:72:12:aa:e2:35:5e:
55:14:ff:cf:94:3f:44:05:8e:b6:97:b8:da:2e:03:
23:67:fd:a2:57:8f:8b:1f:d9:97:4c:2e:8d:98:06:
6c:98:70:18:b7:fb:40:05:84:b8:48:42:48:2c:0c:
d5:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:5C:E9:69:97:92:D4:F5:8B:7B:E4:63:9A:7D:A9:02:CC:D1:2C:E3
X509v3 Authority Key Identifier:
keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/hlzpaZeS1PWLe-Rjmn2pAszRLOM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.19.194.0/23
185.100.0.0/24
IPv6:
2a10:eec0:abcd::/48
Signature Algorithm: sha256WithRSAEncryption
bc:f9:51:b8:db:50:51:e4:bb:61:d7:b3:8e:10:1b:a3:c6:fd:
32:a4:91:97:ea:73:c6:f2:85:33:49:ad:f6:e5:b1:b4:09:4e:
62:12:c3:fe:47:42:c5:2e:99:db:e8:c0:4a:c4:cb:05:87:62:
9a:c3:63:ba:3e:57:b6:3e:9d:a3:70:9f:dc:4f:84:54:00:e3:
85:73:97:26:c9:63:1d:e4:28:4e:49:e2:25:4b:e1:04:f8:03:
7d:e9:3f:88:d4:cc:55:c5:f8:44:5d:9a:87:32:a7:59:a4:4a:
82:1c:ea:5f:49:15:c0:2c:5b:c4:25:8a:b3:b3:91:38:b9:ad:
90:95:f8:88:86:8e:07:58:3c:a2:3c:07:b8:e8:60:e0:92:bc:
d5:85:d5:4c:77:35:ac:74:51:56:6b:14:97:e6:82:0d:73:f4:
e9:ce:9c:ef:61:d5:e7:05:32:dc:c5:09:d6:a2:14:b3:4e:ba:
39:a9:64:4d:63:5a:d7:8e:34:8c:68:f1:59:2c:fc:ac:5d:6c:
4c:3d:6f:8a:88:b4:30:dd:f3:28:86:82:30:f9:7c:74:ab:41:
1b:70:09:1b:c8:5f:eb:af:42:62:6f:05:c9:33:4e:f3:c8:41:
6f:10:a4:0e:4e:d2:00:54:39:0b:af:94:f0:5b:ca:ff:c7:ea:
89:bd:8b:ef
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ1ykp+ZWsaMF7p+ldZhOB3wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjYwNDA5MTQwODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjVjZTk2OTk3OTJkNGY1OGI3YmU0NjM5YTdkYTkwMmNjZDEyY2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuTk9QZI+U6t3npCVVoZCqqIDX+9
8yGxtRXWb6hSEIFKHfWNMsiGdJaEpn7U/ybXuDj2V8CrPRWstqVs6JeogdjiP7+9
+854HeJp1qnej5YFaTRae6U8n8bf3VdEjEYv7vDTSU2uV7neCpCUKBbn4NffiOax
vEnXuFgJpoQSouhbgIr3RJ6MpPcSdNMFAni9A1RmeerlLoPw+RTl/rvzsYqbrTDB
Ynu6UPxY3h7xPQw+5AvSilYERuw8sc38cRD4li6ylQ3TcOdui5hyEqriNV5VFP/P
lD9EBY62l7jaLgMjZ/2iV4+LH9mXTC6NmAZsmHAYt/tABYS4SEJILAzV5wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFIZc6WmXktT1i3vkY5p9qQLM0SzjMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvaGx6cGFaZVMxUFdMZS1Sam1uMnBBc3pSTE9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBURPCAwQA
uWQAMA8EAgACMAkDBwAqEO7Aq80wDQYJKoZIhvcNAQELBQADggEBALz5UbjbUFHk
u2HXs44QG6PG/TKkkZfqc8byhTNJrfblsbQJTmISw/5HQsUumdvowErEywWHYprD
Y7o+V7Y+naNwn9xPhFQA44VzlybJYx3kKE5J4iVL4QT4A33pP4jUzFXF+ERdmocy
p1mkSoIc6l9JFcAsW8QlirOzkTi5rZCV+IiGjgdYPKI8B7joYOCSvNWF1Ux3Nax0
UVZrFJfmgg1z9OnOnO9h1ecFMtzFCdaiFLNOujmpZE1jWteONIxo8Vks/KxdbEw9
b4qItDDd8yiGgjD5fHSrQRtwCRvIX+uvQmJvBckzTvPIQW8QpA5O0gBUOQuvlPBb
yv/H6om9i+8=
-----END CERTIFICATE-----
Generated at Fri Apr 17 06:02:04 2026 by rpki-client