Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/hjULG-3Cx4t48ZZl98W5eAzbUA0.roa
File: hjULG-3Cx4t48ZZl98W5eAzbUA0.roa (raw, json)
Hash identifier: mXVmLaxRkgGK3v1ktz2A9g8RaJW9f+TS1ROEFTjkZu8=
Subject key identifier: 86:35:0B:1B:ED:C2:C7:8B:78:F1:96:65:F7:C5:B9:78:0C:DB:50:0D
Certificate issuer: /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial: 019C2BE4AFF8FF5E564F22A08F7BEA87CF0C
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/hjULG-3Cx4t48ZZl98W5eAzbUA0.roa
Signing time: Thu 05 Feb 2026 03:42:13 +0000
ROA not before: Thu 05 Feb 2026 03:42:13 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 14618
IP address blocks: 2a14:67c1:a128::/48 maxlen: 48
2a14:67c1:a129::/48 maxlen: 48
2a14:67c2:510::/48 maxlen: 48
2a14:67c2:576::/48 maxlen: 48
2a14:67c3:30::/44 maxlen: 44
2a14:67c3:cafe::/48 maxlen: 48
2a14:67c3:e622::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:2b:e4:af:f8:ff:5e:56:4f:22:a0:8f:7b:ea:87:cf:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Validity
Not Before: Feb 5 03:42:13 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=86350b1bedc2c78b78f19665f7c5b9780cdb500d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:14:d1:ad:14:ef:63:1d:58:bf:3e:f8:7f:51:
b0:7f:20:a5:80:75:1e:cb:43:72:52:cf:be:97:52:
b7:57:9b:2f:85:3f:73:02:06:33:a0:b2:f7:c8:31:
22:f3:5d:99:27:35:e8:69:7c:56:5e:c7:63:3e:62:
18:5b:c9:ff:c7:35:68:da:02:94:dd:a7:1f:00:7a:
17:9c:4f:e2:11:58:89:bd:d1:40:bd:7b:44:ea:f5:
e7:28:70:22:6f:bb:90:89:59:54:8a:5d:f1:54:cd:
9c:27:0c:1a:0a:f0:94:e8:26:1b:69:ba:a6:08:7b:
57:b3:4b:92:e4:76:a4:71:e2:9e:d0:11:69:99:ab:
85:b3:88:3b:09:12:25:a6:9f:c8:2d:ce:3a:fa:92:
3f:84:cf:ff:09:ae:05:37:dc:93:de:26:39:74:03:
df:94:01:58:64:10:88:d9:93:19:4c:78:d4:0d:78:
d9:00:3f:5c:43:d4:fd:68:cd:70:c8:27:29:62:94:
d2:88:da:2f:ac:63:1e:ac:81:7e:58:03:1f:a7:50:
a7:9b:7f:f4:a2:32:2c:74:37:33:b6:c2:90:09:4d:
91:48:8e:58:6f:5e:8a:01:5b:25:ed:6d:bb:60:25:
97:83:c0:e4:07:2c:89:d9:65:13:1f:a0:7d:81:d1:
89:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:35:0B:1B:ED:C2:C7:8B:78:F1:96:65:F7:C5:B9:78:0C:DB:50:0D
X509v3 Authority Key Identifier:
keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/hjULG-3Cx4t48ZZl98W5eAzbUA0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:67c1:a128::/47
2a14:67c2:510::/48
2a14:67c2:576::/48
2a14:67c3:30::/44
2a14:67c3:cafe::/48
2a14:67c3:e622::/48
Signature Algorithm: sha256WithRSAEncryption
64:a3:4c:3d:e2:e7:4a:19:8e:c7:13:a4:16:e8:d7:22:92:1d:
c0:7d:a9:a3:e0:bf:67:99:23:6d:a9:30:d6:52:a0:1a:96:f7:
07:86:ae:3d:ec:cb:b1:a6:8d:85:8a:3a:b6:77:76:db:1c:d2:
82:c5:ce:fb:d0:de:67:b2:c7:2d:50:13:90:79:08:fe:aa:11:
08:fd:20:08:68:61:dd:5e:9f:b8:04:d1:e6:66:72:42:8c:d1:
71:67:63:dc:a1:9f:6b:57:55:ca:39:a1:17:d3:e4:23:e9:82:
87:be:7a:73:28:d3:55:24:24:17:fa:4e:9f:42:35:2e:b3:18:
3b:be:cd:b2:33:4c:97:1e:dd:81:d1:da:18:a6:46:47:55:aa:
ce:e7:78:d7:fd:41:90:14:8e:a1:1a:9a:c7:3a:a3:4d:a4:ae:
03:ea:0f:32:d4:a6:a2:0a:d5:97:99:9b:06:c5:89:8c:67:12:
ea:67:0d:04:db:37:83:d6:41:2c:cd:63:3b:a0:73:5a:8a:5c:
79:30:b8:6b:5e:d1:20:1a:a5:aa:b9:f8:f6:61:43:14:4c:6c:
77:29:c5:03:e3:38:56:7b:c1:7d:df:e6:94:72:39:a2:a4:9f:
52:68:7e:3f:ab:ee:64:e7:f1:91:6d:56:f5:08:29:ca:52:dd:
c7:f8:9b:e6
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZwr5K/4/15WTyKgj3vqh88MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMjA1MDM0MjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjM1MGIxYmVkYzJjNzhiNzhmMTk2NjVmN2M1Yjk3ODBjZGI1MDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRTRrRTvYx1Yvz74f1GwfyClgHUe
y0NyUs++l1K3V5svhT9zAgYzoLL3yDEi812ZJzXoaXxWXsdjPmIYW8n/xzVo2gKU
3acfAHoXnE/iEViJvdFAvXtE6vXnKHAib7uQiVlUil3xVM2cJwwaCvCU6CYbabqm
CHtXs0uS5HakceKe0BFpmauFs4g7CRIlpp/ILc46+pI/hM//Ca4FN9yT3iY5dAPf
lAFYZBCI2ZMZTHjUDXjZAD9cQ9T9aM1wyCcpYpTSiNovrGMerIF+WAMfp1Cnm3/0
ojIsdDcztsKQCU2RSI5Yb16KAVsl7W27YCWXg8DkByyJ2WUTH6B9gdGJFwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFIY1CxvtwseLePGWZffFuXgM21ANMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvaGpVTEctM0N4NHQ0OFpabDk4VzVlQXpiVUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAAjA2AwcBKhRnwaEo
AwcAKhRnwgUQAwcAKhRnwgV2AwcEKhRnwwAwAwcAKhRnw8r+AwcAKhRnw+YiMA0G
CSqGSIb3DQEBCwUAA4IBAQBko0w94udKGY7HE6QW6Ncikh3Afamj4L9nmSNtqTDW
UqAalvcHhq497Muxpo2Fijq2d3bbHNKCxc770N5nssctUBOQeQj+qhEI/SAIaGHd
Xp+4BNHmZnJCjNFxZ2PcoZ9rV1XKOaEX0+Qj6YKHvnpzKNNVJCQX+k6fQjUusxg7
vs2yM0yXHt2B0doYpkZHVarO53jX/UGQFI6hGprHOqNNpK4D6g8y1KaiCtWXmZsG
xYmMZxLqZw0E2zeD1kEszWM7oHNailx5MLhrXtEgGqWqufj2YUMUTGx3KcUD4zhW
e8F93+aUcjmipJ9SaH4/q+5k5/GRbVb1CCnKUt3H+Jvm
-----END CERTIFICATE-----
Generated at Sat Feb 21 04:51:37 2026 by rpki-client