Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HEZsruxzewY7fUW2A8dms7trYnY.roa
File: HEZsruxzewY7fUW2A8dms7trYnY.roa (raw, json)
Hash identifier: P3enuDTypA9db1obnD6HnJytF9icRLkgyFQpVMhffnQ=
Subject key identifier: 1C:46:6C:AE:EC:73:7B:06:3B:7D:45:B6:03:C7:66:B3:BB:6B:62:76
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019E8D201D1DDA940600357DF8BFABD66297
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HEZsruxzewY7fUW2A8dms7trYnY.roa
Signing time: Wed 03 Jun 2026 10:55:52 +0000
ROA not before: Wed 03 Jun 2026 10:55:52 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 42926
IP address blocks: 45.84.223.0/24 maxlen: 24
45.89.246.0/24 maxlen: 24
212.115.40.0/24 maxlen: 24
212.115.42.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 04 Jun 2026 10:55:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:8d:20:1d:1d:da:94:06:00:35:7d:f8:bf:ab:d6:62:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 3 10:55:52 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1c466caeec737b063b7d45b603c766b3bb6b6276
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:38:84:73:d2:09:29:f2:2f:07:d0:bb:79:e0:
6a:d5:d8:5d:46:96:0f:00:ab:a3:4f:78:dc:97:b6:
57:f7:21:20:64:6b:89:79:2a:fd:bd:52:42:84:bb:
a2:50:d9:f0:a0:d9:eb:0c:5a:7a:c2:6c:6c:67:40:
94:72:a4:cd:41:a5:d3:a2:6d:e8:04:63:c3:22:b9:
fc:d0:4f:0b:bb:e7:03:20:59:7c:7c:99:a3:85:08:
ba:b4:71:51:7c:0a:ed:23:de:ef:d9:0b:f3:f9:d9:
01:a4:34:06:e7:b8:ca:bd:8e:24:58:06:ee:d3:89:
e6:d1:08:40:f2:de:e8:03:f8:b0:99:19:c8:64:a2:
b8:94:ad:57:97:74:4c:64:05:77:22:85:78:f4:2f:
e2:f7:9a:a1:27:91:ef:de:2b:ba:07:a7:04:d7:61:
cb:2a:8b:5e:b2:c7:d8:e5:6a:95:8e:31:51:4c:79:
d7:4c:30:65:a7:37:7e:e7:1b:20:89:c3:4b:6a:00:
ee:21:f5:c3:47:dd:96:76:71:44:e5:1a:b4:92:35:
aa:dc:6d:74:c7:27:da:01:d5:d5:cc:dc:94:f3:7a:
3a:49:4c:f8:ed:65:57:7e:ec:b2:2a:d6:6c:13:a4:
c3:77:37:08:ce:b2:ce:35:f5:4d:e2:26:cf:39:7a:
df:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:46:6C:AE:EC:73:7B:06:3B:7D:45:B6:03:C7:66:B3:BB:6B:62:76
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HEZsruxzewY7fUW2A8dms7trYnY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.223.0/24
45.89.246.0/24
212.115.40.0/24
212.115.42.0/23
Signature Algorithm: sha256WithRSAEncryption
12:f7:d9:39:d7:b0:2a:95:d1:7d:91:bf:6a:96:10:44:82:7f:
94:e2:b6:40:6a:b6:8b:01:eb:b2:6e:1c:1a:4b:60:2a:b1:3f:
e4:dc:6b:3a:47:c5:3d:c5:3d:b7:c1:e9:f9:25:cb:aa:b5:15:
b5:14:d6:1f:49:a5:40:24:7f:5a:ad:38:26:9a:07:6f:b7:6a:
8c:3b:87:67:bf:34:87:c4:29:67:80:55:64:72:c1:4e:1f:d6:
7f:f9:25:88:9e:44:8d:d7:cd:73:81:c6:20:1e:2a:54:74:77:
6e:1d:6c:0d:4c:97:08:c5:7c:57:b3:1e:57:e2:ff:96:7c:6c:
ae:08:3a:86:d6:d6:5f:21:75:87:a0:e9:5e:df:dd:16:e0:f3:
14:82:54:c4:1d:5b:84:3c:60:a2:af:63:0f:6d:02:64:e9:2f:
60:e9:a2:74:7d:11:fc:17:3f:c7:e4:70:50:03:79:be:62:6e:
d0:84:1d:bb:6f:41:b0:14:11:27:89:36:5c:8d:d4:51:14:71:
81:9a:35:de:dc:73:36:bc:cd:88:4c:34:7d:d0:93:a2:f8:66:
2a:e4:ee:b1:86:23:80:58:cd:97:50:f6:cc:57:dc:2c:62:40:
8a:70:65:80:d7:dc:64:e9:6f:1e:46:66:53:13:d2:6e:72:2b:
d8:96:3e:5d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ6NIB0d2pQGADV9+L+r1mKXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNjAzMTA1NTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzQ2NmNhZWVjNzM3YjA2M2I3ZDQ1YjYwM2M3NjZiM2JiNmI2Mjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDiEc9IJKfIvB9C7eeBq1dhdRpYP
AKujT3jcl7ZX9yEgZGuJeSr9vVJChLuiUNnwoNnrDFp6wmxsZ0CUcqTNQaXTom3o
BGPDIrn80E8Lu+cDIFl8fJmjhQi6tHFRfArtI97v2Qvz+dkBpDQG57jKvY4kWAbu
04nm0QhA8t7oA/iwmRnIZKK4lK1Xl3RMZAV3IoV49C/i95qhJ5Hv3iu6B6cE12HL
KotessfY5WqVjjFRTHnXTDBlpzd+5xsgicNLagDuIfXDR92WdnFE5Rq0kjWq3G10
xyfaAdXVzNyU83o6SUz47WVXfuyyKtZsE6TDdzcIzrLONfVN4ibPOXrf4wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBxGbK7sc3sGO31FtgPHZrO7a2J2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSEVac3J1eHpld1k3ZlVXMkE4ZG1zN3RyWW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALVTfAwQA
LVn2AwQA1HMoAwQB1HMqMA0GCSqGSIb3DQEBCwUAA4IBAQAS99k517AqldF9kb9q
lhBEgn+U4rZAaraLAeuybhwaS2AqsT/k3Gs6R8U9xT23wen5JcuqtRW1FNYfSaVA
JH9arTgmmgdvt2qMO4dnvzSHxClngFVkcsFOH9Z/+SWInkSN181zgcYgHipUdHdu
HWwNTJcIxXxXsx5X4v+WfGyuCDqG1tZfIXWHoOle390W4PMUglTEHVuEPGCir2MP
bQJk6S9g6aJ0fRH8Fz/H5HBQA3m+Ym7QhB27b0GwFBEniTZcjdRRFHGBmjXe3HM2
vM2ITDR90JOi+GYq5O6xhiOAWM2XUPbMV9wsYkCKcGWA19xk6W8eRmZTE9JucivY
lj5d
-----END CERTIFICATE-----
Generated at Wed Jun 3 19:51:56 2026 by rpki-client