Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/hrUBYyUNmk1RlzCVJrZZninUqYE.roa
File: hrUBYyUNmk1RlzCVJrZZninUqYE.roa (raw, json)
Hash identifier: tZuiVSXDojagTNTrWs4BJGVlhszVNx0FmVqH9mQLrnc=
Subject key identifier: 86:B5:01:63:25:0D:9A:4D:51:97:30:95:26:B6:59:9E:29:D4:A9:81
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 019DD818FBDA630B760167972AB06CF1AC12
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/hrUBYyUNmk1RlzCVJrZZninUqYE.roa
Signing time: Wed 29 Apr 2026 07:16:49 +0000
ROA not before: Wed 29 Apr 2026 07:16:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 89.249.192.0/21 maxlen: 24
89.249.205.0/24 maxlen: 24
89.249.206.0/23 maxlen: 24
89.249.206.0/24 maxlen: 24
212.42.192.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 02 May 2026 08:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d8:18:fb:da:63:0b:76:01:67:97:2a:b0:6c:f1:ac:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Apr 29 07:16:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=86b50163250d9a4d5197309526b6599e29d4a981
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:21:1d:12:4b:ca:a7:d4:8a:08:f6:74:65:71:
c0:5a:7b:98:35:ad:d2:33:9f:84:fe:dc:6a:00:95:
8d:b5:80:df:21:f3:c0:16:2d:3d:b7:8b:8b:c7:83:
06:46:af:d5:89:4e:d7:98:d7:bc:dd:94:da:9f:fd:
1b:3e:53:1b:fe:d3:f9:9c:9a:88:98:89:b8:9d:07:
f5:bb:84:2c:b2:2c:26:ed:17:6a:7d:2c:2b:d4:ed:
1d:18:54:7f:73:cd:2e:d3:59:b6:72:dd:23:55:a5:
55:fc:4b:12:a6:6e:2b:ec:11:c0:c6:e7:9d:22:43:
92:fc:31:41:22:b0:43:b3:b5:12:50:15:ff:2f:d9:
69:92:86:76:02:dc:0f:a8:68:43:d4:ed:92:a2:85:
c8:4b:aa:57:86:d6:8f:2c:64:e1:65:a2:97:70:ac:
39:37:7d:39:74:de:cd:6d:4f:ea:36:e9:3b:74:bc:
5f:2b:8f:e4:9b:1d:7b:15:19:fe:97:1d:18:77:ce:
24:1f:46:62:29:11:32:58:ea:6a:bb:a9:e5:f0:70:
a4:14:7a:f5:1d:11:1e:92:3e:93:6c:b0:cf:a3:7e:
a9:c7:5f:4b:23:8d:3d:00:cb:23:81:a4:3e:55:bc:
ce:f3:03:4b:80:d0:49:16:3c:01:27:42:a3:b4:b1:
fd:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:B5:01:63:25:0D:9A:4D:51:97:30:95:26:B6:59:9E:29:D4:A9:81
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/hrUBYyUNmk1RlzCVJrZZninUqYE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.192.0/21
89.249.205.0-89.249.207.255
212.42.192.0/20
Signature Algorithm: sha256WithRSAEncryption
3e:e0:1d:05:ab:e9:db:78:67:7b:b7:d6:c1:77:33:1c:f9:93:
00:43:44:02:ef:68:57:34:a3:f5:a0:90:c7:5f:9f:cb:16:6a:
8e:39:24:b5:6b:5c:ff:aa:22:52:91:f3:dc:19:e1:3e:6c:50:
19:b1:e4:2d:f9:aa:e0:ac:3d:3e:84:7d:94:fe:8c:e4:d6:5f:
4e:aa:31:24:df:c4:2a:01:8f:a6:4a:fc:66:75:55:0d:d5:b2:
72:e3:21:4f:12:c8:36:88:be:7f:21:d9:e3:03:4a:e0:ee:c6:
66:de:b3:8d:c7:88:48:41:2f:3e:63:b7:b9:f4:73:a9:65:3e:
24:43:0b:b4:84:89:b8:37:1c:e5:8d:6a:89:5f:4c:6c:9a:92:
52:b5:c9:44:35:a3:81:07:0e:93:7b:0c:37:f6:df:ac:94:df:
62:7b:69:1d:f8:89:af:6a:90:2f:84:8e:66:84:36:cc:0d:52:
e6:1c:6a:ca:6f:ed:0a:87:1d:fc:27:f9:12:75:61:ce:fc:65:
34:7d:4b:71:7f:9b:16:a2:67:60:41:37:bb:6a:d7:27:02:85:
5a:5b:24:ef:64:13:8d:97:d5:45:af:6c:15:1b:29:de:11:08:
16:6f:a2:5f:35:3a:f9:ee:67:09:3e:61:32:4f:f5:d2:0e:33:
0b:0f:1e:da
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ3YGPvaYwt2AWeXKrBs8awSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjYwNDI5MDcxNjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmI1MDE2MzI1MGQ5YTRkNTE5NzMwOTUyNmI2NTk5ZTI5ZDRhOTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iEdEkvKp9SKCPZ0ZXHAWnuYNa3S
M5+E/txqAJWNtYDfIfPAFi09t4uLx4MGRq/ViU7XmNe83ZTan/0bPlMb/tP5nJqI
mIm4nQf1u4Qssiwm7RdqfSwr1O0dGFR/c80u01m2ct0jVaVV/EsSpm4r7BHAxued
IkOS/DFBIrBDs7USUBX/L9lpkoZ2AtwPqGhD1O2SooXIS6pXhtaPLGThZaKXcKw5
N305dN7NbU/qNuk7dLxfK4/kmx17FRn+lx0Yd84kH0ZiKREyWOpqu6nl8HCkFHr1
HREekj6TbLDPo36px19LI409AMsjgaQ+VbzO8wNLgNBJFjwBJ0KjtLH9ZQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIa1AWMlDZpNUZcwlSa2WZ4p1KmBMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvaHJVQll5VU5tazFSbHpDVkpyWlpuaW5VcVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQDWfnAMAwD
BABZ+c0DBARZ+cADBATUKsAwDQYJKoZIhvcNAQELBQADggEBAD7gHQWr6dt4Z3u3
1sF3Mxz5kwBDRALvaFc0o/WgkMdfn8sWao45JLVrXP+qIlKR89wZ4T5sUBmx5C35
quCsPT6EfZT+jOTWX06qMSTfxCoBj6ZK/GZ1VQ3VsnLjIU8SyDaIvn8h2eMDSuDu
xmbes43HiEhBLz5jt7n0c6llPiRDC7SEibg3HOWNaolfTGyaklK1yUQ1o4EHDpN7
DDf236yU32J7aR34ia9qkC+EjmaENswNUuYcaspv7QqHHfwn+RJ1Yc78ZTR9S3F/
mxaiZ2BBN7tq1ycChVpbJO9kE42X1UWvbBUbKd4RCBZvol81OvnuZwk+YTJP9dIO
MwsPHto=
-----END CERTIFICATE-----
Generated at Fri May 1 17:45:09 2026 by rpki-client