Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/9cfe5d-5770-4b5d-8935-9f38c8b8a928/1/HyHzV1MU9ElmfLFYo26pHGiN3IQ.roa
File: HyHzV1MU9ElmfLFYo26pHGiN3IQ.roa (raw, json)
Hash identifier: FAwtBrWvr9mjLRzQVdNQzXl4BGzCudYJ6kq3X7cDbdU=
Subject key identifier: 1F:21:F3:57:53:14:F4:49:66:7C:B1:58:A3:6E:A9:1C:68:8D:DC:84
Certificate issuer: /CN=d4f92129df7aaa7157e15973c24753e118c9057d
Certificate serial: 019CDD5BDD43927206FCA5A6812E984C0513
Authority key identifier: D4:F9:21:29:DF:7A:AA:71:57:E1:59:73:C2:47:53:E1:18:C9:05:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1PkhKd96qnFX4VlzwkdT4RjJBX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/9cfe5d-5770-4b5d-8935-9f38c8b8a928/1/HyHzV1MU9ElmfLFYo26pHGiN3IQ.roa
Signing time: Wed 11 Mar 2026 14:45:10 +0000
ROA not before: Wed 11 Mar 2026 14:45:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 204631
IP address blocks: 185.136.120.0/22 maxlen: 24
193.27.218.0/23 maxlen: 24
2001:67c:2c08::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/78/9cfe5d-5770-4b5d-8935-9f38c8b8a928/1/1PkhKd96qnFX4VlzwkdT4RjJBX0.crl
rsync://rpki.ripe.net/repository/DEFAULT/78/9cfe5d-5770-4b5d-8935-9f38c8b8a928/1/1PkhKd96qnFX4VlzwkdT4RjJBX0.mft
rsync://rpki.ripe.net/repository/DEFAULT/1PkhKd96qnFX4VlzwkdT4RjJBX0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 14 Mar 2026 00:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:dd:5b:dd:43:92:72:06:fc:a5:a6:81:2e:98:4c:05:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4f92129df7aaa7157e15973c24753e118c9057d
Validity
Not Before: Mar 11 14:45:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1f21f3575314f449667cb158a36ea91c688ddc84
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:1a:fb:63:fe:f2:ca:76:6d:df:7a:06:69:55:
8f:f7:90:29:0d:18:f7:29:b2:37:de:b4:57:29:97:
bc:17:b4:ea:20:5b:02:a8:80:09:2e:ff:67:90:4b:
0a:d8:18:ce:f7:da:0e:08:80:94:ce:ff:f5:b7:73:
16:11:d5:48:2a:01:8f:b3:05:10:ab:7b:00:d4:99:
32:72:c5:ba:2f:7d:0b:a8:30:8f:b2:cd:2d:d8:10:
e4:f1:85:d0:93:37:b5:7b:94:18:6d:29:6c:6d:6d:
2c:95:ed:84:70:cd:86:ab:2a:cf:2d:79:59:6d:cd:
1b:29:d8:dc:10:3f:81:31:4e:40:8c:67:28:91:b3:
15:be:18:16:bd:da:ae:47:9b:a0:87:34:da:c4:dc:
f9:d2:d3:49:0f:e4:d8:a7:5c:c6:f1:7c:2c:d4:63:
8b:0b:ce:d2:46:25:f6:80:93:84:48:e0:22:59:50:
8c:b7:83:44:76:2d:d3:da:b0:b9:d0:dd:56:1d:d5:
a0:cf:c4:76:a3:49:4f:2c:dd:87:61:32:b6:18:78:
80:02:d3:89:34:a7:e7:54:a6:6a:80:c6:10:ff:cd:
c4:6c:a9:e9:b0:e0:d6:87:a1:b2:e5:d2:98:ed:fa:
01:65:f3:ba:a1:08:7b:7d:81:3c:6d:3e:10:1d:c3:
42:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:21:F3:57:53:14:F4:49:66:7C:B1:58:A3:6E:A9:1C:68:8D:DC:84
X509v3 Authority Key Identifier:
keyid:D4:F9:21:29:DF:7A:AA:71:57:E1:59:73:C2:47:53:E1:18:C9:05:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1PkhKd96qnFX4VlzwkdT4RjJBX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/9cfe5d-5770-4b5d-8935-9f38c8b8a928/1/HyHzV1MU9ElmfLFYo26pHGiN3IQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/9cfe5d-5770-4b5d-8935-9f38c8b8a928/1/1PkhKd96qnFX4VlzwkdT4RjJBX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.136.120.0/22
193.27.218.0/23
IPv6:
2001:67c:2c08::/48
Signature Algorithm: sha256WithRSAEncryption
85:34:d5:05:b3:40:c9:30:77:72:51:67:ad:8a:4e:9d:94:78:
31:bf:dd:96:b6:8d:e4:a5:21:33:29:c8:24:ff:0f:36:7f:7d:
7b:46:12:43:30:ae:70:e7:5b:31:d2:72:4f:8f:9d:ab:eb:fe:
14:99:bd:9a:6c:b5:a3:1c:a2:7e:7a:9d:f4:5e:69:a8:80:23:
53:b9:90:72:ed:78:e6:87:f2:a8:f0:71:ae:bb:e9:ed:b3:8e:
e7:51:f6:2f:5f:4b:1e:bb:14:4f:00:c3:ed:1b:f4:71:a4:19:
00:02:7d:37:14:f7:0a:d1:14:f1:e4:54:88:b8:bd:5a:53:73:
94:70:22:c7:75:09:3b:73:89:3b:03:10:b4:06:68:82:72:4a:
1a:e0:2c:e8:90:8b:a4:88:90:cd:e5:08:89:d0:91:17:ac:96:
16:4d:6b:3a:13:0e:e2:ba:df:7c:76:c7:9f:bc:91:88:97:ae:
44:4c:b9:15:4b:7f:b6:4b:5c:d6:85:0c:79:af:30:cb:b1:3f:
5a:fc:95:d8:bf:c1:a1:3d:09:5d:8e:5c:d0:f8:dd:4c:53:f6:
5c:59:eb:1f:5d:71:9a:77:e2:ef:33:c9:fc:d7:91:98:89:23:
63:e9:ea:56:f9:5e:6d:2e:4b:9a:c8:0b:ba:be:71:19:c8:ed:
3f:b3:16:8d
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZzdW91DknIG/KWmgS6YTAUTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZjkyMTI5ZGY3YWFhNzE1N2UxNTk3M2MyNDc1M2UxMThj
OTA1N2QwHhcNMjYwMzExMTQ0NTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjIxZjM1NzUzMTRmNDQ5NjY3Y2IxNThhMzZlYTkxYzY4OGRkYzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Rr7Y/7yynZt33oGaVWP95ApDRj3
KbI33rRXKZe8F7TqIFsCqIAJLv9nkEsK2BjO99oOCICUzv/1t3MWEdVIKgGPswUQ
q3sA1JkycsW6L30LqDCPss0t2BDk8YXQkze1e5QYbSlsbW0sle2EcM2GqyrPLXlZ
bc0bKdjcED+BMU5AjGcokbMVvhgWvdquR5ughzTaxNz50tNJD+TYp1zG8Xws1GOL
C87SRiX2gJOESOAiWVCMt4NEdi3T2rC50N1WHdWgz8R2o0lPLN2HYTK2GHiAAtOJ
NKfnVKZqgMYQ/83EbKnpsODWh6Gy5dKY7foBZfO6oQh7fYE8bT4QHcNCHQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFB8h81dTFPRJZnyxWKNuqRxojdyEMB8GA1UdIwQY
MBaAFNT5ISnfeqpxV+FZc8JHU+EYyQV9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVBraEtkOTZxbkZYNFZsendrZFQ0UmpKQlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC85Y2ZlNWQtNTc3MC00YjVkLTg5MzUt
OWYzOGM4YjhhOTI4LzEvSHlIelYxTVU5RWxtZkxGWW8yNnBIR2lOM0lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC85Y2ZlNWQtNTc3MC00YjVkLTg5MzUtOWYzOGM4YjhhOTI4
LzEvMVBraEtkOTZxbkZYNFZsendrZFQ0UmpKQlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCuYh4AwQB
wRvaMA8EAgACMAkDBwAgAQZ8LAgwDQYJKoZIhvcNAQELBQADggEBAIU01QWzQMkw
d3JRZ62KTp2UeDG/3Za2jeSlITMpyCT/DzZ/fXtGEkMwrnDnWzHSck+Pnavr/hSZ
vZpstaMcon56nfReaaiAI1O5kHLteOaH8qjwca676e2zjudR9i9fSx67FE8Aw+0b
9HGkGQACfTcU9wrRFPHkVIi4vVpTc5RwIsd1CTtziTsDELQGaIJyShrgLOiQi6SI
kM3lCInQkReslhZNazoTDuK633x2x5+8kYiXrkRMuRVLf7ZLXNaFDHmvMMuxP1r8
ldi/waE9CV2OXND43UxT9lxZ6x9dcZp34u8zyfzXkZiJI2Pp6lb5Xm0uS5rIC7q+
cRnI7T+zFo0=
-----END CERTIFICATE-----
Generated at Fri Mar 13 10:13:21 2026 by rpki-client