Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hmGduDXCgSImnheG7LbZztYvjW4.roa
File: hmGduDXCgSImnheG7LbZztYvjW4.roa (raw, json)
Hash identifier: /9kVN9ftSG7bt2d8PsMDZhVkKzRVojlwR2hC9tFhZxQ=
Subject key identifier: 86:61:9D:B8:35:C2:81:22:26:9E:17:86:EC:B6:D9:CE:D6:2F:8D:6E
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019E44F8340048A55376DEC47A3B9CA40413
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hmGduDXCgSImnheG7LbZztYvjW4.roa
Signing time: Wed 20 May 2026 10:39:37 +0000
ROA not before: Wed 20 May 2026 10:39:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209557
IP address blocks: 82.152.213.0/24 maxlen: 24
82.153.222.0/24 maxlen: 24
109.176.22.0/24 maxlen: 24
213.130.152.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 25 May 2026 01:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:44:f8:34:00:48:a5:53:76:de:c4:7a:3b:9c:a4:04:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: May 20 10:39:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=86619db835c28122269e1786ecb6d9ced62f8d6e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:0d:52:eb:47:87:33:76:73:e7:6e:ff:ea:43:
6f:c8:f4:3d:c4:48:6b:f6:c6:72:5a:a8:af:ae:83:
63:08:fd:45:b8:9e:9b:88:b6:4d:18:44:57:26:7c:
9d:5b:83:b3:7a:40:88:a0:95:c4:32:38:01:99:0b:
a5:77:3d:4b:83:54:04:94:bc:e6:1c:35:c0:00:ef:
9e:27:94:f1:fe:da:d1:c0:95:73:a6:2e:ea:97:ac:
d7:ad:99:3b:41:50:57:cc:9a:e3:c8:cc:3b:0b:a0:
3c:51:6e:4b:d1:73:12:32:a6:a7:8b:ac:af:55:d5:
30:de:60:fb:5b:fe:e4:3a:d1:f9:e8:38:4a:03:cc:
ab:50:7c:17:28:82:2a:13:83:92:9a:6a:e3:ea:49:
d6:60:3c:16:21:2c:bc:b1:ee:52:68:11:cc:48:e0:
83:f1:0c:aa:08:26:bb:25:4a:1e:61:2c:6c:7d:bf:
ea:46:ad:1b:bc:bd:5b:57:b5:42:6b:01:87:b3:db:
96:ea:88:f6:71:4e:7a:ed:c7:85:d9:c8:f7:51:a0:
64:a6:56:1c:fe:b4:e8:ef:2a:25:f1:04:9e:e5:65:
86:81:6d:59:34:a5:d8:35:a6:a4:70:9b:ea:16:b2:
ee:aa:d7:fa:e9:f2:f1:ba:b0:2b:49:2a:25:0f:0c:
3e:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:61:9D:B8:35:C2:81:22:26:9E:17:86:EC:B6:D9:CE:D6:2F:8D:6E
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hmGduDXCgSImnheG7LbZztYvjW4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.213.0/24
82.153.222.0/24
109.176.22.0/24
213.130.152.0/24
Signature Algorithm: sha256WithRSAEncryption
57:cf:61:16:09:ec:97:1a:9d:cd:bd:5f:9b:56:ba:af:aa:bd:
1d:b0:f3:cc:19:68:1d:bd:53:3b:17:9e:a2:3c:4e:4e:09:77:
a6:d4:7f:2b:93:10:94:1a:64:81:85:94:32:18:e2:0b:31:72:
b5:70:61:5d:7c:5a:9d:b7:11:c2:c5:2e:ab:36:bd:8c:9d:69:
59:85:80:e7:69:22:4c:39:a4:6b:e6:ca:7d:9f:6b:3b:ea:93:
d4:70:a8:46:3a:c7:48:54:0e:f4:4c:0e:3d:9d:e8:b5:86:f8:
f0:1e:0b:68:65:cf:eb:84:df:2a:20:fe:99:41:d2:0c:b2:93:
31:89:29:02:e2:3c:67:70:04:06:fc:f2:98:2a:b3:af:48:f5:
a8:e7:87:3b:a2:ca:5e:86:a5:65:53:d6:01:22:5b:ad:1c:62:
a3:26:03:1b:64:e5:76:7d:63:da:8a:a7:54:91:40:f4:9b:b4:
c3:f3:be:1c:32:83:86:74:46:80:29:98:5e:13:da:df:6c:06:
5b:94:e5:84:68:7b:bd:8d:d8:5e:e1:a9:ec:64:ef:6b:d6:08:
dc:ff:25:f8:ae:42:af:f1:7e:ed:23:28:da:10:ce:17:96:24:
ed:80:e9:f0:d9:e3:1b:fe:e2:da:f9:1c:53:5b:1a:79:b9:5d:
94:66:a6:bb
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ5E+DQASKVTdt7EejucpAQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTIwMTAzOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjYxOWRiODM1YzI4MTIyMjY5ZTE3ODZlY2I2ZDljZWQ2MmY4ZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0A1S60eHM3Zz527/6kNvyPQ9xEhr
9sZyWqivroNjCP1FuJ6biLZNGERXJnydW4OzekCIoJXEMjgBmQuldz1Lg1QElLzm
HDXAAO+eJ5Tx/trRwJVzpi7ql6zXrZk7QVBXzJrjyMw7C6A8UW5L0XMSMqani6yv
VdUw3mD7W/7kOtH56DhKA8yrUHwXKIIqE4OSmmrj6knWYDwWISy8se5SaBHMSOCD
8QyqCCa7JUoeYSxsfb/qRq0bvL1bV7VCawGHs9uW6oj2cU567ceF2cj3UaBkplYc
/rTo7yol8QSe5WWGgW1ZNKXYNaakcJvqFrLuqtf66fLxurArSSolDww+hQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIZhnbg1woEiJp4Xhuy22c7WL41uMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaG1HZHVEWENnU0ltbmhlRzdMYlp6dFl2alc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUpjVAwQA
UpneAwQAbbAWAwQA1YKYMA0GCSqGSIb3DQEBCwUAA4IBAQBXz2EWCeyXGp3NvV+b
Vrqvqr0dsPPMGWgdvVM7F56iPE5OCXem1H8rkxCUGmSBhZQyGOILMXK1cGFdfFqd
txHCxS6rNr2MnWlZhYDnaSJMOaRr5sp9n2s76pPUcKhGOsdIVA70TA49nei1hvjw
HgtoZc/rhN8qIP6ZQdIMspMxiSkC4jxncAQG/PKYKrOvSPWo54c7ospehqVlU9YB
IlutHGKjJgMbZOV2fWPaiqdUkUD0m7TD874cMoOGdEaAKZheE9rfbAZblOWEaHu9
jdhe4ansZO9r1gjc/yX4rkKv8X7tIyjaEM4XliTtgOnw2eMb/uLa+RxTWxp5uV2U
Zqa7
-----END CERTIFICATE-----
Generated at Sun May 24 11:40:24 2026 by rpki-client