Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/hJvXiDYNILPphLXJ6klAtCIjVVg.roa
File: hJvXiDYNILPphLXJ6klAtCIjVVg.roa (raw, json)
Hash identifier: Z0y5PrNu8DqrxqixzwoCHqlYDEEnmvaNJYffWfN3fzo=
Subject key identifier: 84:9B:D7:88:36:0D:20:B3:E9:84:B5:C9:EA:49:40:B4:22:23:55:58
Certificate issuer: /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial: 019E7D4705ABBCD73B5430B2FCAB21C1E6FE
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/hJvXiDYNILPphLXJ6klAtCIjVVg.roa
Signing time: Sun 31 May 2026 09:04:26 +0000
ROA not before: Sun 31 May 2026 09:04:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 209341
IP address blocks: 65.181.113.0/24 maxlen: 24
69.72.149.0/24 maxlen: 24
69.72.244.0/24 maxlen: 24
192.250.229.0/24 maxlen: 24
192.250.230.0/24 maxlen: 24
194.147.95.0/24 maxlen: 24
208.116.19.0/24 maxlen: 24
209.42.26.0/24 maxlen: 24
209.42.31.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 20:26:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:7d:47:05:ab:bc:d7:3b:54:30:b2:fc:ab:21:c1:e6:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Validity
Not Before: May 31 09:04:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=849bd788360d20b3e984b5c9ea4940b422235558
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:b5:25:88:79:38:28:43:6e:44:a1:f6:de:87:
48:d4:7a:d9:d5:f1:83:bf:a2:65:58:4c:78:7f:79:
d8:fa:ba:42:8a:fc:36:13:91:59:6e:33:14:5a:79:
2b:2a:8d:25:90:a9:c1:a3:9c:db:2c:19:14:9a:30:
1e:da:a4:3f:a2:eb:b6:24:d0:ce:af:9d:3f:48:09:
06:98:4c:7c:10:e7:fb:49:92:6b:2b:4d:2d:5d:b7:
fb:2f:db:b5:51:ab:9f:d3:30:bc:b4:9a:39:a3:a1:
31:87:25:3f:2b:03:f9:7e:da:63:e7:0b:4c:30:52:
f5:b7:d7:54:90:02:22:70:72:88:fe:4c:8b:79:0c:
e2:0a:2a:e7:9a:3f:a5:51:67:9b:87:4e:b4:87:9f:
a3:c0:76:0c:5b:73:8f:f7:64:22:6e:d4:06:44:9f:
34:d6:9d:57:8f:4a:69:4b:e2:3a:6f:eb:29:c3:8c:
58:ce:07:2d:0f:32:33:35:37:34:7c:6d:2c:8b:67:
b7:b0:3d:a6:de:6d:b0:42:33:05:2b:07:a8:78:4f:
c9:6a:be:14:26:06:b6:7a:ba:9e:79:e3:7a:0d:de:
69:f1:9c:5b:71:90:5d:f2:61:98:68:1e:31:51:d6:
02:ec:bc:6d:55:4a:15:c2:90:33:ce:e7:ac:cc:e0:
4f:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:9B:D7:88:36:0D:20:B3:E9:84:B5:C9:EA:49:40:B4:22:23:55:58
X509v3 Authority Key Identifier:
keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/hJvXiDYNILPphLXJ6klAtCIjVVg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
65.181.113.0/24
69.72.149.0/24
69.72.244.0/24
192.250.229.0-192.250.230.255
194.147.95.0/24
208.116.19.0/24
209.42.26.0/24
209.42.31.0/24
Signature Algorithm: sha256WithRSAEncryption
36:a9:c2:0c:b3:14:43:9d:5c:c1:ef:b5:60:b0:3e:cb:99:19:
88:42:2e:8e:9b:ed:f8:14:b6:f7:93:07:67:d0:61:73:a5:41:
ac:e4:10:b4:31:fb:5d:81:95:d5:3d:7e:b3:0b:37:cb:23:5c:
53:48:e2:67:e8:48:ee:19:c4:e8:06:b5:d6:4e:cd:78:5a:04:
f3:e6:29:ea:91:37:70:9d:63:21:14:fd:bc:63:68:eb:37:53:
6e:82:b2:5d:26:0b:9d:b7:2c:6a:11:9c:2b:38:8f:9c:14:3c:
8e:68:04:7d:88:3b:5b:d3:ff:1f:00:85:58:31:fb:7e:3d:75:
10:5a:76:cb:02:5c:6f:4d:0f:2d:2a:64:56:32:5b:f8:3f:d6:
98:16:70:48:6a:c6:2f:3a:91:1f:f6:24:bc:7a:c7:6c:24:3a:
7c:19:ca:58:fb:70:f1:23:a9:16:a6:82:0b:ff:b3:f0:fd:4c:
7a:b3:79:5c:3e:40:0f:53:8d:a1:c3:6a:56:28:a1:2f:ec:ec:
7a:d4:cf:c0:8f:96:52:ad:37:8a:99:12:e8:92:8f:08:21:28:
e9:28:73:4a:86:5e:a0:ca:59:6c:0b:4e:68:2c:7e:b0:29:3f:
98:4f:84:47:48:be:e9:ba:37:e8:d6:a7:7c:f1:e1:92:10:d6:
2d:2c:ec:68
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZ59RwWrvNc7VDCy/Kshweb+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjYwNTMxMDkwNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDliZDc4ODM2MGQyMGIzZTk4NGI1YzllYTQ5NDBiNDIyMjM1NTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LUliHk4KENuRKH23odI1HrZ1fGD
v6JlWEx4f3nY+rpCivw2E5FZbjMUWnkrKo0lkKnBo5zbLBkUmjAe2qQ/ouu2JNDO
r50/SAkGmEx8EOf7SZJrK00tXbf7L9u1Uauf0zC8tJo5o6ExhyU/KwP5ftpj5wtM
MFL1t9dUkAIicHKI/kyLeQziCirnmj+lUWebh060h5+jwHYMW3OP92QibtQGRJ80
1p1Xj0ppS+I6b+spw4xYzgctDzIzNTc0fG0si2e3sD2m3m2wQjMFKweoeE/Jar4U
Jga2erqeeeN6Dd5p8ZxbcZBd8mGYaB4xUdYC7LxtVUoVwpAzzueszOBP1QIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFISb14g2DSCz6YS1yepJQLQiI1VYMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvaEp2WGlEWU5JTFBwaExYSjZrbEF0Q0lqVlZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAQbVxAwQA
RUiVAwQARUj0MAwDBADA+uUDBADA+uYDBADCk18DBADQdBMDBADRKhoDBADRKh8w
DQYJKoZIhvcNAQELBQADggEBADapwgyzFEOdXMHvtWCwPsuZGYhCLo6b7fgUtveT
B2fQYXOlQazkELQx+12BldU9frMLN8sjXFNI4mfoSO4ZxOgGtdZOzXhaBPPmKeqR
N3CdYyEU/bxjaOs3U26Csl0mC523LGoRnCs4j5wUPI5oBH2IO1vT/x8AhVgx+349
dRBadssCXG9NDy0qZFYyW/g/1pgWcEhqxi86kR/2JLx6x2wkOnwZylj7cPEjqRam
ggv/s/D9THqzeVw+QA9TjaHDalYooS/s7HrUz8CPllKtN4qZEuiSjwghKOkoc0qG
XqDKWWwLTmgsfrApP5hPhEdIvum6N+jWp3zx4ZIQ1i0s7Gg=
-----END CERTIFICATE-----
Generated at Fri Jun 12 04:40:55 2026 by rpki-client