Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1Lv3HYl8IvOCutNwSn1SLErEp98.roa
File: 1Lv3HYl8IvOCutNwSn1SLErEp98.roa (raw, json)
Hash identifier: MK+eD1cXyZEyR83jW5koHf82jl+VYINNyL4D25VknZ8=
Subject key identifier: D4:BB:F7:1D:89:7C:22:F3:82:BA:D3:70:4A:7D:52:2C:4A:C4:A7:DF
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019CED8AE9AF28FE469D3520B9FB1CE8A144
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1Lv3HYl8IvOCutNwSn1SLErEp98.roa
Signing time: Sat 14 Mar 2026 18:10:29 +0000
ROA not before: Sat 14 Mar 2026 18:10:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 210546
IP address blocks: 2.27.48.0/23 maxlen: 24
2.27.50.0/23 maxlen: 24
64.188.72.0/24 maxlen: 24
144.31.132.0/24 maxlen: 24
144.31.133.0/24 maxlen: 24
144.31.184.0/24 maxlen: 24
144.31.185.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Mar 2026 05:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:ed:8a:e9:af:28:fe:46:9d:35:20:b9:fb:1c:e8:a1:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 14 18:10:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d4bbf71d897c22f382bad3704a7d522c4ac4a7df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:d1:08:5c:97:dd:16:50:57:ea:4f:1d:6f:ef:
ca:3e:40:e0:d3:9a:a2:46:c4:9e:45:b0:19:c9:2a:
6e:04:c6:ab:2a:d3:df:6e:c0:58:c7:69:04:2d:c9:
13:8b:38:01:7c:d9:97:83:48:28:86:07:f7:30:09:
f7:a0:8e:ad:f5:7e:5c:f7:ef:3c:e0:90:ef:e4:c4:
7c:48:9b:1d:1b:4a:99:d3:2b:3b:4a:93:b2:6f:13:
c2:fb:e5:f8:d0:68:ad:e8:fb:f3:4d:e3:8d:f0:83:
91:0e:86:08:5d:04:69:a6:a1:92:c5:d8:f2:3c:72:
93:52:02:02:9f:c0:bf:2e:04:e3:6b:0f:fe:9e:f0:
a0:8a:30:05:da:71:aa:cf:2b:b5:f5:94:41:2e:bd:
2f:69:f0:a0:f8:26:bf:02:e6:5d:a7:d8:00:17:0c:
6e:c7:b4:32:b9:b2:54:a1:dc:23:08:aa:c6:fd:92:
36:43:ad:8e:6a:ea:8a:8a:47:0e:b6:1d:e2:a5:8b:
bf:c9:db:5e:ed:78:75:ed:ad:a9:0b:ca:b5:9f:b5:
21:e8:84:ad:60:43:e8:89:82:53:28:b5:13:0a:61:
6c:f1:96:e6:66:cb:02:1f:b8:fe:91:3c:03:9a:91:
59:4c:e9:f8:28:17:7b:9b:b1:27:6a:80:af:87:81:
f7:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:BB:F7:1D:89:7C:22:F3:82:BA:D3:70:4A:7D:52:2C:4A:C4:A7:DF
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1Lv3HYl8IvOCutNwSn1SLErEp98.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.48.0/22
64.188.72.0/24
144.31.132.0/23
144.31.184.0/23
Signature Algorithm: sha256WithRSAEncryption
0e:97:c9:89:e8:81:c7:a9:4b:97:10:9f:f1:de:e3:83:75:3a:
53:8b:be:88:23:de:17:d1:14:4e:dd:44:6e:87:d0:75:40:10:
b2:81:b2:96:9e:ae:9f:56:75:95:55:bf:16:c3:0d:56:52:ae:
5e:55:da:58:e2:5a:55:e4:e2:d1:0d:e3:5b:5e:da:db:36:f7:
fe:41:e4:4b:5f:43:67:7a:0c:0c:5f:20:83:5f:89:75:e2:f3:
3e:6d:a0:ae:d1:e0:05:30:0c:8f:9e:16:89:4a:5f:f2:9a:e6:
62:5c:62:c2:ba:fd:74:0c:3d:67:c1:a4:1e:2f:8d:e8:f1:b4:
3c:a4:61:51:56:4b:ff:85:7d:8f:c9:2c:ac:67:bc:ca:a1:1b:
4a:ef:9d:c6:98:19:36:15:45:05:f5:06:40:96:27:be:e3:bd:
96:25:f1:61:5f:f5:7a:17:16:b7:94:06:bb:d9:d8:66:f3:2e:
95:2b:ce:0f:0b:c5:78:3e:4c:2c:b5:ac:9b:1b:4f:b0:57:6d:
ac:d4:e7:c1:a9:42:39:43:57:a4:e2:fa:32:23:1e:4c:4a:67:
7d:f6:d3:5d:41:46:06:94:84:86:be:3c:58:b0:d7:32:1c:45:
46:34:81:5d:7f:e8:36:dc:2a:31:61:3a:0d:b6:0d:6a:4b:f5:
81:0c:da:e3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZztiumvKP5GnTUgufsc6KFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE0MTgxMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGJiZjcxZDg5N2MyMmYzODJiYWQzNzA0YTdkNTIyYzRhYzRhN2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydEIXJfdFlBX6k8db+/KPkDg05qi
RsSeRbAZySpuBMarKtPfbsBYx2kELckTizgBfNmXg0gohgf3MAn3oI6t9X5c9+88
4JDv5MR8SJsdG0qZ0ys7SpOybxPC++X40Git6PvzTeON8IORDoYIXQRppqGSxdjy
PHKTUgICn8C/LgTjaw/+nvCgijAF2nGqzyu19ZRBLr0vafCg+Ca/AuZdp9gAFwxu
x7QyubJUodwjCKrG/ZI2Q62OauqKikcOth3ipYu/ydte7Xh17a2pC8q1n7Uh6ISt
YEPoiYJTKLUTCmFs8ZbmZssCH7j+kTwDmpFZTOn4KBd7m7EnaoCvh4H3TQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNS79x2JfCLzgrrTcEp9UixKxKffMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMUx2M0hZbDhJdk9DdXROd1NuMVNMRXJFcDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCAhswAwQA
QLxIAwQBkB+EAwQBkB+4MA0GCSqGSIb3DQEBCwUAA4IBAQAOl8mJ6IHHqUuXEJ/x
3uODdTpTi76II94X0RRO3URuh9B1QBCygbKWnq6fVnWVVb8Www1WUq5eVdpY4lpV
5OLRDeNbXtrbNvf+QeRLX0NnegwMXyCDX4l14vM+baCu0eAFMAyPnhaJSl/ymuZi
XGLCuv10DD1nwaQeL43o8bQ8pGFRVkv/hX2PySysZ7zKoRtK753GmBk2FUUF9QZA
lie+472WJfFhX/V6Fxa3lAa72dhm8y6VK84PC8V4PkwstaybG0+wV22s1OfBqUI5
Q1ek4voyIx5MSmd99tNdQUYGlISGvjxYsNcyHEVGNIFdf+g23CoxYToNtg1qS/WB
DNrj
-----END CERTIFICATE-----
Generated at Sat Mar 21 14:31:00 2026 by rpki-client