Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1aeH13s354okzQf1RhunuO3FjKA.roa
File: 1aeH13s354okzQf1RhunuO3FjKA.roa (raw, json)
Hash identifier: wDtGaLItcnKrof7oJjjjR/0BMFGWV7wwYgy9QSfRyjo=
Subject key identifier: D5:A7:87:D7:7B:37:E7:8A:24:CD:07:F5:46:1B:A7:B8:ED:C5:8C:A0
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D25B56979300DC94BBF032D4E0B8E1C57
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1aeH13s354okzQf1RhunuO3FjKA.roa
Signing time: Wed 25 Mar 2026 15:55:39 +0000
ROA not before: Wed 25 Mar 2026 15:55:39 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 215439
IP address blocks: 2.27.20.0/22 maxlen: 24
2.27.40.0/24 maxlen: 24
2.27.41.0/24 maxlen: 24
2.27.42.0/24 maxlen: 24
2.27.43.0/24 maxlen: 24
64.188.64.0/22 maxlen: 24
77.239.125.0/24 maxlen: 24
144.31.14.0/24 maxlen: 24
144.31.30.0/24 maxlen: 24
144.31.47.0/24 maxlen: 24
144.31.54.0/24 maxlen: 24
144.31.95.0/24 maxlen: 24
144.31.147.0/24 maxlen: 24
144.31.156.0/24 maxlen: 24
144.31.157.0/24 maxlen: 24
144.31.158.0/24 maxlen: 24
144.31.164.0/22 maxlen: 24
144.31.203.0/24 maxlen: 24
144.31.207.0/24 maxlen: 24
144.31.212.0/24 maxlen: 24
144.31.224.0/24 maxlen: 24
144.31.230.0/24 maxlen: 24
144.31.234.0/23 maxlen: 24
150.241.70.0/24 maxlen: 24
150.241.71.0/24 maxlen: 24
150.241.94.0/24 maxlen: 24
193.23.194.0/24 maxlen: 24
193.23.201.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 16:32:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:25:b5:69:79:30:0d:c9:4b:bf:03:2d:4e:0b:8e:1c:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 25 15:55:39 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d5a787d77b37e78a24cd07f5461ba7b8edc58ca0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:ed:30:22:f7:c3:35:43:b8:67:d1:8c:97:4e:
f9:54:74:df:4b:57:1a:46:55:72:47:f2:48:91:f6:
fa:f0:ef:a8:38:aa:40:b2:17:d6:db:3f:dc:26:60:
4f:c0:fa:2f:71:e2:c6:65:98:01:57:81:ce:23:fa:
2f:a2:7b:f3:d8:ef:3d:58:2d:2f:43:7d:3d:85:0c:
d9:54:48:c3:15:f8:61:44:c7:14:1b:31:06:7c:25:
8b:b5:aa:df:ae:6b:1c:34:a1:28:ff:14:11:8a:53:
b5:78:9c:76:8a:34:61:b0:ca:b4:85:fb:06:12:f6:
4f:ef:3b:02:29:1b:ae:ed:35:c0:98:07:83:4e:41:
96:4a:26:b3:6a:27:73:e2:c9:44:2c:a9:82:97:2a:
4e:2c:f9:fd:20:f6:2d:27:21:ca:ab:00:8e:e0:58:
56:ef:1b:4f:e3:1f:4d:90:d6:e2:f5:50:d3:72:15:
32:c8:f1:71:c9:d0:2d:be:93:0b:5b:c9:4c:57:75:
a6:ce:07:1f:7c:a6:e2:0f:61:40:69:5c:24:02:9c:
88:d7:91:4f:a5:61:f4:6e:83:d2:a0:8a:71:21:f8:
0c:f6:4c:95:17:ca:1f:ef:0b:a5:86:f0:99:fd:a7:
01:11:81:f1:89:58:c0:f3:08:2e:69:2c:35:da:d2:
8c:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:A7:87:D7:7B:37:E7:8A:24:CD:07:F5:46:1B:A7:B8:ED:C5:8C:A0
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1aeH13s354okzQf1RhunuO3FjKA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.20.0/22
2.27.40.0/22
64.188.64.0/22
77.239.125.0/24
144.31.14.0/24
144.31.30.0/24
144.31.47.0/24
144.31.54.0/24
144.31.95.0/24
144.31.147.0/24
144.31.156.0-144.31.158.255
144.31.164.0/22
144.31.203.0/24
144.31.207.0/24
144.31.212.0/24
144.31.224.0/24
144.31.230.0/24
144.31.234.0/23
150.241.70.0/23
150.241.94.0/24
193.23.194.0/24
193.23.201.0/24
Signature Algorithm: sha256WithRSAEncryption
ad:3e:f2:cd:54:2c:4d:e6:53:91:4d:4c:97:c0:aa:19:17:99:
06:5b:27:89:87:13:98:a8:4e:e4:ce:68:1b:f4:b2:ed:51:66:
8a:da:32:af:03:2b:b0:33:41:3e:1e:e8:ad:6d:97:a8:78:f3:
21:4a:7a:68:7a:3b:c5:13:36:54:17:74:ca:06:4b:f7:94:90:
c1:18:f5:4d:da:eb:72:92:3e:23:1d:f1:c8:22:f6:18:b9:e7:
9e:aa:51:a5:a1:e0:d1:cd:8b:b0:32:f7:6b:bf:e6:d8:14:c9:
3c:bd:66:72:76:42:50:12:0f:6f:fd:32:d0:76:e6:10:33:df:
3a:0a:f9:f2:43:e3:db:a5:5b:21:36:6d:f9:80:07:5a:d8:f8:
2d:cc:de:a8:6c:c8:cb:06:40:2a:31:6d:eb:79:2d:e1:90:1c:
ea:e5:c6:91:ac:0b:b7:9a:1e:b8:83:f5:25:35:e3:2a:00:dc:
fb:d9:9a:83:50:18:07:b1:21:8b:36:1b:2e:07:9f:48:a6:1b:
a2:7e:ed:53:0b:b2:89:22:50:ea:fb:ee:cf:78:81:be:1c:b4:
d1:df:a5:f5:5f:ab:8b:c0:35:be:1b:9d:85:a0:18:7c:38:e4:
2f:77:18:88:11:82:02:d7:26:5f:a3:b0:43:2b:f4:e3:b5:52:
38:9e:20:06
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAZ0ltWl5MA3JS78DLU4LjhxXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI1MTU1NTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWE3ODdkNzdiMzdlNzhhMjRjZDA3ZjU0NjFiYTdiOGVkYzU4Y2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+0wIvfDNUO4Z9GMl075VHTfS1ca
RlVyR/JIkfb68O+oOKpAshfW2z/cJmBPwPovceLGZZgBV4HOI/ovonvz2O89WC0v
Q309hQzZVEjDFfhhRMcUGzEGfCWLtarfrmscNKEo/xQRilO1eJx2ijRhsMq0hfsG
EvZP7zsCKRuu7TXAmAeDTkGWSiazaidz4slELKmClypOLPn9IPYtJyHKqwCO4FhW
7xtP4x9NkNbi9VDTchUyyPFxydAtvpMLW8lMV3WmzgcffKbiD2FAaVwkApyI15FP
pWH0boPSoIpxIfgM9kyVF8of7wulhvCZ/acBEYHxiVjA8wguaSw12tKMLwIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFNWnh9d7N+eKJM0H9UYbp7jtxYygMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMWFlSDEzczM1NG9relFmMVJodW51TzNGaktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBkwQCAAEwgYwDBAIC
GxQDBAICGygDBAJAvEADBABN730DBACQHw4DBACQHx4DBACQHy8DBACQHzYDBACQ
H18DBACQH5MwDAMEApAfnAMEAJAfngMEApAfpAMEAJAfywMEAJAfzwMEAJAf1AME
AJAf4AMEAJAf5gMEAZAf6gMEAZbxRgMEAJbxXgMEAMEXwgMEAMEXyTANBgkqhkiG
9w0BAQsFAAOCAQEArT7yzVQsTeZTkU1Ml8CqGReZBlsniYcTmKhO5M5oG/Sy7VFm
itoyrwMrsDNBPh7orW2XqHjzIUp6aHo7xRM2VBd0ygZL95SQwRj1TdrrcpI+Ix3x
yCL2GLnnnqpRpaHg0c2LsDL3a7/m2BTJPL1mcnZCUBIPb/0y0HbmEDPfOgr58kPj
26VbITZt+YAHWtj4LczeqGzIywZAKjFt63kt4ZAc6uXGkawLt5oeuIP1JTXjKgDc
+9mag1AYB7EhizYbLgefSKYbon7tUwuyiSJQ6vvuz3iBvhy00d+l9V+ri8A1vhud
haAYfDjkL3cYiBGCAtcmX6OwQyv047VSOJ4gBg==
-----END CERTIFICATE-----
Generated at Thu Mar 26 22:46:47 2026 by rpki-client