Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3HUi5UTI5rYNhhnjyvLgpAW73Tw.roa
File: 3HUi5UTI5rYNhhnjyvLgpAW73Tw.roa (raw, json)
Hash identifier: eA3vUHSBicfsXopk8HiTwEB4ZQxEKvSQ+UnRi7woE2o=
Subject key identifier: DC:75:22:E5:44:C8:E6:B6:0D:86:19:E3:CA:F2:E0:A4:05:BB:DD:3C
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019C33D39C6BBD8AA16C28E94E021E2AE7E5
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3HUi5UTI5rYNhhnjyvLgpAW73Tw.roa
Signing time: Fri 06 Feb 2026 16:40:32 +0000
ROA not before: Fri 06 Feb 2026 16:40:32 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 26383
IP address blocks: 144.31.55.0/24 maxlen: 24
144.31.56.0/24 maxlen: 24
144.31.58.0/24 maxlen: 24
144.31.59.0/24 maxlen: 24
144.31.60.0/24 maxlen: 24
150.241.121.0/24 maxlen: 24
185.229.222.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 24 Feb 2026 15:38:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:33:d3:9c:6b:bd:8a:a1:6c:28:e9:4e:02:1e:2a:e7:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Feb 6 16:40:32 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dc7522e544c8e6b60d8619e3caf2e0a405bbdd3c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:ee:34:46:b8:cb:47:d3:37:1d:cd:42:73:f5:
64:bf:b4:42:39:c6:b7:87:70:00:b3:d4:a5:12:08:
d3:5a:1f:0b:8c:a5:c1:23:e3:f5:be:e1:92:5f:4e:
d6:23:5e:b4:4c:6a:4a:5e:fd:ed:15:78:2a:80:4b:
39:2b:15:ba:58:95:af:ac:d8:9c:42:5f:2e:fa:e3:
77:11:3b:71:62:1b:de:ae:6e:93:aa:04:cb:fb:11:
29:65:f6:b9:c7:e8:8c:53:b9:61:10:f7:ed:db:3b:
5e:ee:3a:9d:37:6a:47:18:07:d5:c6:3d:65:4c:65:
46:26:ee:c7:fb:43:7a:7d:21:56:cb:34:33:f3:ce:
6f:20:89:ee:40:03:a0:02:e8:68:37:d7:f4:be:5d:
80:54:25:0d:ab:e4:4c:6a:17:88:74:fc:ff:bb:cf:
6a:35:41:02:3c:84:0e:24:7c:51:be:e0:fb:d9:61:
41:4b:ed:b0:6d:0f:5c:f2:c9:c4:c9:62:08:d1:41:
95:22:db:05:40:14:b7:61:9f:06:13:45:41:8e:08:
50:38:c4:57:70:01:40:69:5a:fa:ad:8e:4e:e0:95:
92:12:e0:dd:41:1f:ff:e2:c8:6d:b7:69:d5:50:eb:
80:c0:6e:f1:04:7b:ba:42:c8:0f:5a:a6:aa:92:18:
c4:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:75:22:E5:44:C8:E6:B6:0D:86:19:E3:CA:F2:E0:A4:05:BB:DD:3C
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3HUi5UTI5rYNhhnjyvLgpAW73Tw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
144.31.55.0-144.31.56.255
144.31.58.0-144.31.60.255
150.241.121.0/24
185.229.222.0/24
Signature Algorithm: sha256WithRSAEncryption
af:01:a0:3e:37:ea:d9:87:b0:0c:6a:8b:6e:de:1e:7d:29:0e:
67:d6:c5:c4:c8:74:62:ae:46:64:25:ee:53:ac:38:b5:51:02:
14:24:55:93:d7:c2:47:61:1c:a8:48:74:7e:93:a7:d4:6b:bf:
6d:a4:3b:ed:d3:2a:b5:dc:78:e2:4d:8d:76:eb:a8:18:8c:c0:
8c:22:08:0d:4c:a6:04:f6:fb:80:44:c7:43:65:ab:97:57:72:
82:97:f5:4f:c2:31:fa:21:fb:cf:3e:f8:ba:92:29:1c:19:34:
96:d9:99:89:bf:bd:c7:5f:51:dc:66:25:19:b8:b7:ba:df:74:
2b:40:be:43:55:8f:6d:28:6f:49:8a:8d:d1:25:0b:62:90:ee:
40:8c:71:60:7e:96:b7:ef:d5:13:1c:e0:2e:75:af:5a:89:30:
b7:7f:cc:4a:66:87:c3:25:61:8e:62:02:47:5e:b5:e6:b2:7e:
9a:70:83:bc:c2:28:90:59:2d:27:eb:5a:6e:b1:07:ad:d9:a3:
0c:ca:3a:b5:9b:41:68:7f:ea:12:e5:40:5e:e3:1b:87:54:b8:
e3:86:5d:ce:91:5f:7a:58:d5:0f:77:6e:28:6e:aa:98:24:d5:
df:80:67:4d:55:7f:64:31:bf:97:6a:bf:58:31:aa:f7:52:1c:
c5:96:7b:30
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZwz05xrvYqhbCjpTgIeKuflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjA2MTY0MDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzc1MjJlNTQ0YzhlNmI2MGQ4NjE5ZTNjYWYyZTBhNDA1YmJkZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAou40RrjLR9M3Hc1Cc/Vkv7RCOca3
h3AAs9SlEgjTWh8LjKXBI+P1vuGSX07WI160TGpKXv3tFXgqgEs5KxW6WJWvrNic
Ql8u+uN3ETtxYhverm6TqgTL+xEpZfa5x+iMU7lhEPft2zte7jqdN2pHGAfVxj1l
TGVGJu7H+0N6fSFWyzQz885vIInuQAOgAuhoN9f0vl2AVCUNq+RMaheIdPz/u89q
NUECPIQOJHxRvuD72WFBS+2wbQ9c8snEyWII0UGVItsFQBS3YZ8GE0VBjghQOMRX
cAFAaVr6rY5O4JWSEuDdQR//4shtt2nVUOuAwG7xBHu6QsgPWqaqkhjEcwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFNx1IuVEyOa2DYYZ48ry4KQFu908MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvM0hVaTVVVEk1cllOaGhuanl2TGdwQVc3M1R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBACQHzcD
BACQHzgwDAMEAZAfOgMEAJAfPAMEAJbxeQMEALnl3jANBgkqhkiG9w0BAQsFAAOC
AQEArwGgPjfq2YewDGqLbt4efSkOZ9bFxMh0Yq5GZCXuU6w4tVECFCRVk9fCR2Ec
qEh0fpOn1Gu/baQ77dMqtdx44k2NduuoGIzAjCIIDUymBPb7gETHQ2Wrl1dygpf1
T8Ix+iH7zz74upIpHBk0ltmZib+9x19R3GYlGbi3ut90K0C+Q1WPbShvSYqN0SUL
YpDuQIxxYH6Wt+/VExzgLnWvWokwt3/MSmaHwyVhjmICR1615rJ+mnCDvMIokFkt
J+tabrEHrdmjDMo6tZtBaH/qEuVAXuMbh1S444ZdzpFfeljVD3duKG6qmCTV34Bn
TVV/ZDG/l2q/WDGq91IcxZZ7MA==
-----END CERTIFICATE-----
Generated at Mon Feb 23 20:00:30 2026 by rpki-client