Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9I4nVjvHxhPHZSDoj-UnPwUeXSo.roa
File: 9I4nVjvHxhPHZSDoj-UnPwUeXSo.roa (raw, json)
Hash identifier: /Auz3Tc2eqyhqzALAmEvYt4s/3WPmsj2hw+nKNVw84Y=
Subject key identifier: F4:8E:27:56:3B:C7:C6:13:C7:65:20:E8:8F:E5:27:3F:05:1E:5D:2A
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019EDB94E8F95EE9A1A56E38663FE54F519A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9I4nVjvHxhPHZSDoj-UnPwUeXSo.roa
Signing time: Thu 18 Jun 2026 16:33:49 +0000
ROA not before: Thu 18 Jun 2026 16:33:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16509
IP address blocks: 2.26.200.0/21 maxlen: 24
2.26.208.0/21 maxlen: 24
2.27.218.0/23 maxlen: 24
2.27.220.0/23 maxlen: 24
2.27.222.0/23 maxlen: 24
2.27.239.0/24 maxlen: 24
2.27.240.0/24 maxlen: 24
2.27.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 20 Jun 2026 19:57:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:db:94:e8:f9:5e:e9:a1:a5:6e:38:66:3f:e5:4f:51:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Jun 18 16:33:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f48e27563bc7c613c76520e88fe5273f051e5d2a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:c0:5a:bb:36:16:3b:80:80:d1:89:c3:91:57:
7e:87:ea:ae:33:82:25:e2:25:02:7e:14:be:a9:9d:
48:a8:c5:a7:34:03:a2:7b:67:a9:f1:5f:0b:f4:66:
58:f7:4e:49:29:cf:bb:20:b7:e0:cb:d1:c2:4b:d3:
4f:68:90:7b:69:9d:23:85:33:e4:e1:3a:a8:50:c4:
10:63:26:11:9c:82:48:ce:7f:28:09:24:cd:d3:32:
cf:c5:19:74:3e:bf:8a:a2:e4:70:cd:01:f0:00:10:
d5:ac:8d:eb:cb:bf:f8:db:7d:fe:70:28:e0:3a:cd:
ff:64:aa:e6:55:54:14:cc:8e:2e:cd:1b:3c:e9:a5:
d7:8f:a9:5d:c4:b6:4a:5a:68:18:ff:ae:92:61:82:
55:1b:5f:d5:e0:19:7e:52:89:9c:95:71:23:87:4c:
63:1f:4c:bd:ae:d3:60:ce:89:38:a6:5a:13:52:7d:
20:d9:a6:d6:9f:4e:ca:68:36:2d:62:f5:7b:c6:9d:
7b:a4:f6:e2:17:3e:cc:e1:53:d3:fa:2e:96:82:66:
c2:fd:ff:13:06:99:f8:41:6d:75:31:05:2f:86:9f:
f3:24:8a:5d:76:ce:d0:78:86:84:bc:a9:1d:fe:46:
44:fb:07:c3:f6:6a:49:ee:2c:2d:5e:33:54:41:31:
da:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:8E:27:56:3B:C7:C6:13:C7:65:20:E8:8F:E5:27:3F:05:1E:5D:2A
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9I4nVjvHxhPHZSDoj-UnPwUeXSo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.200.0-2.26.215.255
2.27.218.0-2.27.223.255
2.27.239.0-2.27.240.255
2.27.254.0/24
Signature Algorithm: sha256WithRSAEncryption
58:3c:e1:51:92:b3:d1:71:e3:6a:b5:bf:0e:f0:3a:99:2b:1e:
bc:d7:da:cd:16:a2:35:2f:9c:de:46:00:12:a8:97:b5:84:c8:
84:03:c8:c7:f1:43:69:c8:18:02:65:c4:05:08:e8:9e:cb:f4:
5a:92:92:60:c9:d3:68:20:ee:1c:03:34:6c:48:ca:3f:35:f4:
d3:84:4b:90:93:01:69:27:28:76:8a:be:16:29:c3:35:38:4c:
93:c7:6e:46:cf:da:7e:dc:5a:f6:c2:a0:32:6b:75:56:40:4f:
d2:d3:6c:36:52:48:bc:ba:d4:e7:78:9c:e8:f8:38:59:ac:55:
e9:24:96:b9:e5:f6:6d:f6:65:6c:ad:7f:71:d8:26:7c:71:2d:
1a:64:b3:b8:aa:db:89:3d:46:b7:40:dd:08:49:88:bf:c0:79:
ad:41:80:a7:08:ed:6f:ff:d7:7b:0b:1f:3e:18:5e:80:63:00:
a0:0e:7d:5e:01:12:08:b8:83:48:4d:86:c3:a5:78:36:93:d2:
e1:58:9c:eb:a0:7f:f8:ef:aa:51:16:6e:ae:2a:12:f7:4d:ed:
86:4e:6f:32:ae:87:5d:48:a3:bc:f6:4a:24:dd:7a:c1:34:c3:
ec:83:d8:37:c4:83:ed:a8:7a:f7:ee:3d:13:8d:27:55:f5:78:
a4:6b:d6:c3
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZ7blOj5XumhpW44Zj/lT1GaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjE4MTYzMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDhlMjc1NjNiYzdjNjEzYzc2NTIwZTg4ZmU1MjczZjA1MWU1ZDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsBauzYWO4CA0YnDkVd+h+quM4Il
4iUCfhS+qZ1IqMWnNAOie2ep8V8L9GZY905JKc+7ILfgy9HCS9NPaJB7aZ0jhTPk
4TqoUMQQYyYRnIJIzn8oCSTN0zLPxRl0Pr+KouRwzQHwABDVrI3ry7/4233+cCjg
Os3/ZKrmVVQUzI4uzRs86aXXj6ldxLZKWmgY/66SYYJVG1/V4Bl+UomclXEjh0xj
H0y9rtNgzok4ploTUn0g2abWn07KaDYtYvV7xp17pPbiFz7M4VPT+i6WgmbC/f8T
Bpn4QW11MQUvhp/zJIpdds7QeIaEvKkd/kZE+wfD9mpJ7iwtXjNUQTHawwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFPSOJ1Y7x8YTx2Ug6I/lJz8FHl0qMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOUk0blZqdkh4aFBIWlNEb2otVW5Qd1VlWFNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwMAwDBAMCGsgD
BAMCGtAwDAMEAQIb2gMEBQIbwDAMAwQAAhvvAwQAAhvwAwQAAhv+MA0GCSqGSIb3
DQEBCwUAA4IBAQBYPOFRkrPRceNqtb8O8DqZKx6819rNFqI1L5zeRgASqJe1hMiE
A8jH8UNpyBgCZcQFCOiey/RakpJgydNoIO4cAzRsSMo/NfTThEuQkwFpJyh2ir4W
KcM1OEyTx25Gz9p+3Fr2wqAya3VWQE/S02w2Uki8utTneJzo+DhZrFXpJJa55fZt
9mVsrX9x2CZ8cS0aZLO4qtuJPUa3QN0ISYi/wHmtQYCnCO1v/9d7Cx8+GF6AYwCg
Dn1eARIIuINITYbDpXg2k9LhWJzroH/476pRFm6uKhL3Te2GTm8yroddSKO89kok
3XrBNMPsg9g3xIPtqHr37j0TjSdV9Xika9bD
-----END CERTIFICATE-----
Generated at Sat Jun 20 04:05:56 2026 by rpki-client