Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9JOXRF5NHbIlgRui_OSKE_a_68c.roa
File: 9JOXRF5NHbIlgRui_OSKE_a_68c.roa (raw, json)
Hash identifier: 36zfJADehVoP8t3qvUaLBd9bsX0yAPilUAv06zn8Qow=
Subject key identifier: F4:93:97:44:5E:4D:1D:B2:25:81:1B:A2:FC:E4:8A:13:F6:BF:EB:C7
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019DE5488BEF680809976F0BA6B455C1FF07
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9JOXRF5NHbIlgRui_OSKE_a_68c.roa
Signing time: Fri 01 May 2026 20:43:49 +0000
ROA not before: Fri 01 May 2026 20:43:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 20326
IP address blocks: 2.26.224.0/22 maxlen: 22
2.26.240.0/22 maxlen: 22
2.26.244.0/22 maxlen: 22
2.27.140.0/23 maxlen: 23
2.27.200.0/21 maxlen: 21
2.27.208.0/22 maxlen: 24
2.27.224.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 May 2026 07:02:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:e5:48:8b:ef:68:08:09:97:6f:0b:a6:b4:55:c1:ff:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: May 1 20:43:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f49397445e4d1db225811ba2fce48a13f6bfebc7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:99:86:39:8e:be:db:7c:c0:0a:24:35:dd:ac:
c9:e0:f6:34:ca:98:67:96:fa:bf:1c:e5:f1:01:3f:
f4:0c:b3:f8:36:cd:b9:28:2a:4a:42:10:75:8a:1e:
57:e6:ce:c2:03:e8:78:3a:e7:0a:59:69:cb:86:d1:
8b:4a:2a:22:92:5b:8e:5f:ea:8a:a9:a9:4e:ed:ed:
51:4c:fa:c9:d4:bb:61:fa:79:7d:d1:cb:c2:46:d6:
23:f6:06:32:77:c9:d5:f2:f5:91:a6:9e:aa:8f:8f:
42:0a:c4:d9:41:32:95:6a:63:1e:86:c0:22:df:64:
2a:94:66:f8:34:20:31:ae:cb:ba:a0:2b:7a:d5:33:
39:c4:ba:7e:15:99:b9:3f:9e:fc:c1:b4:69:04:b2:
c9:de:76:4c:32:03:2b:2c:3d:31:48:6f:05:4f:8c:
13:9b:5c:ca:a7:af:52:70:56:85:f9:6a:00:a1:89:
99:30:b7:ae:0a:95:59:04:be:43:90:24:3a:04:15:
47:4e:c7:e4:c0:9f:72:67:18:13:eb:17:2d:99:82:
df:42:fc:49:4f:4e:4e:65:6c:29:2b:a5:49:d7:52:
b1:23:0d:60:55:65:6a:d1:8a:1e:b7:60:15:2e:52:
64:a7:08:42:0b:48:1d:c0:91:70:91:7d:e5:6c:01:
60:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:93:97:44:5E:4D:1D:B2:25:81:1B:A2:FC:E4:8A:13:F6:BF:EB:C7
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9JOXRF5NHbIlgRui_OSKE_a_68c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.224.0/22
2.26.240.0/21
2.27.140.0/23
2.27.200.0-2.27.211.255
2.27.224.0/21
Signature Algorithm: sha256WithRSAEncryption
2b:98:4a:e6:94:1c:75:28:e1:3d:38:11:59:44:b1:a4:ea:a9:
6f:24:68:63:92:e4:d8:27:85:c8:52:b5:92:bd:95:b3:3a:dc:
a1:a0:93:69:02:fa:32:82:e1:cb:24:1e:09:6e:cc:6b:8b:80:
c0:52:24:43:39:2f:fc:6b:51:40:d0:14:43:1c:1d:37:21:33:
1f:7e:64:f8:ec:e7:1f:ed:9e:c8:86:49:89:cc:63:91:68:0e:
75:36:fe:cd:66:c0:2d:34:83:ca:cd:96:a0:54:62:32:33:ae:
2f:a9:df:f4:29:24:48:9a:d5:eb:df:01:5a:2b:7a:0f:51:eb:
42:32:f0:e7:83:11:42:2f:64:a9:b6:72:fb:d7:50:67:e9:48:
f2:63:de:47:84:dd:c3:5c:fd:44:96:5c:c5:c9:9b:98:02:89:
43:dc:7e:91:78:7a:1a:7b:ad:69:64:35:d4:78:71:bc:b4:82:
d4:54:46:8a:10:1a:1f:9a:b7:f0:d7:fc:5b:65:e2:3b:59:be:
df:2a:82:11:ae:57:b0:67:26:31:67:16:5b:a2:d6:9c:74:a8:
ef:cd:5c:9d:23:8b:e9:6d:6d:65:3b:d6:6d:40:99:23:58:27:
4f:c9:8d:32:90:ce:67:9f:b4:c6:d3:69:7d:98:db:83:21:c2:
ab:16:19:1e
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZ3lSIvvaAgJl28LprRVwf8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTAxMjA0MzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDkzOTc0NDVlNGQxZGIyMjU4MTFiYTJmY2U0OGExM2Y2YmZlYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypmGOY6+23zACiQ13azJ4PY0yphn
lvq/HOXxAT/0DLP4Ns25KCpKQhB1ih5X5s7CA+h4OucKWWnLhtGLSioikluOX+qK
qalO7e1RTPrJ1Lth+nl90cvCRtYj9gYyd8nV8vWRpp6qj49CCsTZQTKVamMehsAi
32QqlGb4NCAxrsu6oCt61TM5xLp+FZm5P578wbRpBLLJ3nZMMgMrLD0xSG8FT4wT
m1zKp69ScFaF+WoAoYmZMLeuCpVZBL5DkCQ6BBVHTsfkwJ9yZxgT6xctmYLfQvxJ
T05OZWwpK6VJ11KxIw1gVWVq0Yoet2AVLlJkpwhCC0gdwJFwkX3lbAFgqQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFPSTl0ReTR2yJYEbovzkihP2v+vHMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOUpPWFJGNU5IYklsZ1J1aV9PU0tFX2FfNjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCAhrgAwQD
AhrwAwQBAhuMMAwDBAMCG8gDBAICG9ADBAMCG+AwDQYJKoZIhvcNAQELBQADggEB
ACuYSuaUHHUo4T04EVlEsaTqqW8kaGOS5NgnhchStZK9lbM63KGgk2kC+jKC4csk
HgluzGuLgMBSJEM5L/xrUUDQFEMcHTchMx9+ZPjs5x/tnsiGSYnMY5FoDnU2/s1m
wC00g8rNlqBUYjIzri+p3/QpJEia1evfAVoreg9R60Iy8OeDEUIvZKm2cvvXUGfp
SPJj3keE3cNc/USWXMXJm5gCiUPcfpF4ehp7rWlkNdR4cby0gtRURooQGh+at/DX
/Ftl4jtZvt8qghGuV7BnJjFnFlui1px0qO/NXJ0ji+ltbWU71m1AmSNYJ0/JjTKQ
zmeftMbTaX2Y24MhwqsWGR4=
-----END CERTIFICATE-----
Generated at Tue May 5 16:48:48 2026 by rpki-client