Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GN8Nmh6O5qu-L2QXh2BmGlPxDXA.roa
File: GN8Nmh6O5qu-L2QXh2BmGlPxDXA.roa (raw, json)
Hash identifier: YIiV7jHp51zyTaOgnxTo8sP3v6gy73jEq1/qycYTdCU=
Subject key identifier: 18:DF:0D:9A:1E:8E:E6:AB:BE:2F:64:17:87:60:66:1A:53:F1:0D:70
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019CF8B188731DBF639AF0516E94DB93CFB4
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GN8Nmh6O5qu-L2QXh2BmGlPxDXA.roa
Signing time: Mon 16 Mar 2026 22:08:30 +0000
ROA not before: Mon 16 Mar 2026 22:08:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212743
IP address blocks: 2.27.61.0/24 maxlen: 24
144.31.12.0/24 maxlen: 24
144.31.136.0/24 maxlen: 24
144.31.191.0/24 maxlen: 24
144.31.237.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Mar 2026 05:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:f8:b1:88:73:1d:bf:63:9a:f0:51:6e:94:db:93:cf:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 16 22:08:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=18df0d9a1e8ee6abbe2f64178760661a53f10d70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:b7:71:58:2d:bf:59:25:76:76:f6:03:b1:c5:
6f:c1:0a:a0:c4:d2:45:0d:dc:bc:56:00:11:1a:bd:
e0:8c:ad:14:be:d7:d0:a0:04:f9:d0:e2:68:97:c1:
a8:46:76:bd:c8:e0:e2:7d:77:08:92:71:83:09:67:
1b:22:34:40:fc:7f:e2:f0:ad:0e:fb:b7:a8:20:0e:
5f:5c:6b:f4:1a:8f:73:d6:f9:bd:8c:de:e5:da:b7:
70:cc:f4:0e:f5:56:f9:33:d1:4a:5e:69:dd:f6:4f:
d8:c7:ca:2a:f8:16:a2:47:e9:32:86:90:25:57:8e:
d1:bd:02:31:3b:8e:6f:9b:8d:ad:9c:88:fc:f2:9f:
2e:dc:2c:d5:27:f2:70:05:07:df:04:7c:94:01:e4:
7b:e4:d2:98:5c:57:ac:62:9f:af:8b:02:ee:ca:7c:
c5:34:2a:22:07:9c:c8:0d:a4:e2:dd:49:d1:9c:d4:
37:3d:d1:4b:de:bc:c3:a7:19:2e:c5:6e:08:36:27:
c3:b3:f2:ab:f7:d4:1e:4a:fe:36:23:01:00:86:f1:
ab:8a:c7:ee:ae:72:38:b6:58:c2:55:ef:62:fd:8c:
ea:bc:c5:5e:56:90:e9:3d:f6:82:35:69:42:d7:75:
e9:f2:df:8b:68:96:3d:bd:e3:8f:11:17:9a:d4:3b:
53:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:DF:0D:9A:1E:8E:E6:AB:BE:2F:64:17:87:60:66:1A:53:F1:0D:70
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GN8Nmh6O5qu-L2QXh2BmGlPxDXA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.61.0/24
144.31.12.0/24
144.31.136.0/24
144.31.191.0/24
144.31.237.0/24
Signature Algorithm: sha256WithRSAEncryption
67:13:ae:e8:22:ef:02:b1:e3:13:ba:55:96:dc:99:ea:76:4e:
39:12:20:bc:7e:67:1d:b4:ae:d8:df:ce:76:7a:b6:69:fa:ee:
01:10:68:62:28:65:33:35:6b:c1:c1:9c:63:1f:42:06:8c:d2:
55:a1:0f:b5:69:f9:10:bd:7f:05:fe:0a:ba:30:3e:8b:b1:d8:
0e:f7:7e:22:58:d2:b9:b8:e9:fc:1e:71:2b:e4:c6:e4:67:cc:
27:5b:cd:d3:1c:95:f7:ce:9b:28:33:7b:d2:71:be:fb:58:b4:
5c:e7:fb:1c:f5:f6:3e:55:7e:44:b7:55:43:3d:22:92:f3:3b:
2e:d2:d0:2f:be:b0:f6:f6:da:74:73:59:c9:7e:c5:29:92:fb:
73:c8:4f:dc:0f:f1:11:56:0a:18:51:87:66:2e:a8:d1:7d:db:
13:c6:56:4e:8b:69:09:d2:f1:1f:d2:9c:5a:4e:ca:60:98:9c:
56:0e:7d:45:b2:d1:c1:e4:b2:2a:2a:57:fd:10:28:d9:f9:07:
cb:43:06:44:50:c1:77:02:58:42:b9:9f:68:7a:21:27:48:b8:
68:73:37:1d:78:1c:e0:b4:4a:fd:78:fd:aa:d7:17:99:84:b0:
a7:ee:17:98:c8:d0:f9:06:cb:4a:f9:d5:db:b7:9b:73:2a:85:
f9:09:f9:b0
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZz4sYhzHb9jmvBRbpTbk8+0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE2MjIwODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGRmMGQ5YTFlOGVlNmFiYmUyZjY0MTc4NzYwNjYxYTUzZjEwZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrdxWC2/WSV2dvYDscVvwQqgxNJF
Ddy8VgARGr3gjK0UvtfQoAT50OJol8GoRna9yODifXcIknGDCWcbIjRA/H/i8K0O
+7eoIA5fXGv0Go9z1vm9jN7l2rdwzPQO9Vb5M9FKXmnd9k/Yx8oq+BaiR+kyhpAl
V47RvQIxO45vm42tnIj88p8u3CzVJ/JwBQffBHyUAeR75NKYXFesYp+viwLuynzF
NCoiB5zIDaTi3UnRnNQ3PdFL3rzDpxkuxW4INifDs/Kr99QeSv42IwEAhvGrisfu
rnI4tljCVe9i/YzqvMVeVpDpPfaCNWlC13Xp8t+LaJY9veOPERea1DtTPwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBjfDZoejuarvi9kF4dgZhpT8Q1wMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvR044Tm1oNk81cXUtTDJRWGgyQm1HbFB4RFhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAAhs9AwQA
kB8MAwQAkB+IAwQAkB+/AwQAkB/tMA0GCSqGSIb3DQEBCwUAA4IBAQBnE67oIu8C
seMTulWW3Jnqdk45EiC8fmcdtK7Y3852erZp+u4BEGhiKGUzNWvBwZxjH0IGjNJV
oQ+1afkQvX8F/gq6MD6LsdgO934iWNK5uOn8HnEr5MbkZ8wnW83THJX3zpsoM3vS
cb77WLRc5/sc9fY+VX5Et1VDPSKS8zsu0tAvvrD29tp0c1nJfsUpkvtzyE/cD/ER
VgoYUYdmLqjRfdsTxlZOi2kJ0vEf0pxaTspgmJxWDn1FstHB5LIqKlf9ECjZ+QfL
QwZEUMF3AlhCuZ9oeiEnSLhoczcdeBzgtEr9eP2q1xeZhLCn7heYyND5BstK+dXb
t5tzKoX5Cfmw
-----END CERTIFICATE-----
Generated at Sat Mar 21 14:36:25 2026 by rpki-client