Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GQAPUpDc9TDjUGscUQ9ipGylezc.roa
File: GQAPUpDc9TDjUGscUQ9ipGylezc.roa (raw, json)
Hash identifier: H09HcQ27crfZce/Q7ZAPQ2ZX128lGCaGBoTl/4TAMWo=
Subject key identifier: 19:00:0F:52:90:DC:F5:30:E3:50:6B:1C:51:0F:62:A4:6C:A5:7B:37
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019CFCEC98D397B7FC030DE33450BEEA324C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GQAPUpDc9TDjUGscUQ9ipGylezc.roa
Signing time: Tue 17 Mar 2026 17:51:29 +0000
ROA not before: Tue 17 Mar 2026 17:51:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 206134
IP address blocks: 2.27.120.0/22 maxlen: 24
64.188.115.0/24 maxlen: 24
77.239.127.0/24 maxlen: 24
144.31.98.0/24 maxlen: 24
144.31.154.0/23 maxlen: 24
144.31.180.0/22 maxlen: 24
144.31.188.0/23 maxlen: 24
144.31.251.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Mar 2026 05:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:fc:ec:98:d3:97:b7:fc:03:0d:e3:34:50:be:ea:32:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 17 17:51:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=19000f5290dcf530e3506b1c510f62a46ca57b37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:a5:e1:db:33:32:f0:c2:62:21:c3:68:b6:e6:
f1:08:82:5f:5b:73:9a:1e:bc:4d:82:2b:85:07:9f:
11:52:f6:78:59:74:f7:5a:de:68:c3:5e:77:69:a5:
d4:49:29:c6:12:60:25:80:f0:e2:63:af:0b:3e:2a:
44:32:61:1c:78:10:97:5e:46:de:f8:1e:81:1f:d7:
ce:68:44:9f:7a:42:53:b0:7e:39:19:7a:e6:ef:f0:
58:c7:d1:a2:45:ee:7e:44:da:3f:8e:cb:39:d8:25:
82:9a:21:80:1d:3f:03:e5:80:34:84:f9:ba:38:78:
9d:18:32:a6:15:08:a6:cb:b4:44:d2:89:f5:08:a8:
aa:f3:f9:12:db:66:c3:aa:81:a3:8e:ea:b2:bf:03:
93:83:ad:2f:7c:90:93:12:ea:b8:5b:1d:5a:5b:b6:
c1:03:be:ca:4e:e3:1b:04:35:f4:46:f4:c3:35:88:
a5:b4:a8:e7:2f:71:e6:96:d2:56:7d:78:45:7c:9a:
20:62:21:db:07:29:60:ac:64:f5:be:8a:47:c4:f5:
9b:e8:e7:8b:11:6d:5e:4a:64:c3:df:f0:0d:d5:64:
b4:55:69:96:f4:3c:90:ba:ac:eb:95:b4:a7:18:12:
4c:cb:1d:22:5d:ce:27:6e:42:9a:30:5b:c5:03:e9:
f4:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:00:0F:52:90:DC:F5:30:E3:50:6B:1C:51:0F:62:A4:6C:A5:7B:37
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GQAPUpDc9TDjUGscUQ9ipGylezc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.120.0/22
64.188.115.0/24
77.239.127.0/24
144.31.98.0/24
144.31.154.0/23
144.31.180.0/22
144.31.188.0/23
144.31.251.0/24
Signature Algorithm: sha256WithRSAEncryption
94:29:f1:da:8e:5d:fc:b6:5b:d8:ff:c4:0f:37:83:31:4c:13:
26:85:66:f0:56:9d:82:04:ea:44:1c:24:91:e3:da:51:3e:9c:
f8:11:15:51:71:20:35:a5:82:ae:8f:31:c6:66:c5:b4:ef:5b:
31:43:eb:81:26:1d:08:61:e7:ca:74:60:31:1d:70:2b:47:0f:
8f:a3:33:1a:63:c9:24:9c:c5:b4:cc:23:79:05:da:91:d2:74:
bc:c5:bf:b1:24:46:0c:1c:33:f7:4c:65:31:01:0b:50:1c:91:
40:b8:a7:11:d7:12:f2:2a:08:c8:3c:fc:aa:01:a8:88:71:4c:
15:f5:1b:df:eb:33:c1:8f:1b:53:d1:bf:d6:cf:17:5d:95:b5:
96:d7:78:dc:5f:0b:13:00:74:a0:18:fa:b7:94:13:55:14:05:
8d:1c:13:7f:79:87:fb:73:a4:63:3a:ad:34:a2:fd:e1:05:38:
be:25:6e:c3:50:a4:c8:8f:f7:9e:95:e8:84:ab:75:df:8e:81:
9a:06:44:47:5d:10:80:a0:e8:91:02:b0:6f:64:c7:df:5f:7a:
0d:b8:02:89:5e:3f:6d:f0:31:5f:bc:ff:b9:ef:68:d9:fe:32:
e5:e3:0a:eb:ce:63:f1:8c:82:5f:96:a3:b0:3b:10:e9:9f:9c:
ef:ad:52:6f
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZz87JjTl7f8Aw3jNFC+6jJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE3MTc1MTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTAwMGY1MjkwZGNmNTMwZTM1MDZiMWM1MTBmNjJhNDZjYTU3YjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKXh2zMy8MJiIcNotubxCIJfW3Oa
HrxNgiuFB58RUvZ4WXT3Wt5ow153aaXUSSnGEmAlgPDiY68LPipEMmEceBCXXkbe
+B6BH9fOaESfekJTsH45GXrm7/BYx9GiRe5+RNo/jss52CWCmiGAHT8D5YA0hPm6
OHidGDKmFQimy7RE0on1CKiq8/kS22bDqoGjjuqyvwOTg60vfJCTEuq4Wx1aW7bB
A77KTuMbBDX0RvTDNYiltKjnL3HmltJWfXhFfJogYiHbBylgrGT1vopHxPWb6OeL
EW1eSmTD3/AN1WS0VWmW9DyQuqzrlbSnGBJMyx0iXc4nbkKaMFvFA+n0nwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBkAD1KQ3PUw41BrHFEPYqRspXs3MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvR1FBUFVwRGM5VERqVUdzY1VROWlwR3lsZXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCAht4AwQA
QLxzAwQATe9/AwQAkB9iAwQBkB+aAwQCkB+0AwQBkB+8AwQAkB/7MA0GCSqGSIb3
DQEBCwUAA4IBAQCUKfHajl38tlvY/8QPN4MxTBMmhWbwVp2CBOpEHCSR49pRPpz4
ERVRcSA1pYKujzHGZsW071sxQ+uBJh0IYefKdGAxHXArRw+PozMaY8kknMW0zCN5
BdqR0nS8xb+xJEYMHDP3TGUxAQtQHJFAuKcR1xLyKgjIPPyqAaiIcUwV9Rvf6zPB
jxtT0b/WzxddlbWW13jcXwsTAHSgGPq3lBNVFAWNHBN/eYf7c6RjOq00ov3hBTi+
JW7DUKTIj/eeleiEq3XfjoGaBkRHXRCAoOiRArBvZMffX3oNuAKJXj9t8DFfvP+5
72jZ/jLl4wrrzmPxjIJflqOwOxDpn5zvrVJv
-----END CERTIFICATE-----
Generated at Sat Mar 21 14:31:02 2026 by rpki-client