Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HFEX0zEJH-5G5u2xqIhrPaofMFM.roa
File: HFEX0zEJH-5G5u2xqIhrPaofMFM.roa (raw, json)
Hash identifier: kcYSdyD9xWqXkEryz4WUzvTNMnxAP/lOUmCfmk6lVQM=
Subject key identifier: 1C:51:17:D3:31:09:1F:EE:46:E6:ED:B1:A8:88:6B:3D:AA:1F:30:53
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019DBCD93F8E8F33D9F8BAFE588A07F1C592
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HFEX0zEJH-5G5u2xqIhrPaofMFM.roa
Signing time: Fri 24 Apr 2026 00:17:27 +0000
ROA not before: Fri 24 Apr 2026 00:17:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216127
IP address blocks: 2.26.16.0/22 maxlen: 24
2.26.28.0/22 maxlen: 24
2.26.116.0/22 maxlen: 24
2.26.248.0/22 maxlen: 24
2.27.18.0/24 maxlen: 24
2.27.19.0/24 maxlen: 24
31.76.224.0/22 maxlen: 24
77.239.96.0/22 maxlen: 24
144.31.96.0/22 maxlen: 24
144.31.154.0/23 maxlen: 24
144.31.180.0/22 maxlen: 24
144.31.188.0/23 maxlen: 24
144.31.200.0/23 maxlen: 24
144.31.204.0/23 maxlen: 24
144.31.250.0/23 maxlen: 24
150.241.90.0/23 maxlen: 24
185.184.120.0/24 maxlen: 24
185.184.121.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 03:26:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:bc:d9:3f:8e:8f:33:d9:f8:ba:fe:58:8a:07:f1:c5:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 24 00:17:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1c5117d331091fee46e6edb1a8886b3daa1f3053
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:8e:02:69:e8:6a:fe:94:ec:4b:17:c1:73:c9:
d6:1d:37:62:1f:51:38:c7:e2:4d:fb:ec:29:62:db:
55:73:8d:aa:ab:b6:24:c5:c7:80:99:99:79:27:2d:
20:c8:27:e1:f8:dc:c7:74:48:42:fa:d2:91:eb:04:
14:11:28:e2:d3:1c:6f:6f:8d:95:ad:dd:6f:25:7f:
fa:bf:0d:ae:8a:9b:8d:92:5e:78:20:e6:e4:44:64:
ad:ed:f5:73:1d:7e:6b:a3:65:84:42:40:32:4c:cc:
30:3e:4b:0a:e7:c3:89:0a:1f:ef:37:ec:09:4c:5f:
57:04:91:41:bd:ea:2b:47:13:47:63:54:1f:5f:0d:
a0:38:bd:2b:de:02:35:e9:57:36:a8:47:84:04:e0:
84:16:66:ee:6e:31:c1:d0:a8:dc:ba:1b:37:68:98:
67:da:44:f0:e6:ba:fe:e8:55:3e:d4:08:3a:ea:16:
ff:59:69:31:0b:dd:79:5e:1b:52:fb:2d:bd:56:12:
d2:7f:01:db:a7:e1:68:a4:24:9a:62:d1:50:56:06:
b0:88:32:06:bb:cb:56:fe:2b:55:fa:e0:1e:d6:28:
17:74:62:74:02:06:ef:3e:a4:be:7d:e7:a2:7a:29:
4c:d2:59:d3:14:ca:9d:6e:1e:e0:ac:33:d7:bb:c9:
81:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:51:17:D3:31:09:1F:EE:46:E6:ED:B1:A8:88:6B:3D:AA:1F:30:53
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HFEX0zEJH-5G5u2xqIhrPaofMFM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.16.0/22
2.26.28.0/22
2.26.116.0/22
2.26.248.0/22
2.27.18.0/23
31.76.224.0/22
77.239.96.0/22
144.31.96.0/22
144.31.154.0/23
144.31.180.0/22
144.31.188.0/23
144.31.200.0/23
144.31.204.0/23
144.31.250.0/23
150.241.90.0/23
185.184.120.0/23
Signature Algorithm: sha256WithRSAEncryption
b4:8e:48:0a:ff:dc:f0:78:0b:c8:9f:69:fb:7b:a6:ff:67:29:
5b:63:ea:4f:b7:0f:9f:f5:58:cd:e3:90:6d:b5:7c:7e:ed:82:
3b:aa:74:4c:f1:03:6e:a6:83:2b:e1:ec:a4:e6:48:11:7e:c7:
e3:45:fc:ae:b0:5e:4f:0c:f5:cd:e4:09:32:f4:10:52:49:be:
9f:18:0c:8c:4b:92:e4:15:00:a7:38:e9:91:1a:9f:d7:cd:a1:
a4:31:fd:c3:19:d3:f8:51:62:4f:37:c0:ab:44:8f:6a:f9:13:
6e:a6:d4:75:c9:14:11:51:e5:7f:f2:0b:30:ec:dc:ca:ba:78:
02:48:dc:6c:38:fc:f1:7e:f1:dd:b6:72:c3:08:73:af:ff:79:
3d:74:71:a0:3f:a5:e7:15:ed:36:c6:1e:45:38:37:0d:70:a6:
d3:37:a9:28:62:1a:6f:4c:09:1e:11:6c:b1:67:e3:7f:93:ec:
58:3d:00:a0:6a:b8:34:8f:6d:21:f7:77:8d:63:aa:f6:f2:92:
c6:e7:12:76:31:8d:83:0f:5f:2a:95:c7:a5:f0:9e:40:00:86:
2d:09:4d:67:c3:f9:87:40:ed:2f:94:1e:9d:a9:6c:ff:4a:59:
a1:0c:dd:5e:0a:b9:be:b9:77:d8:9a:08:93:c4:c1:16:39:c8:
53:4d:a7:38
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZ282T+OjzPZ+Lr+WIoH8cWSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDI0MDAxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzUxMTdkMzMxMDkxZmVlNDZlNmVkYjFhODg4NmIzZGFhMWYzMDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqo4Caehq/pTsSxfBc8nWHTdiH1E4
x+JN++wpYttVc42qq7YkxceAmZl5Jy0gyCfh+NzHdEhC+tKR6wQUESji0xxvb42V
rd1vJX/6vw2uipuNkl54IObkRGSt7fVzHX5ro2WEQkAyTMwwPksK58OJCh/vN+wJ
TF9XBJFBveorRxNHY1QfXw2gOL0r3gI16Vc2qEeEBOCEFmbubjHB0Kjcuhs3aJhn
2kTw5rr+6FU+1Ag66hb/WWkxC915XhtS+y29VhLSfwHbp+FopCSaYtFQVgawiDIG
u8tW/itV+uAe1igXdGJ0AgbvPqS+feeieilM0lnTFMqdbh7grDPXu8mBNwIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFBxRF9MxCR/uRubtsaiIaz2qHzBTMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSEZFWDB6RUpILTVHNXUyeHFJaHJQYW9mTUZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQCAhoQAwQC
AhocAwQCAhp0AwQCAhr4AwQBAhsSAwQCH0zgAwQCTe9gAwQCkB9gAwQBkB+aAwQC
kB+0AwQBkB+8AwQBkB/IAwQBkB/MAwQBkB/6AwQBlvFaAwQBubh4MA0GCSqGSIb3
DQEBCwUAA4IBAQC0jkgK/9zweAvIn2n7e6b/ZylbY+pPtw+f9VjN45BttXx+7YI7
qnRM8QNupoMr4eyk5kgRfsfjRfyusF5PDPXN5Aky9BBSSb6fGAyMS5LkFQCnOOmR
Gp/XzaGkMf3DGdP4UWJPN8CrRI9q+RNuptR1yRQRUeV/8gsw7NzKungCSNxsOPzx
fvHdtnLDCHOv/3k9dHGgP6XnFe02xh5FODcNcKbTN6koYhpvTAkeEWyxZ+N/k+xY
PQCgarg0j20h93eNY6r28pLG5xJ2MY2DD18qlcel8J5AAIYtCU1nw/mHQO0vlB6d
qWz/SlmhDN1eCrm+uXfYmgiTxMEWOchTTac4
-----END CERTIFICATE-----
Generated at Mon Apr 27 11:15:49 2026 by rpki-client