Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LWZK33A2NfiOGY8XVTu1R3rV-4E.roa
File: LWZK33A2NfiOGY8XVTu1R3rV-4E.roa (raw, json)
Hash identifier: uwIMZjiaUCvpD1/78PYUSdYqmklo5TQj4IHt7h6XVXA=
Subject key identifier: 2D:66:4A:DF:70:36:35:F8:8E:19:8F:17:55:3B:B5:47:7A:D5:FB:81
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D9CB465D0D6AADE526F8FA2B8648AA491
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LWZK33A2NfiOGY8XVTu1R3rV-4E.roa
Signing time: Fri 17 Apr 2026 18:29:21 +0000
ROA not before: Fri 17 Apr 2026 18:29:21 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 200566
IP address blocks: 2.26.131.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 May 2026 07:02:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:9c:b4:65:d0:d6:aa:de:52:6f:8f:a2:b8:64:8a:a4:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 17 18:29:21 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2d664adf703635f88e198f17553bb5477ad5fb81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:2d:32:65:e0:b3:53:72:49:08:c3:e9:15:c9:
53:43:ec:12:c5:95:40:17:16:fb:bd:be:08:7c:87:
25:0c:0b:54:0c:f5:e7:59:d4:9c:ce:79:c1:55:1e:
88:02:96:67:45:41:b7:97:e3:87:d0:e8:a8:1f:0d:
93:02:20:61:56:c5:c1:c8:04:61:7e:d7:3e:9b:58:
81:76:53:91:52:17:44:74:b9:d0:d0:9c:e7:0e:eb:
52:4a:5e:13:8a:7a:91:3d:36:37:f8:23:c5:61:06:
fb:ac:6c:e0:de:8b:4e:ee:cc:94:34:d4:df:4d:2d:
3c:6e:2c:ac:c8:0c:86:bf:84:64:e2:1b:e0:2b:f4:
08:39:f0:fa:66:a8:9a:b9:41:3d:d0:90:e1:da:de:
ca:82:1a:a4:ea:f6:25:08:e7:3b:af:17:83:25:c4:
34:a1:b4:b1:93:21:e4:0d:79:8c:ae:14:96:f9:35:
b0:a2:6c:ab:f4:06:8e:74:dd:5b:aa:63:a9:f9:87:
c6:0b:df:2b:88:6c:43:88:96:72:20:ee:79:6b:66:
c5:5b:fb:6d:ba:bc:ed:b5:d5:c9:ca:9b:7e:98:56:
6a:f7:ac:20:2b:35:1c:ae:f7:36:23:48:ae:64:0c:
2f:2c:5f:94:62:43:60:2b:45:ec:4d:3e:68:a1:07:
ec:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:66:4A:DF:70:36:35:F8:8E:19:8F:17:55:3B:B5:47:7A:D5:FB:81
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LWZK33A2NfiOGY8XVTu1R3rV-4E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.131.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:16:75:de:71:c9:5a:aa:05:c1:d9:c1:34:f5:af:66:11:fa:
1a:67:2c:de:b7:df:96:08:ac:6f:ea:c8:b9:90:8e:84:3d:98:
96:fb:74:62:dd:dc:67:1e:ac:ab:4b:5f:d0:a6:50:8c:f6:30:
8b:04:6c:8b:80:41:3e:b9:dd:8e:ae:2f:5b:ec:9a:d7:3a:3e:
70:2c:00:00:82:b6:8f:a5:6c:4b:36:17:2a:3b:20:cb:ef:c8:
d6:31:41:cc:36:73:93:c8:37:90:10:a1:f8:ac:52:cc:8e:77:
d2:6a:64:4f:ad:b1:19:22:61:bd:c3:5a:4a:55:79:4c:f7:09:
f9:18:bd:e9:e4:ae:d2:38:37:29:c0:34:aa:d0:85:62:cf:28:
10:3f:16:f8:11:61:47:7a:5c:d8:11:b6:77:63:3d:11:18:93:
5f:b4:c6:67:31:cc:3b:41:4e:bd:22:ce:04:66:be:23:53:bc:
3d:a6:02:46:cd:10:09:0c:1f:7e:71:2b:62:b8:f0:10:07:2c:
43:2e:07:a5:af:b8:31:d7:c9:75:38:37:3f:30:f8:93:3d:50:
8c:8e:27:cf:2d:42:90:93:95:82:c5:c3:b1:57:42:06:35:43:
d8:0e:62:4c:78:91:fc:de:28:37:2a:e7:3d:2c:e2:91:65:06:
86:23:e4:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2ctGXQ1qreUm+PorhkiqSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE3MTgyOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDY2NGFkZjcwMzYzNWY4OGUxOThmMTc1NTNiYjU0NzdhZDVmYjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmC0yZeCzU3JJCMPpFclTQ+wSxZVA
Fxb7vb4IfIclDAtUDPXnWdScznnBVR6IApZnRUG3l+OH0OioHw2TAiBhVsXByARh
ftc+m1iBdlORUhdEdLnQ0JznDutSSl4TinqRPTY3+CPFYQb7rGzg3otO7syUNNTf
TS08biysyAyGv4Rk4hvgK/QIOfD6ZqiauUE90JDh2t7Kghqk6vYlCOc7rxeDJcQ0
obSxkyHkDXmMrhSW+TWwomyr9AaOdN1bqmOp+YfGC98riGxDiJZyIO55a2bFW/tt
urzttdXJypt+mFZq96wgKzUcrvc2I0iuZAwvLF+UYkNgK0XsTT5ooQfsAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1mSt9wNjX4jhmPF1U7tUd61fuBMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTFdaSzMzQTJOZmlPR1k4WFZUdTFSM3JWLTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqDMA0G
CSqGSIb3DQEBCwUAA4IBAQBrFnXecclaqgXB2cE09a9mEfoaZyzet9+WCKxv6si5
kI6EPZiW+3Ri3dxnHqyrS1/QplCM9jCLBGyLgEE+ud2Ori9b7JrXOj5wLAAAgraP
pWxLNhcqOyDL78jWMUHMNnOTyDeQEKH4rFLMjnfSamRPrbEZImG9w1pKVXlM9wn5
GL3p5K7SODcpwDSq0IVizygQPxb4EWFHelzYEbZ3Yz0RGJNftMZnMcw7QU69Is4E
Zr4jU7w9pgJGzRAJDB9+cStiuPAQByxDLgelr7gx18l1ODc/MPiTPVCMjifPLUKQ
k5WCxcOxV0IGNUPYDmJMeJH83ig3Kuc9LOKRZQaGI+Sk
-----END CERTIFICATE-----
Generated at Tue May 5 16:49:06 2026 by rpki-client