Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XhMIdbt2JPO4_y3F-F8Caxy2B0I.roa
File: XhMIdbt2JPO4_y3F-F8Caxy2B0I.roa (raw, json)
Hash identifier: s6VSGq0O6IFW+seLQi/o7TYaPrEq0j+3l1CQ2tdSA48=
Subject key identifier: 5E:13:08:75:BB:76:24:F3:B8:FF:2D:C5:F8:5F:02:6B:1C:B6:07:42
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019DB624A279947EF7E9223057EE09370590
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XhMIdbt2JPO4_y3F-F8Caxy2B0I.roa
Signing time: Wed 22 Apr 2026 17:02:27 +0000
ROA not before: Wed 22 Apr 2026 17:02:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 198550
IP address blocks: 2.26.124.0/23 maxlen: 24
2.26.254.0/24 maxlen: 24
2.26.255.0/24 maxlen: 24
2.27.12.0/22 maxlen: 24
144.31.215.0/24 maxlen: 24
150.241.65.0/24 maxlen: 24
150.241.68.0/24 maxlen: 24
150.241.92.0/24 maxlen: 24
193.23.222.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 23 Apr 2026 23:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b6:24:a2:79:94:7e:f7:e9:22:30:57:ee:09:37:05:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 22 17:02:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5e130875bb7624f3b8ff2dc5f85f026b1cb60742
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:90:d9:68:a4:bd:dd:0f:33:26:26:4e:71:b3:
b2:5c:57:15:ef:98:1d:b5:25:d5:cc:cc:51:90:2d:
2f:3c:f4:9a:80:fd:2c:e9:31:37:e3:3e:c4:61:e4:
54:86:88:be:22:e2:ec:3a:e9:a1:20:74:7a:fd:1d:
e5:57:02:c4:f2:8f:29:1b:a4:28:35:fc:16:ea:46:
cd:94:01:f7:6a:07:c3:7b:1f:a6:8f:46:82:cc:a6:
2f:3c:ef:9c:32:3f:aa:c5:8c:85:b1:93:b6:b5:96:
1f:fe:15:06:b6:38:c4:42:a8:85:2b:a9:c1:3e:f5:
9d:22:ce:fc:e1:89:ec:89:97:26:f8:38:a3:a8:cb:
d3:5a:ee:cf:de:b9:9c:26:33:d3:84:21:db:51:6f:
47:d6:f4:53:d3:7a:f9:93:3a:56:c1:a7:47:96:da:
58:18:32:26:28:e7:25:cd:a7:63:7a:92:f3:88:a4:
4f:b5:77:ba:0f:20:2c:69:46:a7:47:cd:be:7f:f7:
70:e8:69:e1:19:0e:c7:d2:92:65:78:fa:9b:a5:ac:
a4:5e:ed:5d:1e:ed:cd:0d:53:42:f7:12:15:cd:ed:
5e:9b:fc:83:91:18:66:13:9a:47:cf:c1:fa:cd:3e:
f1:4e:13:53:59:0d:76:33:fa:ff:dc:e4:61:2b:62:
78:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:13:08:75:BB:76:24:F3:B8:FF:2D:C5:F8:5F:02:6B:1C:B6:07:42
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XhMIdbt2JPO4_y3F-F8Caxy2B0I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.124.0/23
2.26.254.0/23
2.27.12.0/22
144.31.215.0/24
150.241.65.0/24
150.241.68.0/24
150.241.92.0/24
193.23.222.0/24
Signature Algorithm: sha256WithRSAEncryption
35:d6:8f:2a:d6:cb:cb:f1:e2:56:be:56:b5:dd:ec:95:09:45:
37:0f:8a:a8:13:4b:98:68:00:dc:1f:b1:f7:4e:29:3f:9e:47:
43:48:88:61:c3:cf:03:db:90:69:8e:ae:1b:08:16:79:56:1a:
0d:b8:93:bc:50:25:45:7f:d1:01:c0:42:6f:5e:e6:fb:0b:fc:
77:35:86:2c:12:01:07:2d:21:27:aa:49:a5:a4:a6:6b:e9:04:
f0:21:25:ae:4b:40:7e:09:d9:f8:c2:cf:ff:41:12:1b:47:e2:
2d:dc:65:4f:ed:81:3e:c5:e4:19:8a:a9:57:ae:aa:45:7e:17:
97:69:4a:52:93:1c:92:07:c8:ff:49:b3:d0:c1:27:78:a8:62:
0f:35:28:c2:a2:7f:a4:f8:c0:08:d8:7b:0d:7b:b8:11:0c:4f:
8c:26:27:c8:8d:c0:d5:ec:ca:d3:1d:3d:24:04:e1:17:3e:65:
a1:54:0e:73:b1:c6:33:c1:75:d2:ad:60:db:72:d3:ff:11:08:
dd:e6:91:79:e7:63:00:fd:64:44:3c:cc:b0:0d:a1:36:4e:bb:
d9:d7:a6:e4:08:0b:e5:1f:e7:a0:53:14:97:a3:bb:5d:c2:fd:
4d:58:31:2b:05:1d:ca:03:b7:7f:80:a4:67:98:c9:6c:db:82:
0e:5b:5f:21
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZ22JKJ5lH736SIwV+4JNwWQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIyMTcwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTEzMDg3NWJiNzYyNGYzYjhmZjJkYzVmODVmMDI2YjFjYjYwNzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8pDZaKS93Q8zJiZOcbOyXFcV75gd
tSXVzMxRkC0vPPSagP0s6TE34z7EYeRUhoi+IuLsOumhIHR6/R3lVwLE8o8pG6Qo
NfwW6kbNlAH3agfDex+mj0aCzKYvPO+cMj+qxYyFsZO2tZYf/hUGtjjEQqiFK6nB
PvWdIs784YnsiZcm+DijqMvTWu7P3rmcJjPThCHbUW9H1vRT03r5kzpWwadHltpY
GDImKOclzadjepLziKRPtXe6DyAsaUanR82+f/dw6GnhGQ7H0pJlePqbpaykXu1d
Hu3NDVNC9xIVze1em/yDkRhmE5pHz8H6zT7xThNTWQ12M/r/3ORhK2J44QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFF4TCHW7diTzuP8txfhfAmsctgdCMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWGhNSWRidDJKUE80X3kzRi1GOENheHkyQjBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBAhp8AwQB
Ahr+AwQCAhsMAwQAkB/XAwQAlvFBAwQAlvFEAwQAlvFcAwQAwRfeMA0GCSqGSIb3
DQEBCwUAA4IBAQA11o8q1svL8eJWvla13eyVCUU3D4qoE0uYaADcH7H3Tik/nkdD
SIhhw88D25Bpjq4bCBZ5VhoNuJO8UCVFf9EBwEJvXub7C/x3NYYsEgEHLSEnqkml
pKZr6QTwISWuS0B+Cdn4ws//QRIbR+It3GVP7YE+xeQZiqlXrqpFfheXaUpSkxyS
B8j/SbPQwSd4qGIPNSjCon+k+MAI2HsNe7gRDE+MJifIjcDV7MrTHT0kBOEXPmWh
VA5zscYzwXXSrWDbctP/EQjd5pF552MA/WREPMywDaE2TrvZ16bkCAvlH+egUxSX
o7tdwv1NWDErBR3KA7d/gKRnmMls24IOW18h
-----END CERTIFICATE-----
Generated at Thu Apr 23 10:23:14 2026 by rpki-client