Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YNf60x6q6YVV7cD_LCb3jALVObc.roa
File: YNf60x6q6YVV7cD_LCb3jALVObc.roa (raw, json)
Hash identifier: eiz6V+mw66mHLE3dOXa10CamicwFOisbilT6Ifyoel0=
Subject key identifier: 60:D7:FA:D3:1E:AA:E9:85:55:ED:C0:FF:2C:26:F7:8C:02:D5:39:B7
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019CF8B18804575422D98B82E6B41CAD37E5
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YNf60x6q6YVV7cD_LCb3jALVObc.roa
Signing time: Mon 16 Mar 2026 22:08:29 +0000
ROA not before: Mon 16 Mar 2026 22:08:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 202413
IP address blocks: 2.27.61.0/24 maxlen: 24
144.31.12.0/24 maxlen: 24
144.31.191.0/24 maxlen: 24
144.31.237.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Mar 2026 05:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:f8:b1:88:04:57:54:22:d9:8b:82:e6:b4:1c:ad:37:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 16 22:08:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=60d7fad31eaae98555edc0ff2c26f78c02d539b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:c2:cf:a7:2d:26:57:34:cc:d2:bb:b5:8d:86:
ab:94:9a:1e:dd:32:ba:84:86:53:07:02:04:c4:c7:
aa:8e:e9:fe:87:24:93:6a:01:56:cd:c9:c0:d6:44:
17:6c:3b:09:33:71:ac:07:3a:e4:17:f2:f1:87:6d:
38:6a:08:03:79:ef:6d:e9:c3:07:83:f2:75:66:d6:
1a:79:30:c5:55:a9:ef:44:f5:6b:12:ef:62:a6:17:
03:86:53:5d:9f:23:16:e9:30:35:1e:5d:97:7e:56:
d0:e4:a3:53:9b:0c:80:a7:85:a0:48:e7:76:5c:31:
db:76:ae:9b:10:f0:1b:d8:c1:73:45:ba:3a:af:63:
72:53:67:1b:f3:51:a6:e2:62:22:82:36:ab:10:f4:
a6:88:65:c3:4f:c5:2f:e7:58:1d:22:be:f2:10:78:
b2:f3:1f:51:38:85:b3:53:a3:75:e2:15:52:81:42:
27:ae:02:6f:cd:e6:86:f1:eb:fd:22:94:6e:2d:1d:
c3:8f:84:b4:c0:f3:cf:40:79:87:80:14:dc:a6:59:
22:e8:a1:39:ec:c0:cb:40:5a:07:2b:a4:5f:fa:29:
45:61:c5:be:d1:65:52:e7:b3:3c:76:85:34:e9:a9:
08:b6:47:f0:ec:f7:be:77:91:ce:a5:59:fc:37:0c:
41:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:D7:FA:D3:1E:AA:E9:85:55:ED:C0:FF:2C:26:F7:8C:02:D5:39:B7
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YNf60x6q6YVV7cD_LCb3jALVObc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.61.0/24
144.31.12.0/24
144.31.191.0/24
144.31.237.0/24
Signature Algorithm: sha256WithRSAEncryption
6d:e9:79:ee:04:0d:21:b6:37:8d:27:df:75:32:ee:e5:f9:28:
d3:03:71:9f:af:cd:3a:bd:79:93:30:77:78:a1:54:ad:b8:78:
4d:0e:e0:e9:2b:74:dc:d8:ba:b1:77:4d:88:31:c4:02:69:34:
27:52:e0:e0:62:51:44:f3:ed:09:b7:6f:9a:f3:1a:59:8d:80:
80:26:f9:02:3c:28:51:43:51:c7:10:aa:09:40:1d:4d:6b:f4:
8e:82:3e:c2:aa:e3:c9:58:ec:ca:1d:3a:92:0d:db:90:4a:03:
36:78:2e:69:7b:cd:c8:fb:8c:68:7d:55:b8:a0:2c:25:ca:cf:
c2:73:f5:6e:45:45:88:57:ff:d6:6b:ee:e5:70:b5:42:cf:50:
25:4c:ac:56:78:24:ff:d8:eb:5a:f3:3d:28:5a:60:10:3c:b6:
f7:6c:b9:d7:06:c0:a6:56:3a:83:ab:b9:a9:3b:02:ea:af:77:
84:67:51:ef:b5:ba:82:7b:d0:c7:48:8c:ba:35:64:da:07:c8:
3e:45:65:f1:5d:49:2a:8d:1c:e9:3f:cf:a6:48:27:4e:f9:4f:
3e:da:27:b1:1a:dc:c0:d4:22:0e:eb:fa:20:e0:cc:51:10:d6:
a9:bc:33:8d:af:40:32:ed:40:01:02:9c:c0:60:be:db:b1:81:
5e:92:5e:88
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZz4sYgEV1Qi2YuC5rQcrTflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE2MjIwODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGQ3ZmFkMzFlYWFlOTg1NTVlZGMwZmYyYzI2Zjc4YzAyZDUzOWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsLPpy0mVzTM0ru1jYarlJoe3TK6
hIZTBwIExMeqjun+hySTagFWzcnA1kQXbDsJM3GsBzrkF/Lxh204aggDee9t6cMH
g/J1ZtYaeTDFVanvRPVrEu9iphcDhlNdnyMW6TA1Hl2XflbQ5KNTmwyAp4WgSOd2
XDHbdq6bEPAb2MFzRbo6r2NyU2cb81Gm4mIigjarEPSmiGXDT8Uv51gdIr7yEHiy
8x9ROIWzU6N14hVSgUInrgJvzeaG8ev9IpRuLR3Dj4S0wPPPQHmHgBTcplki6KE5
7MDLQFoHK6Rf+ilFYcW+0WVS57M8doU06akItkfw7Pe+d5HOpVn8NwxB+QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGDX+tMequmFVe3A/ywm94wC1Tm3MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWU5mNjB4NnE2WVZWN2NEX0xDYjNqQUxWT2JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAAhs9AwQA
kB8MAwQAkB+/AwQAkB/tMA0GCSqGSIb3DQEBCwUAA4IBAQBt6XnuBA0htjeNJ991
Mu7l+SjTA3Gfr806vXmTMHd4oVStuHhNDuDpK3Tc2Lqxd02IMcQCaTQnUuDgYlFE
8+0Jt2+a8xpZjYCAJvkCPChRQ1HHEKoJQB1Na/SOgj7CquPJWOzKHTqSDduQSgM2
eC5pe83I+4xofVW4oCwlys/Cc/VuRUWIV//Wa+7lcLVCz1AlTKxWeCT/2Ota8z0o
WmAQPLb3bLnXBsCmVjqDq7mpOwLqr3eEZ1HvtbqCe9DHSIy6NWTaB8g+RWXxXUkq
jRzpP8+mSCdO+U8+2iexGtzA1CIO6/og4MxRENapvDONr0Ay7UABApzAYL7bsYFe
kl6I
-----END CERTIFICATE-----
Generated at Sat Mar 21 14:31:03 2026 by rpki-client