Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/_BNGHZ8qYEpngRp4fdc5y4hnFrs.roa
File: _BNGHZ8qYEpngRp4fdc5y4hnFrs.roa (raw, json)
Hash identifier: l1sROifVIZlbBmy6pwxrOkUHlB65IkHv8ShiEYSAX/k=
Subject key identifier: FC:13:46:1D:9F:2A:60:4A:67:81:1A:78:7D:D7:39:CB:88:67:16:BB
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019EC7D78B74B8BA2C4EA22E0B58DEDB3902
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/_BNGHZ8qYEpngRp4fdc5y4hnFrs.roa
Signing time: Sun 14 Jun 2026 20:34:12 +0000
ROA not before: Sun 14 Jun 2026 20:34:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 203154
IP address blocks: 2.26.4.0/24 maxlen: 24
2.26.5.0/24 maxlen: 24
2.26.6.0/24 maxlen: 24
2.27.56.0/24 maxlen: 24
2.27.136.0/24 maxlen: 24
2.27.137.0/24 maxlen: 24
31.76.25.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 20 Jun 2026 19:57:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:c7:d7:8b:74:b8:ba:2c:4e:a2:2e:0b:58:de:db:39:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Jun 14 20:34:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=fc13461d9f2a604a67811a787dd739cb886716bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:b6:d9:2c:5e:83:5a:7f:39:80:ee:23:17:84:
27:c0:ed:46:cd:56:7f:db:a2:62:de:e7:32:5f:75:
10:3b:07:60:be:a6:f8:dc:95:b1:22:87:a1:f3:bc:
0f:f9:ef:07:0f:59:19:a6:dd:95:51:18:cc:36:fa:
4e:20:cb:9a:28:43:4b:9f:75:5a:95:b5:07:bf:52:
2a:18:55:69:77:55:4d:39:d9:49:a2:1c:d0:2d:ab:
87:8e:81:4d:46:4e:b2:ce:4e:07:69:7f:7c:0b:70:
72:bc:7e:e8:df:4c:ac:07:be:c9:bd:56:f6:01:48:
09:ac:c8:aa:1f:06:44:30:7e:36:3a:0d:2c:2e:4e:
05:8e:43:a8:1f:32:de:a0:37:bb:2d:35:04:eb:b3:
8b:a8:84:52:ae:57:c0:ad:c4:9e:06:8b:ed:0f:c1:
b9:a4:3d:df:23:2d:df:21:86:0d:3c:9f:0e:0e:9d:
61:49:6a:e0:c0:51:0d:1c:1b:6f:38:5d:27:07:63:
0f:7d:ca:2d:67:40:b0:42:fb:7f:8a:5a:12:ed:be:
f7:ea:2a:f9:91:3f:8d:77:99:4e:ca:23:88:8a:db:
9e:64:10:31:4b:4f:bb:cc:97:e6:4b:e5:30:b6:d7:
42:84:94:5a:64:69:f2:b2:91:15:b0:a9:4a:b6:26:
29:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:13:46:1D:9F:2A:60:4A:67:81:1A:78:7D:D7:39:CB:88:67:16:BB
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/_BNGHZ8qYEpngRp4fdc5y4hnFrs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.4.0-2.26.6.255
2.27.56.0/24
2.27.136.0/23
31.76.25.0/24
Signature Algorithm: sha256WithRSAEncryption
b0:87:32:60:f6:d4:dd:0c:20:1d:b1:2d:3d:6b:8e:b6:e7:99:
eb:4e:bc:00:4c:7d:bf:dd:eb:22:cc:90:fa:bd:18:49:0c:34:
ec:0a:e1:6c:73:f6:6a:76:76:e7:98:79:e9:52:83:b3:5f:ab:
fa:07:02:2a:91:30:61:ea:2a:16:3e:55:8f:cf:ba:23:5a:c0:
64:da:b9:1f:97:a9:cb:94:5e:c5:4f:bc:89:3f:47:78:e5:72:
17:31:c5:94:be:b6:71:07:e9:2f:d9:47:39:41:e8:6a:16:7b:
b6:fa:e6:d9:e7:38:02:81:b1:3b:48:38:5b:5c:fa:79:13:9c:
b8:25:f3:03:39:76:b8:de:e0:be:48:04:a6:79:eb:f3:47:fc:
20:ef:c2:08:58:ca:be:4a:a1:27:89:e9:c9:5d:e4:bc:da:43:
6e:d4:a9:fe:02:d4:d3:16:dc:41:9b:6e:ce:d8:dd:a0:01:37:
c6:08:6f:69:9d:71:23:9e:06:78:df:20:93:23:58:35:35:61:
a4:e6:de:62:b2:68:57:72:6a:35:4e:82:33:9d:5f:50:1d:33:
2f:a6:8f:b5:0c:23:e3:61:2f:80:79:b0:32:b7:1c:e2:32:f0:
53:1c:41:39:0a:5d:c7:95:53:cd:7b:f4:16:5d:e6:08:03:8f:
76:b1:01:9f
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ7H14t0uLosTqIuC1je2zkCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjE0MjAzNDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzEzNDYxZDlmMmE2MDRhNjc4MTFhNzg3ZGQ3MzljYjg4NjcxNmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rbZLF6DWn85gO4jF4QnwO1GzVZ/
26Ji3ucyX3UQOwdgvqb43JWxIoeh87wP+e8HD1kZpt2VURjMNvpOIMuaKENLn3Va
lbUHv1IqGFVpd1VNOdlJohzQLauHjoFNRk6yzk4HaX98C3ByvH7o30ysB77JvVb2
AUgJrMiqHwZEMH42Og0sLk4FjkOoHzLeoDe7LTUE67OLqIRSrlfArcSeBovtD8G5
pD3fIy3fIYYNPJ8ODp1hSWrgwFENHBtvOF0nB2MPfcotZ0CwQvt/iloS7b736ir5
kT+Nd5lOyiOIitueZBAxS0+7zJfmS+UwttdChJRaZGnyspEVsKlKtiYpVQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFPwTRh2fKmBKZ4EaeH3XOcuIZxa7MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvX0JOR0haOHFZRXBuZ1JwNGZkYzV5NGhuRnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBAICGgQD
BAACGgYDBAACGzgDBAECG4gDBAAfTBkwDQYJKoZIhvcNAQELBQADggEBALCHMmD2
1N0MIB2xLT1rjrbnmetOvABMfb/d6yLMkPq9GEkMNOwK4Wxz9mp2dueYeelSg7Nf
q/oHAiqRMGHqKhY+VY/PuiNawGTauR+XqcuUXsVPvIk/R3jlchcxxZS+tnEH6S/Z
RzlB6GoWe7b65tnnOAKBsTtIOFtc+nkTnLgl8wM5drje4L5IBKZ56/NH/CDvwghY
yr5KoSeJ6cld5LzaQ27Uqf4C1NMW3EGbbs7Y3aABN8YIb2mdcSOeBnjfIJMjWDU1
YaTm3mKyaFdyajVOgjOdX1AdMy+mj7UMI+NhL4B5sDK3HOIy8FMcQTkKXceVU817
9BZd5ggDj3axAZ8=
-----END CERTIFICATE-----
Generated at Sat Jun 20 04:06:19 2026 by rpki-client