Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/a2s9tmTCgNy8mbkQwIh4HjmWQss.roa
File: a2s9tmTCgNy8mbkQwIh4HjmWQss.roa (raw, json)
Hash identifier: Ebf2I0nlwEwJ9wkvQtht5NESdjMDq3AqwEpLAoAeuvk=
Subject key identifier: 6B:6B:3D:B6:64:C2:80:DC:BC:99:B9:10:C0:88:78:1E:39:96:42:CB
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019DF0165BBDF0B9EFD8E595D920D5733842
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/a2s9tmTCgNy8mbkQwIh4HjmWQss.roa
Signing time: Sun 03 May 2026 23:04:50 +0000
ROA not before: Sun 03 May 2026 23:04:50 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 62240
IP address blocks: 2.26.144.0/24 maxlen: 24
2.26.146.0/24 maxlen: 24
2.26.147.0/24 maxlen: 24
2.26.148.0/24 maxlen: 24
2.26.149.0/24 maxlen: 24
2.26.150.0/24 maxlen: 24
2.27.171.0/24 maxlen: 24
144.31.33.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 May 2026 07:02:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f0:16:5b:bd:f0:b9:ef:d8:e5:95:d9:20:d5:73:38:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: May 3 23:04:50 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=6b6b3db664c280dcbc99b910c088781e399642cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:b0:fe:82:36:25:12:f5:68:45:d9:d3:2c:19:
da:0b:86:d9:6a:8d:50:39:8d:7a:40:28:4d:0a:5d:
2a:cd:f4:95:46:63:0d:f6:78:9a:09:0c:45:58:e5:
da:d4:03:70:af:6b:ce:9a:90:ca:fb:a8:94:63:f5:
bc:73:ec:81:f9:ae:15:24:38:e4:64:77:9a:9e:2d:
2b:80:70:fc:b1:a2:30:40:7a:f2:14:45:40:7c:3b:
54:56:88:2a:7a:7b:33:c5:59:3e:d7:16:33:46:aa:
c4:ad:2d:5e:c6:a4:11:12:ec:ba:53:3b:47:ae:bb:
92:c6:40:0d:1a:9a:ea:b2:0a:aa:54:ed:67:46:97:
90:fe:9e:2d:53:75:04:a8:2e:cb:36:c0:06:d4:b2:
9a:b2:76:c4:65:8e:15:ae:8b:ef:05:29:9f:ca:96:
29:90:ee:c4:8d:90:68:a5:f2:ad:cb:b5:54:84:da:
19:b7:5f:4c:aa:f1:2b:24:de:0d:d4:47:68:ca:8b:
77:89:69:29:13:6c:2e:00:6d:1c:93:b4:23:66:46:
d0:d7:9d:2c:be:70:dd:67:c4:14:90:68:b7:c8:ea:
5c:77:bc:c2:6d:5f:07:78:11:85:a5:5c:f6:c5:f1:
1e:08:cf:ef:9a:66:be:86:59:3e:4d:24:8f:4d:c9:
31:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:6B:3D:B6:64:C2:80:DC:BC:99:B9:10:C0:88:78:1E:39:96:42:CB
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/a2s9tmTCgNy8mbkQwIh4HjmWQss.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.144.0/24
2.26.146.0-2.26.150.255
2.27.171.0/24
144.31.33.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:a4:50:66:15:88:f4:a8:1c:c4:c9:d9:9b:0d:1d:7c:86:e1:
e3:fb:67:70:3f:e1:c6:2e:f7:1a:9e:87:f3:21:72:83:d4:a3:
83:4f:4c:be:92:5c:79:04:e7:97:24:8c:8a:1a:03:b5:c2:ac:
59:cf:bd:bc:0f:4b:13:98:1d:ca:5a:7a:5e:9e:3e:dd:95:9a:
24:cc:79:51:53:f8:61:d2:72:12:dc:5f:b8:82:37:1a:26:f6:
85:34:de:76:9c:f0:f1:f2:97:f5:f7:44:49:25:b8:b8:8b:3c:
46:52:6b:d9:4f:fe:c1:a7:0f:2e:88:a8:55:be:9e:cc:1d:cc:
d2:60:86:a1:54:fb:b4:de:e5:53:24:02:5e:b1:79:06:9c:5a:
86:57:3c:47:06:27:c7:64:86:8c:f8:9f:e2:36:76:db:1a:a2:
58:b7:61:29:54:73:2c:50:07:58:1f:f8:61:ae:e3:c9:84:97:
1a:8c:19:fb:88:aa:82:8b:88:46:aa:5f:2a:88:62:ad:16:0a:
c6:7f:42:65:81:3f:3b:60:87:cf:81:cd:4d:ae:dd:7b:d5:64:
00:10:c7:b1:65:46:c1:81:84:d5:c3:05:50:71:be:6d:5e:ae:
13:da:d6:c5:da:c9:f8:d3:e1:ef:92:b4:bf:7a:5c:4b:cf:a7:
86:83:22:2a
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ3wFlu98Lnv2OWV2SDVczhCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTAzMjMwNDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjZiM2RiNjY0YzI4MGRjYmM5OWI5MTBjMDg4NzgxZTM5OTY0MmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubD+gjYlEvVoRdnTLBnaC4bZao1Q
OY16QChNCl0qzfSVRmMN9niaCQxFWOXa1ANwr2vOmpDK+6iUY/W8c+yB+a4VJDjk
ZHeani0rgHD8saIwQHryFEVAfDtUVogqenszxVk+1xYzRqrErS1exqQREuy6UztH
rruSxkANGprqsgqqVO1nRpeQ/p4tU3UEqC7LNsAG1LKasnbEZY4VrovvBSmfypYp
kO7EjZBopfKty7VUhNoZt19MqvErJN4N1Edoyot3iWkpE2wuAG0ck7QjZkbQ150s
vnDdZ8QUkGi3yOpcd7zCbV8HeBGFpVz2xfEeCM/vmma+hlk+TSSPTckxFQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFGtrPbZkwoDcvJm5EMCIeB45lkLLMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYTJzOXRtVENnTnk4bWJrUXdJaDRIam1XUXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAAhqQMAwD
BAECGpIDBAACGpYDBAACG6sDBACQHyEwDQYJKoZIhvcNAQELBQADggEBADykUGYV
iPSoHMTJ2ZsNHXyG4eP7Z3A/4cYu9xqeh/MhcoPUo4NPTL6SXHkE55ckjIoaA7XC
rFnPvbwPSxOYHcpael6ePt2VmiTMeVFT+GHSchLcX7iCNxom9oU03nac8PHyl/X3
REkluLiLPEZSa9lP/sGnDy6IqFW+nswdzNJghqFU+7Te5VMkAl6xeQacWoZXPEcG
J8dkhoz4n+I2dtsaoli3YSlUcyxQB1gf+GGu48mElxqMGfuIqoKLiEaqXyqIYq0W
CsZ/QmWBPztgh8+BzU2u3XvVZAAQx7FlRsGBhNXDBVBxvm1erhPa1sXayfjT4e+S
tL96XEvPp4aDIio=
-----END CERTIFICATE-----
Generated at Tue May 5 16:49:52 2026 by rpki-client