Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ikORpJyYszvK9U6lslc2RP4N6VY.roa
File: ikORpJyYszvK9U6lslc2RP4N6VY.roa (raw, json)
Hash identifier: rGzKtTDPGKXZkt76KZ9lV48MGlhC64h9kX0FphwAMqA=
Subject key identifier: 8A:43:91:A4:9C:98:B3:3B:CA:F5:4E:A5:B2:57:36:44:FE:0D:E9:56
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D01BA265A5492559E603921B09675C69F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ikORpJyYszvK9U6lslc2RP4N6VY.roa
Signing time: Wed 18 Mar 2026 16:14:29 +0000
ROA not before: Wed 18 Mar 2026 16:14:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 57043
IP address blocks: 2.27.86.0/24 maxlen: 24
144.31.55.0/24 maxlen: 24
144.31.56.0/24 maxlen: 24
144.31.58.0/24 maxlen: 24
144.31.60.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Mar 2026 05:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:01:ba:26:5a:54:92:55:9e:60:39:21:b0:96:75:c6:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 18 16:14:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8a4391a49c98b33bcaf54ea5b2573644fe0de956
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:19:00:c4:df:14:c4:86:7d:c2:e0:22:40:1e:
7e:88:1c:52:c9:aa:73:a1:fb:09:8e:d9:0e:3d:fb:
9a:a9:c1:6b:e2:9b:be:8a:8a:33:1f:57:e2:b8:28:
47:f9:6d:ca:9d:75:eb:c0:ec:7b:e6:d5:2b:cc:8b:
b3:f2:ab:17:20:2d:69:c3:8a:c4:6d:14:be:06:03:
50:4f:bf:65:d8:04:8e:83:80:31:76:d4:8e:89:7e:
36:9b:7c:8c:e8:2a:66:c5:e7:e4:12:4d:41:e5:be:
2e:a6:fa:a0:10:f3:cb:d1:b6:cb:5c:59:fc:0e:29:
43:57:b9:13:8c:1c:02:56:bc:4a:cd:3f:c8:4d:92:
06:14:df:31:a1:38:a6:52:82:32:35:32:fe:5f:92:
14:87:de:e3:31:c7:17:0c:f3:c7:50:0e:09:c7:23:
46:4e:5b:db:8b:00:d2:83:9d:ba:93:70:d7:75:97:
ac:2f:ff:3c:98:d3:32:c6:ee:97:8a:9f:50:91:73:
9f:bc:ba:1c:de:e7:b4:63:b0:2e:47:6c:2f:55:d5:
c3:75:41:6e:b0:11:96:d5:1d:23:b1:8d:9f:24:56:
95:d9:14:ae:cb:af:99:7e:92:90:73:64:2b:ed:b7:
bb:56:67:15:fe:d8:75:da:cc:aa:fb:70:ea:b8:78:
a6:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:43:91:A4:9C:98:B3:3B:CA:F5:4E:A5:B2:57:36:44:FE:0D:E9:56
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ikORpJyYszvK9U6lslc2RP4N6VY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.86.0/24
144.31.55.0-144.31.56.255
144.31.58.0/24
144.31.60.0/24
Signature Algorithm: sha256WithRSAEncryption
06:ea:28:a8:8b:bc:74:5c:c3:b0:76:ae:33:99:af:cc:b7:29:
4d:d3:33:0d:4d:5f:12:ec:f0:dd:f6:47:82:d3:99:3e:d3:0b:
c6:50:36:f9:54:b3:99:36:76:d5:f7:78:55:68:19:8a:d9:ad:
20:4e:64:dc:5c:44:37:5c:47:1c:fa:f2:d2:e4:99:9b:42:52:
e5:20:f1:af:5f:59:ab:5b:7f:d1:3f:0a:87:bb:4d:55:81:7d:
e9:ee:e0:c0:15:99:3b:03:fe:8c:d7:e4:6e:bf:9a:40:b9:4b:
1f:a4:fa:0a:ad:ce:e1:b5:60:a1:15:4a:8a:d7:e9:9f:ff:73:
63:eb:d2:80:f3:08:f9:41:7d:c0:a8:fd:64:7e:1e:a5:f1:a6:
01:8e:24:83:27:11:e0:2a:56:a6:73:48:51:4a:f0:41:9e:5d:
41:45:bf:98:7f:e4:c7:4e:bc:ba:b5:81:8c:9a:d0:49:5c:2c:
b4:70:6a:48:4b:91:6a:1b:38:c3:a6:56:3b:e2:df:73:54:e9:
f5:6d:4c:57:de:b6:25:a2:d3:a4:94:61:ff:a9:d0:79:7e:16:
d7:95:d9:47:b1:96:db:96:01:e5:99:f0:e5:a0:c9:a3:3d:76:
d8:b0:c8:7b:42:ef:e7:8d:3d:55:a7:6f:bd:e5:a7:0f:c0:7b:
08:56:b8:c2
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ0BuiZaVJJVnmA5IbCWdcafMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE4MTYxNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQzOTFhNDljOThiMzNiY2FmNTRlYTViMjU3MzY0NGZlMGRlOTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hkAxN8UxIZ9wuAiQB5+iBxSyapz
ofsJjtkOPfuaqcFr4pu+ioozH1fiuChH+W3KnXXrwOx75tUrzIuz8qsXIC1pw4rE
bRS+BgNQT79l2ASOg4AxdtSOiX42m3yM6CpmxefkEk1B5b4upvqgEPPL0bbLXFn8
DilDV7kTjBwCVrxKzT/ITZIGFN8xoTimUoIyNTL+X5IUh97jMccXDPPHUA4JxyNG
TlvbiwDSg526k3DXdZesL/88mNMyxu6Xip9QkXOfvLoc3ue0Y7AuR2wvVdXDdUFu
sBGW1R0jsY2fJFaV2RSuy6+ZfpKQc2Qr7be7VmcV/th12syq+3DquHimlQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFIpDkaScmLM7yvVOpbJXNkT+DelWMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvaWtPUnBKeVlzenZLOVU2bHNsYzJSUDRONlZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAAhtWMAwD
BACQHzcDBACQHzgDBACQHzoDBACQHzwwDQYJKoZIhvcNAQELBQADggEBAAbqKKiL
vHRcw7B2rjOZr8y3KU3TMw1NXxLs8N32R4LTmT7TC8ZQNvlUs5k2dtX3eFVoGYrZ
rSBOZNxcRDdcRxz68tLkmZtCUuUg8a9fWatbf9E/Coe7TVWBfenu4MAVmTsD/ozX
5G6/mkC5Sx+k+gqtzuG1YKEVSorX6Z//c2Pr0oDzCPlBfcCo/WR+HqXxpgGOJIMn
EeAqVqZzSFFK8EGeXUFFv5h/5MdOvLq1gYya0ElcLLRwakhLkWobOMOmVjvi33NU
6fVtTFfetiWi06SUYf+p0Hl+FteV2UexltuWAeWZ8OWgyaM9dtiwyHtC7+eNPVWn
b73lpw/AewhWuMI=
-----END CERTIFICATE-----
Generated at Sat Mar 21 14:31:32 2026 by rpki-client