Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lProQNtkPKSv03_kUkDpc2EOARk.roa
File: lProQNtkPKSv03_kUkDpc2EOARk.roa (raw, json)
Hash identifier: MBxY0sIZslBE3UznvhFsEdwHdPgw0DBZBL39Q4LV9xQ=
Subject key identifier: 94:FA:E8:40:DB:64:3C:A4:AF:D3:7F:E4:52:40:E9:73:61:0E:01:19
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019E2C6A32263B8500C9768546BEA92C584A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lProQNtkPKSv03_kUkDpc2EOARk.roa
Signing time: Fri 15 May 2026 16:13:37 +0000
ROA not before: Fri 15 May 2026 16:13:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 14618
IP address blocks: 2.26.200.0/21 maxlen: 24
2.26.208.0/21 maxlen: 24
2.27.140.0/23 maxlen: 24
2.27.218.0/23 maxlen: 24
2.27.220.0/23 maxlen: 24
2.27.222.0/23 maxlen: 24
2.27.239.0/24 maxlen: 24
2.27.240.0/24 maxlen: 24
2.27.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 May 2026 08:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:2c:6a:32:26:3b:85:00:c9:76:85:46:be:a9:2c:58:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: May 15 16:13:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=94fae840db643ca4afd37fe45240e973610e0119
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:96:41:b3:e2:c6:ee:e3:28:d5:74:9a:37:c5:
05:2c:a8:43:fc:71:d3:88:c2:a0:35:7b:8c:80:a6:
2d:ea:2d:6a:6c:c1:4d:38:9f:56:8a:32:f7:f6:d4:
b3:b3:e8:c6:37:b5:77:77:2f:bc:99:01:f2:ca:84:
f4:f6:7b:e1:61:d7:3c:d9:50:bf:7d:09:4a:2a:6d:
de:c0:f2:e9:9f:db:50:42:28:fb:60:7c:6a:d7:23:
70:56:46:ed:b3:48:1b:ba:4f:d7:95:ff:32:d6:33:
00:8c:03:3c:5b:04:1d:59:5f:a7:0a:f0:6c:e8:ab:
b3:b3:8b:03:2d:a3:fb:25:77:a5:f0:f8:31:27:9d:
2c:98:f0:d0:d8:41:58:47:14:ef:e0:a7:d2:09:17:
cf:90:97:a3:1d:46:7b:8d:05:e7:a1:b7:1d:c5:08:
b9:3c:7e:74:5b:70:b6:70:55:80:67:04:b4:36:25:
1e:ac:23:1b:7d:48:cf:e9:2c:0a:80:88:53:e9:fc:
6b:3a:ff:ce:85:f2:f4:a7:a7:75:08:71:b4:29:18:
f9:fd:90:7f:7c:f5:3a:a1:93:7a:96:ce:05:4e:ff:
e8:27:09:30:71:ec:53:39:9b:83:85:aa:a5:de:e3:
5f:ac:12:04:cd:93:31:78:db:0b:51:55:ad:5b:56:
3c:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:FA:E8:40:DB:64:3C:A4:AF:D3:7F:E4:52:40:E9:73:61:0E:01:19
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lProQNtkPKSv03_kUkDpc2EOARk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.200.0-2.26.215.255
2.27.140.0/23
2.27.218.0-2.27.223.255
2.27.239.0-2.27.240.255
2.27.254.0/24
Signature Algorithm: sha256WithRSAEncryption
05:42:44:b5:33:f6:e8:4b:4e:1f:c1:11:43:3f:c4:e0:e2:7d:
e4:07:e0:f7:3e:cf:4e:b3:27:a8:76:d8:ac:b9:4e:a1:3e:fc:
17:08:e4:6b:02:5b:46:12:3c:ca:f3:04:a6:fe:5d:b8:65:04:
62:22:8a:41:7e:48:72:8d:b6:09:3e:f9:46:c0:6b:19:87:d2:
99:43:b0:1f:fe:96:05:24:db:a5:6f:bd:3e:e8:9d:16:a8:10:
cc:0c:d4:bd:32:7b:f2:ca:ba:8b:55:5d:00:6e:8c:57:20:40:
fb:66:3a:e4:db:1c:2b:08:c2:ae:7d:8a:84:a6:1f:7a:c5:62:
a7:c8:12:6d:5c:68:47:1e:29:b2:9b:98:fb:1c:b6:12:d6:76:
6e:ba:16:1f:76:9d:ed:64:ad:05:ef:29:97:93:cd:d2:8f:98:
cb:05:7f:61:2c:7e:a9:8f:2c:98:15:83:57:1f:d5:e3:0d:cf:
91:7b:46:4b:e9:c0:64:73:f9:27:e4:41:34:77:59:22:84:c4:
37:8d:cb:aa:a8:8f:bf:f9:6e:65:ac:d0:32:a2:9e:c8:75:b3:
83:d1:96:a0:64:95:8a:8c:aa:32:4d:ad:db:29:28:81:df:8f:
18:55:2a:28:d1:21:f3:1a:0f:d6:e4:1f:66:95:24:30:4e:2d:
a1:72:31:23
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZ4sajImO4UAyXaFRr6pLFhKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTE1MTYxMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGZhZTg0MGRiNjQzY2E0YWZkMzdmZTQ1MjQwZTk3MzYxMGUwMTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5ZBs+LG7uMo1XSaN8UFLKhD/HHT
iMKgNXuMgKYt6i1qbMFNOJ9WijL39tSzs+jGN7V3dy+8mQHyyoT09nvhYdc82VC/
fQlKKm3ewPLpn9tQQij7YHxq1yNwVkbts0gbuk/Xlf8y1jMAjAM8WwQdWV+nCvBs
6Kuzs4sDLaP7JXel8PgxJ50smPDQ2EFYRxTv4KfSCRfPkJejHUZ7jQXnobcdxQi5
PH50W3C2cFWAZwS0NiUerCMbfUjP6SwKgIhT6fxrOv/OhfL0p6d1CHG0KRj5/ZB/
fPU6oZN6ls4FTv/oJwkwcexTOZuDhaql3uNfrBIEzZMxeNsLUVWtW1Y82QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJT66EDbZDykr9N/5FJA6XNhDgEZMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbFByb1FOdGtQS1N2MDNfa1VrRHBjMkVPQVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2MAwDBAMCGsgD
BAMCGtADBAECG4wwDAMEAQIb2gMEBQIbwDAMAwQAAhvvAwQAAhvwAwQAAhv+MA0G
CSqGSIb3DQEBCwUAA4IBAQAFQkS1M/boS04fwRFDP8Tg4n3kB+D3Ps9Osyeodtis
uU6hPvwXCORrAltGEjzK8wSm/l24ZQRiIopBfkhyjbYJPvlGwGsZh9KZQ7Af/pYF
JNulb70+6J0WqBDMDNS9MnvyyrqLVV0AboxXIED7Zjrk2xwrCMKufYqEph96xWKn
yBJtXGhHHimym5j7HLYS1nZuuhYfdp3tZK0F7ymXk83Sj5jLBX9hLH6pjyyYFYNX
H9XjDc+Re0ZL6cBkc/kn5EE0d1kihMQ3jcuqqI+/+W5lrNAyop7IdbOD0ZagZJWK
jKoyTa3bKSiB348YVSoo0SHzGg/W5B9mlSQwTi2hcjEj
-----END CERTIFICATE-----
Generated at Fri May 22 14:18:36 2026 by rpki-client