Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lSLg-jsZMmx386bUkSbPrv4EJ0s.roa
File: lSLg-jsZMmx386bUkSbPrv4EJ0s.roa (raw, json)
Hash identifier: qIXysLS85PA6rEbuj9ZbtwCsMpg5z9fXrFNHwAI9jdY=
Subject key identifier: 95:22:E0:FA:3B:19:32:6C:77:F3:A6:D4:91:26:CF:AE:FE:04:27:4B
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019CFCAAADD1EE7A49006D6030DDC7F24E50
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lSLg-jsZMmx386bUkSbPrv4EJ0s.roa
Signing time: Tue 17 Mar 2026 16:39:29 +0000
ROA not before: Tue 17 Mar 2026 16:39:29 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 207513
IP address blocks: 2.27.57.0/24 maxlen: 24
144.31.13.0/24 maxlen: 24
144.31.29.0/24 maxlen: 24
144.31.91.0/24 maxlen: 24
144.31.92.0/24 maxlen: 24
144.31.100.0/24 maxlen: 24
144.31.101.0/24 maxlen: 24
144.31.102.0/24 maxlen: 24
144.31.111.0/24 maxlen: 24
144.31.112.0/24 maxlen: 24
144.31.113.0/24 maxlen: 24
144.31.248.0/24 maxlen: 24
150.241.80.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Mar 2026 05:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:fc:aa:ad:d1:ee:7a:49:00:6d:60:30:dd:c7:f2:4e:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 17 16:39:29 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9522e0fa3b19326c77f3a6d49126cfaefe04274b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:6b:cf:7d:64:69:a1:73:c3:bc:e6:ed:85:52:
a4:96:29:6b:74:9f:6b:f8:cd:e7:64:37:90:80:e9:
65:2a:60:40:82:f3:ff:54:93:c3:8d:f1:f1:98:ed:
43:f8:89:1e:3e:98:7e:a2:8a:24:f9:2f:e4:8c:9c:
ab:cf:c7:3f:bd:22:ad:53:5a:58:82:5e:30:93:b8:
cc:6d:14:f1:d7:6a:37:24:90:c1:71:d2:99:85:be:
c4:ec:86:f6:e3:1b:a4:0d:9c:6a:58:09:13:6f:d9:
c6:a3:ee:7c:27:65:a1:b1:e5:0f:29:d6:e7:b5:53:
7c:e5:01:63:b0:47:6b:6e:68:b5:1b:fd:c5:49:e1:
77:81:4c:6f:2b:ad:dd:63:9c:47:3c:25:3e:70:64:
e7:c1:fb:0b:5c:51:fa:a5:6a:ab:8c:bf:f1:ea:8f:
4c:0c:58:c7:1b:9a:f2:c3:17:b1:e7:09:9b:58:d8:
e9:a3:12:d9:b2:cc:e5:df:c1:ff:2c:14:c2:09:da:
b8:e9:30:44:98:f0:43:5a:85:0e:94:1a:c8:40:30:
ec:4d:df:23:38:27:ea:c9:9f:8a:00:a4:d4:44:de:
1e:9d:48:89:06:2e:1b:65:8e:8e:94:ea:82:b5:92:
8b:24:50:81:86:68:8c:ca:52:89:2a:55:78:47:4d:
80:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:22:E0:FA:3B:19:32:6C:77:F3:A6:D4:91:26:CF:AE:FE:04:27:4B
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lSLg-jsZMmx386bUkSbPrv4EJ0s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.57.0/24
144.31.13.0/24
144.31.29.0/24
144.31.91.0-144.31.92.255
144.31.100.0-144.31.102.255
144.31.111.0-144.31.113.255
144.31.248.0/24
150.241.80.0/24
Signature Algorithm: sha256WithRSAEncryption
b1:6f:f4:6a:30:49:a4:87:ed:c9:6f:f7:9e:ab:d8:ba:c0:b4:
1a:1a:34:61:14:95:22:b4:30:3a:80:d9:25:4e:e8:26:da:1d:
45:53:ae:43:fa:17:40:c0:1c:6e:45:9a:b7:7b:61:87:6f:17:
c3:40:f4:a4:89:0e:b0:08:6f:64:41:63:a9:52:a9:91:16:48:
62:10:30:24:b7:e6:a3:98:9f:da:9a:a1:cd:a3:ec:b6:c4:0b:
90:03:3f:9c:03:e1:8b:94:99:c1:90:ad:e2:14:88:45:15:00:
9b:55:4e:50:a1:c0:65:c4:85:c1:17:1f:12:38:58:73:24:61:
c8:a2:5a:85:2d:bb:10:76:2d:b6:14:0c:47:a0:bc:71:1b:88:
52:81:6a:29:c9:4b:56:f4:dc:9a:e5:c0:a2:f8:42:f1:f5:8b:
99:9a:5a:f3:98:18:7a:b9:61:75:71:ba:ae:b1:fe:ef:9a:a1:
18:11:30:d9:5b:b6:19:70:43:fd:05:4d:38:5b:58:a3:94:39:
b0:af:39:6c:ef:4c:e9:cc:59:ff:1e:fb:82:76:a9:50:2b:9d:
67:ed:50:5d:00:a5:20:2a:85:82:fb:39:21:0c:bf:32:ff:dc:
e3:fa:a0:38:e3:7d:35:ff:07:8c:a9:73:73:da:dd:24:37:c6:
01:de:0b:c0
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZz8qq3R7npJAG1gMN3H8k5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE3MTYzOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTIyZTBmYTNiMTkzMjZjNzdmM2E2ZDQ5MTI2Y2ZhZWZlMDQyNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2vPfWRpoXPDvObthVKklilrdJ9r
+M3nZDeQgOllKmBAgvP/VJPDjfHxmO1D+IkePph+oook+S/kjJyrz8c/vSKtU1pY
gl4wk7jMbRTx12o3JJDBcdKZhb7E7Ib24xukDZxqWAkTb9nGo+58J2WhseUPKdbn
tVN85QFjsEdrbmi1G/3FSeF3gUxvK63dY5xHPCU+cGTnwfsLXFH6pWqrjL/x6o9M
DFjHG5rywxex5wmbWNjpoxLZsszl38H/LBTCCdq46TBEmPBDWoUOlBrIQDDsTd8j
OCfqyZ+KAKTURN4enUiJBi4bZY6OlOqCtZKLJFCBhmiMylKJKlV4R02AcQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJUi4Po7GTJsd/Om1JEmz67+BCdLMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbFNMZy1qc1pNbXgzODZiVWtTYlBydjRFSjBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAAhs5AwQA
kB8NAwQAkB8dMAwDBACQH1sDBACQH1wwDAMEApAfZAMEAJAfZjAMAwQAkB9vAwQB
kB9wAwQAkB/4AwQAlvFQMA0GCSqGSIb3DQEBCwUAA4IBAQCxb/RqMEmkh+3Jb/ee
q9i6wLQaGjRhFJUitDA6gNklTugm2h1FU65D+hdAwBxuRZq3e2GHbxfDQPSkiQ6w
CG9kQWOpUqmRFkhiEDAkt+ajmJ/amqHNo+y2xAuQAz+cA+GLlJnBkK3iFIhFFQCb
VU5QocBlxIXBFx8SOFhzJGHIolqFLbsQdi22FAxHoLxxG4hSgWopyUtW9Nya5cCi
+ELx9YuZmlrzmBh6uWF1cbqusf7vmqEYETDZW7YZcEP9BU04W1ijlDmwrzls70zp
zFn/HvuCdqlQK51n7VBdAKUgKoWC+zkhDL8y/9zj+qA44301/weMqXNz2t0kN8YB
3gvA
-----END CERTIFICATE-----
Generated at Sat Mar 21 14:30:58 2026 by rpki-client