Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tAy9TsZ7sMhQYiCYJF6jCEUk3qw.roa
File: tAy9TsZ7sMhQYiCYJF6jCEUk3qw.roa (raw, json)
Hash identifier: MQvywvMa27XSOrAHmSRonQjINjvqeO8qTztWN/POoz8=
Subject key identifier: B4:0C:BD:4E:C6:7B:B0:C8:50:62:20:98:24:5E:A3:08:45:24:DE:AC
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019DDA2DD6904C79FA8447CDCC3F5DD4BC67
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tAy9TsZ7sMhQYiCYJF6jCEUk3qw.roa
Signing time: Wed 29 Apr 2026 16:58:50 +0000
ROA not before: Wed 29 Apr 2026 16:58:50 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16276
IP address blocks: 2.26.132.0/24 maxlen: 24
2.26.153.0/24 maxlen: 24
2.26.166.0/24 maxlen: 24
2.27.172.0/24 maxlen: 24
144.31.149.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 May 2026 07:02:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:da:2d:d6:90:4c:79:fa:84:47:cd:cc:3f:5d:d4:bc:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 29 16:58:50 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b40cbd4ec67bb0c850622098245ea3084524deac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:ec:f7:40:0b:92:de:65:84:88:21:69:1a:c0:
98:d4:96:42:31:cd:8d:6a:96:6a:26:9b:94:93:18:
ac:ef:b5:e2:96:6c:fd:be:26:ff:99:5b:cb:18:90:
0c:92:19:53:4e:b0:0f:3b:86:e3:f6:fc:87:9a:ef:
e6:71:94:b0:71:01:d3:2d:8a:06:f8:1b:6c:82:76:
6a:81:82:8e:c1:0f:42:c9:26:a3:46:df:b2:46:20:
38:0b:f2:e5:8c:a8:0b:88:69:de:05:88:ed:12:52:
cd:83:24:af:6c:26:f3:40:5d:56:d1:5e:64:20:7d:
09:de:29:7f:5d:85:9e:eb:41:1b:5d:22:8f:b9:38:
d9:61:83:1c:b3:d8:04:e5:16:15:e0:bf:80:fe:c3:
9c:2d:61:6f:3e:cb:24:8c:4a:4c:fc:d3:3a:48:33:
0d:b6:b9:c1:9f:1a:6d:7c:ed:4b:ae:44:c8:0c:5e:
f0:38:83:5c:fb:ff:de:4a:6e:9d:0f:5a:a2:9b:5a:
bb:ab:8d:a6:6d:c7:8e:fd:74:a8:d0:73:0e:00:f0:
f2:65:14:7d:d5:d4:e5:f3:1d:b3:f6:4e:d8:8a:45:
0a:ed:9e:58:86:84:21:38:8b:23:55:da:32:1f:71:
08:eb:ed:b4:32:6d:68:88:42:00:72:81:c0:0f:4b:
4c:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:0C:BD:4E:C6:7B:B0:C8:50:62:20:98:24:5E:A3:08:45:24:DE:AC
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tAy9TsZ7sMhQYiCYJF6jCEUk3qw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.132.0/24
2.26.153.0/24
2.26.166.0/24
2.27.172.0/24
144.31.149.0/24
Signature Algorithm: sha256WithRSAEncryption
73:5e:57:10:1d:d1:ec:54:ce:42:2a:b2:0c:dd:3a:37:98:0c:
0e:db:58:81:88:c1:73:2e:81:21:62:d3:ee:1f:9e:3c:0f:a3:
b4:a7:00:3b:cc:08:38:a4:63:2c:58:81:1c:3e:aa:4a:e4:5b:
39:c3:77:3f:0a:5b:2e:cd:86:1a:95:7d:c5:9f:b0:58:e6:74:
92:7f:d1:59:20:7e:19:a9:ce:bd:33:a2:ae:bd:55:4d:27:45:
6e:aa:03:74:29:bd:9b:99:8e:dd:54:8f:fd:6f:d4:d1:5a:d0:
28:6e:12:c8:c5:dd:5b:a5:82:a0:a3:59:ec:7b:bb:7d:f3:9c:
4b:8a:7e:82:65:74:61:20:5a:8f:1f:bb:41:03:16:f4:17:54:
fb:2a:c5:c6:87:e6:a9:c0:a0:56:69:88:fc:0c:59:84:b9:f6:
34:78:bc:7c:75:9a:61:16:8e:3a:c9:10:05:94:80:30:8a:ad:
80:05:95:5e:19:c5:d3:01:90:a0:0b:1a:02:a0:92:ce:eb:ef:
dd:46:d3:e1:36:63:3f:ae:9a:71:6b:f3:a8:94:cb:e1:b2:d4:
1e:c5:cd:41:df:f2:2a:c6:a8:89:0c:89:ad:13:fa:56:fe:09:
97:ae:00:40:76:ca:b2:73:7b:8e:b6:da:69:df:09:70:f1:c9:
94:ee:aa:8b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ3aLdaQTHn6hEfNzD9d1LxnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDI5MTY1ODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDBjYmQ0ZWM2N2JiMGM4NTA2MjIwOTgyNDVlYTMwODQ1MjRkZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuz3QAuS3mWEiCFpGsCY1JZCMc2N
apZqJpuUkxis77Xilmz9vib/mVvLGJAMkhlTTrAPO4bj9vyHmu/mcZSwcQHTLYoG
+BtsgnZqgYKOwQ9CySajRt+yRiA4C/LljKgLiGneBYjtElLNgySvbCbzQF1W0V5k
IH0J3il/XYWe60EbXSKPuTjZYYMcs9gE5RYV4L+A/sOcLWFvPsskjEpM/NM6SDMN
trnBnxptfO1LrkTIDF7wOINc+//eSm6dD1qim1q7q42mbceO/XSo0HMOAPDyZRR9
1dTl8x2z9k7YikUK7Z5YhoQhOIsjVdoyH3EI6+20Mm1oiEIAcoHAD0tMVwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLQMvU7Ge7DIUGIgmCReowhFJN6sMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdEF5OVRzWjdzTWhRWWlDWUpGNmpDRVVrM3F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAAhqEAwQA
AhqZAwQAAhqmAwQAAhusAwQAkB+VMA0GCSqGSIb3DQEBCwUAA4IBAQBzXlcQHdHs
VM5CKrIM3To3mAwO21iBiMFzLoEhYtPuH548D6O0pwA7zAg4pGMsWIEcPqpK5Fs5
w3c/ClsuzYYalX3Fn7BY5nSSf9FZIH4Zqc69M6KuvVVNJ0VuqgN0Kb2bmY7dVI/9
b9TRWtAobhLIxd1bpYKgo1nse7t985xLin6CZXRhIFqPH7tBAxb0F1T7KsXGh+ap
wKBWaYj8DFmEufY0eLx8dZphFo46yRAFlIAwiq2ABZVeGcXTAZCgCxoCoJLO6+/d
RtPhNmM/rppxa/OolMvhstQexc1B3/IqxqiJDImtE/pW/gmXrgBAdsqyc3uOttpp
3wlw8cmU7qqL
-----END CERTIFICATE-----
Generated at Tue May 5 16:52:03 2026 by rpki-client