Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/yjjPKHg-knRvdGXC7dPryMhyUg0.roa
File: yjjPKHg-knRvdGXC7dPryMhyUg0.roa (raw, json)
Hash identifier: fMIJt2ODDNBxa77XJrtifqWinnhlQJclP4y7Leev5U0=
Subject key identifier: CA:38:CF:28:78:3E:92:74:6F:74:65:C2:ED:D3:EB:C8:C8:72:52:0D
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019EDC258DD69D3BFF1B97B8A2980BF4EAAA
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/yjjPKHg-knRvdGXC7dPryMhyUg0.roa
Signing time: Thu 18 Jun 2026 19:11:49 +0000
ROA not before: Thu 18 Jun 2026 19:11:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 199529
IP address blocks: 2.26.78.0/24 maxlen: 24
2.26.79.0/24 maxlen: 24
2.26.94.0/24 maxlen: 24
2.26.95.0/24 maxlen: 24
2.26.127.0/24 maxlen: 24
2.26.146.0/24 maxlen: 24
31.76.37.0/24 maxlen: 24
31.76.123.0/24 maxlen: 24
31.76.253.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 20 Jun 2026 19:57:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:dc:25:8d:d6:9d:3b:ff:1b:97:b8:a2:98:0b:f4:ea:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Jun 18 19:11:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ca38cf28783e92746f7465c2edd3ebc8c872520d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:c9:3f:0a:99:2f:2a:f0:40:3e:50:97:d2:15:
85:da:13:9f:53:a9:24:ac:d6:e9:b5:3f:3d:ac:32:
f8:9f:32:7d:eb:e6:8c:4a:7f:b6:de:6e:7b:f2:a9:
6b:f8:16:c8:dd:68:a2:42:d2:cd:35:9c:17:36:5e:
4b:2e:80:d2:82:09:46:3d:83:cf:29:ea:e7:7c:cd:
2d:3e:84:2f:1c:83:5a:37:87:1a:12:d9:be:2b:6f:
35:5e:2c:1d:4f:cc:f2:4b:81:5a:bf:84:23:eb:fa:
49:20:b2:eb:10:e5:1c:cd:d0:b5:8b:91:b0:ec:6e:
b8:5e:55:02:b7:33:5d:28:34:71:56:43:2a:70:8b:
d4:78:fb:31:6a:c7:27:19:9d:5e:3d:f6:32:e8:e2:
e5:be:ed:8a:ba:13:9d:fb:d4:90:fe:23:54:1a:35:
ef:f1:40:7b:b1:5b:fe:ce:85:c0:ba:60:6d:81:f7:
bc:37:ee:20:9e:3f:d0:4b:a2:38:14:65:f0:18:ed:
6e:94:6d:04:58:a7:7c:6b:73:fa:68:03:90:10:0f:
20:d4:6d:fc:15:bb:aa:51:9b:b7:60:10:e8:6a:55:
c8:58:be:d1:f5:b4:81:95:ee:89:e0:66:7c:ce:4d:
65:a6:f6:0c:99:81:69:28:eb:db:05:53:51:62:ed:
1d:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:38:CF:28:78:3E:92:74:6F:74:65:C2:ED:D3:EB:C8:C8:72:52:0D
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/yjjPKHg-knRvdGXC7dPryMhyUg0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.78.0/23
2.26.94.0/23
2.26.127.0/24
2.26.146.0/24
31.76.37.0/24
31.76.123.0/24
31.76.253.0/24
Signature Algorithm: sha256WithRSAEncryption
17:0c:03:b2:97:f1:e0:75:bc:cb:fb:8d:70:9c:3e:e1:2a:37:
02:45:04:2d:5f:1a:7d:b8:fb:0b:c8:b6:74:6d:6f:37:69:4e:
e7:a6:00:8e:c8:42:0b:c7:b0:6e:3f:e4:e7:37:f7:8a:2a:98:
de:81:da:eb:44:71:94:a9:9d:83:e8:ab:db:75:c3:dd:65:db:
e3:13:e3:db:ce:7a:38:d5:73:2d:09:a2:fe:6b:f0:01:87:53:
af:7f:57:36:5a:b0:2e:bf:9a:46:68:14:42:5b:dc:e9:92:11:
40:ea:ea:52:27:01:46:80:1a:f3:77:a4:80:72:bc:e9:d7:4d:
c7:e8:81:a1:87:de:c0:45:52:70:93:99:d2:5f:c8:bf:16:10:
0e:a6:be:c5:b2:33:77:0d:b5:73:00:08:68:d5:c2:6e:17:ec:
16:ea:82:a0:6f:f8:04:b1:3b:6e:0f:88:6f:85:31:73:d6:2e:
dc:6c:af:3e:77:15:36:47:82:78:7e:93:d1:f1:7f:03:ac:50:
10:0e:df:53:8a:17:56:1f:0e:26:5b:7d:34:de:76:16:30:11:
a4:87:17:86:9c:33:e7:21:47:ef:4a:eb:0e:6d:c5:2e:5a:65:
99:d0:9d:23:34:ef:71:33:3c:89:04:3c:96:d6:d2:9f:5e:37:
ae:69:0e:98
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZ7cJY3WnTv/G5e4opgL9OqqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjE4MTkxMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTM4Y2YyODc4M2U5Mjc0NmY3NDY1YzJlZGQzZWJjOGM4NzI1MjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMk/CpkvKvBAPlCX0hWF2hOfU6kk
rNbptT89rDL4nzJ96+aMSn+23m578qlr+BbI3WiiQtLNNZwXNl5LLoDSgglGPYPP
KernfM0tPoQvHINaN4caEtm+K281XiwdT8zyS4Fav4Qj6/pJILLrEOUczdC1i5Gw
7G64XlUCtzNdKDRxVkMqcIvUePsxascnGZ1ePfYy6OLlvu2KuhOd+9SQ/iNUGjXv
8UB7sVv+zoXAumBtgfe8N+4gnj/QS6I4FGXwGO1ulG0EWKd8a3P6aAOQEA8g1G38
FbuqUZu3YBDoalXIWL7R9bSBle6J4GZ8zk1lpvYMmYFpKOvbBVNRYu0dqQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMo4zyh4PpJ0b3Rlwu3T68jIclINMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveWpqUEtIZy1rblJ2ZEdYQzdkUHJ5TWh5VWcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBAhpOAwQB
AhpeAwQAAhp/AwQAAhqSAwQAH0wlAwQAH0x7AwQAH0z9MA0GCSqGSIb3DQEBCwUA
A4IBAQAXDAOyl/HgdbzL+41wnD7hKjcCRQQtXxp9uPsLyLZ0bW83aU7npgCOyEIL
x7BuP+TnN/eKKpjegdrrRHGUqZ2D6KvbdcPdZdvjE+Pbzno41XMtCaL+a/ABh1Ov
f1c2WrAuv5pGaBRCW9zpkhFA6upSJwFGgBrzd6SAcrzp103H6IGhh97ARVJwk5nS
X8i/FhAOpr7FsjN3DbVzAAho1cJuF+wW6oKgb/gEsTtuD4hvhTFz1i7cbK8+dxU2
R4J4fpPR8X8DrFAQDt9TihdWHw4mW3003nYWMBGkhxeGnDPnIUfvSusObcUuWmWZ
0J0jNO9xMzyJBDyW1tKfXjeuaQ6Y
-----END CERTIFICATE-----
Generated at Sat Jun 20 04:06:31 2026 by rpki-client