Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/z9lHGwGGOJ4DxiMns1Si0FlfQ18.roa
File: z9lHGwGGOJ4DxiMns1Si0FlfQ18.roa (raw, json)
Hash identifier: C1xBEB2By5Cxmt/ails1nsMFIDQtVvxeft7TV3YDuFA=
Subject key identifier: CF:D9:47:1B:01:86:38:9E:03:C6:23:27:B3:54:A2:D0:59:5F:43:5F
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019EEBE59FCEAB7D7DBB50BE3CED36E0BF3B
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/z9lHGwGGOJ4DxiMns1Si0FlfQ18.roa
Signing time: Sun 21 Jun 2026 20:35:54 +0000
ROA not before: Sun 21 Jun 2026 20:35:54 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197974
IP address blocks: 31.76.38.0/24 maxlen: 24
31.76.39.0/24 maxlen: 24
31.76.91.0/24 maxlen: 24
31.76.113.0/24 maxlen: 24
31.76.119.0/24 maxlen: 24
31.76.249.0/24 maxlen: 24
31.76.250.0/24 maxlen: 24
31.77.152.0/22 maxlen: 24
31.77.201.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 30 Jun 2026 02:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:eb:e5:9f:ce:ab:7d:7d:bb:50:be:3c:ed:36:e0:bf:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Jun 21 20:35:54 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cfd9471b0186389e03c62327b354a2d0595f435f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:f2:6d:d9:b8:28:5c:67:ea:1c:d6:a9:e0:7e:
f6:49:f3:84:20:e7:8c:b2:36:6b:55:96:0a:b4:1e:
8d:c4:d9:f3:9b:72:c6:57:14:f5:bf:9d:cf:ac:b5:
66:1c:25:75:aa:60:5d:4c:03:fd:b3:0b:6d:1f:42:
19:76:b1:d8:45:42:fb:a8:d5:0d:e5:2b:0e:d2:54:
07:05:1d:49:4f:71:ce:7c:c9:bc:b7:6e:66:c1:f7:
50:f2:ec:52:7e:e0:1a:14:1a:db:a5:a3:59:1c:d5:
95:f1:c9:6d:2c:a7:0a:d3:10:1f:37:9c:1d:4f:bd:
2d:f7:bd:f1:31:09:c6:eb:46:39:f4:de:3f:54:48:
39:0e:32:0b:aa:bc:c3:cb:db:f0:b6:50:bd:24:02:
7f:79:4e:3e:65:92:ea:3a:c5:85:64:6d:ab:dc:e4:
0c:2c:4c:c5:5b:6d:ae:83:86:04:88:9f:91:bf:e5:
c7:a9:40:aa:72:9b:a9:61:7b:dd:7a:26:e3:bb:fe:
8c:6b:5b:f3:1a:91:84:77:70:e7:42:cb:0e:b1:70:
e3:c3:7e:2c:fc:09:f5:50:9f:46:30:63:93:e3:7f:
0d:08:c9:90:e3:c9:59:2b:f4:fb:96:b9:fe:2b:dd:
81:c2:35:63:fb:c9:57:90:5d:48:38:f6:a9:a4:8b:
4f:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:D9:47:1B:01:86:38:9E:03:C6:23:27:B3:54:A2:D0:59:5F:43:5F
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/z9lHGwGGOJ4DxiMns1Si0FlfQ18.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.76.38.0/23
31.76.91.0/24
31.76.113.0/24
31.76.119.0/24
31.76.249.0-31.76.250.255
31.77.152.0/22
31.77.201.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:ae:df:82:b5:06:d9:10:35:c0:81:99:1d:26:d0:3a:79:5d:
77:5e:cd:f8:b2:f8:7d:47:15:f4:f9:4e:6f:54:78:fa:73:1b:
97:34:8b:f6:08:e1:e3:e0:9e:12:a6:5d:a4:28:a6:a5:9b:b5:
8d:d0:c5:97:ca:c8:c2:0a:16:cb:27:58:e2:f8:bd:c6:cf:dd:
d3:68:30:f0:75:4c:8a:c6:35:19:01:4c:6f:b9:4c:81:30:ee:
9a:88:3e:30:af:b1:28:d8:7b:52:de:35:a9:4b:b9:04:c4:13:
1b:f2:b4:b5:3b:90:53:3b:c4:00:62:30:d0:08:7f:2e:0f:ee:
2b:e4:10:15:61:4e:a3:e9:e4:d1:a8:38:fd:8b:a5:52:d3:3e:
ce:a3:2a:27:0f:6f:46:b2:91:61:a1:28:d7:ef:d7:f0:b0:0e:
01:cf:ab:19:60:56:1f:e0:7f:f2:e1:83:38:b5:9f:7c:ca:30:
3f:de:3e:4e:59:c9:2f:6f:b5:0a:7d:47:40:42:02:5f:f2:34:
42:d1:a2:07:eb:93:dd:8d:8f:76:91:d6:60:94:f6:d5:ab:42:
ad:1c:26:01:e9:60:a3:ec:32:75:c5:81:9f:77:8b:43:f1:5d:
9d:bc:8e:4b:f6:50:85:47:6a:f2:0f:72:9c:4c:d7:52:7c:de:
2f:61:90:b7
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZ7r5Z/Oq319u1C+PO024L87MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjIxMjAzNTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmQ5NDcxYjAxODYzODllMDNjNjIzMjdiMzU0YTJkMDU5NWY0MzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPJt2bgoXGfqHNap4H72SfOEIOeM
sjZrVZYKtB6NxNnzm3LGVxT1v53PrLVmHCV1qmBdTAP9swttH0IZdrHYRUL7qNUN
5SsO0lQHBR1JT3HOfMm8t25mwfdQ8uxSfuAaFBrbpaNZHNWV8cltLKcK0xAfN5wd
T70t973xMQnG60Y59N4/VEg5DjILqrzDy9vwtlC9JAJ/eU4+ZZLqOsWFZG2r3OQM
LEzFW22ug4YEiJ+Rv+XHqUCqcpupYXvdeibju/6Ma1vzGpGEd3DnQssOsXDjw34s
/An1UJ9GMGOT438NCMmQ48lZK/T7lrn+K92BwjVj+8lXkF1IOPappItP5wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFM/ZRxsBhjieA8YjJ7NUotBZX0NfMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvejlsSEd3R0dPSjREeGlNbnMxU2kwRmxmUTE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBH0wmAwQA
H0xbAwQAH0xxAwQAH0x3MAwDBAAfTPkDBAAfTPoDBAIfTZgDBAAfTckwDQYJKoZI
hvcNAQELBQADggEBAAyu34K1BtkQNcCBmR0m0Dp5XXdezfiy+H1HFfT5Tm9UePpz
G5c0i/YI4ePgnhKmXaQopqWbtY3QxZfKyMIKFssnWOL4vcbP3dNoMPB1TIrGNRkB
TG+5TIEw7pqIPjCvsSjYe1LeNalLuQTEExvytLU7kFM7xABiMNAIfy4P7ivkEBVh
TqPp5NGoOP2LpVLTPs6jKicPb0aykWGhKNfv1/CwDgHPqxlgVh/gf/Lhgzi1n3zK
MD/ePk5ZyS9vtQp9R0BCAl/yNELRogfrk92Nj3aR1mCU9tWrQq0cJgHpYKPsMnXF
gZ93i0PxXZ28jkv2UIVHavIPcpxM11J83i9hkLc=
-----END CERTIFICATE-----
Generated at Mon Jun 29 10:35:52 2026 by rpki-client