Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/hYHxC4B0dRHOWGyjfwEVbtTIcWs.roa
File: hYHxC4B0dRHOWGyjfwEVbtTIcWs.roa (raw, json)
Hash identifier: 1Ci3i823J9C8tKoo39S7ESNqkRjK60YmjMYLCng8d1g=
Subject key identifier: 85:81:F1:0B:80:74:75:11:CE:58:6C:A3:7F:01:15:6E:D4:C8:71:6B
Certificate issuer: /CN=98dce5a79cb31b148b2e636905a70422fb65c660
Certificate serial: 019D54A002FF122E17FF8AB8F84CAFB29896
Authority key identifier: 98:DC:E5:A7:9C:B3:1B:14:8B:2E:63:69:05:A7:04:22:FB:65:C6:60
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mNzlp5yzGxSLLmNpBacEIvtlxmA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/hYHxC4B0dRHOWGyjfwEVbtTIcWs.roa
Signing time: Fri 03 Apr 2026 18:34:25 +0000
ROA not before: Fri 03 Apr 2026 18:34:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 64245
IP address blocks: 185.145.156.0/24 maxlen: 24
185.145.157.0/24 maxlen: 24
185.145.158.0/24 maxlen: 24
2a07:4840::/48 maxlen: 48
2a07:4842::/48 maxlen: 48
2a07:4843::/48 maxlen: 48
2a07:4844::/48 maxlen: 48
2a07:4846::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/mNzlp5yzGxSLLmNpBacEIvtlxmA.crl
rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/mNzlp5yzGxSLLmNpBacEIvtlxmA.mft
rsync://rpki.ripe.net/repository/DEFAULT/mNzlp5yzGxSLLmNpBacEIvtlxmA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 07 Apr 2026 09:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:54:a0:02:ff:12:2e:17:ff:8a:b8:f8:4c:af:b2:98:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=98dce5a79cb31b148b2e636905a70422fb65c660
Validity
Not Before: Apr 3 18:34:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8581f10b80747511ce586ca37f01156ed4c8716b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:be:05:40:35:c2:0e:cc:1a:5b:7a:50:66:db:
12:08:c3:e0:7e:7b:3e:15:b4:75:c1:fc:9a:0a:75:
6f:1f:02:ad:d3:7d:d7:2b:fe:29:69:8d:42:91:f6:
17:a1:e0:b8:a8:f3:63:79:f6:f6:40:e2:63:bb:37:
2d:7a:ad:89:1d:61:78:46:dc:23:16:90:e9:5a:7c:
04:7c:30:44:00:6a:cc:43:5a:ce:27:55:e3:76:64:
41:b6:cb:73:e4:fb:a6:fa:33:42:52:35:b1:90:0c:
60:86:52:6c:da:98:95:94:8e:05:ad:f0:c8:ef:f9:
a1:f7:00:ca:a7:ff:d2:1d:20:bd:8e:dd:c1:c1:8f:
c8:a4:63:5e:4b:7b:6a:41:d1:be:29:6d:5f:45:32:
a7:e6:49:6a:5c:a1:6c:0e:2b:bf:c9:a9:c1:07:ea:
83:41:ef:15:98:25:ed:79:e1:98:9a:f5:47:14:31:
50:ce:a6:77:fe:e9:fa:be:e6:81:2f:f1:0c:c9:3b:
22:f1:22:14:6a:26:8b:de:2c:de:a7:9e:68:94:12:
ce:a1:80:72:83:d4:b7:d1:12:b9:f3:8f:7e:80:41:
ce:03:47:75:0e:9f:5e:eb:19:6a:24:e1:cc:53:d2:
6e:d1:33:b3:b5:da:e9:4f:df:dd:a6:b6:1e:47:2e:
fc:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:81:F1:0B:80:74:75:11:CE:58:6C:A3:7F:01:15:6E:D4:C8:71:6B
X509v3 Authority Key Identifier:
keyid:98:DC:E5:A7:9C:B3:1B:14:8B:2E:63:69:05:A7:04:22:FB:65:C6:60
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mNzlp5yzGxSLLmNpBacEIvtlxmA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/hYHxC4B0dRHOWGyjfwEVbtTIcWs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/mNzlp5yzGxSLLmNpBacEIvtlxmA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.145.156.0-185.145.158.255
IPv6:
2a07:4840::/48
2a07:4842::/48
2a07:4843::/48
2a07:4844::/48
2a07:4846::/48
Signature Algorithm: sha256WithRSAEncryption
4e:99:c0:b1:bc:c2:22:db:22:db:3f:90:29:fa:95:4b:43:e1:
e4:cf:94:23:3d:76:04:2b:e7:98:24:27:be:ba:f2:a6:fc:a3:
a7:37:09:57:ca:97:90:9a:e3:21:36:2a:c3:19:0c:cc:22:1f:
f2:7d:4b:f7:e3:1f:91:53:ca:ad:aa:86:fe:cb:df:6d:e2:96:
61:c6:ed:be:d9:9c:58:bd:ad:dd:3a:d5:73:51:6c:3a:de:03:
97:3c:c9:4b:93:32:cc:b4:ee:63:19:3c:30:5b:f2:0f:e6:33:
e3:aa:91:02:a1:85:d4:43:b7:ca:2e:70:d7:ed:7f:0b:db:7c:
6e:0d:c7:27:54:e2:97:77:f5:d2:1e:15:64:75:4f:ec:b8:12:
5d:84:a8:49:17:cb:8c:db:73:e0:fb:7a:77:03:43:b6:76:8a:
5c:ac:4b:7b:d7:fd:67:c3:2a:24:a9:dd:1d:89:98:3d:5b:ab:
24:4b:f9:b1:71:52:5c:a0:e5:e0:88:aa:20:c3:6f:75:34:ec:
68:06:95:13:8d:9e:e7:a4:1a:4d:75:28:35:94:5a:68:e9:5a:
4a:5c:a7:5e:da:96:2c:61:db:ba:b1:4d:2b:d4:27:9d:7a:77:
bf:1e:b1:7c:e7:33:de:d7:1d:14:7b:7a:fb:ac:41:5c:bc:fb:
b5:5c:f0:76
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAZ1UoAL/Ei4X/4q4+EyvspiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZGNlNWE3OWNiMzFiMTQ4YjJlNjM2OTA1YTcwNDIyZmI2
NWM2NjAwHhcNMjYwNDAzMTgzNDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTgxZjEwYjgwNzQ3NTExY2U1ODZjYTM3ZjAxMTU2ZWQ0Yzg3MTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu74FQDXCDswaW3pQZtsSCMPgfns+
FbR1wfyaCnVvHwKt033XK/4paY1CkfYXoeC4qPNjefb2QOJjuzcteq2JHWF4Rtwj
FpDpWnwEfDBEAGrMQ1rOJ1XjdmRBtstz5Pum+jNCUjWxkAxghlJs2piVlI4FrfDI
7/mh9wDKp//SHSC9jt3BwY/IpGNeS3tqQdG+KW1fRTKn5klqXKFsDiu/yanBB+qD
Qe8VmCXteeGYmvVHFDFQzqZ3/un6vuaBL/EMyTsi8SIUaiaL3izep55olBLOoYBy
g9S30RK5849+gEHOA0d1Dp9e6xlqJOHMU9Ju0TOztdrpT9/dprYeRy78BQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFIWB8QuAdHURzlhso38BFW7UyHFrMB8GA1UdIwQY
MBaAFJjc5aecsxsUiy5jaQWnBCL7ZcZgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU56bHA1eXpHeFNMTG1OcEJhY0VJdnRseG1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8xM2I0NTEtOWU4Ni00YmY1LWI2NTEt
Mjk2YjU5ZjZkMmI1LzEvaFlIeEM0QjBkUkhPV0d5amZ3RVZidFRJY1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8xM2I0NTEtOWU4Ni00YmY1LWI2NTEtMjk2YjU5ZjZkMmI1
LzEvbU56bHA1eXpHeFNMTG1OcEJhY0VJdnRseG1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzAUBAIAATAOMAwDBAK5kZwD
BAC5kZ4wMwQCAAIwLQMHACoHSEAAAAMHACoHSEIAAAMHACoHSEMAAAMHACoHSEQA
AAMHACoHSEYAADANBgkqhkiG9w0BAQsFAAOCAQEATpnAsbzCItsi2z+QKfqVS0Ph
5M+UIz12BCvnmCQnvrrypvyjpzcJV8qXkJrjITYqwxkMzCIf8n1L9+MfkVPKraqG
/svfbeKWYcbtvtmcWL2t3TrVc1FsOt4DlzzJS5MyzLTuYxk8MFvyD+Yz46qRAqGF
1EO3yi5w1+1/C9t8bg3HJ1Til3f10h4VZHVP7LgSXYSoSRfLjNtz4Pt6dwNDtnaK
XKxLe9f9Z8MqJKndHYmYPVurJEv5sXFSXKDl4IiqIMNvdTTsaAaVE42e56QaTXUo
NZRaaOlaSlynXtqWLGHburFNK9QnnXp3vx6xfOcz3tcdFHt6+6xBXLz7tVzwdg==
-----END CERTIFICATE-----
Generated at Mon Apr 6 15:08:14 2026 by rpki-client