Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/Hq3i7QqtOif4jnuIIZrhxOxGPeA.roa
File: Hq3i7QqtOif4jnuIIZrhxOxGPeA.roa (raw, json)
Hash identifier: SAjqZzVc45ymPybHk+sKrf2ScBvZ4GgSySB3zC4Qm38=
Subject key identifier: 1E:AD:E2:ED:0A:AD:3A:27:F8:8E:7B:88:21:9A:E1:C4:EC:46:3D:E0
Certificate issuer: /CN=5bd8d72b1cbfc67c379ad9a92c66fac6c8d3233a
Certificate serial: 019DF0C534C62FBA57B616D1EB4B2E48B72D
Authority key identifier: 5B:D8:D7:2B:1C:BF:C6:7C:37:9A:D9:A9:2C:66:FA:C6:C8:D3:23:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/W9jXKxy_xnw3mtmpLGb6xsjTIzo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/Hq3i7QqtOif4jnuIIZrhxOxGPeA.roa
Signing time: Mon 04 May 2026 02:15:49 +0000
ROA not before: Mon 04 May 2026 02:15:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 60775
IP address blocks: 185.177.145.0/24 maxlen: 24
185.177.146.0/24 maxlen: 24
185.177.147.0/24 maxlen: 24
2a0a:4f86::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/W9jXKxy_xnw3mtmpLGb6xsjTIzo.crl
rsync://rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/W9jXKxy_xnw3mtmpLGb6xsjTIzo.mft
rsync://rpki.ripe.net/repository/DEFAULT/W9jXKxy_xnw3mtmpLGb6xsjTIzo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 11:01:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:f0:c5:34:c6:2f:ba:57:b6:16:d1:eb:4b:2e:48:b7:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5bd8d72b1cbfc67c379ad9a92c66fac6c8d3233a
Validity
Not Before: May 4 02:15:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1eade2ed0aad3a27f88e7b88219ae1c4ec463de0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:05:73:ae:a7:4f:d5:3d:70:a3:74:25:eb:e1:
87:e6:47:38:68:e5:f0:18:a3:77:45:5b:01:84:9b:
1d:2c:ee:83:bb:af:1f:0a:68:bc:d2:59:1c:fa:da:
29:47:0b:93:80:09:85:bc:b6:fd:f5:ce:4e:c9:1a:
40:59:73:d0:e6:0f:70:0e:67:62:95:4e:37:d7:a1:
e1:5c:84:02:37:d8:57:57:2d:0b:3a:81:30:9f:97:
2d:3f:fe:b8:9d:9e:d2:12:55:58:72:ee:04:dd:99:
5f:ea:b7:85:23:28:04:2c:89:1c:8f:c4:61:35:6f:
f2:61:ae:07:d2:6b:7a:8d:d8:24:e6:fc:e6:38:fd:
7d:b3:1c:f5:e8:9e:c0:3b:db:37:6e:1b:23:68:b0:
2b:1a:c6:96:08:58:27:e3:7d:eb:0d:8c:24:39:77:
db:01:09:d3:cc:a7:f7:87:66:d3:27:e7:cb:52:2e:
e0:63:ef:10:35:36:07:e7:d5:9f:03:e9:b3:f0:84:
66:f2:38:44:b1:4f:fa:e5:bf:bc:50:03:f3:04:90:
3b:8f:68:83:77:18:be:1c:af:4d:c0:b3:53:f2:d4:
3e:07:cc:a3:92:02:7f:19:b3:1d:78:d4:19:f5:6c:
fe:74:bf:96:be:b7:61:aa:68:dd:c6:3b:e4:4a:3e:
42:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:AD:E2:ED:0A:AD:3A:27:F8:8E:7B:88:21:9A:E1:C4:EC:46:3D:E0
X509v3 Authority Key Identifier:
keyid:5B:D8:D7:2B:1C:BF:C6:7C:37:9A:D9:A9:2C:66:FA:C6:C8:D3:23:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W9jXKxy_xnw3mtmpLGb6xsjTIzo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/Hq3i7QqtOif4jnuIIZrhxOxGPeA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d296a8-a5b1-4a34-8128-89359e783224/1/W9jXKxy_xnw3mtmpLGb6xsjTIzo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.177.145.0-185.177.147.255
IPv6:
2a0a:4f86::/32
Signature Algorithm: sha256WithRSAEncryption
37:22:48:f1:d1:b5:0b:65:e3:f6:8c:52:ce:3d:6f:e7:0a:f5:
93:6c:8b:7a:25:92:ca:d1:d9:ff:7d:30:92:6c:c4:ee:6a:82:
60:c4:4e:1c:5a:5d:e6:99:05:40:24:85:a1:52:19:ab:8a:78:
86:90:d2:90:ba:f0:53:40:5a:b4:39:50:bf:fd:3d:c9:4d:05:
3e:43:b7:c0:09:70:96:25:3a:f5:1d:8d:2c:54:b0:29:b8:4d:
10:66:75:6c:8a:83:c1:20:c3:1e:b1:ab:88:e8:53:95:48:cc:
95:9a:61:f4:a8:df:cc:dc:b5:9b:c9:26:50:c7:6a:07:c6:d0:
5c:00:81:42:98:1c:9f:93:0d:44:eb:1e:6c:ba:8d:63:a4:6e:
85:64:4f:ae:0f:fb:a1:e6:cd:54:34:d5:4b:44:eb:50:9d:85:
83:0e:fe:37:8d:3f:2f:0b:7a:d8:f2:3c:a7:4b:bb:9a:27:bf:
b3:d7:6d:ea:3d:14:86:07:3c:e4:29:29:51:6d:94:9d:1d:76:
bd:e8:03:8a:66:21:90:24:9d:aa:7e:e9:52:6a:c1:e0:a8:e3:
87:b0:13:c1:0a:b3:28:31:da:ad:ce:17:22:1a:04:35:3d:34:
8a:3d:37:24:24:8d:db:d2:6e:b7:41:54:0b:18:75:e6:5d:1a:
a4:9d:2c:1f
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ3wxTTGL7pXthbR60suSLctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZDhkNzJiMWNiZmM2N2MzNzlhZDlhOTJjNjZmYWM2Yzhk
MzIzM2EwHhcNMjYwNTA0MDIxNTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWFkZTJlZDBhYWQzYTI3Zjg4ZTdiODgyMTlhZTFjNGVjNDYzZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgVzrqdP1T1wo3Ql6+GH5kc4aOXw
GKN3RVsBhJsdLO6Du68fCmi80lkc+topRwuTgAmFvLb99c5OyRpAWXPQ5g9wDmdi
lU4316HhXIQCN9hXVy0LOoEwn5ctP/64nZ7SElVYcu4E3Zlf6reFIygELIkcj8Rh
NW/yYa4H0mt6jdgk5vzmOP19sxz16J7AO9s3bhsjaLArGsaWCFgn433rDYwkOXfb
AQnTzKf3h2bTJ+fLUi7gY+8QNTYH59WfA+mz8IRm8jhEsU/65b+8UAPzBJA7j2iD
dxi+HK9NwLNT8tQ+B8yjkgJ/GbMdeNQZ9Wz+dL+WvrdhqmjdxjvkSj5C1wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFB6t4u0KrTon+I57iCGa4cTsRj3gMB8GA1UdIwQY
MBaAFFvY1yscv8Z8N5rZqSxm+sbI0yM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzlqWEt4eV94bnczbXRtcExHYjZ4c2pUSXpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9kMjk2YTgtYTViMS00YTM0LTgxMjgt
ODkzNTllNzgzMjI0LzEvSHEzaTdRcXRPaWY0am51SUlacmh4T3hHUGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9kMjk2YTgtYTViMS00YTM0LTgxMjgtODkzNTllNzgzMjI0
LzEvVzlqWEt4eV94bnczbXRtcExHYjZ4c2pUSXpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAC5sZED
BAK5sZAwDQQCAAIwBwMFACoKT4YwDQYJKoZIhvcNAQELBQADggEBADciSPHRtQtl
4/aMUs49b+cK9ZNsi3olksrR2f99MJJsxO5qgmDEThxaXeaZBUAkhaFSGauKeIaQ
0pC68FNAWrQ5UL/9PclNBT5Dt8AJcJYlOvUdjSxUsCm4TRBmdWyKg8Egwx6xq4jo
U5VIzJWaYfSo38zctZvJJlDHagfG0FwAgUKYHJ+TDUTrHmy6jWOkboVkT64P+6Hm
zVQ01UtE61CdhYMO/jeNPy8LetjyPKdLu5onv7PXbeo9FIYHPOQpKVFtlJ0ddr3o
A4pmIZAknap+6VJqweCo44ewE8EKsygx2q3OFyIaBDU9NIo9NyQkjdvSbrdBVAsY
deZdGqSdLB8=
-----END CERTIFICATE-----
Generated at Wed May 13 17:09:27 2026 by rpki-client