Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/HxStnFLPdzsPC0WO8bGixWpm5Zw.roa
File: HxStnFLPdzsPC0WO8bGixWpm5Zw.roa (raw, json)
Hash identifier: fuIxA9vCxBfZyKv0l+am+TRHrbOUD64a3j7zrUUU+R4=
Subject key identifier: 1F:14:AD:9C:52:CF:77:3B:0F:0B:45:8E:F1:B1:A2:C5:6A:66:E5:9C
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 019DDB0E1FAB29322E1E878EBDC78B2DD2DB
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/HxStnFLPdzsPC0WO8bGixWpm5Zw.roa
Signing time: Wed 29 Apr 2026 21:03:49 +0000
ROA not before: Wed 29 Apr 2026 21:03:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 29491
IP address blocks: 95.111.148.0/22 maxlen: 22
95.111.151.0/24 maxlen: 24
95.111.154.0/23 maxlen: 24
95.111.157.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:db:0e:1f:ab:29:32:2e:1e:87:8e:bd:c7:8b:2d:d2:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Apr 29 21:03:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1f14ad9c52cf773b0f0b458ef1b1a2c56a66e59c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:06:8e:29:84:6a:91:80:96:21:17:b1:ce:f0:
17:c7:44:97:fc:e7:1c:54:35:d1:91:d1:ba:0c:ba:
4e:c6:f4:fc:8f:a9:75:a2:26:30:d7:dc:78:92:0b:
35:55:91:54:0f:73:53:bf:60:8e:a8:92:70:9b:21:
2f:2a:8d:0b:fb:88:78:a7:32:b1:7f:7c:27:91:14:
ea:48:ea:6b:84:14:a4:45:8a:9d:4d:e8:48:35:ad:
cb:c6:25:d2:8d:64:11:48:fd:d8:b2:72:32:27:7d:
e4:22:ca:28:70:54:9d:6b:73:96:d8:45:0e:9c:ce:
2f:cd:0e:c4:25:6f:60:cd:0e:21:98:98:06:2d:af:
43:8f:c9:8d:70:e6:43:eb:79:85:00:b5:a9:d0:68:
d3:89:f5:42:0a:48:a4:72:fb:d3:11:af:66:fe:48:
e5:77:b5:09:f9:a4:c9:76:50:76:f1:3e:62:76:d4:
3c:bb:de:e9:8e:59:01:fe:b0:94:d8:69:73:22:4e:
09:49:8b:98:ed:f3:10:c7:82:6d:ea:2c:86:29:6d:
df:46:51:99:c1:fe:d7:ce:df:bd:8b:c0:5d:c8:cc:
ef:21:6c:4d:6d:c0:f2:28:9f:42:24:d3:c8:12:41:
3d:64:69:da:ce:e5:23:fa:05:ea:d7:a6:30:11:be:
5f:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:14:AD:9C:52:CF:77:3B:0F:0B:45:8E:F1:B1:A2:C5:6A:66:E5:9C
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/HxStnFLPdzsPC0WO8bGixWpm5Zw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.111.148.0/22
95.111.154.0/23
95.111.157.0/24
Signature Algorithm: sha256WithRSAEncryption
6c:14:0d:fb:7b:0c:cb:13:2c:9c:fa:ed:36:13:5a:ad:a9:81:
83:8e:c8:43:c6:5c:f2:42:de:b3:d9:31:49:b0:6a:c7:a3:ad:
ae:a9:12:67:e0:e5:f6:8b:67:47:3d:69:99:0d:9b:08:bb:7f:
12:a1:c5:05:a8:0e:26:01:a5:f3:d6:b0:f7:3b:5d:8e:70:49:
2c:12:5c:87:0b:7f:fd:bb:c8:eb:37:a0:95:3a:fc:dd:e2:95:
3d:c6:27:32:e2:e0:a7:4e:78:33:d8:c1:7a:ac:b0:09:ab:3c:
ef:a6:40:1f:52:cb:2c:23:ad:22:1d:f1:23:6d:3e:a8:15:05:
10:a5:ed:bd:aa:56:d2:52:3b:e9:91:fa:8b:48:77:ce:ad:7d:
37:4b:8d:67:6b:91:ad:30:74:a7:5e:36:67:1d:dd:64:89:40:
44:49:e9:c8:2c:a4:8e:3b:98:17:2e:39:a0:d9:45:c1:19:bf:
d1:0f:75:e4:b1:8f:05:32:69:b2:83:3d:58:19:b1:73:d5:6e:
c6:a8:0e:8c:b0:01:ef:0e:39:50:79:22:a6:9d:3b:46:60:bd:
4a:40:4e:d8:0d:d9:c6:7e:9b:81:ce:50:ad:a7:31:f1:b6:46:
d2:20:06:a9:20:bd:ea:0d:c9:00:e0:67:f5:d9:b2:0c:76:bb:
9d:23:3b:60
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3bDh+rKTIuHoeOvceLLdLbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjYwNDI5MjEwMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjE0YWQ5YzUyY2Y3NzNiMGYwYjQ1OGVmMWIxYTJjNTZhNjZlNTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAaOKYRqkYCWIRexzvAXx0SX/Occ
VDXRkdG6DLpOxvT8j6l1oiYw19x4kgs1VZFUD3NTv2COqJJwmyEvKo0L+4h4pzKx
f3wnkRTqSOprhBSkRYqdTehINa3LxiXSjWQRSP3YsnIyJ33kIsoocFSda3OW2EUO
nM4vzQ7EJW9gzQ4hmJgGLa9Dj8mNcOZD63mFALWp0GjTifVCCkikcvvTEa9m/kjl
d7UJ+aTJdlB28T5idtQ8u97pjlkB/rCU2GlzIk4JSYuY7fMQx4Jt6iyGKW3fRlGZ
wf7Xzt+9i8BdyMzvIWxNbcDyKJ9CJNPIEkE9ZGnazuUj+gXq16YwEb5fQwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB8UrZxSz3c7DwtFjvGxosVqZuWcMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvSHhTdG5GTFBkenNQQzBXTzhiR2l4V3BtNVp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCX2+UAwQB
X2+aAwQAX2+dMA0GCSqGSIb3DQEBCwUAA4IBAQBsFA37ewzLEyyc+u02E1qtqYGD
jshDxlzyQt6z2TFJsGrHo62uqRJn4OX2i2dHPWmZDZsIu38SocUFqA4mAaXz1rD3
O12OcEksElyHC3/9u8jrN6CVOvzd4pU9xicy4uCnTngz2MF6rLAJqzzvpkAfUsss
I60iHfEjbT6oFQUQpe29qlbSUjvpkfqLSHfOrX03S41na5GtMHSnXjZnHd1kiUBE
SenILKSOO5gXLjmg2UXBGb/RD3XksY8FMmmygz1YGbFz1W7GqA6MsAHvDjlQeSKm
nTtGYL1KQE7YDdnGfpuBzlCtpzHxtkbSIAapIL3qDckA4Gf12bIMdrudIztg
-----END CERTIFICATE-----
Generated at Wed May 13 01:11:44 2026 by rpki-client