Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HLufTiF8ijUu6KaegC9EsYVLLpE.roa
File: HLufTiF8ijUu6KaegC9EsYVLLpE.roa (raw, json)
Hash identifier: +TXz/bzxpsQJBU6Lh1mgutqooHKRGuSwBkDiYOPKZLY=
Subject key identifier: 1C:BB:9F:4E:21:7C:8A:35:2E:E8:A6:9E:80:2F:44:B1:85:4B:2E:91
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019DB937FF332888DFDE25EA0149521C7169
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HLufTiF8ijUu6KaegC9EsYVLLpE.roa
Signing time: Thu 23 Apr 2026 07:22:27 +0000
ROA not before: Thu 23 Apr 2026 07:22:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 48266
IP address blocks: 81.5.191.0/24 maxlen: 24
82.152.177.0/24 maxlen: 24
82.153.69.0/24 maxlen: 24
82.153.96.0/24 maxlen: 24
82.153.147.0/24 maxlen: 24
82.153.189.0/24 maxlen: 24
82.153.206.0/24 maxlen: 24
82.153.219.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 21:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b9:37:ff:33:28:88:df:de:25:ea:01:49:52:1c:71:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 23 07:22:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1cbb9f4e217c8a352ee8a69e802f44b1854b2e91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:fe:dd:d8:71:25:49:a3:ea:ea:bb:4d:66:9b:
0c:cb:5d:58:68:ee:a8:32:64:02:04:38:0c:fc:18:
6a:f1:5f:f9:88:2a:06:a4:c7:0f:71:ed:1a:14:61:
5b:85:16:ba:a0:14:d2:0d:75:f0:4b:81:f9:a8:dc:
39:f2:fd:f5:cb:0d:9c:1c:95:35:3a:01:6b:6d:2a:
2a:de:75:6b:f5:bd:fa:79:e4:66:38:f8:ac:ec:f9:
16:db:01:b3:ff:f0:d6:d9:62:a1:40:a4:b8:32:0d:
da:74:6b:7c:ce:39:f2:e7:86:d0:19:3f:75:09:19:
32:60:4d:72:55:b4:71:ee:be:12:90:fe:75:1f:62:
79:30:8f:70:78:74:1d:27:72:7e:e6:17:47:c6:b6:
39:e4:8d:ac:19:91:97:f5:28:5a:38:cf:ea:72:cf:
68:15:4a:31:ec:f9:55:83:e9:88:0a:cb:c3:b5:34:
06:b6:57:93:20:a9:da:2a:45:87:82:74:3b:73:c0:
ef:69:bf:8a:08:f7:e8:b5:d6:17:b6:36:a1:06:08:
f7:6d:72:c4:3d:c5:16:8e:9c:33:9b:80:e4:fd:4a:
fc:39:06:35:d7:1b:5a:14:a5:f6:47:d3:3f:c7:8d:
e1:31:1d:48:54:b8:e0:59:4b:2b:4b:56:99:99:b9:
a2:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:BB:9F:4E:21:7C:8A:35:2E:E8:A6:9E:80:2F:44:B1:85:4B:2E:91
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/HLufTiF8ijUu6KaegC9EsYVLLpE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.191.0/24
82.152.177.0/24
82.153.69.0/24
82.153.96.0/24
82.153.147.0/24
82.153.189.0/24
82.153.206.0/24
82.153.219.0/24
Signature Algorithm: sha256WithRSAEncryption
46:76:22:8b:00:fe:1d:93:02:a8:6d:2b:f9:6d:2b:72:29:4e:
b5:43:52:f6:48:5b:e5:67:a4:0a:42:d7:c4:55:68:e5:77:7c:
99:15:f2:b2:8a:a7:42:2f:25:2f:49:c5:e6:27:70:a8:ea:74:
15:f0:f6:c3:2f:de:c9:ff:c9:94:a7:d7:e6:a1:4d:bd:7d:85:
5f:2b:92:51:93:82:66:a6:26:ff:5a:45:e5:48:c0:5d:76:1d:
25:db:3f:78:28:35:be:11:e7:13:e6:61:08:62:e0:3e:f7:4c:
6c:13:b7:6c:0f:4e:1f:9c:08:51:c1:f1:0c:f5:37:cb:e0:0d:
61:75:91:fa:8f:de:d4:ec:5a:6f:aa:f8:73:1f:be:21:ce:2a:
28:b7:cf:8e:fe:47:54:ae:eb:3d:20:b9:c9:a0:0e:ca:1b:31:
c1:23:04:7f:56:f8:07:7e:03:fa:fe:99:36:8e:b9:46:7b:c7:
79:75:fb:75:5c:10:d1:68:7a:12:18:26:83:fe:dc:3f:40:2b:
e2:71:1f:c2:27:e2:df:44:3d:9b:ea:ec:81:8a:84:0f:9d:07:
bd:ac:47:35:5b:21:34:6d:52:86:3b:36:2b:cf:3e:b2:5e:21:
f5:de:99:59:c0:11:80:7d:f9:87:00:ae:bf:6f:38:14:b8:0f:
95:b8:96:8e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZ25N/8zKIjf3iXqAUlSHHFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDIzMDcyMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2JiOWY0ZTIxN2M4YTM1MmVlOGE2OWU4MDJmNDRiMTg1NGIyZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApv7d2HElSaPq6rtNZpsMy11YaO6o
MmQCBDgM/Bhq8V/5iCoGpMcPce0aFGFbhRa6oBTSDXXwS4H5qNw58v31yw2cHJU1
OgFrbSoq3nVr9b36eeRmOPis7PkW2wGz//DW2WKhQKS4Mg3adGt8zjny54bQGT91
CRkyYE1yVbRx7r4SkP51H2J5MI9weHQdJ3J+5hdHxrY55I2sGZGX9ShaOM/qcs9o
FUox7PlVg+mICsvDtTQGtleTIKnaKkWHgnQ7c8Dvab+KCPfotdYXtjahBgj3bXLE
PcUWjpwzm4Dk/Ur8OQY11xtaFKX2R9M/x43hMR1IVLjgWUsrS1aZmbmioQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBy7n04hfIo1LuimnoAvRLGFSy6RMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSEx1ZlRpRjhpalV1NkthZWdDOUVzWVZMTHBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUQW/AwQA
UpixAwQAUplFAwQAUplgAwQAUpmTAwQAUpm9AwQAUpnOAwQAUpnbMA0GCSqGSIb3
DQEBCwUAA4IBAQBGdiKLAP4dkwKobSv5bStyKU61Q1L2SFvlZ6QKQtfEVWjld3yZ
FfKyiqdCLyUvScXmJ3Co6nQV8PbDL97J/8mUp9fmoU29fYVfK5JRk4Jmpib/WkXl
SMBddh0l2z94KDW+EecT5mEIYuA+90xsE7dsD04fnAhRwfEM9TfL4A1hdZH6j97U
7FpvqvhzH74hzioot8+O/kdUrus9ILnJoA7KGzHBIwR/VvgHfgP6/pk2jrlGe8d5
dft1XBDRaHoSGCaD/tw/QCvicR/CJ+LfRD2b6uyBioQPnQe9rEc1WyE0bVKGOzYr
zz6yXiH13plZwBGAffmHAK6/bzgUuA+VuJaO
-----END CERTIFICATE-----
Generated at Wed May 13 03:59:51 2026 by rpki-client