Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hVkHVDBTYQES_61QdFPZp_XbPWo.roa
File: hVkHVDBTYQES_61QdFPZp_XbPWo.roa (raw, json)
Hash identifier: 5KOA5PsFtbIcGSKEN9w8pPQdvHX+FpitsjWaZT5uRz0=
Subject key identifier: 85:59:07:54:30:53:61:01:12:FF:AD:50:74:53:D9:A7:F5:DB:3D:6A
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019D1B624B7FF9879F389481BAAB59AC8C1D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hVkHVDBTYQES_61QdFPZp_XbPWo.roa
Signing time: Mon 23 Mar 2026 15:48:39 +0000
ROA not before: Mon 23 Mar 2026 15:48:39 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 2856
IP address blocks: 82.153.33.0/24 maxlen: 24
82.153.85.0/24 maxlen: 24
82.153.88.0/24 maxlen: 24
82.153.179.0/24 maxlen: 24
82.153.181.0/24 maxlen: 24
82.153.190.0/24 maxlen: 24
82.153.238.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:1b:62:4b:7f:f9:87:9f:38:94:81:ba:ab:59:ac:8c:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Mar 23 15:48:39 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=855907543053610112ffad507453d9a7f5db3d6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:45:fc:4e:6d:0e:76:c3:19:54:aa:a1:3c:9d:
41:bf:11:6f:e3:b7:6c:06:a1:af:d4:7f:47:c4:2f:
29:a5:87:79:5f:08:d3:99:5f:e3:c8:e2:a4:c0:fa:
ed:7b:92:2e:3f:bb:90:09:0d:13:dd:94:9b:1f:48:
d9:1b:4e:fd:f5:a6:ca:94:67:e3:c4:cf:07:15:c3:
50:87:c6:0b:82:89:ca:60:2d:ac:47:f5:f0:2f:c6:
8a:d9:5a:0b:ee:5d:93:18:35:aa:0e:83:f7:ec:39:
46:09:68:c2:ec:ec:cc:ce:1f:f9:f4:e6:a2:07:16:
0d:52:c0:27:ff:c9:0a:36:dd:06:bf:0a:c1:53:8a:
0c:5d:48:49:04:7a:69:cf:6e:c3:53:d7:e2:43:39:
33:36:57:58:aa:c9:30:82:c5:66:c8:a7:04:2b:eb:
bd:d4:4f:df:a4:98:a3:04:d1:73:7a:cc:04:34:49:
ef:5c:2d:5b:65:54:ae:71:80:b1:9f:56:32:ac:e0:
79:2c:56:cd:44:02:08:29:ce:55:cc:34:f7:59:da:
fc:1d:ab:99:7a:20:4b:84:84:a8:db:f1:95:d0:6d:
b5:0f:3b:5a:77:23:6c:e4:32:a7:d0:db:02:df:59:
ce:bd:4e:57:4d:c8:46:c1:04:03:6a:44:b5:fe:7a:
27:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:59:07:54:30:53:61:01:12:FF:AD:50:74:53:D9:A7:F5:DB:3D:6A
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hVkHVDBTYQES_61QdFPZp_XbPWo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.33.0/24
82.153.85.0/24
82.153.88.0/24
82.153.179.0/24
82.153.181.0/24
82.153.190.0/24
82.153.238.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:96:54:c7:f0:b8:b9:d8:aa:88:51:27:08:18:6f:b9:c1:f6:
22:97:3f:5f:01:cd:60:21:69:10:74:a4:84:fc:b2:02:01:35:
bf:22:53:c1:e7:da:93:a8:52:f4:d4:4a:43:45:22:b5:de:5b:
bc:8b:10:ca:0f:6e:25:e6:06:43:62:2b:bb:5a:75:a6:f2:ab:
41:e5:a4:a7:d3:c7:df:24:8e:0b:e3:6d:33:1c:f6:75:66:72:
9d:be:e1:d8:f8:69:58:10:74:8b:6d:66:57:e5:6b:c5:10:5f:
1f:23:63:c0:83:6e:25:f4:cb:da:80:b5:aa:14:7f:a5:9b:71:
e8:de:6f:8f:7f:59:41:42:1f:79:f1:82:73:52:fc:0f:3e:ae:
31:94:61:17:11:8c:99:3f:3f:50:1d:0a:29:d0:33:46:cf:1c:
ff:2d:10:3b:2a:2e:78:ff:6e:a6:64:d2:87:1c:46:ab:19:17:
d2:59:8e:7c:8c:31:b6:32:13:0f:ed:95:39:e0:5e:32:a0:73:
a0:64:3e:64:b3:41:40:74:9a:05:cc:ba:d7:99:64:42:f6:ee:
c8:45:a4:c8:c3:ea:79:ad:a1:c1:6d:76:db:a7:c5:2e:36:a4:
58:66:57:ff:78:6c:9b:ef:15:ec:a5:ea:d7:95:08:40:62:9b:
a7:d0:e5:29
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZ0bYkt/+YefOJSBuqtZrIwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzIzMTU0ODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTU5MDc1NDMwNTM2MTAxMTJmZmFkNTA3NDUzZDlhN2Y1ZGIzZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkX8Tm0OdsMZVKqhPJ1BvxFv47ds
BqGv1H9HxC8ppYd5XwjTmV/jyOKkwPrte5IuP7uQCQ0T3ZSbH0jZG0799abKlGfj
xM8HFcNQh8YLgonKYC2sR/XwL8aK2VoL7l2TGDWqDoP37DlGCWjC7OzMzh/59Oai
BxYNUsAn/8kKNt0GvwrBU4oMXUhJBHppz27DU9fiQzkzNldYqskwgsVmyKcEK+u9
1E/fpJijBNFzeswENEnvXC1bZVSucYCxn1YyrOB5LFbNRAIIKc5VzDT3Wdr8HauZ
eiBLhISo2/GV0G21DztadyNs5DKn0NsC31nOvU5XTchGwQQDakS1/nondwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFIVZB1QwU2EBEv+tUHRT2af12z1qMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaFZrSFZEQlRZUUVTXzYxUWRGUFpwX1hiUFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAUpkhAwQA
UplVAwQAUplYAwQAUpmzAwQAUpm1AwQAUpm+AwQAUpnuMA0GCSqGSIb3DQEBCwUA
A4IBAQBrllTH8Li52KqIUScIGG+5wfYilz9fAc1gIWkQdKSE/LICATW/IlPB59qT
qFL01EpDRSK13lu8ixDKD24l5gZDYiu7WnWm8qtB5aSn08ffJI4L420zHPZ1ZnKd
vuHY+GlYEHSLbWZX5WvFEF8fI2PAg24l9MvagLWqFH+lm3Ho3m+Pf1lBQh958YJz
UvwPPq4xlGEXEYyZPz9QHQop0DNGzxz/LRA7Ki54/26mZNKHHEarGRfSWY58jDG2
MhMP7ZU54F4yoHOgZD5ks0FAdJoFzLrXmWRC9u7IRaTIw+p5raHBbXbbp8UuNqRY
Zlf/eGyb7xXsperXlQhAYpun0OUp
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:02:02 2026 by rpki-client