Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/HgmkuPKwqjol9mbHZ8ataf1SvcE.roa
File: HgmkuPKwqjol9mbHZ8ataf1SvcE.roa (raw, json)
Hash identifier: gyDBFFZDQxXXn08l/MiA7FrLtA8MM9zX3POriEuaaw8=
Subject key identifier: 1E:09:A4:B8:F2:B0:AA:3A:25:F6:66:C7:67:C6:AD:69:FD:52:BD:C1
Certificate issuer: /CN=8cef146d85c09aa59687fd6315b13271c1c292ad
Certificate serial: 019E161EC94FE0B7769FEB24DA259CB8D167
Authority key identifier: 8C:EF:14:6D:85:C0:9A:A5:96:87:FD:63:15:B1:32:71:C1:C2:92:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jO8UbYXAmqWWh_1jFbEyccHCkq0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/HgmkuPKwqjol9mbHZ8ataf1SvcE.roa
Signing time: Mon 11 May 2026 08:19:36 +0000
ROA not before: Mon 11 May 2026 08:19:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212238
IP address blocks: 2a09:a380:100::/40 maxlen: 40
2a09:a380:a00::/40 maxlen: 40
2a09:a380:b00::/40 maxlen: 40
2a09:a380:c00::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/jO8UbYXAmqWWh_1jFbEyccHCkq0.crl
rsync://rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/jO8UbYXAmqWWh_1jFbEyccHCkq0.mft
rsync://rpki.ripe.net/repository/DEFAULT/jO8UbYXAmqWWh_1jFbEyccHCkq0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:01:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:16:1e:c9:4f:e0:b7:76:9f:eb:24:da:25:9c:b8:d1:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8cef146d85c09aa59687fd6315b13271c1c292ad
Validity
Not Before: May 11 08:19:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1e09a4b8f2b0aa3a25f666c767c6ad69fd52bdc1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:9f:ab:b7:28:67:02:97:c5:30:fb:0c:c8:b2:
09:fd:40:0a:df:92:3d:6a:4f:2e:ae:ea:b5:b5:11:
78:9d:cc:81:7c:b6:fc:ec:00:ba:5a:f9:66:4b:90:
86:ee:75:02:ba:06:99:3b:87:24:77:13:29:f9:0a:
d4:3c:f1:d1:3f:83:6d:d9:05:93:8b:15:8e:d3:6d:
d7:3f:a5:f9:5c:67:b6:5a:98:8a:c7:69:be:53:1f:
fa:d4:db:e1:80:e7:9e:bd:34:26:9f:c1:31:3d:5d:
5a:fb:21:df:5f:97:bd:d8:78:ee:bc:9d:27:ff:d6:
c1:37:19:f6:9c:89:2c:73:92:3d:cf:29:70:16:7d:
7c:78:71:9e:9f:3b:5a:04:80:f9:a2:16:65:81:b4:
7d:1b:64:87:80:32:8f:30:f7:38:db:68:42:a4:d9:
4d:8f:ef:4c:76:9c:94:e2:30:4b:a8:6b:fc:e3:92:
fe:ff:fd:d4:bb:80:33:d0:68:34:63:a2:61:54:c0:
6c:cc:c6:b8:df:7b:79:f0:21:89:89:b4:85:76:e1:
4b:f3:16:b1:63:77:94:0f:d7:69:78:87:cb:62:8e:
32:f9:01:ae:74:e2:8d:bb:7d:3b:d5:c1:e4:fe:f9:
a1:7c:72:32:c1:62:49:20:e3:ea:b8:46:18:7c:a3:
09:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:09:A4:B8:F2:B0:AA:3A:25:F6:66:C7:67:C6:AD:69:FD:52:BD:C1
X509v3 Authority Key Identifier:
keyid:8C:EF:14:6D:85:C0:9A:A5:96:87:FD:63:15:B1:32:71:C1:C2:92:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jO8UbYXAmqWWh_1jFbEyccHCkq0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/HgmkuPKwqjol9mbHZ8ataf1SvcE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/jO8UbYXAmqWWh_1jFbEyccHCkq0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:a380:100::/40
2a09:a380:a00::-2a09:a380:cff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
0c:32:83:f8:82:34:ec:42:97:b7:96:30:e2:c0:c5:21:5a:b9:
d9:cf:a2:ca:d6:4d:f8:1b:61:75:4e:a9:b1:8f:5c:75:08:c9:
98:06:c5:37:2c:44:2a:d6:a1:a0:f9:8c:47:86:d7:0b:20:8a:
f0:38:18:b6:6c:a2:11:82:18:14:69:3b:4c:c8:f9:dc:3c:05:
c5:72:cf:db:69:05:b0:7c:39:fe:15:91:4c:ad:56:fe:b3:ef:
36:57:e0:53:f6:af:ef:41:30:23:44:5d:cd:6c:5d:9a:ee:93:
c2:4a:2f:ee:31:53:2e:78:02:68:2e:e8:60:42:62:25:3a:70:
81:50:71:16:c6:0a:ce:e4:56:38:80:bd:e8:ad:a5:80:f1:dc:
95:a2:e4:7a:b1:a5:4a:cf:2d:54:11:bf:e6:ac:46:17:84:0f:
60:9a:d5:ff:4c:79:f5:f5:90:66:b3:42:62:c8:2d:cf:3c:1b:
44:eb:26:21:e4:38:50:28:25:3e:0e:d1:43:33:a8:48:83:d0:
db:27:53:9c:ee:dc:95:43:55:6a:98:6d:76:3f:1e:c1:14:bd:
70:f2:9a:6a:ef:93:24:98:6a:97:12:89:8d:fd:61:ec:d9:90:
09:74:01:cb:87:50:29:05:33:a9:f2:db:9b:ba:99:73:38:08:
e4:19:d0:8b
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZ4WHslP4Ld2n+sk2iWcuNFnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZWYxNDZkODVjMDlhYTU5Njg3ZmQ2MzE1YjEzMjcxYzFj
MjkyYWQwHhcNMjYwNTExMDgxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTA5YTRiOGYyYjBhYTNhMjVmNjY2Yzc2N2M2YWQ2OWZkNTJiZGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJ+rtyhnApfFMPsMyLIJ/UAK35I9
ak8uruq1tRF4ncyBfLb87AC6WvlmS5CG7nUCugaZO4ckdxMp+QrUPPHRP4Nt2QWT
ixWO023XP6X5XGe2WpiKx2m+Ux/61NvhgOeevTQmn8ExPV1a+yHfX5e92HjuvJ0n
/9bBNxn2nIksc5I9zylwFn18eHGenztaBID5ohZlgbR9G2SHgDKPMPc422hCpNlN
j+9MdpyU4jBLqGv845L+//3Uu4Az0Gg0Y6JhVMBszMa433t58CGJibSFduFL8xax
Y3eUD9dpeIfLYo4y+QGudOKNu3071cHk/vmhfHIywWJJIOPquEYYfKMJvwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFB4JpLjysKo6JfZmx2fGrWn9Ur3BMB8GA1UdIwQY
MBaAFIzvFG2FwJqllof9YxWxMnHBwpKtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak84VWJZWEFtcVdXaF8xakZiRXljY0hDa3EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9hM2QyZWUtMTc0Yy00OGMzLWJkMjYt
N2ZhOWQ5NDAyNGYwLzEvSGdta3VQS3dxam9sOW1iSFo4YXRhZjFTdmNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9hM2QyZWUtMTc0Yy00OGMzLWJkMjYtN2ZhOWQ5NDAyNGYw
LzEvak84VWJZWEFtcVdXaF8xakZiRXljY0hDa3EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwYAKgmjgAEw
EAMGASoJo4AKAwYAKgmjgAwwDQYJKoZIhvcNAQELBQADggEBAAwyg/iCNOxCl7eW
MOLAxSFaudnPosrWTfgbYXVOqbGPXHUIyZgGxTcsRCrWoaD5jEeG1wsgivA4GLZs
ohGCGBRpO0zI+dw8BcVyz9tpBbB8Of4VkUytVv6z7zZX4FP2r+9BMCNEXc1sXZru
k8JKL+4xUy54Amgu6GBCYiU6cIFQcRbGCs7kVjiAveitpYDx3JWi5HqxpUrPLVQR
v+asRheED2Ca1f9MefX1kGazQmLILc88G0TrJiHkOFAoJT4O0UMzqEiD0NsnU5zu
3JVDVWqYbXY/HsEUvXDymmrvkySYapcSiY39YezZkAl0AcuHUCkFM6ny25u6mXM4
COQZ0Is=
-----END CERTIFICATE-----
Generated at Wed May 13 04:03:21 2026 by rpki-client