Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/4ZXRty5qOuZ8XtANuSQXowNIkak.roa
File: 4ZXRty5qOuZ8XtANuSQXowNIkak.roa (raw, json)
Hash identifier: 5f+l88HhrJgDZMZ6B3A0i/fqB1Gly2MA/kg/7Z9RUOY=
Subject key identifier: E1:95:D1:B7:2E:6A:3A:E6:7C:5E:D0:0D:B9:24:17:A3:03:48:91:A9
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D11F5BB5767A1A930E07A7C319249FC1F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/4ZXRty5qOuZ8XtANuSQXowNIkak.roa
Signing time: Sat 21 Mar 2026 19:53:30 +0000
ROA not before: Sat 21 Mar 2026 19:53:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 14618
IP address blocks: 2.27.218.0/23 maxlen: 24
2.27.220.0/23 maxlen: 24
2.27.222.0/23 maxlen: 24
144.31.32.0/24 maxlen: 24
144.31.34.0/24 maxlen: 24
144.31.37.0/24 maxlen: 24
144.31.38.0/24 maxlen: 24
144.31.39.0/24 maxlen: 24
144.31.40.0/24 maxlen: 24
144.31.43.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:11:f5:bb:57:67:a1:a9:30:e0:7a:7c:31:92:49:fc:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 21 19:53:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e195d1b72e6a3ae67c5ed00db92417a3034891a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:b9:9b:42:7a:f8:f4:56:03:3f:57:c0:a5:97:
cb:1d:47:22:96:a4:d3:46:74:8b:ed:93:a2:43:f4:
ed:08:3a:99:ce:5d:8e:05:a4:77:99:12:91:bb:bb:
d0:41:fd:d7:f9:f0:34:b2:86:83:db:2e:db:39:ac:
cd:7d:e7:bb:63:3d:d3:41:0c:2d:ee:a6:fc:89:4a:
78:a6:39:80:a3:ff:f7:fb:38:a7:e9:24:cb:f2:cf:
a3:07:51:f5:80:f7:91:8a:38:18:65:75:1b:19:c5:
41:5b:0b:ad:66:9e:d7:00:45:c2:dd:c9:df:2c:03:
34:8c:5c:f1:34:4d:81:4f:1d:4f:16:9a:d3:a5:f3:
22:47:ff:5b:11:1c:6b:53:c4:bb:42:3f:b2:6c:1d:
03:1a:b7:ad:dc:c9:61:e5:c0:bf:08:cc:3b:81:95:
7f:54:5a:df:ae:2f:55:3e:c3:a5:28:62:a3:3b:dc:
b4:93:07:cf:1a:36:88:2c:75:94:f8:12:a3:30:4b:
5d:c2:15:dc:c1:4d:e4:b9:bf:b9:97:f8:13:da:0f:
e8:1c:a7:b7:97:06:00:04:b8:41:4d:2a:6e:3f:ac:
0a:b4:2b:f6:94:f4:14:36:ed:93:0e:d9:b9:8b:31:
6a:ae:90:60:f4:fd:5d:50:e4:86:5c:70:0d:51:f6:
bc:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:95:D1:B7:2E:6A:3A:E6:7C:5E:D0:0D:B9:24:17:A3:03:48:91:A9
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/4ZXRty5qOuZ8XtANuSQXowNIkak.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.218.0-2.27.223.255
144.31.32.0/24
144.31.34.0/24
144.31.37.0-144.31.40.255
144.31.43.0/24
Signature Algorithm: sha256WithRSAEncryption
04:0c:f8:a4:a4:fd:13:77:ac:e2:22:99:8b:b1:c4:80:89:b7:
e9:24:d7:e2:ad:29:ac:f7:6b:03:ef:08:36:e3:15:2f:39:2a:
a0:76:51:4a:18:1f:bb:b3:eb:77:67:38:f2:49:47:c6:86:60:
9d:4d:b4:d6:da:d4:3e:35:f5:59:b7:14:cd:8b:34:e4:a9:51:
a8:4d:02:a4:75:e0:f6:35:0f:d6:a5:69:e7:2f:c7:99:0d:7b:
24:3d:fe:66:d9:5d:b8:3f:bb:b9:20:97:f4:f4:cc:09:23:77:
46:8b:3e:d3:ce:a0:82:cd:d9:10:48:f5:35:05:5f:78:06:04:
cd:a6:e7:14:a8:39:b5:08:3b:b8:4c:56:da:f3:27:0f:96:bf:
0f:a7:6c:37:5b:94:5d:13:6f:25:9e:87:36:2e:14:3a:f8:ef:
82:86:20:64:16:88:d9:f9:1f:ad:fe:af:45:f4:19:67:e6:38:
6d:b6:3a:af:ab:04:76:bd:d9:e9:6f:a8:57:f2:fa:21:85:82:
32:1b:73:cf:13:00:14:e3:12:3f:27:78:7c:5b:99:f3:52:be:
a2:f5:ab:38:3e:5f:9c:1c:00:cd:68:98:cd:14:c2:e9:25:d5:
9a:1c:bc:12:ad:e1:cf:97:e2:97:f5:14:cb:3e:b6:c9:b1:13:
15:b6:21:b2
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZ0R9btXZ6GpMOB6fDGSSfwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIxMTk1MzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTk1ZDFiNzJlNmEzYWU2N2M1ZWQwMGRiOTI0MTdhMzAzNDg5MWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67mbQnr49FYDP1fApZfLHUcilqTT
RnSL7ZOiQ/TtCDqZzl2OBaR3mRKRu7vQQf3X+fA0soaD2y7bOazNfee7Yz3TQQwt
7qb8iUp4pjmAo//3+zin6STL8s+jB1H1gPeRijgYZXUbGcVBWwutZp7XAEXC3cnf
LAM0jFzxNE2BTx1PFprTpfMiR/9bERxrU8S7Qj+ybB0DGret3Mlh5cC/CMw7gZV/
VFrfri9VPsOlKGKjO9y0kwfPGjaILHWU+BKjMEtdwhXcwU3kub+5l/gT2g/oHKe3
lwYABLhBTSpuP6wKtCv2lPQUNu2TDtm5izFqrpBg9P1dUOSGXHANUfa8nwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFOGV0bcuajrmfF7QDbkkF6MDSJGpMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNFpYUnR5NXFPdVo4WHRBTnVTUVhvd05Ja2FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAECG9oD
BAUCG8ADBACQHyADBACQHyIwDAMEAJAfJQMEAJAfKAMEAJAfKzANBgkqhkiG9w0B
AQsFAAOCAQEABAz4pKT9E3es4iKZi7HEgIm36STX4q0prPdrA+8INuMVLzkqoHZR
Shgfu7Prd2c48klHxoZgnU201trUPjX1WbcUzYs05KlRqE0CpHXg9jUP1qVp5y/H
mQ17JD3+ZtlduD+7uSCX9PTMCSN3Ros+086ggs3ZEEj1NQVfeAYEzabnFKg5tQg7
uExW2vMnD5a/D6dsN1uUXRNvJZ6HNi4UOvjvgoYgZBaI2fkfrf6vRfQZZ+Y4bbY6
r6sEdr3Z6W+oV/L6IYWCMhtzzxMAFOMSPyd4fFuZ81K+ovWrOD5fnBwAzWiYzRTC
6SXVmhy8Eq3hz5fil/UUyz62ybETFbYhsg==
-----END CERTIFICATE-----
Generated at Thu Mar 26 17:28:06 2026 by rpki-client