Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/53ZVDoOtcTwpioPIkR2gG0cL4-E.roa
File: 53ZVDoOtcTwpioPIkR2gG0cL4-E.roa (raw, json)
Hash identifier: q4bOzCVvoxTQl0PwgJmXXqzqny37RavLXXPDeX8NvPU=
Subject key identifier: E7:76:55:0E:83:AD:71:3C:29:8A:83:C8:91:1D:A0:1B:47:0B:E3:E1
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D11F5BBF8DBB03011BA06B5192A3AE486
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/53ZVDoOtcTwpioPIkR2gG0cL4-E.roa
Signing time: Sat 21 Mar 2026 19:53:30 +0000
ROA not before: Sat 21 Mar 2026 19:53:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16509
IP address blocks: 2.27.218.0/23 maxlen: 24
2.27.220.0/23 maxlen: 24
2.27.222.0/23 maxlen: 24
144.31.32.0/24 maxlen: 24
144.31.34.0/24 maxlen: 24
144.31.37.0/24 maxlen: 24
144.31.38.0/24 maxlen: 24
144.31.39.0/24 maxlen: 24
144.31.40.0/24 maxlen: 24
144.31.43.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:11:f5:bb:f8:db:b0:30:11:ba:06:b5:19:2a:3a:e4:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 21 19:53:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=e776550e83ad713c298a83c8911da01b470be3e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:0e:eb:80:e1:01:0b:a8:5e:1e:d2:86:be:e0:
68:85:7f:2d:21:2a:fd:8d:61:c0:11:7d:8b:a5:f0:
64:61:12:6d:9f:39:70:b5:38:5b:0a:58:02:fc:94:
5b:b8:97:fa:b9:f7:47:58:d9:cb:c6:cb:b6:cd:51:
22:a7:6f:c8:0f:99:68:29:49:98:44:e0:f3:a3:82:
22:1a:94:fe:78:4f:56:4a:58:68:f5:ea:2f:cc:f9:
27:ab:a6:98:8d:d3:42:35:fb:ec:c5:e3:04:b9:71:
88:cc:a0:04:0f:cc:e9:f2:b4:ac:fa:7b:dc:e9:27:
ab:2c:ed:37:56:ab:87:98:09:a9:35:3d:c8:a6:44:
85:9c:f6:2f:f2:cf:63:29:ec:c6:5c:e0:5a:ce:96:
6f:11:07:8f:b4:e0:09:e2:d3:08:be:8c:2b:11:86:
5d:13:3d:e6:ee:6b:cc:69:03:14:bd:01:4a:1d:16:
9a:ab:3c:97:a7:01:0e:2b:46:cc:bd:71:b2:8e:ee:
1b:52:c2:e7:c4:6c:a4:aa:60:09:76:45:83:2d:0f:
99:c3:f5:92:92:6b:0b:04:2b:e9:30:46:c2:d9:af:
f0:2b:54:69:54:76:dc:43:30:ee:de:bd:34:56:13:
d7:2d:98:4d:20:f1:60:0d:4a:b9:50:1f:15:55:1e:
b1:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:76:55:0E:83:AD:71:3C:29:8A:83:C8:91:1D:A0:1B:47:0B:E3:E1
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/53ZVDoOtcTwpioPIkR2gG0cL4-E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.218.0-2.27.223.255
144.31.32.0/24
144.31.34.0/24
144.31.37.0-144.31.40.255
144.31.43.0/24
Signature Algorithm: sha256WithRSAEncryption
05:bf:6c:0b:7b:3c:1a:96:d3:cc:c7:45:54:07:b3:f6:b2:be:
a2:23:88:7c:a2:2d:e6:2d:75:4a:4b:e3:3a:79:f8:92:d9:80:
40:0e:3c:d7:dc:2d:ac:13:a2:ca:23:f4:80:e3:88:ec:c1:1b:
63:a7:71:2d:58:da:16:21:56:62:3c:b5:db:65:fe:65:81:bc:
6e:16:83:55:f2:7f:fc:41:ba:4a:28:d4:35:b0:2d:54:16:8a:
c1:83:95:43:24:95:09:68:d9:f5:27:b9:09:9a:57:86:1e:e4:
e6:0c:b0:39:88:f0:37:b8:2a:5b:2a:3d:f3:22:b9:4a:ff:ce:
77:f9:66:29:7a:31:bc:6b:c4:4e:30:7e:53:88:4a:f8:f6:e1:
f4:14:f6:20:73:a8:fe:a2:af:a1:33:02:30:a3:ae:24:d4:f9:
24:9b:1a:5b:00:85:42:bc:65:67:d1:2a:60:c7:4d:ab:04:f5:
7a:4f:19:d3:0e:80:07:ea:ae:54:33:02:89:77:2c:a2:a2:78:
4a:5d:26:58:b4:cc:55:6b:dc:b1:d1:d0:71:c5:27:d7:d2:5a:
69:e5:75:76:7e:3e:d4:76:bf:8c:af:d9:7f:44:b6:6e:e8:da:
73:2a:b3:7a:2d:53:5d:66:c0:13:58:32:e7:6b:d1:5c:93:d3:
cc:45:d2:75
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZ0R9bv427AwEboGtRkqOuSGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIxMTk1MzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzc2NTUwZTgzYWQ3MTNjMjk4YTgzYzg5MTFkYTAxYjQ3MGJlM2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA7rgOEBC6heHtKGvuBohX8tISr9
jWHAEX2LpfBkYRJtnzlwtThbClgC/JRbuJf6ufdHWNnLxsu2zVEip2/ID5loKUmY
RODzo4IiGpT+eE9WSlho9eovzPknq6aYjdNCNfvsxeMEuXGIzKAED8zp8rSs+nvc
6SerLO03VquHmAmpNT3IpkSFnPYv8s9jKezGXOBazpZvEQePtOAJ4tMIvowrEYZd
Ez3m7mvMaQMUvQFKHRaaqzyXpwEOK0bMvXGyju4bUsLnxGykqmAJdkWDLQ+Zw/WS
kmsLBCvpMEbC2a/wK1RpVHbcQzDu3r00VhPXLZhNIPFgDUq5UB8VVR6xgQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFOd2VQ6DrXE8KYqDyJEdoBtHC+PhMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNTNaVkRvT3RjVHdwaW9QSWtSMmdHMGNMNC1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAECG9oD
BAUCG8ADBACQHyADBACQHyIwDAMEAJAfJQMEAJAfKAMEAJAfKzANBgkqhkiG9w0B
AQsFAAOCAQEABb9sC3s8GpbTzMdFVAez9rK+oiOIfKIt5i11SkvjOnn4ktmAQA48
19wtrBOiyiP0gOOI7MEbY6dxLVjaFiFWYjy122X+ZYG8bhaDVfJ//EG6SijUNbAt
VBaKwYOVQySVCWjZ9Se5CZpXhh7k5gywOYjwN7gqWyo98yK5Sv/Od/lmKXoxvGvE
TjB+U4hK+Pbh9BT2IHOo/qKvoTMCMKOuJNT5JJsaWwCFQrxlZ9EqYMdNqwT1ek8Z
0w6AB+quVDMCiXcsoqJ4Sl0mWLTMVWvcsdHQccUn19JaaeV1dn4+1Ha/jK/Zf0S2
bujacyqzei1TXWbAE1gy52vRXJPTzEXSdQ==
-----END CERTIFICATE-----
Generated at Thu Mar 26 01:18:29 2026 by rpki-client