Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fwaHHzsyYVs95i4PQxGNCgL_3R4.roa
File: fwaHHzsyYVs95i4PQxGNCgL_3R4.roa (raw, json)
Hash identifier: anYhlXpLvQKB4/Du6/X4JYqAhhDS/VH1BAK/rzMTGxU=
Subject key identifier: 7F:06:87:1F:3B:32:61:5B:3D:E6:2E:0F:43:11:8D:0A:02:FF:DD:1E
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019E182F0E4CF3EB81DABB08D8FD7FD73896
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fwaHHzsyYVs95i4PQxGNCgL_3R4.roa
Signing time: Mon 11 May 2026 17:56:37 +0000
ROA not before: Mon 11 May 2026 17:56:37 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216039
IP address blocks: 2.27.7.0/24 maxlen: 24
31.76.108.0/22 maxlen: 24
31.76.246.0/24 maxlen: 24
144.31.220.0/24 maxlen: 24
144.31.225.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 06:01:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:18:2f:0e:4c:f3:eb:81:da:bb:08:d8:fd:7f:d7:38:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: May 11 17:56:37 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7f06871f3b32615b3de62e0f43118d0a02ffdd1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:a7:46:0d:65:79:c8:60:7c:69:5f:b4:95:44:
7d:2e:0a:2c:36:14:09:6a:14:18:e9:47:8d:e5:35:
74:3a:ad:da:e4:f7:97:84:62:9c:40:51:fd:07:16:
d5:a6:6d:a8:22:e4:6a:6e:40:37:38:e1:45:1f:87:
de:5f:67:1e:3c:77:44:51:b7:80:f0:52:2a:42:34:
30:ad:92:cd:c3:a2:1f:ac:e4:ba:ce:4e:5b:51:3c:
ee:b6:eb:b1:5c:8c:3b:f0:68:59:ea:4b:61:2c:c4:
7b:2b:d1:1f:81:c8:b7:95:e7:2b:7a:d8:a2:88:f4:
e8:f0:da:bb:71:54:41:3b:1b:5e:3f:bf:f6:4c:fa:
54:1c:61:cd:be:d5:14:ad:70:62:4f:fc:7a:5b:81:
d0:ab:76:9d:ae:4e:c8:47:89:a4:b8:d8:0c:de:df:
76:d9:2e:43:3c:16:74:1f:ba:88:97:59:b1:3d:f3:
19:b7:b5:ce:27:ac:3b:e8:25:64:54:13:c0:1e:99:
c2:fd:dd:7a:5d:29:e1:88:2a:53:11:a8:08:c5:a9:
fa:dc:cf:d3:5c:bd:e4:8b:e1:fc:67:9e:44:58:a5:
1b:ae:9b:4b:5c:e8:24:73:ef:03:8d:85:c1:7d:5b:
59:32:78:58:55:de:9b:be:ff:c8:8a:2c:78:1c:7d:
df:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:06:87:1F:3B:32:61:5B:3D:E6:2E:0F:43:11:8D:0A:02:FF:DD:1E
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fwaHHzsyYVs95i4PQxGNCgL_3R4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.7.0/24
31.76.108.0/22
31.76.246.0/24
144.31.220.0/24
144.31.225.0/24
Signature Algorithm: sha256WithRSAEncryption
47:07:82:02:b0:56:76:9d:53:ed:fe:0b:a2:8c:88:8e:ea:d1:
fd:ee:ee:a7:ae:af:30:e3:48:ef:3a:31:73:dd:c9:9f:53:f5:
78:d3:02:ae:6d:a3:64:7b:77:83:d7:26:61:99:2f:28:22:7c:
99:67:3d:a5:8e:2c:a2:a4:cb:b5:eb:95:f5:a1:ea:35:4b:cb:
68:c3:9a:4f:4e:9b:9c:85:6b:9f:22:6b:b4:e1:dd:aa:38:58:
6c:9a:4b:c8:67:8a:7a:06:31:60:ff:5b:c8:5b:08:fb:00:99:
91:8c:68:98:c2:c9:3c:9c:fd:a8:d7:4c:e4:f0:dc:77:24:14:
3d:d6:21:c0:bc:e7:24:0f:b5:cb:fe:35:dd:39:b8:9b:cf:6a:
a1:c2:d1:b2:17:71:fe:ea:a5:19:71:02:98:1f:f3:17:e3:ac:
83:08:41:ec:4c:43:7e:05:df:4e:e6:d4:12:d5:cc:b1:6f:50:
6f:86:4c:48:b6:2c:67:dc:61:61:73:03:c2:5a:b8:53:5c:2c:
38:7a:14:41:a5:4c:29:83:9b:95:31:1a:cf:7c:84:78:89:d1:
71:73:87:ac:b1:26:04:63:0e:64:23:7f:4e:b9:da:2e:87:93:
95:6f:01:5f:9f:45:7f:07:04:27:c6:1a:8b:20:b1:f7:c7:9e:
a4:89:d8:1c
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ4YLw5M8+uB2rsI2P1/1ziWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTExMTc1NjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjA2ODcxZjNiMzI2MTViM2RlNjJlMGY0MzExOGQwYTAyZmZkZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKdGDWV5yGB8aV+0lUR9LgosNhQJ
ahQY6UeN5TV0Oq3a5PeXhGKcQFH9BxbVpm2oIuRqbkA3OOFFH4feX2cePHdEUbeA
8FIqQjQwrZLNw6IfrOS6zk5bUTzutuuxXIw78GhZ6kthLMR7K9Efgci3lecretii
iPTo8Nq7cVRBOxteP7/2TPpUHGHNvtUUrXBiT/x6W4HQq3adrk7IR4mkuNgM3t92
2S5DPBZ0H7qIl1mxPfMZt7XOJ6w76CVkVBPAHpnC/d16XSnhiCpTEagIxan63M/T
XL3ki+H8Z55EWKUbrptLXOgkc+8DjYXBfVtZMnhYVd6bvv/Iiix4HH3fpwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFH8Ghx87MmFbPeYuD0MRjQoC/90eMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZndhSEh6c3lZVnM5NWk0UFF4R05DZ0xfM1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAAhsHAwQC
H0xsAwQAH0z2AwQAkB/cAwQAkB/hMA0GCSqGSIb3DQEBCwUAA4IBAQBHB4ICsFZ2
nVPt/guijIiO6tH97u6nrq8w40jvOjFz3cmfU/V40wKubaNke3eD1yZhmS8oInyZ
Zz2ljiyipMu165X1oeo1S8tow5pPTpuchWufImu04d2qOFhsmkvIZ4p6BjFg/1vI
Wwj7AJmRjGiYwsk8nP2o10zk8Nx3JBQ91iHAvOckD7XL/jXdObibz2qhwtGyF3H+
6qUZcQKYH/MX46yDCEHsTEN+Bd9O5tQS1cyxb1BvhkxItixn3GFhcwPCWrhTXCw4
ehRBpUwpg5uVMRrPfIR4idFxc4essSYEYw5kI39Oudouh5OVbwFfn0V/BwQnxhqL
ILH3x56kidgc
-----END CERTIFICATE-----
Generated at Wed May 13 12:41:11 2026 by rpki-client