Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/o_ox5DUGhXPodJwAagSua_cKJiw.roa
File: o_ox5DUGhXPodJwAagSua_cKJiw.roa (raw, json)
Hash identifier: mOqE/yj9pv2xyuvHkBO7D9Q0C+KIWHGUAx8f38G/5KU=
Subject key identifier: A3:FA:31:E4:35:06:85:73:E8:74:9C:00:6A:04:AE:6B:F7:0A:26:2C
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D1B2B5A834B5915E613056DF6EDE17F42
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/o_ox5DUGhXPodJwAagSua_cKJiw.roa
Signing time: Mon 23 Mar 2026 14:48:39 +0000
ROA not before: Mon 23 Mar 2026 14:48:39 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213877
IP address blocks: 2.27.44.0/23 maxlen: 24
2.27.46.0/23 maxlen: 24
64.188.73.0/24 maxlen: 24
64.188.75.0/24 maxlen: 24
64.188.92.0/22 maxlen: 24
64.188.96.0/24 maxlen: 24
64.188.97.0/24 maxlen: 24
64.188.112.0/23 maxlen: 24
64.188.116.0/23 maxlen: 24
64.188.124.0/24 maxlen: 24
64.188.125.0/24 maxlen: 24
64.188.126.0/24 maxlen: 24
77.239.100.0/22 maxlen: 24
77.239.104.0/24 maxlen: 24
77.239.105.0/24 maxlen: 24
77.239.122.0/24 maxlen: 24
77.239.123.0/24 maxlen: 24
144.31.26.0/23 maxlen: 24
144.31.64.0/22 maxlen: 24
144.31.68.0/22 maxlen: 24
144.31.72.0/22 maxlen: 24
144.31.76.0/22 maxlen: 24
144.31.86.0/23 maxlen: 24
144.31.89.0/24 maxlen: 24
144.31.104.0/23 maxlen: 24
144.31.114.0/23 maxlen: 24
144.31.120.0/23 maxlen: 24
144.31.137.0/24 maxlen: 24
144.31.192.0/23 maxlen: 24
144.31.198.0/23 maxlen: 24
144.31.226.0/23 maxlen: 24
144.31.228.0/23 maxlen: 24
144.31.244.0/23 maxlen: 24
144.31.246.0/23 maxlen: 24
144.31.252.0/23 maxlen: 24
144.31.254.0/23 maxlen: 24
150.241.86.0/24 maxlen: 24
150.241.105.0/24 maxlen: 24
150.241.108.0/24 maxlen: 24
150.241.123.0/24 maxlen: 24
185.184.122.0/24 maxlen: 24
185.184.123.0/24 maxlen: 24
185.207.133.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:1b:2b:5a:83:4b:59:15:e6:13:05:6d:f6:ed:e1:7f:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 23 14:48:39 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a3fa31e435068573e8749c006a04ae6bf70a262c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:4b:fa:d8:76:e9:2f:8f:2c:69:e8:9c:f2:c9:
b0:8d:a8:d4:9e:87:7a:0f:3e:76:f4:92:e6:9d:0e:
3b:e0:97:36:a4:08:6e:e9:8b:a7:f9:1c:37:a0:db:
04:e0:0b:d4:a4:35:92:20:9b:27:f3:72:47:ca:9c:
f7:b5:41:37:4d:3f:fd:61:ef:6d:97:55:88:84:13:
32:e2:57:c3:ce:fc:e4:3f:a5:03:88:88:6b:ce:32:
f8:45:97:8f:9a:3b:be:b4:02:66:00:21:91:4e:10:
db:95:93:ea:e4:c0:f2:d7:bc:af:ac:c8:88:47:82:
64:70:d5:eb:b0:1d:6f:a7:0e:97:ee:b0:26:0b:df:
25:3b:84:1c:db:6a:f9:0c:36:61:d2:ed:a2:39:f1:
9b:09:5c:8d:69:a7:d9:40:9d:b6:47:96:78:6d:16:
c5:1a:47:13:1e:b2:ea:86:30:5c:79:cb:ac:3a:7b:
eb:32:c3:cf:2c:dc:bb:22:20:90:2b:56:6e:86:38:
ce:19:df:db:c5:4c:77:3b:d4:2c:fc:3c:f9:1c:67:
66:b4:55:2c:c6:86:63:af:11:c3:83:4f:3b:ca:51:
33:9c:0d:71:56:d0:b8:b4:1e:7c:33:eb:1e:64:25:
10:45:d6:ea:09:d5:2d:b6:39:5c:05:70:38:d8:dc:
a8:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:FA:31:E4:35:06:85:73:E8:74:9C:00:6A:04:AE:6B:F7:0A:26:2C
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/o_ox5DUGhXPodJwAagSua_cKJiw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.27.44.0/22
64.188.73.0/24
64.188.75.0/24
64.188.92.0-64.188.97.255
64.188.112.0/23
64.188.116.0/23
64.188.124.0-64.188.126.255
77.239.100.0-77.239.105.255
77.239.122.0/23
144.31.26.0/23
144.31.64.0/20
144.31.86.0/23
144.31.89.0/24
144.31.104.0/23
144.31.114.0/23
144.31.120.0/23
144.31.137.0/24
144.31.192.0/23
144.31.198.0/23
144.31.226.0-144.31.229.255
144.31.244.0/22
144.31.252.0/22
150.241.86.0/24
150.241.105.0/24
150.241.108.0/24
150.241.123.0/24
185.184.122.0/23
185.207.133.0/24
Signature Algorithm: sha256WithRSAEncryption
27:74:94:01:17:c6:8b:da:61:47:d8:6c:49:32:15:82:40:de:
e8:d2:50:9b:48:aa:e5:48:d4:22:75:87:08:52:4f:c3:b8:a8:
9e:2c:1b:45:a9:3d:eb:d7:95:ae:00:d9:6e:c0:c1:37:5a:08:
7d:50:ee:15:87:ec:e1:14:60:43:39:0b:4a:ef:41:e4:b3:d6:
74:5c:c5:e7:55:97:55:c9:71:80:82:81:cd:e8:9c:08:1e:1c:
93:41:c8:a0:cd:9d:ba:4d:43:4f:34:36:06:b4:78:57:d0:82:
ac:82:5b:ad:85:f4:87:bd:2e:3d:17:63:cb:17:ef:43:3a:0d:
48:aa:7e:8a:a8:1c:2b:4e:22:95:ba:ba:af:7c:b6:27:f0:1b:
fe:95:54:ff:ff:42:8e:e0:64:4f:c8:c1:3e:9b:7f:7d:b6:c1:
ad:f7:d1:2f:5b:a0:b9:8f:2c:fc:9d:f4:5f:a5:5e:b7:e0:7b:
ec:ea:6c:13:ff:b7:23:11:1f:a5:70:a6:bb:e1:40:00:3d:b6:
f4:b3:dd:95:29:91:40:13:fc:38:75:15:94:97:71:d2:a5:90:
68:77:b7:b9:58:27:f0:32:3d:9b:6c:ec:ae:72:c5:66:ce:87:
fc:cb:eb:97:8c:12:4d:9d:81:9f:8d:f9:ec:bd:49:63:4e:5b:
66:94:72:6c
-----BEGIN CERTIFICATE-----
MIIFxDCCBKygAwIBAgISAZ0bK1qDS1kV5hMFbfbt4X9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIzMTQ0ODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2ZhMzFlNDM1MDY4NTczZTg3NDljMDA2YTA0YWU2YmY3MGEyNjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEv62HbpL48saeic8smwjajUnod6
Dz529JLmnQ474Jc2pAhu6Yun+Rw3oNsE4AvUpDWSIJsn83JHypz3tUE3TT/9Ye9t
l1WIhBMy4lfDzvzkP6UDiIhrzjL4RZePmju+tAJmACGRThDblZPq5MDy17yvrMiI
R4JkcNXrsB1vpw6X7rAmC98lO4Qc22r5DDZh0u2iOfGbCVyNaafZQJ22R5Z4bRbF
GkcTHrLqhjBcecusOnvrMsPPLNy7IiCQK1ZuhjjOGd/bxUx3O9Qs/Dz5HGdmtFUs
xoZjrxHDg087ylEznA1xVtC4tB58M+seZCUQRdbqCdUttjlcBXA42Nyo0QIDAQAB
o4IC0DCCAswwHQYDVR0OBBYEFKP6MeQ1BoVz6HScAGoErmv3CiYsMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvb19veDVEVUdoWFBvZEp3QWFnU3VhX2NLSml3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHlBggrBgEFBQcBBwEB/wSB1TCB0jCBzwQCAAEwgcgDBAIC
GywDBABAvEkDBABAvEswDAMEAkC8XAMEAUC8YAMEAUC8cAMEAUC8dDAMAwQCQLx8
AwQAQLx+MAwDBAJN72QDBAFN72gDBAFN73oDBAGQHxoDBASQH0ADBAGQH1YDBACQ
H1kDBAGQH2gDBAGQH3IDBAGQH3gDBACQH4kDBAGQH8ADBAGQH8YwDAMEAZAf4gME
AZAf5AMEApAf9AMEApAf/AMEAJbxVgMEAJbxaQMEAJbxbAMEAJbxewMEAbm4egME
ALnPhTANBgkqhkiG9w0BAQsFAAOCAQEAJ3SUARfGi9phR9hsSTIVgkDe6NJQm0iq
5UjUInWHCFJPw7ioniwbRak969eVrgDZbsDBN1oIfVDuFYfs4RRgQzkLSu9B5LPW
dFzF51WXVclxgIKBzeicCB4ck0HIoM2duk1DTzQ2BrR4V9CCrIJbrYX0h70uPRdj
yxfvQzoNSKp+iqgcK04ilbq6r3y2J/Ab/pVU//9CjuBkT8jBPpt/fbbBrffRL1ug
uY8s/J30X6Vet+B77OpsE/+3IxEfpXCmu+FAAD229LPdlSmRQBP8OHUVlJdx0qWQ
aHe3uVgn8DI9m2zsrnLFZs6H/Mvrl4wSTZ2Bn4357L1JY05bZpRybA==
-----END CERTIFICATE-----
Generated at Wed Mar 25 21:27:07 2026 by rpki-client