Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/99a1da-20da-4a68-b326-2617a0ecbc14/1/KaIgliHustVSIeqdoMLZfqd-lkU.roa
File: KaIgliHustVSIeqdoMLZfqd-lkU.roa (raw, json)
Hash identifier: TSquDL50Tyqppks/him9Q1dPueR/BPipThvWxXHjwT8=
Subject key identifier: 29:A2:20:96:21:EE:B2:D5:52:21:EA:9D:A0:C2:D9:7E:A7:7E:96:45
Certificate issuer: /CN=64d9fb3f2cafed594e068adedc78a97c8829c101
Certificate serial: 019C9B06006602D14A2C1E40B1146E09F52B
Authority key identifier: 64:D9:FB:3F:2C:AF:ED:59:4E:06:8A:DE:DC:78:A9:7C:88:29:C1:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZNn7Pyyv7VlOBore3HipfIgpwQE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/99a1da-20da-4a68-b326-2617a0ecbc14/1/KaIgliHustVSIeqdoMLZfqd-lkU.roa
Signing time: Thu 26 Feb 2026 17:36:27 +0000
ROA not before: Thu 26 Feb 2026 17:36:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 197704
IP address blocks: 5.63.188.0/23 maxlen: 23
193.200.190.0/24 maxlen: 24
195.242.138.0/24 maxlen: 24
195.242.139.0/24 maxlen: 24
217.114.34.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/27/99a1da-20da-4a68-b326-2617a0ecbc14/1/ZNn7Pyyv7VlOBore3HipfIgpwQE.crl
rsync://rpki.ripe.net/repository/DEFAULT/27/99a1da-20da-4a68-b326-2617a0ecbc14/1/ZNn7Pyyv7VlOBore3HipfIgpwQE.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZNn7Pyyv7VlOBore3HipfIgpwQE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 11:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:9b:06:00:66:02:d1:4a:2c:1e:40:b1:14:6e:09:f5:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=64d9fb3f2cafed594e068adedc78a97c8829c101
Validity
Not Before: Feb 26 17:36:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=29a2209621eeb2d55221ea9da0c2d97ea77e9645
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:45:c2:6b:4b:76:d8:28:45:91:92:f3:41:9c:
1e:8d:b3:9b:7e:7f:96:9a:c5:fd:74:c9:d0:37:a7:
9e:6b:9c:a0:25:b9:bd:f0:6f:2e:45:05:80:67:90:
ce:bf:a3:02:2e:de:98:29:5b:fe:23:e6:00:b9:d1:
34:4e:ad:bc:84:8a:8d:07:5f:2d:73:7e:1a:ce:9c:
67:d2:65:da:22:e6:9f:0a:0a:54:dc:0d:a2:7b:53:
d8:91:a1:a0:8c:ae:37:37:30:e4:40:66:65:8a:a8:
e8:1c:be:53:86:18:30:2f:4d:65:0d:62:fd:1f:8f:
66:70:22:a5:22:dd:cb:f0:de:60:e2:ed:a5:bc:d9:
5a:b5:4d:d7:e6:c2:79:d0:23:18:6a:da:9e:00:19:
02:65:f7:9b:28:5d:fd:d7:74:7b:cf:d0:09:cb:13:
57:5a:dd:3b:c1:ca:ec:7d:84:6f:0b:5a:8d:cc:95:
4d:77:ec:54:d4:d8:b8:dd:36:63:19:6e:e7:54:c1:
7e:1c:9f:d9:7c:8b:38:de:8c:33:c6:8c:ac:20:5c:
d2:2d:67:6e:3f:f9:81:92:2c:57:27:a6:00:7d:c6:
4b:25:08:bc:b1:58:db:40:fd:25:7b:44:a9:84:66:
ff:82:da:cc:42:79:0d:0b:67:89:1d:5a:2e:d6:e5:
5f:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:A2:20:96:21:EE:B2:D5:52:21:EA:9D:A0:C2:D9:7E:A7:7E:96:45
X509v3 Authority Key Identifier:
keyid:64:D9:FB:3F:2C:AF:ED:59:4E:06:8A:DE:DC:78:A9:7C:88:29:C1:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNn7Pyyv7VlOBore3HipfIgpwQE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/99a1da-20da-4a68-b326-2617a0ecbc14/1/KaIgliHustVSIeqdoMLZfqd-lkU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/99a1da-20da-4a68-b326-2617a0ecbc14/1/ZNn7Pyyv7VlOBore3HipfIgpwQE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.63.188.0/23
193.200.190.0/24
195.242.138.0/23
217.114.34.0/24
Signature Algorithm: sha256WithRSAEncryption
95:bb:8f:a7:1e:61:31:b6:79:05:25:e7:5a:8f:9b:25:ad:09:
dc:30:43:a0:8c:fe:e9:b5:2e:f5:3f:af:bf:f7:44:42:d9:72:
35:2c:81:19:15:a6:86:ae:29:cb:3d:7f:63:da:ab:08:69:65:
69:5a:13:c4:87:93:67:82:fe:4e:ff:25:56:6f:e8:79:bc:f2:
2f:d7:c7:2f:1e:96:e5:f9:a9:08:99:20:d8:7f:7b:3e:99:12:
83:ba:c2:4a:e1:10:1d:b2:0d:ce:22:2e:98:a3:15:f6:38:d1:
53:fb:d1:a1:3b:83:13:36:89:0f:61:73:2c:15:99:ce:e1:80:
84:a3:8f:ed:42:10:87:85:10:33:1c:67:33:07:ed:7c:10:a4:
7c:38:14:3d:c4:3e:be:db:4b:b3:97:9c:0a:35:1c:c8:d4:9f:
ad:77:1d:b1:36:4b:43:0c:e4:13:b4:3c:a3:f5:02:5e:26:5b:
64:b3:87:11:c6:94:0d:68:07:f3:0b:b5:e2:51:c4:23:58:5e:
cc:9c:18:4d:62:7e:b6:32:a0:da:a9:72:47:05:96:2e:99:af:
ab:bd:77:4d:46:5d:86:86:44:bd:dc:8a:66:c4:cf:5a:e0:db:
2b:bf:92:94:08:19:33:6b:35:83:bf:bd:c6:1d:85:5d:a5:4c:
df:a2:de:b4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZybBgBmAtFKLB5AsRRuCfUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDlmYjNmMmNhZmVkNTk0ZTA2OGFkZWRjNzhhOTdjODgy
OWMxMDEwHhcNMjYwMjI2MTczNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWEyMjA5NjIxZWViMmQ1NTIyMWVhOWRhMGMyZDk3ZWE3N2U5NjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkXCa0t22ChFkZLzQZwejbObfn+W
msX9dMnQN6eea5ygJbm98G8uRQWAZ5DOv6MCLt6YKVv+I+YAudE0Tq28hIqNB18t
c34azpxn0mXaIuafCgpU3A2ie1PYkaGgjK43NzDkQGZliqjoHL5ThhgwL01lDWL9
H49mcCKlIt3L8N5g4u2lvNlatU3X5sJ50CMYatqeABkCZfebKF3913R7z9AJyxNX
Wt07wcrsfYRvC1qNzJVNd+xU1Ni43TZjGW7nVMF+HJ/ZfIs43owzxoysIFzSLWdu
P/mBkixXJ6YAfcZLJQi8sVjbQP0le0SphGb/gtrMQnkNC2eJHVou1uVflwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCmiIJYh7rLVUiHqnaDC2X6nfpZFMB8GA1UdIwQY
MBaAFGTZ+z8sr+1ZTgaK3tx4qXyIKcEBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5uN1B5eXY3VmxPQm9yZTNIaXBmSWdwd1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy85OWExZGEtMjBkYS00YTY4LWIzMjYt
MjYxN2EwZWNiYzE0LzEvS2FJZ2xpSHVzdFZTSWVxZG9NTFpmcWQtbGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy85OWExZGEtMjBkYS00YTY4LWIzMjYtMjYxN2EwZWNiYzE0
LzEvWk5uN1B5eXY3VmxPQm9yZTNIaXBmSWdwd1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBBT+8AwQA
wci+AwQBw/KKAwQA2XIiMA0GCSqGSIb3DQEBCwUAA4IBAQCVu4+nHmExtnkFJeda
j5slrQncMEOgjP7ptS71P6+/90RC2XI1LIEZFaaGrinLPX9j2qsIaWVpWhPEh5Nn
gv5O/yVWb+h5vPIv18cvHpbl+akImSDYf3s+mRKDusJK4RAdsg3OIi6YoxX2ONFT
+9GhO4MTNokPYXMsFZnO4YCEo4/tQhCHhRAzHGczB+18EKR8OBQ9xD6+20uzl5wK
NRzI1J+tdx2xNktDDOQTtDyj9QJeJltks4cRxpQNaAfzC7XiUcQjWF7MnBhNYn62
MqDaqXJHBZYuma+rvXdNRl2GhkS93IpmxM9a4Nsrv5KUCBkzazWDv73GHYVdpUzf
ot60
-----END CERTIFICATE-----
Generated at Mon Mar 2 19:36:28 2026 by rpki-client