Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/u4lGU9VT2bA9c9iM_uYcU1Qf_88.roa
File: u4lGU9VT2bA9c9iM_uYcU1Qf_88.roa (raw, json)
Hash identifier: g2KEB01Bjkl8Tb0m9ivTp+fkMXYyx1yu3Q4IYR4Qf/c=
Subject key identifier: BB:89:46:53:D5:53:D9:B0:3D:73:D8:8C:FE:E6:1C:53:54:1F:FF:CF
Certificate issuer: /CN=8a28ff310da7df8309cfab4dcf9a235842b60872
Certificate serial: 019CA7318759762466DB4596CA367A24395C
Authority key identifier: 8A:28:FF:31:0D:A7:DF:83:09:CF:AB:4D:CF:9A:23:58:42:B6:08:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/u4lGU9VT2bA9c9iM_uYcU1Qf_88.roa
Signing time: Sun 01 Mar 2026 02:19:26 +0000
ROA not before: Sun 01 Mar 2026 02:19:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214569
IP address blocks: 212.47.35.0/24 maxlen: 24
2a06:b700::/48 maxlen: 48
2a06:b700:1::/48 maxlen: 48
2a06:b700:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.crl
rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.mft
rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 06:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:a7:31:87:59:76:24:66:db:45:96:ca:36:7a:24:39:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8a28ff310da7df8309cfab4dcf9a235842b60872
Validity
Not Before: Mar 1 02:19:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=bb894653d553d9b03d73d88cfee61c53541fffcf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:3a:76:bb:0d:bc:ce:1e:d7:e4:70:50:0f:4d:
93:64:09:7c:4f:1e:3f:d5:37:2c:30:5a:33:c3:4e:
36:a1:0f:8c:90:e8:7e:bc:4e:e2:f9:9a:8f:f2:9d:
7c:8b:46:18:d0:f4:31:32:40:03:c8:7c:6c:22:96:
05:0b:de:fb:84:f0:3d:54:7b:43:1c:d6:8a:e6:12:
df:54:16:88:6b:2a:d7:01:79:b1:ba:a3:88:6e:cf:
d4:53:cc:2c:9b:41:ad:c4:1e:c5:2b:7d:d3:07:5b:
2c:9a:c5:d2:3c:8d:b2:ab:3f:12:90:3d:f4:56:b2:
f5:d0:10:3a:0c:66:71:bd:a7:2d:3f:6d:cb:b9:12:
41:5d:3f:77:a5:82:fb:da:fb:5a:db:1c:a6:ab:a1:
56:bb:6b:95:35:a2:21:2e:d3:f3:7a:98:5b:c2:c8:
d3:12:6d:da:43:76:90:37:4f:ac:9f:b9:b6:2d:f6:
c2:04:3c:4f:29:af:06:fd:49:40:aa:31:96:25:cc:
e6:62:e2:34:bb:9b:15:01:f3:ad:d2:7f:d5:e7:d3:
55:1f:2a:b6:af:f9:b7:b4:ab:49:34:69:87:55:c7:
f5:8c:6e:aa:1f:dc:9e:1b:8a:29:b3:53:68:b7:93:
31:20:42:f5:60:d6:22:79:6b:4a:3b:b5:05:67:d8:
62:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:89:46:53:D5:53:D9:B0:3D:73:D8:8C:FE:E6:1C:53:54:1F:FF:CF
X509v3 Authority Key Identifier:
keyid:8A:28:FF:31:0D:A7:DF:83:09:CF:AB:4D:CF:9A:23:58:42:B6:08:72
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/u4lGU9VT2bA9c9iM_uYcU1Qf_88.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.47.35.0/24
IPv6:
2a06:b700::-2a06:b700:2:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
5e:a8:e6:90:f2:1e:64:c6:27:41:f3:6b:37:65:95:4b:5d:e6:
09:21:30:d6:a4:78:ec:81:af:f2:40:80:87:62:6d:45:8f:89:
20:c2:3b:e5:4e:f8:d7:50:91:16:ad:ca:4c:81:ea:d7:45:6c:
dd:27:71:e8:54:c1:b9:28:fb:ed:63:f7:33:b8:fb:34:16:7c:
1f:bc:09:e9:08:bb:37:51:69:5c:9e:21:d4:91:62:5c:32:59:
ea:21:51:a8:94:55:82:1e:68:0c:45:85:2e:c3:40:d8:8f:48:
4a:2c:59:45:e3:85:44:03:bb:17:9b:a4:a9:57:4a:f6:42:dc:
50:87:61:24:48:c1:c6:b2:19:36:f1:7c:f8:67:2f:b1:63:76:
eb:8f:a5:c4:10:15:30:b2:43:03:28:f3:73:88:b1:b5:c1:fd:
85:08:71:91:3f:e8:7b:62:aa:f8:c4:84:f6:13:c4:e3:2c:be:
10:57:2e:34:45:ad:38:78:7f:3e:66:19:89:f8:ae:a1:28:70:
3f:45:76:b9:21:35:9f:0c:64:19:3e:4c:5b:00:d1:26:8a:d9:
d6:3a:d0:57:a5:ce:08:3d:fd:ec:bc:c8:cd:22:99:6e:68:a6:
aa:dd:d3:1b:0f:76:ac:76:23:21:0f:95:6c:17:f7:da:da:3f:
4f:f6:21:dd
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZynMYdZdiRm20WWyjZ6JDlcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMjhmZjMxMGRhN2RmODMwOWNmYWI0ZGNmOWEyMzU4NDJi
NjA4NzIwHhcNMjYwMzAxMDIxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjg5NDY1M2Q1NTNkOWIwM2Q3M2Q4OGNmZWU2MWM1MzU0MWZmZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDp2uw28zh7X5HBQD02TZAl8Tx4/
1TcsMFozw042oQ+MkOh+vE7i+ZqP8p18i0YY0PQxMkADyHxsIpYFC977hPA9VHtD
HNaK5hLfVBaIayrXAXmxuqOIbs/UU8wsm0GtxB7FK33TB1ssmsXSPI2yqz8SkD30
VrL10BA6DGZxvactP23LuRJBXT93pYL72vta2xymq6FWu2uVNaIhLtPzephbwsjT
Em3aQ3aQN0+sn7m2LfbCBDxPKa8G/UlAqjGWJczmYuI0u5sVAfOt0n/V59NVHyq2
r/m3tKtJNGmHVcf1jG6qH9yeG4ops1Not5MxIEL1YNYieWtKO7UFZ9hiFQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFLuJRlPVU9mwPXPYjP7mHFNUH//PMB8GA1UdIwQY
MBaAFIoo/zENp9+DCc+rTc+aI1hCtghyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWlqX01RMm4zNE1KejZ0Tno1b2pXRUsyQ0hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hNWQyODYtODY3MC00N2U0LTk3YjQt
MjRjZjhhNjFkN2U4LzEvdTRsR1U5VlQyYkE5YzlpTV91WWNVMVFmXzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hNWQyODYtODY3MC00N2U0LTk3YjQtMjRjZjhhNjFkN2U4
LzEvaWlqX01RMm4zNE1KejZ0Tno1b2pXRUsyQ0hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAMBAIAATAGAwQA1C8jMBcE
AgACMBEwDwMEACoGtwMHACoGtwAAAjANBgkqhkiG9w0BAQsFAAOCAQEAXqjmkPIe
ZMYnQfNrN2WVS13mCSEw1qR47IGv8kCAh2JtRY+JIMI75U7411CRFq3KTIHq10Vs
3Sdx6FTBuSj77WP3M7j7NBZ8H7wJ6Qi7N1FpXJ4h1JFiXDJZ6iFRqJRVgh5oDEWF
LsNA2I9ISixZReOFRAO7F5ukqVdK9kLcUIdhJEjBxrIZNvF8+GcvsWN264+lxBAV
MLJDAyjzc4ixtcH9hQhxkT/oe2Kq+MSE9hPE4yy+EFcuNEWtOHh/PmYZifiuoShw
P0V2uSE1nwxkGT5MWwDRJorZ1jrQV6XOCD397LzIzSKZbmimqt3TGw92rHYjIQ+V
bBf32to/T/Yh3Q==
-----END CERTIFICATE-----
Generated at Sun Mar 1 14:40:15 2026 by rpki-client