Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/Ja3iDeHDTxWswF7SKgLYWB9dVuU.roa
File: Ja3iDeHDTxWswF7SKgLYWB9dVuU.roa (raw, json)
Hash identifier: 6z0zNQuJ6YAvkBJULSnhpmTqpPNII07FsD9n53M6Ask=
Subject key identifier: 25:AD:E2:0D:E1:C3:4F:15:AC:C0:5E:D2:2A:02:D8:58:1F:5D:56:E5
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019D8DA083DA0710D572BC0BB8146231D2E5
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/Ja3iDeHDTxWswF7SKgLYWB9dVuU.roa
Signing time: Tue 14 Apr 2026 20:13:20 +0000
ROA not before: Tue 14 Apr 2026 20:13:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 54600
IP address blocks: 222.167.228.0/24 maxlen: 24
222.167.229.0/24 maxlen: 24
222.167.230.0/24 maxlen: 24
222.167.233.0/24 maxlen: 24
222.167.240.0/24 maxlen: 24
222.167.242.0/24 maxlen: 24
222.167.243.0/24 maxlen: 24
222.167.245.0/24 maxlen: 24
222.167.247.0/24 maxlen: 24
222.167.248.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:8d:a0:83:da:07:10:d5:72:bc:0b:b8:14:62:31:d2:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Apr 14 20:13:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=25ade20de1c34f15acc05ed22a02d8581f5d56e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:10:79:15:ef:76:c8:8d:46:46:75:36:d1:02:
96:6d:83:6a:14:c3:19:16:f6:5c:2a:56:1a:86:08:
cc:e8:9f:8c:3c:68:3c:9c:f1:95:74:c0:a7:02:ef:
10:0a:2a:99:87:5a:a0:6d:1a:87:a0:3a:65:3b:30:
15:a4:02:60:20:ed:06:00:71:07:95:70:dc:c5:48:
ab:8f:45:5e:b2:e6:b8:e0:c8:e5:76:62:aa:cb:64:
6d:31:10:29:3a:a9:ac:13:9a:8b:f3:11:8e:cc:2d:
3d:02:a5:f1:1e:3f:f2:75:e2:98:95:4e:44:4a:0b:
2d:70:32:49:d9:61:2f:fc:31:1b:8c:8f:42:ee:ee:
5c:dd:3b:8b:60:3a:13:8a:a1:80:ee:4b:c4:a9:4f:
1a:a3:29:38:3a:c3:9b:21:7c:4b:f8:7f:5f:35:12:
a6:e0:70:dd:e3:f2:4c:e8:57:a3:a1:ca:00:85:ce:
a8:9e:0c:e1:00:dd:8a:58:4e:3c:53:1f:fd:ec:f6:
08:26:88:8b:31:1b:b3:8b:0e:4a:e5:60:dd:0d:dd:
18:9d:99:f1:2f:61:c3:47:22:2c:ab:eb:c0:a8:bc:
4a:e5:e5:f0:b4:3d:60:aa:20:19:bb:9a:40:b4:b4:
14:79:ca:b6:8e:72:66:11:76:cc:f3:cd:6c:1b:9a:
c6:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:AD:E2:0D:E1:C3:4F:15:AC:C0:5E:D2:2A:02:D8:58:1F:5D:56:E5
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/Ja3iDeHDTxWswF7SKgLYWB9dVuU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
222.167.228.0-222.167.230.255
222.167.233.0/24
222.167.240.0/24
222.167.242.0/23
222.167.245.0/24
222.167.247.0-222.167.248.255
Signature Algorithm: sha256WithRSAEncryption
42:25:25:4b:f4:05:b6:aa:82:15:35:39:a3:00:49:29:91:68:
64:27:a6:ee:20:a4:d7:27:cd:23:39:5c:16:39:b4:db:a4:af:
2e:c0:63:84:05:33:c9:15:28:7c:64:3c:5b:76:6d:ea:f3:32:
01:b9:dd:a7:c4:68:a2:80:29:a8:f1:5a:b7:fc:8d:a8:42:f6:
84:6c:e1:42:c7:f0:c4:0b:9c:06:ca:a1:96:39:8a:c5:ad:40:
9e:46:66:03:89:6d:2a:86:f1:34:94:12:78:c6:04:19:23:a6:
d6:a3:b7:fe:95:68:f2:b4:8a:d3:af:28:ee:d1:b7:71:d4:26:
53:54:b4:07:d1:37:ce:64:1f:ef:fc:25:7e:d5:af:b8:61:b2:
fd:7a:37:a2:c2:1b:64:54:76:b2:a4:93:99:48:16:e7:12:dd:
2f:ca:95:f0:49:f2:6a:38:0e:43:5f:51:a3:40:06:40:88:8b:
94:b6:07:6c:78:81:80:3f:ba:ca:0e:01:bd:04:44:35:17:ad:
6e:b1:1f:c7:63:62:a0:65:4c:c0:bb:32:aa:11:6a:97:a7:5c:
d6:45:80:08:e8:20:fc:76:39:17:d4:5d:ac:17:06:f5:33:dd:
71:6c:ff:98:f1:2f:69:e3:e3:3d:e8:7b:2d:d5:69:d9:b2:3f:
e1:26:af:4d
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZ2NoIPaBxDVcrwLuBRiMdLlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNDE0MjAxMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWFkZTIwZGUxYzM0ZjE1YWNjMDVlZDIyYTAyZDg1ODFmNWQ1NmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxB5Fe92yI1GRnU20QKWbYNqFMMZ
FvZcKlYahgjM6J+MPGg8nPGVdMCnAu8QCiqZh1qgbRqHoDplOzAVpAJgIO0GAHEH
lXDcxUirj0Vesua44MjldmKqy2RtMRApOqmsE5qL8xGOzC09AqXxHj/ydeKYlU5E
SgstcDJJ2WEv/DEbjI9C7u5c3TuLYDoTiqGA7kvEqU8aoyk4OsObIXxL+H9fNRKm
4HDd4/JM6FejocoAhc6ongzhAN2KWE48Ux/97PYIJoiLMRuziw5K5WDdDd0YnZnx
L2HDRyIsq+vAqLxK5eXwtD1gqiAZu5pAtLQUecq2jnJmEXbM881sG5rGiQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFCWt4g3hw08VrMBe0ioC2FgfXVblMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvSmEzaURlSERUeFdzd0Y3U0tnTFlXQjlkVnVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBALep+QD
BADep+YDBADep+kDBADep/ADBAHep/IDBADep/UwDAMEAN6n9wMEAN6n+DANBgkq
hkiG9w0BAQsFAAOCAQEAQiUlS/QFtqqCFTU5owBJKZFoZCem7iCk1yfNIzlcFjm0
26SvLsBjhAUzyRUofGQ8W3Zt6vMyAbndp8RoooApqPFat/yNqEL2hGzhQsfwxAuc
BsqhljmKxa1AnkZmA4ltKobxNJQSeMYEGSOm1qO3/pVo8rSK068o7tG3cdQmU1S0
B9E3zmQf7/wlftWvuGGy/Xo3osIbZFR2sqSTmUgW5xLdL8qV8EnyajgOQ19Ro0AG
QIiLlLYHbHiBgD+6yg4BvQRENRetbrEfx2NioGVMwLsyqhFql6dc1kWACOgg/HY5
F9RdrBcG9TPdcWz/mPEvaePjPeh7LdVp2bI/4SavTQ==
-----END CERTIFICATE-----
Generated at Fri Apr 17 11:18:22 2026 by rpki-client