Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/oRzeeULqO2rzeF88ZYxgVQkVo0g.roa
File: oRzeeULqO2rzeF88ZYxgVQkVo0g.roa (raw, json)
Hash identifier: jl//pLw0NhGmu5wjBpcFmUnSb+7RYnnF7wSedtZUt1E=
Subject key identifier: A1:1C:DE:79:42:EA:3B:6A:F3:78:5F:3C:65:8C:60:55:09:15:A3:48
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019D4426C372FE782B086F76390AFB281C69
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/oRzeeULqO2rzeF88ZYxgVQkVo0g.roa
Signing time: Tue 31 Mar 2026 13:48:04 +0000
ROA not before: Tue 31 Mar 2026 13:48:04 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 57043
IP address blocks: 222.167.208.0/24 maxlen: 24
222.167.211.0/24 maxlen: 24
222.167.212.0/24 maxlen: 24
222.167.216.0/24 maxlen: 24
222.167.220.0/24 maxlen: 24
222.167.224.0/24 maxlen: 24
222.167.231.0/24 maxlen: 24
222.167.238.0/24 maxlen: 24
222.167.249.0/24 maxlen: 24
222.167.252.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:44:26:c3:72:fe:78:2b:08:6f:76:39:0a:fb:28:1c:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Mar 31 13:48:04 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a11cde7942ea3b6af3785f3c658c60550915a348
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:f7:be:c8:d1:bc:ba:30:9c:b9:0a:63:29:c1:
38:de:4c:25:c6:ca:d0:43:3a:ab:12:bf:4e:bc:fb:
4e:b7:a8:dd:70:b5:37:c4:a1:50:3b:9d:b9:7d:c8:
96:0a:b7:c4:dc:72:a5:8d:e9:71:92:f3:6a:f0:4b:
a0:94:10:43:04:c7:9e:45:19:74:0c:f2:3b:d5:93:
73:35:b9:38:7c:38:42:2a:d7:e4:c0:7d:a0:af:57:
17:86:dd:42:6c:8e:fb:3f:19:34:b2:01:73:6e:6b:
05:9d:22:b6:bc:2b:4e:0b:57:4e:4f:7a:33:36:c0:
1f:7b:ac:3b:ca:a2:25:c3:80:32:58:f5:a4:ab:40:
4a:8c:bb:ad:83:a4:48:5c:b0:76:34:78:9d:8d:4b:
b2:a2:bd:9c:00:67:12:ac:1e:16:45:98:c3:b5:67:
a8:9a:ed:f6:93:6e:e2:96:c1:54:f3:65:29:64:8e:
6b:5d:34:d9:50:99:94:70:2b:25:6d:1e:6d:6b:27:
7d:02:b7:53:56:88:ac:66:1c:95:1f:db:5b:66:9f:
40:cb:bb:97:23:89:1a:c1:80:a2:f3:81:5c:1c:3d:
47:57:3c:08:09:86:33:d7:5d:2f:34:7c:cc:97:71:
be:ee:eb:52:e0:87:fa:5b:ec:76:93:1f:93:04:19:
de:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:1C:DE:79:42:EA:3B:6A:F3:78:5F:3C:65:8C:60:55:09:15:A3:48
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/oRzeeULqO2rzeF88ZYxgVQkVo0g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
222.167.208.0/24
222.167.211.0-222.167.212.255
222.167.216.0/24
222.167.220.0/24
222.167.224.0/24
222.167.231.0/24
222.167.238.0/24
222.167.249.0/24
222.167.252.0/24
Signature Algorithm: sha256WithRSAEncryption
58:fb:53:94:63:89:15:3d:5d:df:99:78:c2:6d:b3:fb:fb:79:
b2:66:3a:23:35:e0:e2:d3:d6:1d:bc:8e:4b:1a:d3:5d:6e:17:
c1:c6:96:b2:29:80:08:24:f1:84:28:92:cd:d5:77:e1:db:3a:
6a:2c:62:4b:08:a8:ca:47:d1:e6:8b:d1:89:e2:3d:91:19:b8:
b0:ef:b9:bf:d5:74:ab:e8:21:23:da:6f:f3:bf:c3:35:45:ec:
26:1e:92:e0:ef:29:1a:96:e1:d6:e6:f5:29:0f:25:4d:c0:b6:
53:df:e2:13:36:85:08:ba:a0:ff:3b:cd:a6:22:61:6f:ea:8a:
32:ff:c0:3a:3f:51:e5:eb:0d:9b:d6:c7:0a:fa:e7:91:4c:55:
71:34:60:cf:be:2e:39:04:24:05:70:12:65:eb:8e:3a:56:2d:
2a:a4:21:a2:4e:1d:8d:cc:45:2f:95:8b:7a:dd:c8:20:cf:2f:
78:a6:3a:69:03:71:70:88:82:d5:ff:39:c7:4f:8a:e4:43:1e:
df:b9:3e:51:e6:13:9c:e8:9b:a5:58:c8:8b:d6:c8:c6:7b:cc:
0f:55:13:a3:61:af:61:4f:af:20:7c:bb:5e:48:76:02:2f:53:
65:d1:b9:b2:03:e1:98:1d:0e:f5:6c:7f:23:97:18:90:ef:97:
c2:ac:1f:cb
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZ1EJsNy/ngrCG92OQr7KBxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzMxMTM0ODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTFjZGU3OTQyZWEzYjZhZjM3ODVmM2M2NThjNjA1NTA5MTVhMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfe+yNG8ujCcuQpjKcE43kwlxsrQ
QzqrEr9OvPtOt6jdcLU3xKFQO525fciWCrfE3HKljelxkvNq8EuglBBDBMeeRRl0
DPI71ZNzNbk4fDhCKtfkwH2gr1cXht1CbI77Pxk0sgFzbmsFnSK2vCtOC1dOT3oz
NsAfe6w7yqIlw4AyWPWkq0BKjLutg6RIXLB2NHidjUuyor2cAGcSrB4WRZjDtWeo
mu32k27ilsFU82UpZI5rXTTZUJmUcCslbR5tayd9ArdTVoisZhyVH9tbZp9Ay7uX
I4kawYCi84FcHD1HVzwICYYz110vNHzMl3G+7utS4If6W+x2kx+TBBneLQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFKEc3nlC6jtq83hfPGWMYFUJFaNIMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvb1J6ZWVVTHFPMnJ6ZUY4OFpZeGdWUWtWbzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQA3qfQMAwD
BADep9MDBADep9QDBADep9gDBADep9wDBADep+ADBADep+cDBADep+4DBADep/kD
BADep/wwDQYJKoZIhvcNAQELBQADggEBAFj7U5RjiRU9Xd+ZeMJts/v7ebJmOiM1
4OLT1h28jksa011uF8HGlrIpgAgk8YQoks3Vd+HbOmosYksIqMpH0eaL0YniPZEZ
uLDvub/VdKvoISPab/O/wzVF7CYekuDvKRqW4dbm9SkPJU3AtlPf4hM2hQi6oP87
zaYiYW/qijL/wDo/UeXrDZvWxwr655FMVXE0YM++LjkEJAVwEmXrjjpWLSqkIaJO
HY3MRS+Vi3rdyCDPL3imOmkDcXCIgtX/OcdPiuRDHt+5PlHmE5zom6VYyIvWyMZ7
zA9VE6Nhr2FPryB8u15IdgIvU2XRubID4ZgdDvVsfyOXGJDvl8KsH8s=
-----END CERTIFICATE-----
Generated at Fri Apr 17 05:57:46 2026 by rpki-client