Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/wD4NGg88WndC9yzTU4xLEQbP1a4.roa
File: wD4NGg88WndC9yzTU4xLEQbP1a4.roa (raw, json)
Hash identifier: 1N6JcnXJHN0H7GLkTeSYJRGUOZxk0cd6K/lZq+xShtE=
Subject key identifier: C0:3E:0D:1A:0F:3C:5A:77:42:F7:2C:D3:53:8C:4B:11:06:CF:D5:AE
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019C4A4441E6C6B2E39ECB1D41D3DB6CB446
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/wD4NGg88WndC9yzTU4xLEQbP1a4.roa
Signing time: Wed 11 Feb 2026 01:15:12 +0000
ROA not before: Wed 11 Feb 2026 01:15:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 398993
IP address blocks: 222.167.210.0/24 maxlen: 24
222.167.217.0/24 maxlen: 24
222.167.218.0/24 maxlen: 24
222.167.219.0/24 maxlen: 24
222.167.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 17:01:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:4a:44:41:e6:c6:b2:e3:9e:cb:1d:41:d3:db:6c:b4:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Feb 11 01:15:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c03e0d1a0f3c5a7742f72cd3538c4b1106cfd5ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:62:27:57:bf:a6:8a:18:87:88:73:fa:c0:95:
89:0b:c2:30:29:0e:bf:06:6f:6c:52:0a:67:0e:f5:
58:c4:2b:d6:37:a6:20:df:ce:8f:bb:3b:2a:7f:ba:
d8:04:95:a6:d1:5a:fe:ec:98:fc:92:bd:00:d5:75:
1c:8e:92:a7:0e:8d:7e:95:ac:a3:6a:5e:3e:3e:22:
40:40:02:a0:2e:0a:18:97:6b:fc:61:e5:72:29:ea:
d6:b7:8f:4e:88:56:0b:93:e3:9b:4a:cd:fd:b4:4b:
78:93:4d:fb:67:2b:38:98:a4:aa:fe:a8:c0:10:68:
0a:c7:1f:7c:32:4f:a7:91:96:73:68:68:c8:d0:58:
32:ad:1c:59:d4:88:00:4c:49:d6:03:e9:55:5f:ca:
58:b1:72:40:0d:a6:59:b9:7a:d4:84:94:76:36:fb:
37:d9:8c:5a:6b:3d:1f:05:02:86:0f:a8:f2:b6:70:
ad:dc:55:08:6f:31:96:d3:25:67:a0:70:f6:a2:fe:
5f:3b:66:e4:de:f9:4e:a4:52:35:fa:93:ae:28:2e:
92:31:b1:9f:4b:ac:72:17:5a:73:d5:63:da:a1:f7:
e7:c5:ac:07:3b:f5:81:6b:18:3a:72:26:2d:6d:2d:
7e:87:69:82:e2:ce:81:c9:16:44:d2:6d:44:35:af:
69:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:3E:0D:1A:0F:3C:5A:77:42:F7:2C:D3:53:8C:4B:11:06:CF:D5:AE
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/wD4NGg88WndC9yzTU4xLEQbP1a4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
222.167.210.0/24
222.167.217.0-222.167.219.255
222.167.221.0/24
Signature Algorithm: sha256WithRSAEncryption
07:fc:95:3d:8f:2d:53:ec:7a:4b:fb:f1:b7:41:b4:10:6a:82:
4f:b6:46:c4:45:b1:0e:9d:68:8b:33:db:a8:e9:4b:b6:ff:f0:
c5:2a:0c:29:76:91:53:bb:08:6d:28:90:3a:7b:01:ea:27:9d:
d4:d3:7b:8d:40:b9:b1:8f:58:46:1d:66:50:1e:d9:11:42:2c:
c1:11:49:6f:91:ae:d6:2c:0a:8b:59:dc:00:09:d9:38:3d:1f:
36:a6:62:ea:04:ff:ae:09:f2:b4:c6:28:8a:0e:43:ac:f8:2f:
04:c3:29:e3:26:eb:ab:69:da:d4:3a:0b:0e:a4:c6:fc:7a:58:
b4:be:f0:5e:1c:95:70:64:39:63:3f:5d:b8:f4:f9:49:b8:d3:
a3:f0:3e:63:fb:89:04:76:c3:62:08:02:57:b5:5a:7d:12:3f:
49:a1:df:1a:d4:cf:58:c3:5b:b0:85:74:21:42:b8:12:6f:4b:
a1:bb:56:6b:66:fa:8f:87:78:06:23:a6:68:9b:41:91:06:0a:
b7:1c:4f:3a:17:2c:3d:04:68:59:a3:cb:db:d8:4b:48:a1:40:
23:05:08:4a:e7:e6:da:07:0f:28:f2:bb:41:f2:b0:00:1f:7c:
9a:e5:90:f8:76:10:96:27:41:1c:33:2e:31:6d:30:49:ea:72:
b1:ce:4c:ea
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZxKREHmxrLjnssdQdPbbLRGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMjExMDExNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDNlMGQxYTBmM2M1YTc3NDJmNzJjZDM1MzhjNGIxMTA2Y2ZkNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWInV7+mihiHiHP6wJWJC8IwKQ6/
Bm9sUgpnDvVYxCvWN6Yg386Puzsqf7rYBJWm0Vr+7Jj8kr0A1XUcjpKnDo1+layj
al4+PiJAQAKgLgoYl2v8YeVyKerWt49OiFYLk+ObSs39tEt4k037Zys4mKSq/qjA
EGgKxx98Mk+nkZZzaGjI0FgyrRxZ1IgATEnWA+lVX8pYsXJADaZZuXrUhJR2Nvs3
2Yxaaz0fBQKGD6jytnCt3FUIbzGW0yVnoHD2ov5fO2bk3vlOpFI1+pOuKC6SMbGf
S6xyF1pz1WPaoffnxawHO/WBaxg6ciYtbS1+h2mC4s6ByRZE0m1ENa9pLQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFMA+DRoPPFp3Qvcs01OMSxEGz9WuMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvd0Q0TkdnODhXbmRDOXl6VFU0eExFUWJQMWE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQA3qfSMAwD
BADep9kDBALep9gDBADep90wDQYJKoZIhvcNAQELBQADggEBAAf8lT2PLVPsekv7
8bdBtBBqgk+2RsRFsQ6daIsz26jpS7b/8MUqDCl2kVO7CG0okDp7AeonndTTe41A
ubGPWEYdZlAe2RFCLMERSW+RrtYsCotZ3AAJ2Tg9HzamYuoE/64J8rTGKIoOQ6z4
LwTDKeMm66tp2tQ6Cw6kxvx6WLS+8F4clXBkOWM/Xbj0+Um406PwPmP7iQR2w2II
Ale1Wn0SP0mh3xrUz1jDW7CFdCFCuBJvS6G7Vmtm+o+HeAYjpmibQZEGCrccTzoX
LD0EaFmjy9vYS0ihQCMFCErn5toHDyjyu0HysAAffJrlkPh2EJYnQRwzLjFtMEnq
crHOTOo=
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:23:00 2026 by rpki-client