Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/x56_yIkGQShrN2jHMGedFTT6u2A.roa
File: x56_yIkGQShrN2jHMGedFTT6u2A.roa (raw, json)
Hash identifier: lWCo2253cKN7EMDrZlg9mSPoT6nLJWZ1KLutVgOoDk0=
Subject key identifier: C7:9E:BF:C8:89:06:41:28:6B:37:68:C7:30:67:9D:15:34:FA:BB:60
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019C8B5EBB8FE8DECFBE00C70D24FDC20254
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/x56_yIkGQShrN2jHMGedFTT6u2A.roa
Signing time: Mon 23 Feb 2026 16:39:27 +0000
ROA not before: Mon 23 Feb 2026 16:39:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 222.167.226.0/24 maxlen: 24
222.167.227.0/24 maxlen: 24
222.167.232.0/24 maxlen: 24
222.167.239.0/24 maxlen: 24
222.167.249.0/24 maxlen: 24
222.167.253.0/24 maxlen: 24
222.167.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 17:01:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:8b:5e:bb:8f:e8:de:cf:be:00:c7:0d:24:fd:c2:02:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Feb 23 16:39:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c79ebfc8890641286b3768c730679d1534fabb60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:e1:19:0b:e4:46:a2:a7:c0:fc:8b:bf:b8:b2:
45:a4:5d:d2:2b:41:a2:9c:ea:ab:ab:d8:78:a2:33:
aa:8b:3e:3d:da:1d:b0:96:65:ce:3e:03:e6:1a:f6:
24:e7:15:91:60:17:da:7a:9f:50:8f:bd:a4:13:ea:
ec:07:0d:c4:83:03:88:86:ff:84:5b:02:e6:ad:49:
d4:90:07:2d:a1:8f:34:f2:40:b2:9e:d9:5e:1e:06:
12:93:5d:e3:73:ef:ba:d2:d0:52:87:b1:42:29:32:
2a:08:0c:c1:99:7c:94:a5:df:75:39:8f:fe:e2:94:
ec:12:63:78:dc:03:fc:b1:0c:4f:08:f6:81:9f:46:
f5:af:30:92:36:d7:bc:14:bd:cd:ef:c9:9d:b3:7c:
c2:15:4b:2f:eb:68:80:7c:a7:e4:6c:bd:00:dc:d9:
9a:b3:02:8b:16:08:4a:17:6b:26:02:c4:2c:56:18:
98:0d:c9:a0:ba:38:44:fe:40:a6:be:a5:c3:48:00:
75:13:00:30:a5:17:d9:61:4f:17:f3:04:34:08:fd:
88:26:7d:f0:dc:a1:61:29:01:92:57:be:fe:d9:73:
d2:42:3b:d1:12:d0:1e:4e:c1:32:cc:48:6b:f2:69:
1f:82:04:ba:98:23:c1:df:5f:42:d7:d2:9a:f6:ef:
39:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:9E:BF:C8:89:06:41:28:6B:37:68:C7:30:67:9D:15:34:FA:BB:60
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/x56_yIkGQShrN2jHMGedFTT6u2A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
222.167.226.0/23
222.167.232.0/24
222.167.239.0/24
222.167.249.0/24
222.167.253.0-222.167.254.255
Signature Algorithm: sha256WithRSAEncryption
51:57:53:05:e4:ae:33:22:bc:3f:b5:c2:aa:a5:75:4e:bf:1b:
96:dc:9f:6b:3d:cf:ea:0b:db:b9:b3:64:58:33:f8:51:82:9e:
83:a4:0d:a7:d8:3e:5f:21:f9:93:99:30:69:dc:6f:08:43:fc:
63:42:26:7e:20:a4:d8:ff:35:18:12:7c:56:66:2c:ac:34:43:
46:9c:a4:ce:6e:8c:4a:56:9e:99:3f:6a:80:84:36:d2:83:61:
d8:f2:ad:17:08:21:48:66:60:de:c8:da:39:60:27:dc:a3:c8:
c5:34:c9:d7:de:d5:e9:a1:3c:90:3d:eb:85:e2:be:d6:d6:57:
0a:78:f5:d5:cd:29:57:28:6d:e5:b7:a3:23:d8:cb:de:cc:01:
0f:b1:b9:b5:4a:00:b3:e9:dc:e6:70:6c:00:de:1b:72:b6:1f:
71:65:ee:1c:f4:4b:03:95:1e:12:a9:f3:e1:f3:81:86:c3:27:
8f:0d:1e:88:04:22:51:08:73:f5:b7:86:4b:4a:ad:18:2a:6b:
a5:0e:66:f9:e4:75:be:16:48:f6:65:11:e1:68:d5:3d:5e:fc:
6d:1a:1f:22:57:0a:bf:1a:52:ed:ce:23:cd:5f:a9:42:e3:4c:
10:ae:ca:d6:e8:aa:6e:0a:6d:3e:5b:dd:8e:38:d4:77:89:a6:
f3:51:db:5a
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZyLXruP6N7PvgDHDST9wgJUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMjIzMTYzOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzllYmZjODg5MDY0MTI4NmIzNzY4YzczMDY3OWQxNTM0ZmFiYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+EZC+RGoqfA/Iu/uLJFpF3SK0Gi
nOqrq9h4ojOqiz492h2wlmXOPgPmGvYk5xWRYBfaep9Qj72kE+rsBw3EgwOIhv+E
WwLmrUnUkActoY808kCyntleHgYSk13jc++60tBSh7FCKTIqCAzBmXyUpd91OY/+
4pTsEmN43AP8sQxPCPaBn0b1rzCSNte8FL3N78mds3zCFUsv62iAfKfkbL0A3Nma
swKLFghKF2smAsQsVhiYDcmgujhE/kCmvqXDSAB1EwAwpRfZYU8X8wQ0CP2IJn3w
3KFhKQGSV77+2XPSQjvREtAeTsEyzEhr8mkfggS6mCPB319C19Ka9u85aQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFMeev8iJBkEoazdoxzBnnRU0+rtgMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEveDU2X3lJa0dRU2hyTjJqSE1HZWRGVFQ2dTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQB3qfiAwQA
3qfoAwQA3qfvAwQA3qf5MAwDBADep/0DBADep/4wDQYJKoZIhvcNAQELBQADggEB
AFFXUwXkrjMivD+1wqqldU6/G5bcn2s9z+oL27mzZFgz+FGCnoOkDafYPl8h+ZOZ
MGncbwhD/GNCJn4gpNj/NRgSfFZmLKw0Q0acpM5ujEpWnpk/aoCENtKDYdjyrRcI
IUhmYN7I2jlgJ9yjyMU0ydfe1emhPJA964XivtbWVwp49dXNKVcobeW3oyPYy97M
AQ+xubVKALPp3OZwbADeG3K2H3Fl7hz0SwOVHhKp8+HzgYbDJ48NHogEIlEIc/W3
hktKrRgqa6UOZvnkdb4WSPZlEeFo1T1e/G0aHyJXCr8aUu3OI81fqULjTBCuytbo
qm4KbT5b3Y441HeJpvNR21o=
-----END CERTIFICATE-----
Generated at Mon Mar 2 02:44:09 2026 by rpki-client