Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/yDZ8auLb9Ssr09XLgAxBVRRfV4U.roa
File: yDZ8auLb9Ssr09XLgAxBVRRfV4U.roa (raw, json)
Hash identifier: fhMpAkLLpyxiRs4uFYlANdmyZQGd+FckjUeaIQV2OMI=
Subject key identifier: C8:36:7C:6A:E2:DB:F5:2B:2B:D3:D5:CB:80:0C:41:55:14:5F:57:85
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019C8B5CE79B19748DE459D9F157A2BD6694
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/yDZ8auLb9Ssr09XLgAxBVRRfV4U.roa
Signing time: Mon 23 Feb 2026 16:37:27 +0000
ROA not before: Mon 23 Feb 2026 16:37:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214025
IP address blocks: 116.204.164.0/24 maxlen: 24
222.167.224.0/24 maxlen: 24
222.167.231.0/24 maxlen: 24
222.167.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:8b:5c:e7:9b:19:74:8d:e4:59:d9:f1:57:a2:bd:66:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Feb 23 16:37:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c8367c6ae2dbf52b2bd3d5cb800c4155145f5785
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:97:c7:bb:d1:d6:23:bc:d5:25:0c:cd:5f:f5:
51:cc:b8:8e:9f:b9:36:1e:76:ca:cd:d1:05:7c:6c:
c2:9b:5e:d8:1a:d5:39:25:6c:34:07:67:69:6a:17:
34:52:59:d6:be:f5:99:60:8e:80:9f:6d:11:57:c9:
01:7f:05:7d:57:e6:79:d1:99:ae:86:b3:68:b4:7a:
9e:e2:a8:4a:47:01:02:90:fb:51:ae:c7:1a:3d:24:
70:7c:57:d3:33:1c:9e:d4:7b:27:6a:9e:6c:cb:43:
b3:33:4b:4a:da:c8:61:10:f5:7f:e1:96:18:58:60:
47:89:85:e4:23:e4:fb:e0:35:21:4f:34:8d:23:85:
ba:bc:70:a8:18:99:f1:32:eb:48:bc:e5:a3:ed:df:
e6:ad:c9:c3:7f:f8:8a:a1:b4:42:df:3c:dc:bf:e8:
74:b7:33:90:0d:79:ee:ba:cc:56:39:8a:4f:43:e3:
60:41:68:f7:d1:e6:18:a5:64:83:be:90:a0:4f:9d:
8b:c0:26:5c:7a:a6:70:2a:34:13:cc:1d:7d:a8:52:
e8:66:da:0d:a0:f8:2f:b4:20:21:7c:31:27:64:0f:
48:42:30:2b:f4:f5:48:c0:2b:fb:e0:d1:79:00:a6:
90:31:b8:65:23:02:b8:58:46:35:cd:dd:0e:d0:85:
36:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:36:7C:6A:E2:DB:F5:2B:2B:D3:D5:CB:80:0C:41:55:14:5F:57:85
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/yDZ8auLb9Ssr09XLgAxBVRRfV4U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
116.204.164.0/24
222.167.224.0/24
222.167.231.0/24
222.167.255.0/24
Signature Algorithm: sha256WithRSAEncryption
81:e6:d1:d2:44:46:b1:e7:7e:65:5c:f2:13:8f:87:54:ab:84:
b3:40:2a:ee:6a:29:22:f1:fd:92:88:c1:85:60:76:68:32:4a:
3b:4e:2e:2e:10:91:8d:8f:1b:8f:d3:51:ce:b0:32:91:68:ea:
57:ad:23:4c:cc:20:b9:de:a4:3b:af:56:b2:5d:5c:fb:be:d1:
74:29:db:4c:66:65:b2:2d:a2:c0:57:30:7f:5a:27:4a:cb:88:
7e:d3:ac:6d:06:02:5b:2e:37:ee:83:78:9d:c3:b4:8f:7b:3a:
2a:ff:f7:4e:e7:c7:f7:0c:89:b1:7a:07:ed:25:28:0d:54:0a:
62:e6:93:31:3b:6d:83:17:6e:76:dd:7f:ad:69:b9:48:62:34:
35:31:e4:24:69:83:12:f2:9e:f9:98:b8:53:3e:f4:0a:3b:77:
03:c8:0f:4e:4c:dd:21:e5:60:03:71:90:42:c9:f6:da:88:95:
22:d1:32:a0:8e:d3:0a:35:82:70:89:45:e4:ab:56:01:5f:c7:
9b:dc:a7:7c:a2:10:ef:69:b0:cb:83:a4:ea:72:07:9c:a8:19:
cc:85:6f:d7:a3:31:3e:2c:6b:2d:c8:f1:8a:c8:12:d4:7b:76:
42:5b:b3:33:f2:f5:47:73:25:6e:df:9b:b0:5c:24:d5:00:ce:
fc:e4:3d:d2
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZyLXOebGXSN5FnZ8VeivWaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMjIzMTYzNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODM2N2M2YWUyZGJmNTJiMmJkM2Q1Y2I4MDBjNDE1NTE0NWY1Nzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ZfHu9HWI7zVJQzNX/VRzLiOn7k2
HnbKzdEFfGzCm17YGtU5JWw0B2dpahc0UlnWvvWZYI6An20RV8kBfwV9V+Z50Zmu
hrNotHqe4qhKRwECkPtRrscaPSRwfFfTMxye1Hsnap5sy0OzM0tK2shhEPV/4ZYY
WGBHiYXkI+T74DUhTzSNI4W6vHCoGJnxMutIvOWj7d/mrcnDf/iKobRC3zzcv+h0
tzOQDXnuusxWOYpPQ+NgQWj30eYYpWSDvpCgT52LwCZceqZwKjQTzB19qFLoZtoN
oPgvtCAhfDEnZA9IQjAr9PVIwCv74NF5AKaQMbhlIwK4WEY1zd0O0IU24wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMg2fGri2/UrK9PVy4AMQVUUX1eFMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEveURaOGF1TGI5U3NyMDlYTGdBeEJWUlJmVjRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAdMykAwQA
3qfgAwQA3qfnAwQA3qf/MA0GCSqGSIb3DQEBCwUAA4IBAQCB5tHSREax535lXPIT
j4dUq4SzQCruaiki8f2SiMGFYHZoMko7Ti4uEJGNjxuP01HOsDKRaOpXrSNMzCC5
3qQ7r1ayXVz7vtF0KdtMZmWyLaLAVzB/WidKy4h+06xtBgJbLjfug3idw7SPezoq
//dO58f3DImxegftJSgNVApi5pMxO22DF2523X+tablIYjQ1MeQkaYMS8p75mLhT
PvQKO3cDyA9OTN0h5WADcZBCyfbaiJUi0TKgjtMKNYJwiUXkq1YBX8eb3Kd8ohDv
abDLg6TqcgecqBnMhW/XozE+LGstyPGKyBLUe3ZCW7Mz8vVHcyVu35uwXCTVAM78
5D3S
-----END CERTIFICATE-----
Generated at Mon Mar 2 00:58:33 2026 by rpki-client