Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/f565d7-32af-4be1-82ac-b602cedac36c/1/KQji-kvGwokbQJLmZVW7oo2hsck.roa
File: KQji-kvGwokbQJLmZVW7oo2hsck.roa (raw, json)
Hash identifier: C1Er9TyXkYi4WTR5vknL0YRmJFZIjldNM2EpkmszpDw=
Subject key identifier: 29:08:E2:FA:4B:C6:C2:89:1B:40:92:E6:65:55:BB:A2:8D:A1:B1:C9
Certificate issuer: /CN=a3787d2be6eac36c1d2780f786b87c9e153e81f1
Certificate serial: 019B7F157A1C7375D8D083221D2D33327706
Authority key identifier: A3:78:7D:2B:E6:EA:C3:6C:1D:27:80:F7:86:B8:7C:9E:15:3E:81:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/o3h9K-bqw2wdJ4D3hrh8nhU-gfE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9a/f565d7-32af-4be1-82ac-b602cedac36c/1/KQji-kvGwokbQJLmZVW7oo2hsck.roa
Signing time: Fri 02 Jan 2026 14:21:12 +0000
ROA not before: Fri 02 Jan 2026 14:21:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213694
IP address blocks: 212.66.61.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9a/f565d7-32af-4be1-82ac-b602cedac36c/1/o3h9K-bqw2wdJ4D3hrh8nhU-gfE.crl
rsync://rpki.ripe.net/repository/DEFAULT/9a/f565d7-32af-4be1-82ac-b602cedac36c/1/o3h9K-bqw2wdJ4D3hrh8nhU-gfE.mft
rsync://rpki.ripe.net/repository/DEFAULT/o3h9K-bqw2wdJ4D3hrh8nhU-gfE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7f:15:7a:1c:73:75:d8:d0:83:22:1d:2d:33:32:77:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a3787d2be6eac36c1d2780f786b87c9e153e81f1
Validity
Not Before: Jan 2 14:21:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2908e2fa4bc6c2891b4092e66555bba28da1b1c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:99:66:fb:ea:09:2c:e0:51:5c:56:6b:02:7a:
8d:70:9b:4a:ac:b6:94:b4:b9:57:97:31:92:dc:11:
74:47:f3:d3:e5:fa:d0:49:79:92:e2:a0:2c:f9:26:
80:1d:98:bf:66:36:e5:40:e2:7d:aa:38:dc:59:8e:
a8:67:d2:ff:dc:df:3c:3c:36:a2:14:38:26:2b:aa:
ab:87:a4:88:f0:fd:c3:b2:8c:b3:ea:8c:89:23:94:
35:1f:c9:9e:b0:9f:6c:f9:87:ab:e0:82:98:bc:5b:
36:e6:e9:d1:e4:b4:c3:25:b1:b5:72:44:0a:80:ac:
36:14:c0:41:c9:78:c4:6e:ff:2e:a5:d5:15:58:b1:
0b:f6:2b:1e:40:1b:d4:f3:22:a0:ea:eb:b2:81:58:
06:34:6d:fa:49:38:02:68:2f:e3:6e:bd:81:cb:2b:
d5:35:fa:0d:08:d9:d0:7a:e9:d6:02:1f:86:38:95:
3f:74:44:76:54:2d:fe:c5:ec:ed:5b:9a:5f:9e:b9:
a9:f0:e4:0c:f3:c0:0c:52:7f:ad:62:cf:49:29:da:
11:a1:6e:9d:da:76:9b:6a:8b:0e:3b:e0:1f:8e:4f:
45:9e:f8:3a:0e:a2:e5:5d:7d:27:72:fb:a1:62:64:
25:f1:ae:08:e3:78:72:13:e8:68:d1:ff:b2:05:5b:
21:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:08:E2:FA:4B:C6:C2:89:1B:40:92:E6:65:55:BB:A2:8D:A1:B1:C9
X509v3 Authority Key Identifier:
keyid:A3:78:7D:2B:E6:EA:C3:6C:1D:27:80:F7:86:B8:7C:9E:15:3E:81:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3h9K-bqw2wdJ4D3hrh8nhU-gfE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/f565d7-32af-4be1-82ac-b602cedac36c/1/KQji-kvGwokbQJLmZVW7oo2hsck.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/f565d7-32af-4be1-82ac-b602cedac36c/1/o3h9K-bqw2wdJ4D3hrh8nhU-gfE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.66.61.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:4b:41:13:d7:2f:25:53:53:08:75:ef:74:fd:a5:49:70:69:
29:42:f7:ce:50:27:69:ae:4b:b5:11:92:93:13:f4:41:00:93:
72:11:c6:f5:02:0f:35:03:f1:5e:de:2e:e0:ba:f4:14:e6:c7:
e9:58:a2:00:60:89:34:15:f5:4d:cf:ff:9a:0b:11:a9:79:5f:
90:ab:2a:40:7f:63:42:34:91:a0:72:46:6d:4b:6c:14:d6:9c:
5f:25:29:d9:cb:41:e0:15:1b:37:da:31:7e:a2:5d:55:bc:0c:
bd:aa:5b:23:f2:1b:d5:25:f4:d8:90:79:3b:f5:85:7c:85:bd:
8b:c0:f7:37:9d:99:f6:4e:3a:f2:ff:9f:0e:40:3b:78:48:53:
8d:55:39:9c:43:36:a2:af:2c:f6:ed:c8:20:47:4f:11:a6:c0:
2f:fd:e0:c8:72:df:eb:ee:f3:f2:9d:87:ba:7f:cb:de:be:13:
af:da:0f:32:b2:c1:8f:31:7d:84:f7:84:98:17:66:9a:a7:c4:
73:7b:9f:16:ca:51:a8:d3:cf:86:c7:48:39:42:ee:01:52:15:
8a:b9:8a:c6:d9:6e:92:3f:0c:25:e6:d7:c5:ae:06:70:80:a0:
f6:bf:23:36:25:d7:bb:7a:74:aa:e0:3b:3a:1b:05:ca:b9:4e:
24:55:3c:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FXocc3XY0IMiHS0zMncGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzg3ZDJiZTZlYWMzNmMxZDI3ODBmNzg2Yjg3YzllMTUz
ZTgxZjEwHhcNMjYwMTAyMTQyMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTA4ZTJmYTRiYzZjMjg5MWI0MDkyZTY2NTU1YmJhMjhkYTFiMWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6plm++oJLOBRXFZrAnqNcJtKrLaU
tLlXlzGS3BF0R/PT5frQSXmS4qAs+SaAHZi/ZjblQOJ9qjjcWY6oZ9L/3N88PDai
FDgmK6qrh6SI8P3Dsoyz6oyJI5Q1H8mesJ9s+Yer4IKYvFs25unR5LTDJbG1ckQK
gKw2FMBByXjEbv8updUVWLEL9iseQBvU8yKg6uuygVgGNG36STgCaC/jbr2ByyvV
NfoNCNnQeunWAh+GOJU/dER2VC3+xeztW5pfnrmp8OQM88AMUn+tYs9JKdoRoW6d
2nabaosOO+Afjk9Fnvg6DqLlXX0ncvuhYmQl8a4I43hyE+ho0f+yBVshWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkI4vpLxsKJG0CS5mVVu6KNobHJMB8GA1UdIwQY
MBaAFKN4fSvm6sNsHSeA94a4fJ4VPoHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNoOUstYnF3MndkSjREM2hyaDhuaFUtZ2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9mNTY1ZDctMzJhZi00YmUxLTgyYWMt
YjYwMmNlZGFjMzZjLzEvS1FqaS1rdkd3b2tiUUpMbVpWVzdvbzJoc2NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9mNTY1ZDctMzJhZi00YmUxLTgyYWMtYjYwMmNlZGFjMzZj
LzEvbzNoOUstYnF3MndkSjREM2hyaDhuaFUtZ2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EI9MA0G
CSqGSIb3DQEBCwUAA4IBAQCPS0ET1y8lU1MIde90/aVJcGkpQvfOUCdprku1EZKT
E/RBAJNyEcb1Ag81A/Fe3i7guvQU5sfpWKIAYIk0FfVNz/+aCxGpeV+QqypAf2NC
NJGgckZtS2wU1pxfJSnZy0HgFRs32jF+ol1VvAy9qlsj8hvVJfTYkHk79YV8hb2L
wPc3nZn2Tjry/58OQDt4SFONVTmcQzairyz27cggR08RpsAv/eDIct/r7vPynYe6
f8vevhOv2g8yssGPMX2E94SYF2aap8Rze58WylGo08+Gx0g5Qu4BUhWKuYrG2W6S
Pwwl5tfFrgZwgKD2vyM2Jde7enSq4Ds6GwXKuU4kVTwz
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:18:20 2026 by rpki-client