Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/iIt06y_hUdGc8HNkpEJC_WYDW5w.roa
File: iIt06y_hUdGc8HNkpEJC_WYDW5w.roa (raw, json)
Hash identifier: G0N9HxEnblWUsnq9try/TNSpWeFRaa0FkNLO3f6+MRE=
Subject key identifier: 88:8B:74:EB:2F:E1:51:D1:9C:F0:73:64:A4:42:42:FD:66:03:5B:9C
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019E18575456CB25C47A55E120FACE9FF712
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/iIt06y_hUdGc8HNkpEJC_WYDW5w.roa
Signing time: Mon 11 May 2026 18:40:36 +0000
ROA not before: Mon 11 May 2026 18:40:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 398478
IP address blocks: 222.167.194.0/24 maxlen: 24
222.167.197.0/24 maxlen: 24
222.167.200.0/24 maxlen: 24
222.167.203.0/24 maxlen: 24
222.167.204.0/23 maxlen: 23
222.167.206.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:10:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:18:57:54:56:cb:25:c4:7a:55:e1:20:fa:ce:9f:f7:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: May 11 18:40:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=888b74eb2fe151d19cf07364a44242fd66035b9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:05:c5:f2:4a:5e:b2:59:42:a7:fa:8f:31:4f:
59:93:30:5a:ea:e9:b6:c2:83:e1:79:97:21:13:95:
8e:66:fb:09:ae:69:cf:d0:b0:9b:3e:d6:fe:b8:19:
28:08:e3:09:53:89:02:0c:26:19:9a:07:1d:4e:ae:
8e:3d:7c:5c:12:bc:ac:2e:6e:58:f2:08:05:cc:04:
d6:f5:e3:ff:26:ba:18:7c:ba:0a:80:18:08:e0:26:
32:b2:f3:7b:75:d6:1e:7b:f6:67:e7:2d:60:c3:d0:
e9:48:c1:4b:5e:46:c8:37:3a:04:31:be:79:22:6a:
60:56:2c:ee:9e:df:41:a1:37:83:2f:89:87:1a:62:
58:dd:53:97:2c:a1:17:65:f5:be:96:2e:12:cc:6b:
26:0f:cd:ce:60:c8:25:2d:8f:35:e0:4f:7f:0f:e3:
78:c9:0b:65:da:38:2a:04:69:f1:c7:7c:36:81:65:
5d:66:2d:51:60:dc:1b:14:40:e6:11:03:34:37:06:
6c:ff:2c:2b:c7:57:86:8a:f7:e9:72:ce:e8:a3:70:
71:d8:00:6e:6b:96:48:02:42:d7:dd:dc:b2:04:80:
94:c1:4f:fe:15:d2:09:c2:3b:d2:32:83:17:d1:70:
7b:63:c6:1d:44:4d:62:96:61:8f:46:fc:a3:48:7d:
46:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:8B:74:EB:2F:E1:51:D1:9C:F0:73:64:A4:42:42:FD:66:03:5B:9C
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/iIt06y_hUdGc8HNkpEJC_WYDW5w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
222.167.194.0/24
222.167.197.0/24
222.167.200.0/24
222.167.203.0-222.167.206.255
Signature Algorithm: sha256WithRSAEncryption
4d:61:81:f8:af:5d:0f:b4:c1:41:43:5d:60:70:38:04:59:d6:
c9:f1:8b:24:db:db:a0:ba:79:d8:1a:07:a6:29:ca:c7:7a:a5:
d8:a5:e4:f6:e4:18:79:b4:39:70:c0:bd:3a:aa:93:4f:7f:67:
b8:c5:62:ba:46:4a:05:56:d6:02:a2:99:fe:48:60:73:4b:1c:
65:15:79:cc:57:66:f8:1f:d6:a4:84:21:17:84:83:48:d5:94:
f7:2e:8c:60:f0:b5:2d:25:76:43:65:ac:bc:c7:87:dc:ec:50:
08:c9:02:a3:47:73:43:92:94:68:bb:02:d3:c6:e8:41:e8:94:
2b:23:68:69:a9:84:ab:a6:fe:31:b7:ee:24:0e:ce:07:04:1e:
57:f0:69:85:d1:97:ce:7f:ba:7c:61:ba:c5:fb:9e:03:bb:52:
f6:17:23:ba:36:82:42:3c:fd:a8:80:cd:0f:fe:37:f3:54:24:
03:1f:fe:0c:8f:88:a2:1e:73:b8:56:fd:d5:be:e1:b3:62:f0:
f2:5e:bc:d8:f5:ca:ef:f0:2f:9c:9f:1f:e0:72:b9:a4:b0:5f:
37:e6:a1:c0:7a:f8:ca:18:cc:4c:97:03:8a:3b:d7:ca:b1:40:
5f:07:84:d5:45:8a:00:c8:b7:39:dd:db:7b:d1:95:04:2a:2f:
1a:c1:03:35
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ4YV1RWyyXEelXhIPrOn/cSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNTExMTg0MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODhiNzRlYjJmZTE1MWQxOWNmMDczNjRhNDQyNDJmZDY2MDM1YjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9AXF8kpesllCp/qPMU9ZkzBa6um2
woPheZchE5WOZvsJrmnP0LCbPtb+uBkoCOMJU4kCDCYZmgcdTq6OPXxcErysLm5Y
8ggFzATW9eP/JroYfLoKgBgI4CYysvN7ddYee/Zn5y1gw9DpSMFLXkbINzoEMb55
ImpgVizunt9BoTeDL4mHGmJY3VOXLKEXZfW+li4SzGsmD83OYMglLY814E9/D+N4
yQtl2jgqBGnxx3w2gWVdZi1RYNwbFEDmEQM0NwZs/ywrx1eGivfpcs7oo3Bx2ABu
a5ZIAkLX3dyyBICUwU/+FdIJwjvSMoMX0XB7Y8YdRE1ilmGPRvyjSH1GbwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFIiLdOsv4VHRnPBzZKRCQv1mA1ucMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvaUl0MDZ5X2hVZEdjOEhOa3BFSkNfV1lEVzV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQA3qfCAwQA
3qfFAwQA3qfIMAwDBADep8sDBADep84wDQYJKoZIhvcNAQELBQADggEBAE1hgfiv
XQ+0wUFDXWBwOARZ1snxiyTb26C6edgaB6Ypysd6pdil5PbkGHm0OXDAvTqqk09/
Z7jFYrpGSgVW1gKimf5IYHNLHGUVecxXZvgf1qSEIReEg0jVlPcujGDwtS0ldkNl
rLzHh9zsUAjJAqNHc0OSlGi7AtPG6EHolCsjaGmphKum/jG37iQOzgcEHlfwaYXR
l85/unxhusX7ngO7UvYXI7o2gkI8/aiAzQ/+N/NUJAMf/gyPiKIec7hW/dW+4bNi
8PJevNj1yu/wL5yfH+ByuaSwXzfmocB6+MoYzEyXA4o718qxQF8HhNVFigDItznd
23vRlQQqLxrBAzU=
-----END CERTIFICATE-----
Generated at Wed May 13 02:38:18 2026 by rpki-client