Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/sV8y37MPLL8RWd9qwC40uq9yWVE.roa
File: sV8y37MPLL8RWd9qwC40uq9yWVE.roa (raw, json)
Hash identifier: lh7Z1sBUtKMv9VJw44+72Tr1TfgyFQInhjWPQXaVkxQ=
Subject key identifier: B1:5F:32:DF:B3:0F:2C:BF:11:59:DF:6A:C0:2E:34:BA:AF:72:59:51
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019D256FD423ADF9084263853A0D617ED5DC
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/sV8y37MPLL8RWd9qwC40uq9yWVE.roa
Signing time: Wed 25 Mar 2026 14:39:38 +0000
ROA not before: Wed 25 Mar 2026 14:39:38 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 398478
IP address blocks: 222.167.192.0/24 maxlen: 24
222.167.194.0/24 maxlen: 24
222.167.196.0/24 maxlen: 24
222.167.197.0/24 maxlen: 24
222.167.199.0/24 maxlen: 24
222.167.200.0/23 maxlen: 23
222.167.203.0/24 maxlen: 24
222.167.204.0/23 maxlen: 23
222.167.206.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:25:6f:d4:23:ad:f9:08:42:63:85:3a:0d:61:7e:d5:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Mar 25 14:39:38 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=b15f32dfb30f2cbf1159df6ac02e34baaf725951
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:07:68:a5:95:7a:99:c7:e2:35:23:59:79:79:
84:a8:b5:1a:7f:7a:98:89:ff:27:be:30:fa:22:ba:
7b:9e:69:8e:9a:ae:6f:eb:06:b0:93:fe:4f:54:3c:
f2:2e:8d:3f:5c:88:cc:17:a6:19:b2:98:01:c9:09:
f7:f7:a1:56:08:5a:20:93:ef:22:84:82:73:e5:75:
12:99:d7:f7:6d:29:94:00:1a:c0:ee:7b:de:c9:43:
af:f7:54:ef:77:56:aa:cb:50:30:0e:8b:9a:7d:8f:
c3:36:be:f0:69:22:12:94:6c:cc:51:ca:9e:5c:45:
8b:f3:93:68:6d:74:dc:17:d7:5b:21:57:e8:e6:31:
4e:7d:de:16:83:f8:0f:4f:f7:8a:3b:d5:2c:f0:1b:
73:d8:e3:09:e1:57:e6:df:3f:77:f0:8d:5a:8a:c9:
1d:48:ca:f2:34:cb:a8:c3:45:84:46:20:c0:55:4a:
3e:99:ab:dd:16:3d:fb:0b:6c:7c:45:40:18:4c:eb:
59:7a:7f:05:6c:c3:64:df:2a:cc:61:83:35:18:02:
5f:d4:c0:b4:9e:53:d3:0c:be:06:2a:61:69:f7:80:
84:9b:7f:be:a7:5e:8d:30:01:df:5d:bc:02:09:32:
f6:28:4c:a2:0f:21:d6:da:6d:53:01:d7:d1:ea:d7:
86:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:5F:32:DF:B3:0F:2C:BF:11:59:DF:6A:C0:2E:34:BA:AF:72:59:51
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/sV8y37MPLL8RWd9qwC40uq9yWVE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
222.167.192.0/24
222.167.194.0/24
222.167.196.0/23
222.167.199.0-222.167.201.255
222.167.203.0-222.167.207.255
Signature Algorithm: sha256WithRSAEncryption
7f:50:91:28:71:f8:0d:4a:7c:f4:c7:49:85:9d:2d:aa:e0:ad:
44:18:ce:3a:a4:1b:dc:1f:d1:01:68:4d:00:2c:26:c1:73:3c:
ca:5b:17:d3:f9:db:0a:33:f8:ec:5d:8f:4f:e0:a1:c0:48:12:
64:d2:f9:53:d3:e0:a2:e6:af:d6:2d:12:9d:44:06:36:36:3b:
5a:28:28:6f:5c:43:bf:62:c5:32:59:6a:55:97:21:f6:e7:f2:
4a:e9:01:5b:17:49:a2:87:e7:f1:94:5f:f5:5d:b2:76:93:ce:
5d:f7:b2:2e:d5:10:2c:0f:37:02:37:1e:b2:1f:94:27:c1:a6:
78:c0:ae:d6:db:89:99:ed:3b:55:e1:70:df:2d:bb:bd:b0:59:
21:15:3e:7e:1b:61:98:5c:dc:16:3f:72:05:32:86:87:65:97:
f7:b8:2c:7a:b3:f6:74:bd:30:0c:10:17:48:ca:70:fc:f9:ad:
e1:42:7f:f1:8a:30:0f:64:54:d0:23:d2:66:4b:8c:ba:e2:b4:
f6:37:fb:ef:97:54:b2:1d:30:93:83:19:20:00:7d:2f:e9:e7:
5a:6d:0e:4d:bf:30:ab:94:4e:99:b1:40:05:d5:ed:f8:50:94:
a3:3a:93:02:37:70:5c:34:2f:b7:af:35:93:9f:1a:8e:21:a5:
2a:7f:5f:96
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZ0lb9QjrfkIQmOFOg1hftXcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzI1MTQzOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTVmMzJkZmIzMGYyY2JmMTE1OWRmNmFjMDJlMzRiYWFmNzI1OTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgdopZV6mcfiNSNZeXmEqLUaf3qY
if8nvjD6Irp7nmmOmq5v6wawk/5PVDzyLo0/XIjMF6YZspgByQn396FWCFogk+8i
hIJz5XUSmdf3bSmUABrA7nveyUOv91Tvd1aqy1AwDouafY/DNr7waSISlGzMUcqe
XEWL85NobXTcF9dbIVfo5jFOfd4Wg/gPT/eKO9Us8Btz2OMJ4Vfm3z938I1aiskd
SMryNMuow0WERiDAVUo+mavdFj37C2x8RUAYTOtZen8FbMNk3yrMYYM1GAJf1MC0
nlPTDL4GKmFp94CEm3++p16NMAHfXbwCCTL2KEyiDyHW2m1TAdfR6teG7QIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFLFfMt+zDyy/EVnfasAuNLqvcllRMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvc1Y4eTM3TVBMTDhSV2Q5cXdDNDB1cTl5V1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQA3qfAAwQA
3qfCAwQB3qfEMAwDBADep8cDBAHep8gwDAMEAN6nywMEBN6nwDANBgkqhkiG9w0B
AQsFAAOCAQEAf1CRKHH4DUp89MdJhZ0tquCtRBjOOqQb3B/RAWhNACwmwXM8ylsX
0/nbCjP47F2PT+ChwEgSZNL5U9Pgouav1i0SnUQGNjY7Wigob1xDv2LFMllqVZch
9ufySukBWxdJoofn8ZRf9V2ydpPOXfeyLtUQLA83Ajcesh+UJ8GmeMCu1tuJme07
VeFw3y27vbBZIRU+fhthmFzcFj9yBTKGh2WX97gserP2dL0wDBAXSMpw/Pmt4UJ/
8YowD2RU0CPSZkuMuuK09jf775dUsh0wk4MZIAB9L+nnWm0OTb8wq5ROmbFABdXt
+FCUozqTAjdwXDQvt681k58ajiGlKn9flg==
-----END CERTIFICATE-----
Generated at Thu Mar 26 07:05:25 2026 by rpki-client