Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/XKQ33UaszWr3UcKOxkCn_h2IO0g.roa
File: XKQ33UaszWr3UcKOxkCn_h2IO0g.roa (raw, json)
Hash identifier: u7DgA9+pxN/MkyUzWxvuGfSEIEQmvUWyH2yknFwZpng=
Subject key identifier: 5C:A4:37:DD:46:AC:CD:6A:F7:51:C2:8E:C6:40:A7:FE:1D:88:3B:48
Certificate issuer: /CN=cbdfce3a5355f861fdc48c32012c78c9daf9a5a4
Certificate serial: 019CF756A53FDCED4A0733B9C616B44A9AD9
Authority key identifier: CB:DF:CE:3A:53:55:F8:61:FD:C4:8C:32:01:2C:78:C9:DA:F9:A5:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/y9_OOlNV-GH9xIwyASx4ydr5paQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/XKQ33UaszWr3UcKOxkCn_h2IO0g.roa
Signing time: Mon 16 Mar 2026 15:49:36 +0000
ROA not before: Mon 16 Mar 2026 15:49:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 216167
IP address blocks: 62.223.8.0/24 maxlen: 24
62.223.10.0/24 maxlen: 24
62.223.11.0/24 maxlen: 24
62.223.12.0/24 maxlen: 24
62.223.13.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/y9_OOlNV-GH9xIwyASx4ydr5paQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/y9_OOlNV-GH9xIwyASx4ydr5paQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/y9_OOlNV-GH9xIwyASx4ydr5paQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:f7:56:a5:3f:dc:ed:4a:07:33:b9:c6:16:b4:4a:9a:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cbdfce3a5355f861fdc48c32012c78c9daf9a5a4
Validity
Not Before: Mar 16 15:49:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5ca437dd46accd6af751c28ec640a7fe1d883b48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:0d:3a:bb:1f:e6:e0:6f:94:f3:e8:91:89:01:
14:52:ad:a2:ea:45:3f:bc:3e:3f:eb:e4:ed:3e:4b:
93:8d:fc:20:13:f1:4b:03:b7:a3:6a:bc:a2:6c:5e:
90:5d:76:9a:48:0b:d7:5b:0b:d4:09:70:c1:c6:ec:
dc:ac:e2:62:40:cb:6c:9d:73:75:5a:59:85:af:15:
a6:f7:54:77:05:68:a3:cf:c5:1f:dd:d2:ad:e6:16:
f7:5a:d0:03:70:4c:f8:42:5a:20:28:a6:4b:6d:a6:
29:1d:63:fa:4a:0b:23:ba:03:b0:1b:82:ab:4e:99:
d0:91:ab:84:2a:99:2d:b4:02:d5:4c:8b:f7:f7:d3:
2a:a9:99:35:94:3e:16:d3:cc:84:ec:e9:46:4a:4b:
82:38:88:49:67:8d:97:cc:fe:8f:e6:a9:f7:8d:0a:
8a:6b:bf:37:62:ad:58:8d:ba:97:0d:cc:8c:28:6b:
ae:7f:bc:80:aa:d2:87:be:1d:c3:31:94:6f:48:05:
6d:2d:48:0e:ab:2f:35:38:99:90:f2:77:14:2c:a3:
17:cd:81:de:1c:5d:02:bd:21:e0:94:1f:1a:73:9f:
fe:db:85:22:f0:16:4b:c5:43:41:d4:39:1b:fd:d5:
89:d5:5b:9b:fc:8c:42:dc:0d:23:04:a5:77:88:2a:
0d:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:A4:37:DD:46:AC:CD:6A:F7:51:C2:8E:C6:40:A7:FE:1D:88:3B:48
X509v3 Authority Key Identifier:
keyid:CB:DF:CE:3A:53:55:F8:61:FD:C4:8C:32:01:2C:78:C9:DA:F9:A5:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9_OOlNV-GH9xIwyASx4ydr5paQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/XKQ33UaszWr3UcKOxkCn_h2IO0g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/y9_OOlNV-GH9xIwyASx4ydr5paQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.223.8.0/24
62.223.10.0-62.223.13.255
Signature Algorithm: sha256WithRSAEncryption
70:05:41:43:6d:41:45:8c:f3:cb:bc:c1:6e:86:71:f9:53:c4:
a1:d8:2b:a1:04:92:ab:26:c5:5f:b5:43:9e:d5:ed:d4:de:a8:
bc:da:9d:05:4e:ff:92:60:f4:71:b0:20:f5:5d:f7:35:4e:a5:
06:48:5f:64:9a:ca:77:ca:16:81:41:de:06:7d:a9:db:d4:d3:
40:33:e9:12:dd:26:0d:a3:e7:e7:15:06:5e:05:d2:d5:eb:cb:
a6:9e:9e:61:ef:93:f0:da:d0:cc:69:c6:f0:24:7f:ad:97:58:
0a:3d:26:24:e4:4b:44:9f:97:29:bc:f5:6f:3b:90:ff:30:c6:
dc:60:e3:14:36:6f:70:4a:77:39:6d:8b:ad:94:10:3d:bb:69:
7c:c3:62:f2:2e:7b:e5:70:f6:d5:2e:97:b0:f5:f3:d8:13:2b:
69:48:a5:04:e7:3d:e6:dd:40:e0:33:69:ef:d5:18:31:e1:36:
bd:73:25:d7:87:04:25:db:86:35:91:0f:a2:f1:26:28:85:76:
85:40:10:33:c3:d9:a8:c8:a4:36:52:11:3c:33:10:b8:e3:8a:
26:9a:ed:84:ca:db:bd:a5:ab:27:7d:6e:81:bd:da:16:25:5d:
bd:b9:cc:a2:2d:f4:e7:b7:75:f8:91:1f:ce:a9:75:3a:dd:1f:
03:ae:0f:cb
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZz3VqU/3O1KBzO5xha0SprZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZGZjZTNhNTM1NWY4NjFmZGM0OGMzMjAxMmM3OGM5ZGFm
OWE1YTQwHhcNMjYwMzE2MTU0OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2E0MzdkZDQ2YWNjZDZhZjc1MWMyOGVjNjQwYTdmZTFkODgzYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlw06ux/m4G+U8+iRiQEUUq2i6kU/
vD4/6+TtPkuTjfwgE/FLA7ejaryibF6QXXaaSAvXWwvUCXDBxuzcrOJiQMtsnXN1
WlmFrxWm91R3BWijz8Uf3dKt5hb3WtADcEz4QlogKKZLbaYpHWP6SgsjugOwG4Kr
TpnQkauEKpkttALVTIv399MqqZk1lD4W08yE7OlGSkuCOIhJZ42XzP6P5qn3jQqK
a783Yq1YjbqXDcyMKGuuf7yAqtKHvh3DMZRvSAVtLUgOqy81OJmQ8ncULKMXzYHe
HF0CvSHglB8ac5/+24Ui8BZLxUNB1Dkb/dWJ1Vub/IxC3A0jBKV3iCoNDwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFykN91GrM1q91HCjsZAp/4diDtIMB8GA1UdIwQY
MBaAFMvfzjpTVfhh/cSMMgEseMna+aWkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlfT09sTlYtR0g5eEl3eUFTeDR5ZHI1cGFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi83NGExYjUtM2MyZS00OGUyLTkwZmQt
YjQ5ZDg5ZTMwZGRkLzEvWEtRMzNVYXN6V3IzVWNLT3hrQ25faDJJTzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi83NGExYjUtM2MyZS00OGUyLTkwZmQtYjQ5ZDg5ZTMwZGRk
LzEveTlfT09sTlYtR0g5eEl3eUFTeDR5ZHI1cGFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAPt8IMAwD
BAE+3woDBAE+3wwwDQYJKoZIhvcNAQELBQADggEBAHAFQUNtQUWM88u8wW6GcflT
xKHYK6EEkqsmxV+1Q57V7dTeqLzanQVO/5Jg9HGwIPVd9zVOpQZIX2SaynfKFoFB
3gZ9qdvU00Az6RLdJg2j5+cVBl4F0tXry6aenmHvk/Da0MxpxvAkf62XWAo9JiTk
S0Sflym89W87kP8wxtxg4xQ2b3BKdzlti62UED27aXzDYvIue+Vw9tUul7D189gT
K2lIpQTnPebdQOAzae/VGDHhNr1zJdeHBCXbhjWRD6LxJiiFdoVAEDPD2ajIpDZS
ETwzELjjiiaa7YTK272lqyd9boG92hYlXb25zKIt9Oe3dfiRH86pdTrdHwOuD8s=
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:48:38 2026 by rpki-client