Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/CHH3xJ1lzUgyXtbZUmGWR88D-U8.roa
File: CHH3xJ1lzUgyXtbZUmGWR88D-U8.roa (raw, json)
Hash identifier: 2I73e56GrDAgMRYeThyxeJT4zvfxFJwpu15CsggS6j8=
Subject key identifier: 08:71:F7:C4:9D:65:CD:48:32:5E:D6:D9:52:61:96:47:CF:03:F9:4F
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019DD4B5FB664E3B962BAD95E5EE3A0B8168
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/CHH3xJ1lzUgyXtbZUmGWR88D-U8.roa
Signing time: Tue 28 Apr 2026 15:29:49 +0000
ROA not before: Tue 28 Apr 2026 15:29:49 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208063
IP address blocks: 222.167.239.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 04 May 2026 11:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:d4:b5:fb:66:4e:3b:96:2b:ad:95:e5:ee:3a:0b:81:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Apr 28 15:29:49 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0871f7c49d65cd48325ed6d952619647cf03f94f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:ff:58:54:15:88:7a:a2:c5:2e:41:5d:5e:2c:
90:f6:e9:d2:92:d5:cb:54:fb:33:53:3c:1d:c4:2f:
89:8b:c8:f3:15:e0:07:f8:0b:1a:c0:8c:54:ac:7b:
c7:41:1d:42:7d:df:9e:71:8a:80:75:7e:d8:e4:9a:
b4:06:40:3f:fd:01:0e:70:d1:fb:55:dd:3b:35:f5:
63:cb:25:43:79:10:21:2d:1c:3f:f8:65:04:46:5a:
90:24:a0:c8:94:9e:8e:88:ea:7e:bc:73:2f:a3:b8:
61:6d:ab:4e:bc:a8:7c:28:a4:ff:8c:24:34:c3:3e:
2f:bd:9d:c6:c1:c5:7f:04:00:23:9c:bb:16:48:7b:
d3:dc:6f:89:41:be:c6:39:ff:28:83:72:cd:90:64:
f4:1d:ee:3c:b4:fb:23:e8:2b:92:5d:97:ea:5f:77:
81:52:6f:04:09:de:b5:6a:01:16:0d:5f:64:dd:09:
b7:0a:17:ad:5e:23:66:3b:2f:67:90:3d:36:bf:65:
15:3d:5e:d9:d3:8c:4e:22:17:78:f8:11:a6:ba:4c:
43:0d:8f:1d:5d:68:26:58:a8:39:ba:ec:05:6e:8b:
e5:51:2e:16:f8:51:c6:97:aa:a1:27:b1:28:46:17:
fc:b7:86:07:3a:70:66:a5:44:81:7c:fa:ee:5b:7f:
7d:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:71:F7:C4:9D:65:CD:48:32:5E:D6:D9:52:61:96:47:CF:03:F9:4F
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/CHH3xJ1lzUgyXtbZUmGWR88D-U8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
222.167.239.0/24
Signature Algorithm: sha256WithRSAEncryption
34:88:86:bc:b4:fe:97:07:77:a7:c0:90:dc:1c:8a:c6:1d:86:
bd:82:48:77:1e:09:80:b9:76:b5:9b:91:f9:60:e1:b3:c7:87:
9f:e4:db:c9:6b:e5:37:d7:2b:b3:4c:4c:69:3d:1d:1c:9b:fa:
3c:52:3c:37:06:d6:74:e7:32:14:1d:d3:c9:6c:09:f0:37:d4:
9f:92:eb:34:d1:e9:23:95:42:f7:25:ce:0b:0b:e4:2f:42:e7:
14:20:91:d7:89:70:8b:01:76:10:23:b5:40:6a:bd:e1:f7:e2:
85:71:c1:c9:bc:0e:d4:17:bd:f3:a6:53:d9:fc:5f:19:66:44:
69:0d:fd:ff:ae:94:f8:ea:4e:6d:0c:7b:57:b4:ef:26:81:9c:
fc:5a:b7:41:2c:15:69:2f:61:c6:b1:71:35:50:61:4c:0e:af:
0e:8b:4d:d8:dc:45:c6:c1:e1:ed:d2:5d:f7:e4:a0:24:ff:85:
93:6b:1b:46:2f:68:b3:22:02:a4:29:e9:9a:b8:22:bb:6b:24:
b2:d6:09:d9:6a:29:f2:5d:7b:e0:91:97:ce:38:73:27:2f:35:
25:ee:38:c7:48:6e:02:de:f2:13:2c:c5:d2:21:13:e8:ed:f0:
93:3a:91:76:50:20:dd:e3:aa:82:8e:3d:32:f0:0a:5d:c6:ad:
fb:18:94:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3UtftmTjuWK62V5e46C4FoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNDI4MTUyOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODcxZjdjNDlkNjVjZDQ4MzI1ZWQ2ZDk1MjYxOTY0N2NmMDNmOTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4v9YVBWIeqLFLkFdXiyQ9unSktXL
VPszUzwdxC+Ji8jzFeAH+AsawIxUrHvHQR1Cfd+ecYqAdX7Y5Jq0BkA//QEOcNH7
Vd07NfVjyyVDeRAhLRw/+GUERlqQJKDIlJ6OiOp+vHMvo7hhbatOvKh8KKT/jCQ0
wz4vvZ3GwcV/BAAjnLsWSHvT3G+JQb7GOf8og3LNkGT0He48tPsj6CuSXZfqX3eB
Um8ECd61agEWDV9k3Qm3ChetXiNmOy9nkD02v2UVPV7Z04xOIhd4+BGmukxDDY8d
XWgmWKg5uuwFbovlUS4W+FHGl6qhJ7EoRhf8t4YHOnBmpUSBfPruW399HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhx98SdZc1IMl7W2VJhlkfPA/lPMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvQ0hIM3hKMWx6VWd5WHRiWlVtR1dSODhELVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA3qfvMA0G
CSqGSIb3DQEBCwUAA4IBAQA0iIa8tP6XB3enwJDcHIrGHYa9gkh3HgmAuXa1m5H5
YOGzx4ef5NvJa+U31yuzTExpPR0cm/o8Ujw3BtZ05zIUHdPJbAnwN9Sfkus00ekj
lUL3Jc4LC+QvQucUIJHXiXCLAXYQI7VAar3h9+KFccHJvA7UF73zplPZ/F8ZZkRp
Df3/rpT46k5tDHtXtO8mgZz8WrdBLBVpL2HGsXE1UGFMDq8Oi03Y3EXGweHt0l33
5KAk/4WTaxtGL2izIgKkKemauCK7aySy1gnZainyXXvgkZfOOHMnLzUl7jjHSG4C
3vITLMXSIRPo7fCTOpF2UCDd46qCjj0y8Apdxq37GJSo
-----END CERTIFICATE-----
Generated at Sun May 3 18:35:50 2026 by rpki-client