Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/RBRGzUXv0GP6sDCUJdzwfgQhVJI.roa
File: RBRGzUXv0GP6sDCUJdzwfgQhVJI.roa (raw, json)
Hash identifier: 3jfH/REzZPatvTI7tIy9xK53KtbO6eGA8PrVuhM1kx0=
Subject key identifier: 44:14:46:CD:45:EF:D0:63:FA:B0:30:94:25:DC:F0:7E:04:21:54:92
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019CAEC75D4D7ECD23AADE43B4D7A094695E
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/RBRGzUXv0GP6sDCUJdzwfgQhVJI.roa
Signing time: Mon 02 Mar 2026 13:40:27 +0000
ROA not before: Mon 02 Mar 2026 13:40:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 63199
IP address blocks: 110.34.37.0/24 maxlen: 24
116.204.165.0/24 maxlen: 24
150.107.50.0/24 maxlen: 24
222.167.224.0/24 maxlen: 24
222.167.231.0/24 maxlen: 24
222.167.252.0/24 maxlen: 24
222.167.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Mar 2026 16:05:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:ae:c7:5d:4d:7e:cd:23:aa:de:43:b4:d7:a0:94:69:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Mar 2 13:40:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=441446cd45efd063fab0309425dcf07e04215492
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:be:97:10:63:0d:46:5b:ce:f8:79:22:c4:be:
7c:f9:af:38:e7:f0:6b:3a:dc:57:bf:5c:6f:01:30:
be:f5:d0:13:14:f5:d8:68:c4:3b:fa:1f:19:62:70:
e7:55:b7:56:c3:aa:ec:d3:71:b0:59:57:bf:0b:ba:
ff:75:68:49:60:83:14:a0:94:f3:72:a5:d8:d7:c7:
79:d0:cd:ba:be:d0:c8:3a:09:f8:bc:97:85:06:1c:
cf:a1:9b:0c:4e:b0:5f:0b:74:ce:08:9e:68:66:19:
3d:d4:d5:bc:cc:11:3c:51:fc:8e:a6:75:c9:d4:db:
b7:42:ed:9a:7a:47:76:18:93:84:3d:1c:87:b8:c6:
23:f2:80:5a:99:26:66:8b:72:7b:e1:b7:48:9e:8a:
ac:c8:55:a8:a2:b0:08:1e:b4:9a:f9:e5:cb:19:1d:
8f:a1:c9:07:5c:0a:90:a1:8b:4c:80:3f:82:6a:f2:
5c:95:72:2d:18:aa:6c:84:3b:f8:eb:e5:aa:ac:cd:
85:22:67:c2:5c:96:1d:47:db:1b:24:31:08:17:7d:
47:34:e9:19:33:0c:78:3f:60:c2:da:e4:64:f8:fb:
51:ee:42:ad:bb:03:9e:53:23:3e:db:ba:95:54:b6:
f2:98:77:27:36:e4:36:e4:d2:77:90:18:d9:64:8d:
b8:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:14:46:CD:45:EF:D0:63:FA:B0:30:94:25:DC:F0:7E:04:21:54:92
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/RBRGzUXv0GP6sDCUJdzwfgQhVJI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
110.34.37.0/24
116.204.165.0/24
150.107.50.0/24
222.167.224.0/24
222.167.231.0/24
222.167.252.0/24
222.167.255.0/24
Signature Algorithm: sha256WithRSAEncryption
11:9c:33:6a:91:25:2e:fa:16:33:6b:4e:b6:3d:a0:a7:fe:11:
5a:21:a1:05:26:90:d8:9f:21:b4:f9:45:75:1c:ee:07:04:42:
7c:c5:25:f8:74:09:d7:b4:62:8c:28:37:d6:94:df:b7:7f:77:
e0:c7:58:ba:78:f5:02:a8:1f:ac:88:23:fb:f4:37:de:4d:0f:
52:74:26:aa:4d:0f:23:4a:1b:38:24:1a:60:31:33:4d:81:cf:
55:82:10:97:0a:4c:90:c8:1f:d6:69:18:a2:43:37:0f:44:9b:
6f:90:02:1d:c0:2b:1f:ca:0d:39:2d:ae:71:40:c7:f1:46:18:
4b:90:2d:bb:da:20:fa:36:0f:60:86:b3:f3:9d:98:09:fc:16:
1f:65:f8:ae:f8:a9:46:fd:80:30:2c:6f:0d:d5:e8:ef:bb:90:
7b:e1:c7:88:0c:dc:57:b8:45:8f:af:d5:ed:1e:91:76:8d:d6:
78:65:12:9f:3d:62:69:7f:ae:7e:78:e2:ae:f7:04:2b:44:f7:
8a:e1:d1:5d:a9:43:32:58:4c:2a:7b:45:c3:db:f0:49:51:5a:
cf:ac:c9:03:11:24:24:c4:d8:11:77:29:34:8a:a3:2b:bd:54:
5a:0e:dd:2f:27:ee:0e:14:69:0e:24:ed:fc:6c:7e:33:e8:16:
9d:1c:73:74
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZyux11Nfs0jqt5DtNeglGleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzAyMTM0MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDE0NDZjZDQ1ZWZkMDYzZmFiMDMwOTQyNWRjZjA3ZTA0MjE1NDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApL6XEGMNRlvO+HkixL58+a845/Br
OtxXv1xvATC+9dATFPXYaMQ7+h8ZYnDnVbdWw6rs03GwWVe/C7r/dWhJYIMUoJTz
cqXY18d50M26vtDIOgn4vJeFBhzPoZsMTrBfC3TOCJ5oZhk91NW8zBE8UfyOpnXJ
1Nu3Qu2aekd2GJOEPRyHuMYj8oBamSZmi3J74bdInoqsyFWoorAIHrSa+eXLGR2P
ockHXAqQoYtMgD+CavJclXItGKpshDv46+WqrM2FImfCXJYdR9sbJDEIF31HNOkZ
Mwx4P2DC2uRk+PtR7kKtuwOeUyM+27qVVLbymHcnNuQ25NJ3kBjZZI240QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFEQURs1F79Bj+rAwlCXc8H4EIVSSMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvUkJSR3pVWHYwR1A2c0RDVUpkendmZ1FoVkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAbiIlAwQA
dMylAwQAlmsyAwQA3qfgAwQA3qfnAwQA3qf8AwQA3qf/MA0GCSqGSIb3DQEBCwUA
A4IBAQARnDNqkSUu+hYza062PaCn/hFaIaEFJpDYnyG0+UV1HO4HBEJ8xSX4dAnX
tGKMKDfWlN+3f3fgx1i6ePUCqB+siCP79DfeTQ9SdCaqTQ8jShs4JBpgMTNNgc9V
ghCXCkyQyB/WaRiiQzcPRJtvkAIdwCsfyg05La5xQMfxRhhLkC272iD6Ng9ghrPz
nZgJ/BYfZfiu+KlG/YAwLG8N1ejvu5B74ceIDNxXuEWPr9XtHpF2jdZ4ZRKfPWJp
f65+eOKu9wQrRPeK4dFdqUMyWEwqe0XD2/BJUVrPrMkDESQkxNgRdyk0iqMrvVRa
Dt0vJ+4OFGkOJO38bH4z6BadHHN0
-----END CERTIFICATE-----
Generated at Thu Mar 5 20:42:36 2026 by rpki-client