Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/ULPfQ5I9MUTunZ_5SD4zsUjvVRU.roa
File: ULPfQ5I9MUTunZ_5SD4zsUjvVRU.roa (raw, json)
Hash identifier: N0MS/4hPoOldhHeqhv/An6YPucYGicUhbuwcClEdOQ8=
Subject key identifier: 50:B3:DF:43:92:3D:31:44:EE:9D:9F:F9:48:3E:33:B1:48:EF:55:15
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019D2AE1DB6CB481068D11A4E542E32733E8
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/ULPfQ5I9MUTunZ_5SD4zsUjvVRU.roa
Signing time: Thu 26 Mar 2026 16:02:17 +0000
ROA not before: Thu 26 Mar 2026 16:02:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 199915
IP address blocks: 116.204.164.0/24 maxlen: 24
116.204.165.0/24 maxlen: 24
222.167.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 28 Mar 2026 13:18:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2a:e1:db:6c:b4:81:06:8d:11:a4:e5:42:e3:27:33:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Mar 26 16:02:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=50b3df43923d3144ee9d9ff9483e33b148ef5515
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:03:aa:f9:6b:37:5c:95:af:7f:28:4a:6c:a3:
e8:68:07:09:71:b5:33:c2:15:98:5a:bf:53:88:a7:
13:d2:ee:73:1c:c7:e4:75:fb:a5:d6:a9:2f:b5:b9:
3f:d3:d6:ae:80:be:03:af:6d:ca:10:13:59:2c:81:
62:6e:43:ed:87:94:8b:a2:04:24:27:0b:b3:26:d3:
fe:eb:5e:92:8f:d1:59:6e:7a:21:c8:8d:7e:e8:7e:
4b:f0:6a:6d:72:98:d2:9a:59:db:db:1a:ab:6f:65:
2b:00:08:90:80:87:0d:41:b6:6c:b4:bd:06:a9:cb:
13:7b:05:2a:f5:d4:c2:78:25:cd:96:fc:10:a9:0a:
52:36:32:3a:e1:71:6e:c2:ed:c2:4f:d0:6a:de:f7:
06:88:01:e5:73:79:3e:df:33:1e:f5:67:ad:ff:81:
c2:72:db:9c:54:d8:98:18:a0:50:1f:df:47:83:6a:
81:f8:a3:a4:a5:51:48:7f:60:89:b6:51:ac:55:03:
cc:a4:f4:45:bb:26:37:2f:a8:ac:1c:45:b7:a0:0a:
19:95:17:b3:55:cf:0d:84:d9:6f:5b:23:a9:41:c1:
f9:41:29:11:97:a1:04:19:40:3a:f7:69:46:d3:e2:
6b:0a:b8:c3:63:8b:fc:91:41:8a:a8:38:ee:28:8a:
16:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:B3:DF:43:92:3D:31:44:EE:9D:9F:F9:48:3E:33:B1:48:EF:55:15
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/ULPfQ5I9MUTunZ_5SD4zsUjvVRU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
116.204.164.0/23
222.167.255.0/24
Signature Algorithm: sha256WithRSAEncryption
a0:12:5a:39:b4:b0:71:f3:6c:2c:bc:37:a7:ad:7a:40:cc:cd:
bc:52:ff:8f:48:79:bb:1b:6d:58:ec:95:2b:3a:c1:92:d6:61:
5f:0b:63:31:8e:c3:be:de:ab:5b:89:4d:ad:28:56:97:a4:c0:
35:06:2c:de:63:f2:d0:cc:d4:9a:f2:34:df:de:77:92:0d:12:
28:63:4d:d6:35:31:78:9e:f5:0c:e2:cc:3c:f2:de:28:a8:22:
e3:c2:6f:5d:bd:20:ec:4e:e8:3a:51:45:0a:84:78:a7:9a:4c:
30:e8:f6:16:5a:51:19:50:8f:1d:d3:03:f1:37:2a:49:60:42:
57:f3:5f:37:c1:77:b4:31:d6:cd:cf:6b:60:85:1f:36:c1:b0:
ba:15:31:8c:41:0f:18:ea:91:17:18:24:9e:24:5b:28:10:52:
be:4a:c2:50:7e:fb:18:ba:32:e7:48:78:59:7b:f9:35:f1:91:
57:e4:0e:fd:40:ad:5e:ee:11:c2:8c:84:1d:8e:87:d9:cf:a1:
e9:c5:83:38:78:1d:3d:4f:aa:80:42:58:e2:59:65:01:28:9a:
3b:b2:49:d3:ca:e6:1f:f7:ae:fe:95:c0:3b:0d:3b:99:45:68:
51:7f:9b:5b:e6:bd:5b:60:49:05:98:08:b7:30:5c:40:cb:c5:
28:b3:73:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0q4dtstIEGjRGk5ULjJzPoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzI2MTYwMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGIzZGY0MzkyM2QzMTQ0ZWU5ZDlmZjk0ODNlMzNiMTQ4ZWY1NTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAOq+Ws3XJWvfyhKbKPoaAcJcbUz
whWYWr9TiKcT0u5zHMfkdful1qkvtbk/09augL4Dr23KEBNZLIFibkPth5SLogQk
JwuzJtP+616Sj9FZbnohyI1+6H5L8GptcpjSmlnb2xqrb2UrAAiQgIcNQbZstL0G
qcsTewUq9dTCeCXNlvwQqQpSNjI64XFuwu3CT9Bq3vcGiAHlc3k+3zMe9Wet/4HC
ctucVNiYGKBQH99Hg2qB+KOkpVFIf2CJtlGsVQPMpPRFuyY3L6isHEW3oAoZlRez
Vc8NhNlvWyOpQcH5QSkRl6EEGUA692lG0+JrCrjDY4v8kUGKqDjuKIoWrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFCz30OSPTFE7p2f+Ug+M7FI71UVMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvVUxQZlE1STlNVVR1blpfNVNENHpzVWp2VlJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBdMykAwQA
3qf/MA0GCSqGSIb3DQEBCwUAA4IBAQCgElo5tLBx82wsvDenrXpAzM28Uv+PSHm7
G21Y7JUrOsGS1mFfC2MxjsO+3qtbiU2tKFaXpMA1BizeY/LQzNSa8jTf3neSDRIo
Y03WNTF4nvUM4sw88t4oqCLjwm9dvSDsTug6UUUKhHinmkww6PYWWlEZUI8d0wPx
NypJYEJX8183wXe0MdbNz2tghR82wbC6FTGMQQ8Y6pEXGCSeJFsoEFK+SsJQfvsY
ujLnSHhZe/k18ZFX5A79QK1e7hHCjIQdjofZz6HpxYM4eB09T6qAQljiWWUBKJo7
sknTyuYf967+lcA7DTuZRWhRf5tb5r1bYEkFmAi3MFxAy8Uos3PB
-----END CERTIFICATE-----
Generated at Fri Mar 27 23:58:54 2026 by rpki-client