Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/lve0auYv79eq4qzf0mQ_AhIFFns.roa
File: lve0auYv79eq4qzf0mQ_AhIFFns.roa (raw, json)
Hash identifier: oj/7DGlqpIcXpi2JkuKZTadf3KCrdph45/36BvOdoGU=
Subject key identifier: 96:F7:B4:6A:E6:2F:EF:D7:AA:E2:AC:DF:D2:64:3F:02:12:05:16:7B
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019ECC48F5BDE6BEB6490B740F531B357A3D
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/lve0auYv79eq4qzf0mQ_AhIFFns.roa
Signing time: Mon 15 Jun 2026 17:16:33 +0000
ROA not before: Mon 15 Jun 2026 17:16:33 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 54600
IP address blocks: 222.167.233.0/24 maxlen: 24
222.167.240.0/24 maxlen: 24
222.167.243.0/24 maxlen: 24
222.167.245.0/24 maxlen: 24
222.167.247.0/24 maxlen: 24
222.167.248.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 20 Jun 2026 23:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:cc:48:f5:bd:e6:be:b6:49:0b:74:0f:53:1b:35:7a:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Jun 15 17:16:33 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=96f7b46ae62fefd7aae2acdfd2643f021205167b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:2a:b7:7d:80:fd:9d:cd:b6:64:cb:fc:09:ba:
88:58:c9:bd:ca:a2:1e:88:32:2b:ab:18:cf:59:35:
92:02:ff:1a:41:dd:b0:a7:0f:49:34:06:ea:47:fd:
64:5e:31:a1:37:da:f0:d3:c3:9f:19:61:6a:5d:6a:
03:33:55:a2:9b:38:ef:f7:2b:60:e4:23:3a:f4:be:
40:e0:4e:6b:cc:7d:5f:62:73:1c:18:d5:75:a7:62:
72:4c:ef:72:ad:df:31:f6:fa:8e:de:9a:d2:c3:fc:
1d:16:c2:88:be:d1:a9:50:43:d6:7e:8d:90:ad:23:
d5:48:1c:32:8e:84:b9:3b:f2:82:de:7e:d2:00:70:
44:4e:92:29:d2:11:b2:70:a4:af:3a:64:b1:49:3b:
85:56:55:10:1c:02:a7:1d:85:9a:ba:a8:7f:25:cb:
70:04:15:7f:34:74:40:6c:49:dd:f9:4a:a9:5c:14:
b9:a4:01:79:93:27:89:ff:29:a5:1f:8c:68:4a:2c:
95:84:15:df:63:7d:a0:86:1f:d1:a3:33:4a:eb:cf:
63:2f:65:ad:fc:21:fb:19:d9:6a:6b:e8:8d:73:f7:
36:ef:63:6a:82:20:bc:5e:f1:e5:9a:4c:e9:96:2c:
d6:cf:98:49:55:cd:55:28:24:f1:52:52:b4:15:35:
6e:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:F7:B4:6A:E6:2F:EF:D7:AA:E2:AC:DF:D2:64:3F:02:12:05:16:7B
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/lve0auYv79eq4qzf0mQ_AhIFFns.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
222.167.233.0/24
222.167.240.0/24
222.167.243.0/24
222.167.245.0/24
222.167.247.0-222.167.248.255
Signature Algorithm: sha256WithRSAEncryption
38:70:7a:3a:46:00:e3:2d:c5:95:2e:94:1f:e5:5b:ff:ec:30:
88:33:1d:2e:3f:95:9a:14:47:a6:70:b8:44:a4:44:4e:3c:f1:
32:48:8b:21:2a:b3:bb:52:0a:98:e2:4b:28:63:4b:a9:a7:01:
df:e3:1a:3e:5c:44:0f:6c:79:11:4f:7e:31:be:4f:27:5c:a2:
4d:73:46:3a:12:19:01:2c:b2:6c:87:c3:25:6e:4e:0c:de:90:
2d:44:0f:0f:c5:40:3f:27:67:e5:f8:3f:a7:c0:a3:a5:f5:57:
56:4f:af:1b:66:46:f9:46:9e:e5:3f:b7:fe:e3:26:37:2e:01:
50:26:c3:68:69:7c:a1:1c:49:65:5e:e3:a3:02:77:21:4b:b3:
6a:15:00:18:88:7c:50:6c:be:1a:4f:f6:23:b8:fb:4c:c6:55:
1d:db:df:d3:7d:19:1c:03:69:91:f2:46:b9:30:d1:06:77:dc:
6f:93:2a:e1:8c:ff:cd:cd:6c:c3:b0:23:00:8a:bb:f8:29:17:
9c:26:e1:33:01:43:e3:a1:99:30:1f:93:96:eb:20:1b:a8:80:
b0:8f:70:93:5c:7a:bd:4a:39:54:25:69:c1:82:c4:4f:ad:4b:
fa:e7:ce:5f:6d:f7:ec:28:41:4f:36:cb:c3:9c:37:d9:bc:53:
6a:68:75:b5
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZ7MSPW95r62SQt0D1MbNXo9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNjE1MTcxNjMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmY3YjQ2YWU2MmZlZmQ3YWFlMmFjZGZkMjY0M2YwMjEyMDUxNjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Sq3fYD9nc22ZMv8CbqIWMm9yqIe
iDIrqxjPWTWSAv8aQd2wpw9JNAbqR/1kXjGhN9rw08OfGWFqXWoDM1Wimzjv9ytg
5CM69L5A4E5rzH1fYnMcGNV1p2JyTO9yrd8x9vqO3prSw/wdFsKIvtGpUEPWfo2Q
rSPVSBwyjoS5O/KC3n7SAHBETpIp0hGycKSvOmSxSTuFVlUQHAKnHYWauqh/Jctw
BBV/NHRAbEnd+UqpXBS5pAF5kyeJ/ymlH4xoSiyVhBXfY32ghh/RozNK689jL2Wt
/CH7Gdlqa+iNc/c272NqgiC8XvHlmkzplizWz5hJVc1VKCTxUlK0FTVurQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFJb3tGrmL+/XquKs39JkPwISBRZ7MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvbHZlMGF1WXY3OWVxNHF6ZjBtUV9BaElGRm5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQA3qfpAwQA
3qfwAwQA3qfzAwQA3qf1MAwDBADep/cDBADep/gwDQYJKoZIhvcNAQELBQADggEB
ADhwejpGAOMtxZUulB/lW//sMIgzHS4/lZoUR6ZwuESkRE488TJIiyEqs7tSCpji
SyhjS6mnAd/jGj5cRA9seRFPfjG+Tydcok1zRjoSGQEssmyHwyVuTgzekC1EDw/F
QD8nZ+X4P6fAo6X1V1ZPrxtmRvlGnuU/t/7jJjcuAVAmw2hpfKEcSWVe46MCdyFL
s2oVABiIfFBsvhpP9iO4+0zGVR3b39N9GRwDaZHyRrkw0QZ33G+TKuGM/83NbMOw
IwCKu/gpF5wm4TMBQ+OhmTAfk5brIBuogLCPcJNcer1KOVQlacGCxE+tS/rnzl9t
9+woQU82y8OcN9m8U2podbU=
-----END CERTIFICATE-----
Generated at Sat Jun 20 10:59:46 2026 by rpki-client