Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/qAzUadTprtmqJCFIW9IAHgzejns.roa
File: qAzUadTprtmqJCFIW9IAHgzejns.roa (raw, json)
Hash identifier: nYQ+4//X0ww8ZeOreS7RD+XcRgHIvy9CloYhQfZt4gs=
Subject key identifier: A8:0C:D4:69:D4:E9:AE:D9:AA:24:21:48:5B:D2:00:1E:0C:DE:8E:7B
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019DB1FBDE07171E568D3AD9C2349A755F0A
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/qAzUadTprtmqJCFIW9IAHgzejns.roa
Signing time: Tue 21 Apr 2026 21:39:26 +0000
ROA not before: Tue 21 Apr 2026 21:39:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 398478
IP address blocks: 222.167.194.0/24 maxlen: 24
222.167.197.0/24 maxlen: 24
222.167.200.0/24 maxlen: 24
222.167.203.0/24 maxlen: 24
222.167.204.0/23 maxlen: 23
222.167.206.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 06 May 2026 22:00:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b1:fb:de:07:17:1e:56:8d:3a:d9:c2:34:9a:75:5f:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Apr 21 21:39:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a80cd469d4e9aed9aa2421485bd2001e0cde8e7b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:cf:5f:63:93:fb:da:c4:4c:da:97:b1:29:76:
37:c7:7d:32:af:d2:3f:1a:61:68:6e:d3:7d:81:9d:
02:9e:14:94:c1:99:00:d8:c7:dd:cf:ff:66:2f:0f:
16:5d:7b:86:e0:ad:ca:62:72:eb:a8:6e:ee:cd:fc:
6a:f7:5e:8c:80:75:c6:65:0e:3d:a3:e8:13:fc:93:
54:d6:b3:32:57:91:ca:e2:6b:1f:9a:d7:af:f0:1b:
15:65:99:03:2a:94:44:a3:15:d5:6c:f9:b6:06:6a:
3c:27:8a:ba:a3:87:86:b6:60:e6:fb:e3:bb:dc:fc:
a1:e0:8a:76:81:c4:50:9a:64:a2:43:d6:0b:9c:0e:
7b:6f:90:6d:52:12:37:f1:6c:7d:56:68:a8:64:4e:
90:69:2c:3a:9f:3b:be:69:c7:e8:3f:8b:1b:fe:83:
57:91:b7:68:67:41:b3:43:48:1b:61:26:8f:86:da:
ec:bf:ed:38:92:b0:95:0f:23:65:3f:cb:be:0d:3b:
c0:57:1f:4d:26:e0:9b:1d:3b:8a:4c:c4:ee:df:ae:
a7:1e:8c:d1:6a:8f:f8:64:42:b7:81:dc:54:0d:b3:
99:a9:04:49:f4:d3:24:7e:bd:30:fb:e3:6b:1d:ed:
ee:43:d5:81:d9:37:b8:03:16:6e:0c:7c:2c:e8:66:
d6:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:0C:D4:69:D4:E9:AE:D9:AA:24:21:48:5B:D2:00:1E:0C:DE:8E:7B
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/qAzUadTprtmqJCFIW9IAHgzejns.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
222.167.194.0/24
222.167.197.0/24
222.167.200.0/24
222.167.203.0-222.167.207.255
Signature Algorithm: sha256WithRSAEncryption
4f:62:06:72:75:01:98:6a:c4:aa:40:88:17:48:3c:58:47:27:
0a:6f:90:2c:ab:29:51:3e:98:4b:03:6b:e2:14:9b:19:99:2d:
4b:a9:c6:46:a9:40:4e:8e:3b:e0:00:6a:45:3b:45:9b:05:ef:
0e:f5:b8:8e:71:e9:09:61:8c:94:3b:d4:cd:09:22:f5:8a:1d:
9b:a9:fb:e3:a8:20:cb:ca:c1:3a:d7:a0:30:12:4a:83:d8:64:
e7:6a:3f:9f:93:35:3b:ef:21:ff:cd:aa:b1:7b:80:5c:2f:f9:
b1:58:da:7d:b3:aa:c3:d7:9b:cb:da:28:d4:26:d3:37:95:bf:
ef:c2:6e:af:7d:34:ac:31:44:6c:43:2d:56:2b:d1:12:64:16:
00:bd:f3:1b:88:0c:88:ce:cc:be:99:f4:f7:66:24:f2:4a:ed:
db:2d:02:ca:6c:72:54:75:43:04:34:8a:fe:74:d0:94:2b:3c:
3a:94:3f:7f:95:26:52:2b:68:01:a9:15:87:b6:05:d4:ae:4a:
1d:a3:55:51:39:b6:ac:84:19:ce:72:9a:9a:b8:81:49:75:60:
1e:7b:59:cd:a7:01:36:ca:eb:dd:5f:9b:7a:92:fa:69:80:fc:
32:0b:21:d7:fd:a5:11:a9:29:7b:b8:fd:4b:43:0e:60:f1:58:
fe:c1:64:a0
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ2x+94HFx5WjTrZwjSadV8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNDIxMjEzOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODBjZDQ2OWQ0ZTlhZWQ5YWEyNDIxNDg1YmQyMDAxZTBjZGU4ZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsc9fY5P72sRM2pexKXY3x30yr9I/
GmFobtN9gZ0CnhSUwZkA2Mfdz/9mLw8WXXuG4K3KYnLrqG7uzfxq916MgHXGZQ49
o+gT/JNU1rMyV5HK4msfmtev8BsVZZkDKpREoxXVbPm2Bmo8J4q6o4eGtmDm++O7
3Pyh4Ip2gcRQmmSiQ9YLnA57b5BtUhI38Wx9VmioZE6QaSw6nzu+acfoP4sb/oNX
kbdoZ0GzQ0gbYSaPhtrsv+04krCVDyNlP8u+DTvAVx9NJuCbHTuKTMTu366nHozR
ao/4ZEK3gdxUDbOZqQRJ9NMkfr0w++NrHe3uQ9WB2Te4AxZuDHws6GbW7wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFKgM1GnU6a7ZqiQhSFvSAB4M3o57MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvcUF6VWFkVHBydG1xSkNGSVc5SUFIZ3plam5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQA3qfCAwQA
3qfFAwQA3qfIMAwDBADep8sDBATep8AwDQYJKoZIhvcNAQELBQADggEBAE9iBnJ1
AZhqxKpAiBdIPFhHJwpvkCyrKVE+mEsDa+IUmxmZLUupxkapQE6OO+AAakU7RZsF
7w71uI5x6QlhjJQ71M0JIvWKHZup++OoIMvKwTrXoDASSoPYZOdqP5+TNTvvIf/N
qrF7gFwv+bFY2n2zqsPXm8vaKNQm0zeVv+/Cbq99NKwxRGxDLVYr0RJkFgC98xuI
DIjOzL6Z9PdmJPJK7dstAspsclR1QwQ0iv500JQrPDqUP3+VJlIraAGpFYe2BdSu
Sh2jVVE5tqyEGc5ympq4gUl1YB57Wc2nATbK691fm3qS+mmA/DILIdf9pRGpKXu4
/UtDDmDxWP7BZKA=
-----END CERTIFICATE-----
Generated at Wed May 6 05:57:55 2026 by rpki-client