Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/y1Z2hObpOwifvf8lpgbUQtGwJXU.roa
File: y1Z2hObpOwifvf8lpgbUQtGwJXU.roa (raw, json)
Hash identifier: 9Hg9Iq1VHNOxzGCybDL+RRSsqIowSzXpiNf4CWDFPDc=
Subject key identifier: CB:56:76:84:E6:E9:3B:08:9F:BD:FF:25:A6:06:D4:42:D1:B0:25:75
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019F11132A126294EC53170461A8FC9A51D8
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/y1Z2hObpOwifvf8lpgbUQtGwJXU.roa
Signing time: Mon 29 Jun 2026 01:51:36 +0000
ROA not before: Mon 29 Jun 2026 01:51:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 110.34.38.0/24 maxlen: 24
150.107.49.0/24 maxlen: 24
222.167.250.0/24 maxlen: 24
222.167.254.0/24 maxlen: 24
222.167.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 30 Jun 2026 01:51:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9f:11:13:2a:12:62:94:ec:53:17:04:61:a8:fc:9a:51:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Jun 29 01:51:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cb567684e6e93b089fbdff25a606d442d1b02575
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:95:6e:9d:3d:cd:8a:92:40:5d:17:4b:ad:e1:
cc:65:84:c6:a0:de:5d:da:65:b1:b4:33:f7:cc:7b:
a4:9f:db:e6:38:81:9e:0e:d7:46:82:cb:c7:e1:43:
73:7c:ff:54:47:4e:33:a1:fb:44:4a:bf:5c:68:af:
23:e1:11:67:d0:27:00:2b:3e:0e:72:21:a2:a4:9a:
46:a6:fa:14:25:62:af:b4:a7:5c:77:a6:0c:51:11:
65:65:ff:9b:e2:fc:58:f2:44:5b:27:8c:22:10:ed:
05:95:cb:12:d7:63:75:43:a0:3e:4d:9d:a8:b1:f8:
86:a4:5b:c5:ae:77:ad:7c:37:74:6d:02:e1:65:bb:
ff:4a:54:94:af:9a:8b:b5:f3:8c:53:11:de:21:0d:
fa:85:ed:0d:cd:10:f3:35:f5:01:5c:02:4b:fe:89:
61:9e:a0:15:c3:bd:c7:08:b3:02:0f:1a:7b:4a:8a:
99:9a:a6:dd:cd:63:7c:34:59:f6:cb:d5:f9:87:31:
3d:52:5a:67:4b:0c:32:62:66:c3:fa:c0:63:f7:b6:
ef:f1:74:2a:9f:bf:25:af:c1:e1:e3:c3:01:5b:3f:
b8:d8:6b:2a:60:91:a9:fa:1b:88:91:d6:05:58:47:
71:30:5d:01:53:0d:36:59:45:17:52:64:87:38:aa:
e8:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:56:76:84:E6:E9:3B:08:9F:BD:FF:25:A6:06:D4:42:D1:B0:25:75
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/y1Z2hObpOwifvf8lpgbUQtGwJXU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
110.34.38.0/24
150.107.49.0/24
222.167.250.0/24
222.167.254.0/23
Signature Algorithm: sha256WithRSAEncryption
14:34:13:45:31:c7:61:08:f5:f4:91:78:d9:32:08:f7:df:21:
5e:2b:11:15:d2:45:87:3c:bb:56:4c:2a:50:fa:42:3b:e5:f1:
ed:07:6d:75:67:12:8a:b1:4c:ef:10:da:5b:bd:3b:db:73:b8:
29:bb:04:8f:63:ce:f4:a9:3c:0f:a5:b9:9b:8e:c4:e0:41:78:
9f:61:11:b1:ae:e0:e2:89:03:ee:ce:34:8c:d9:cc:ac:06:8e:
7b:8a:62:bb:42:71:ac:67:e8:ad:15:f4:82:86:23:22:39:cc:
7d:d2:0b:e1:38:77:0a:23:7c:c6:27:ca:fd:cb:e3:a4:fc:e8:
5a:26:fa:ee:30:9a:84:10:58:f7:48:f9:5b:f5:18:dd:95:fc:
14:22:d7:94:3b:5d:29:bb:77:ea:ba:1a:7c:fa:ba:ea:77:67:
45:d9:4c:a0:36:d0:0c:3e:8d:01:5e:ec:50:39:4b:56:9a:ac:
bf:0b:20:f5:df:c2:7b:78:8e:7f:9f:e5:c0:89:55:ca:3e:39:
db:25:8f:e6:8b:1c:52:2e:da:46:c3:aa:28:34:4b:05:4f:7c:
2b:b6:ae:a2:33:72:b1:54:44:56:8c:56:7e:84:35:c5:08:1e:
38:e1:4e:e0:95:f6:e4:20:6b:15:7a:e4:15:6c:8d:15:da:6b:
4e:e3:70:65
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ8REyoSYpTsUxcEYaj8mlHYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNjI5MDE1MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjU2NzY4NGU2ZTkzYjA4OWZiZGZmMjVhNjA2ZDQ0MmQxYjAyNTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZVunT3NipJAXRdLreHMZYTGoN5d
2mWxtDP3zHukn9vmOIGeDtdGgsvH4UNzfP9UR04zoftESr9caK8j4RFn0CcAKz4O
ciGipJpGpvoUJWKvtKdcd6YMURFlZf+b4vxY8kRbJ4wiEO0FlcsS12N1Q6A+TZ2o
sfiGpFvFrnetfDd0bQLhZbv/SlSUr5qLtfOMUxHeIQ36he0NzRDzNfUBXAJL/olh
nqAVw73HCLMCDxp7SoqZmqbdzWN8NFn2y9X5hzE9UlpnSwwyYmbD+sBj97bv8XQq
n78lr8Hh48MBWz+42GsqYJGp+huIkdYFWEdxMF0BUw02WUUXUmSHOKroKQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMtWdoTm6TsIn73/JaYG1ELRsCV1MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEveTFaMmhPYnBPd2lmdmY4bHBnYlVRdEd3SlhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbiImAwQA
lmsxAwQA3qf6AwQB3qf+MA0GCSqGSIb3DQEBCwUAA4IBAQAUNBNFMcdhCPX0kXjZ
Mgj33yFeKxEV0kWHPLtWTCpQ+kI75fHtB211ZxKKsUzvENpbvTvbc7gpuwSPY870
qTwPpbmbjsTgQXifYRGxruDiiQPuzjSM2cysBo57imK7QnGsZ+itFfSChiMiOcx9
0gvhOHcKI3zGJ8r9y+Ok/OhaJvruMJqEEFj3SPlb9RjdlfwUIteUO10pu3fquhp8
+rrqd2dF2UygNtAMPo0BXuxQOUtWmqy/CyD138J7eI5/n+XAiVXKPjnbJY/mixxS
LtpGw6ooNEsFT3wrtq6iM3KxVERWjFZ+hDXFCB444U7glfbkIGsVeuQVbI0V2mtO
43Bl
-----END CERTIFICATE-----
Generated at Mon Jun 29 10:00:09 2026 by rpki-client