Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/IN8_0shZRjqy0BSNcA6vSwjizsE.roa
File: IN8_0shZRjqy0BSNcA6vSwjizsE.roa (raw, json)
Hash identifier: j3OMYKONkpCF4kIbEhnrl95j/FvtjhK3uRKyc6fY7qM=
Subject key identifier: 20:DF:3F:D2:C8:59:46:3A:B2:D0:14:8D:70:0E:AF:4B:08:E2:CE:C1
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 019D5D99118F722C4CF23B4E35E4C97FFC07
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/IN8_0shZRjqy0BSNcA6vSwjizsE.roa
Signing time: Sun 05 Apr 2026 12:23:25 +0000
ROA not before: Sun 05 Apr 2026 12:23:25 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 103.17.96.0/24 maxlen: 24
109.111.34.0/23 maxlen: 24
109.111.48.0/20 maxlen: 20
109.111.50.0/23 maxlen: 24
109.111.54.0/23 maxlen: 24
109.111.56.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 00:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:5d:99:11:8f:72:2c:4c:f2:3b:4e:35:e4:c9:7f:fc:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Apr 5 12:23:25 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=20df3fd2c859463ab2d0148d700eaf4b08e2cec1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:92:bb:66:26:26:4a:1e:22:02:11:73:f0:ca:
40:48:6f:e8:f8:74:d8:36:cb:6a:ae:d7:f5:22:a4:
70:ec:33:9b:e4:83:f4:90:1d:51:5e:0d:f4:7f:b1:
f3:94:84:29:b3:79:cf:16:86:e6:07:6c:0d:b6:94:
3e:ee:9d:cf:90:b0:d8:ea:91:d2:ae:33:1c:b2:b0:
eb:b0:8d:f1:ac:d9:f2:ce:87:b9:06:22:68:b7:7c:
dd:70:19:5a:96:d8:b5:f0:d6:d0:a7:3c:af:31:41:
cf:c1:0a:61:ed:ee:ec:4b:c3:4b:b4:a4:d9:fd:1b:
2a:e2:d9:3d:72:eb:34:8e:db:66:d4:f2:56:30:85:
81:52:8f:5b:42:8f:c3:b5:12:18:e2:8a:e9:62:d4:
7d:28:b9:bf:e1:a5:28:10:50:e8:64:37:0e:b5:a5:
8e:de:c1:07:2a:9b:73:78:24:2b:66:3a:38:53:4a:
af:3e:80:b5:4b:8d:93:33:88:12:f6:86:fc:a4:b4:
04:76:aa:04:99:5b:36:7a:87:fa:4c:0f:d8:2c:a7:
c5:36:4e:93:8d:25:5c:2f:5a:d3:08:87:de:ed:3f:
af:61:c1:e5:fb:4a:ec:c8:51:a8:d9:73:38:db:42:
fd:97:92:4d:8f:12:1c:67:2d:21:ca:0c:a9:f9:7e:
96:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:DF:3F:D2:C8:59:46:3A:B2:D0:14:8D:70:0E:AF:4B:08:E2:CE:C1
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/IN8_0shZRjqy0BSNcA6vSwjizsE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.17.96.0/24
109.111.34.0/23
109.111.48.0/20
Signature Algorithm: sha256WithRSAEncryption
b1:66:d8:93:37:02:fa:22:9a:b2:b5:de:ff:b4:5c:96:2a:e0:
31:22:f3:fe:7c:d0:05:1c:75:50:ba:eb:73:c9:87:68:b5:98:
31:b9:48:65:b2:be:e4:b5:51:2d:24:e5:75:f8:9d:aa:70:58:
18:27:57:b6:62:29:47:d9:4f:33:06:33:c6:8b:45:94:cc:81:
f8:b7:b2:80:0a:1f:28:8c:41:0c:8c:ab:81:ec:cb:d4:23:16:
10:2d:9b:72:d8:6f:e3:8c:e1:d4:99:59:4a:e1:6d:7d:5d:ad:
7e:c2:ac:dc:31:8e:fc:62:79:45:40:ad:61:35:1d:29:ee:7a:
47:05:e7:f9:71:ee:50:67:ee:74:9f:19:bb:f0:0d:cf:82:59:
e9:55:d5:ee:52:58:12:50:a2:ce:a1:fc:a7:e8:ff:d1:71:03:
1b:ff:d5:18:37:b9:18:2b:b2:e1:bc:98:30:2e:de:85:5e:ae:
28:ad:f8:c1:9f:cb:55:e4:96:b1:61:09:81:3f:47:68:87:14:
7b:5b:45:ec:a0:d5:05:00:bf:92:d7:86:af:c9:21:fe:1d:17:
a5:ed:d9:7c:83:54:eb:e7:66:10:7a:f2:7b:7d:da:f6:e5:ee:
f1:73:17:f5:37:be:ce:61:46:77:4a:20:21:e2:71:d6:39:8e:
56:e0:1a:4d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ1dmRGPcixM8jtONeTJf/wHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjYwNDA1MTIyMzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGRmM2ZkMmM4NTk0NjNhYjJkMDE0OGQ3MDBlYWY0YjA4ZTJjZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5K7ZiYmSh4iAhFz8MpASG/o+HTY
Nstqrtf1IqRw7DOb5IP0kB1RXg30f7HzlIQps3nPFobmB2wNtpQ+7p3PkLDY6pHS
rjMcsrDrsI3xrNnyzoe5BiJot3zdcBlalti18NbQpzyvMUHPwQph7e7sS8NLtKTZ
/Rsq4tk9cus0jttm1PJWMIWBUo9bQo/DtRIY4orpYtR9KLm/4aUoEFDoZDcOtaWO
3sEHKptzeCQrZjo4U0qvPoC1S42TM4gS9ob8pLQEdqoEmVs2eof6TA/YLKfFNk6T
jSVcL1rTCIfe7T+vYcHl+0rsyFGo2XM420L9l5JNjxIcZy0hygyp+X6W0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCDfP9LIWUY6stAUjXAOr0sI4s7BMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvSU44XzBzaFpSanF5MEJTTmNBNnZTd2ppenNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAZxFgAwQB
bW8iAwQEbW8wMA0GCSqGSIb3DQEBCwUAA4IBAQCxZtiTNwL6Ipqytd7/tFyWKuAx
IvP+fNAFHHVQuutzyYdotZgxuUhlsr7ktVEtJOV1+J2qcFgYJ1e2YilH2U8zBjPG
i0WUzIH4t7KACh8ojEEMjKuB7MvUIxYQLZty2G/jjOHUmVlK4W19Xa1+wqzcMY78
YnlFQK1hNR0p7npHBef5ce5QZ+50nxm78A3PglnpVdXuUlgSUKLOofyn6P/RcQMb
/9UYN7kYK7LhvJgwLt6FXq4orfjBn8tV5JaxYQmBP0dohxR7W0XsoNUFAL+S14av
ySH+HRel7dl8g1Tr52YQevJ7fdr25e7xcxf1N77OYUZ3SiAh4nHWOY5W4BpN
-----END CERTIFICATE-----
Generated at Sun Apr 19 10:04:36 2026 by rpki-client