Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/poqG69mPnb95YSUs8FdptFbAqUw.roa
File: poqG69mPnb95YSUs8FdptFbAqUw.roa (raw, json)
Hash identifier: mqMSlTGBPTy+EqcBaFtlD8JVQdwDJPdpMrV37KzvxOo=
Subject key identifier: A6:8A:86:EB:D9:8F:9D:BF:79:61:25:2C:F0:57:69:B4:56:C0:A9:4C
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019865C3363E0FA170E7C8D128F30919F6A7
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/poqG69mPnb95YSUs8FdptFbAqUw.roa
Signing time: Fri 01 Aug 2025 13:12:28 +0000
ROA not before: Fri 01 Aug 2025 13:12:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 36137
IP address blocks: 103.17.202.0/24 maxlen: 24
103.17.203.0/24 maxlen: 24
103.86.36.0/23 maxlen: 24
103.124.156.0/23 maxlen: 24
110.34.32.0/24 maxlen: 24
110.34.37.0/24 maxlen: 24
110.34.38.0/24 maxlen: 24
116.204.166.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 13:00:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:65:c3:36:3e:0f:a1:70:e7:c8:d1:28:f3:09:19:f6:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Aug 1 13:12:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a68a86ebd98f9dbf7961252cf05769b456c0a94c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:bf:51:84:80:45:9d:48:c9:85:b1:6c:e1:32:
28:59:53:06:e2:ef:2c:b7:0f:79:46:75:e5:80:85:
fa:70:c7:93:11:05:ac:36:ed:e4:00:17:f7:a7:8f:
cf:09:a7:00:ef:a1:89:e4:26:a5:fb:fc:69:34:a9:
6b:c9:1f:ba:0b:67:79:0d:4c:5c:a8:7d:95:57:8a:
5a:8d:ed:36:d4:50:84:a2:7a:84:e5:a2:b7:6a:49:
0e:0a:bc:c5:ba:d0:3a:e4:d1:81:b6:37:67:73:91:
2b:a9:83:b3:8a:cc:9f:a2:50:07:a0:6b:c1:ee:26:
c5:ad:d1:d4:59:aa:97:fa:34:fd:1f:e9:b8:73:c8:
23:19:9a:b1:5f:0e:63:d9:8e:ed:8e:64:98:01:b2:
f8:8d:0e:98:fa:72:5f:15:40:d8:01:1b:92:89:cb:
65:c1:8e:5e:f5:89:95:d2:24:8b:43:a4:5c:d8:d5:
a5:2c:ad:de:73:5b:af:c4:b3:65:10:c6:ea:0e:d8:
ca:df:b7:e8:18:d0:57:fe:51:51:3d:a8:af:03:c5:
48:11:a9:de:87:42:7f:70:aa:8d:83:ce:d0:59:fd:
ec:76:61:6c:9e:20:3b:83:db:08:9e:9a:4f:4f:d8:
18:30:fd:52:30:0d:02:ab:a9:3d:8e:32:d6:bb:f7:
65:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:8A:86:EB:D9:8F:9D:BF:79:61:25:2C:F0:57:69:B4:56:C0:A9:4C
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/poqG69mPnb95YSUs8FdptFbAqUw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.17.202.0/23
103.86.36.0/23
103.124.156.0/23
110.34.32.0/24
110.34.37.0-110.34.38.255
116.204.166.0/24
Signature Algorithm: sha256WithRSAEncryption
57:41:d1:e3:0e:64:71:a6:8b:b2:6f:78:e8:c9:ec:8b:75:7d:
c8:ce:05:1e:04:14:61:b1:80:30:f8:ef:36:f4:34:91:7d:fb:
e1:4a:36:fa:e2:44:b9:9a:24:48:78:49:22:7d:ef:9a:bd:06:
a8:c3:06:08:5f:1f:e9:54:08:9a:82:a2:99:84:ec:88:c8:e7:
7b:c1:40:ad:0b:fe:9e:be:cb:47:48:e2:c2:94:2d:44:ea:7e:
3c:97:c2:e4:bd:92:fe:33:79:af:f0:cf:2b:4c:7f:7a:7a:7b:
7c:79:33:97:46:27:81:3f:20:fe:dd:e8:1d:42:2b:df:8a:1e:
21:a8:a2:49:56:79:b3:90:e5:c9:2f:f4:a2:76:28:1e:12:a6:
3e:9a:b3:61:e5:03:7e:4f:ef:28:08:c5:35:85:f6:58:8a:d9:
fe:3b:a4:6f:a6:ba:b7:f5:89:6e:3c:87:7e:56:47:05:4c:28:
4c:ca:76:6e:80:5d:28:af:a3:20:5d:1c:b9:23:e9:1c:39:8f:
6f:89:e8:da:f5:ea:a9:0d:f6:59:52:29:d6:6d:7c:a6:cd:7a:
32:ae:ca:e6:cb:a1:c5:48:e7:15:c3:70:31:23:c0:c2:09:7d:
cc:e7:bc:6d:bf:1e:44:c1:76:13:35:9f:47:ba:77:07:82:7a:
2e:42:0d:21
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZhlwzY+D6Fw58jRKPMJGfanMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjUwODAxMTMxMjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjhhODZlYmQ5OGY5ZGJmNzk2MTI1MmNmMDU3NjliNDU2YzBhOTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkL9RhIBFnUjJhbFs4TIoWVMG4u8s
tw95RnXlgIX6cMeTEQWsNu3kABf3p4/PCacA76GJ5Cal+/xpNKlryR+6C2d5DUxc
qH2VV4paje021FCEonqE5aK3akkOCrzFutA65NGBtjdnc5ErqYOzisyfolAHoGvB
7ibFrdHUWaqX+jT9H+m4c8gjGZqxXw5j2Y7tjmSYAbL4jQ6Y+nJfFUDYARuSictl
wY5e9YmV0iSLQ6Rc2NWlLK3ec1uvxLNlEMbqDtjK37foGNBX/lFRPaivA8VIEane
h0J/cKqNg87QWf3sdmFsniA7g9sInppPT9gYMP1SMA0Cq6k9jjLWu/dlTQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFKaKhuvZj52/eWElLPBXabRWwKlMMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvcG9xRzY5bVBuYjk1WVNVczhGZHB0RmJBcVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBZxHKAwQB
Z1YkAwQBZ3ycAwQAbiIgMAwDBABuIiUDBABuIiYDBAB0zKYwDQYJKoZIhvcNAQEL
BQADggEBAFdB0eMOZHGmi7JveOjJ7It1fcjOBR4EFGGxgDD47zb0NJF9++FKNvri
RLmaJEh4SSJ975q9BqjDBghfH+lUCJqCopmE7IjI53vBQK0L/p6+y0dI4sKULUTq
fjyXwuS9kv4zea/wzytMf3p6e3x5M5dGJ4E/IP7d6B1CK9+KHiGooklWebOQ5ckv
9KJ2KB4Spj6as2HlA35P7ygIxTWF9liK2f47pG+murf1iW48h35WRwVMKEzKdm6A
XSivoyBdHLkj6Rw5j2+J6Nr16qkN9llSKdZtfKbNejKuyubLocVI5xXDcDEjwMIJ
fcznvG2/HkTBdhM1n0e6dweCei5CDSE=
-----END CERTIFICATE-----
Generated at Sat Aug 9 23:14:48 2025 by rpki-client