Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/yv37hg5mvwqfBp5nGG9lmxRbKUM.roa
File: yv37hg5mvwqfBp5nGG9lmxRbKUM.roa (raw, json)
Hash identifier: QEM2OIiZ1y50h+XN7kxTZZxXKSjGL/mfWPoT30/MnIg=
Subject key identifier: CA:FD:FB:86:0E:66:BF:0A:9F:06:9E:67:18:6F:65:9B:14:5B:29:43
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019D683FE3AB4F074DC6A08F281F718F3D06
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/yv37hg5mvwqfBp5nGG9lmxRbKUM.roa
Signing time: Tue 07 Apr 2026 14:01:50 +0000
ROA not before: Tue 07 Apr 2026 14:01:50 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 150293
IP address blocks: 103.17.203.0/24 maxlen: 24
110.34.38.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 02:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:68:3f:e3:ab:4f:07:4d:c6:a0:8f:28:1f:71:8f:3d:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Apr 7 14:01:50 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=cafdfb860e66bf0a9f069e67186f659b145b2943
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:be:03:3b:fb:54:08:aa:79:73:58:54:bf:64:
89:a9:e6:54:98:b8:33:51:65:5f:bb:ad:65:b2:93:
c5:e1:0c:b5:a0:01:91:e3:50:db:93:c4:f8:2b:99:
e4:19:9e:74:e2:be:fd:44:46:58:50:89:48:9c:ba:
43:36:3a:62:46:c1:1e:f7:c5:1a:5a:b0:a4:b6:fe:
6d:b2:d6:60:30:14:21:7b:7c:8e:a5:64:e7:d6:65:
ad:18:08:7e:61:20:11:dd:23:34:76:a3:4d:56:04:
28:62:5f:e6:9f:bb:5c:58:ff:0f:16:7d:c9:e0:3d:
7f:0c:27:e2:fa:33:0f:92:d9:1a:3b:47:ea:36:40:
aa:31:9d:15:35:cd:1e:1d:b2:54:43:0f:ed:66:6e:
c4:c6:3f:3c:eb:2d:92:62:2f:56:35:88:05:d8:9c:
59:41:f3:fa:5a:11:67:bb:84:9e:a6:72:a0:3c:7e:
d8:14:58:61:b8:0b:29:74:43:f4:19:8e:12:3e:c5:
21:77:77:1f:c4:ff:9a:76:40:89:db:31:13:12:79:
51:57:aa:7d:92:2a:ee:23:ba:74:52:fb:80:51:c1:
29:6d:d3:b1:55:cf:e6:22:6b:54:4a:53:ce:b0:fa:
2c:f4:01:5b:5d:e4:0e:a6:9f:81:14:55:54:ee:2e:
63:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:FD:FB:86:0E:66:BF:0A:9F:06:9E:67:18:6F:65:9B:14:5B:29:43
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/yv37hg5mvwqfBp5nGG9lmxRbKUM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.17.203.0/24
110.34.38.0/24
Signature Algorithm: sha256WithRSAEncryption
a9:48:75:0f:25:98:b4:b1:f2:90:da:64:c3:b3:79:8b:cc:3d:
53:a8:9c:65:58:36:1f:a0:e9:91:02:fb:20:07:21:5d:1e:72:
83:fa:2d:42:f2:11:42:24:01:68:6b:1f:44:e2:36:fc:d2:cd:
12:57:4d:b7:e9:32:b6:c0:4b:45:24:ef:af:f1:a1:dd:1a:23:
7b:4b:af:e3:8f:a4:7d:d8:ae:a4:19:1c:eb:3f:1b:fd:27:1a:
8b:04:6e:e9:3c:03:cc:5f:03:b2:22:00:66:c8:f3:a5:4b:18:
c0:f3:98:32:66:fe:bf:97:78:ac:8f:8a:ee:cb:c1:03:43:75:
3e:7d:d6:2e:3d:56:a9:7a:f3:c3:42:13:86:10:0b:55:af:dc:
b1:3e:8d:bd:ea:d6:2d:6e:4f:17:14:87:d6:95:27:6c:1c:a9:
8b:66:e6:ab:4e:98:a4:7c:6a:be:b8:ca:01:54:d8:44:55:1a:
b6:46:9e:87:a7:e1:a5:44:7e:59:4c:ba:84:b4:00:31:5e:ff:
0b:73:f7:e4:f4:e9:ff:5f:7d:c1:da:ed:72:43:5e:e7:34:b3:
bc:51:ed:0b:12:c7:d8:d5:ed:93:12:7e:02:bf:52:12:ed:f2:
56:8e:2d:cb:c7:01:19:5f:30:6d:7d:ee:94:c6:75:14:d5:53:
5e:25:9a:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1oP+OrTwdNxqCPKB9xjz0GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwNDA3MTQwMTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWZkZmI4NjBlNjZiZjBhOWYwNjllNjcxODZmNjU5YjE0NWIyOTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv74DO/tUCKp5c1hUv2SJqeZUmLgz
UWVfu61lspPF4Qy1oAGR41Dbk8T4K5nkGZ504r79REZYUIlInLpDNjpiRsEe98Ua
WrCktv5tstZgMBQhe3yOpWTn1mWtGAh+YSAR3SM0dqNNVgQoYl/mn7tcWP8PFn3J
4D1/DCfi+jMPktkaO0fqNkCqMZ0VNc0eHbJUQw/tZm7Exj886y2SYi9WNYgF2JxZ
QfP6WhFnu4SepnKgPH7YFFhhuAspdEP0GY4SPsUhd3cfxP+adkCJ2zETEnlRV6p9
kiruI7p0UvuAUcEpbdOxVc/mImtUSlPOsPos9AFbXeQOpp+BFFVU7i5jRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMr9+4YOZr8KnwaeZxhvZZsUWylDMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEveXYzN2hnNW12d3FmQnA1bkdHOWxteFJiS1VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZxHLAwQA
biImMA0GCSqGSIb3DQEBCwUAA4IBAQCpSHUPJZi0sfKQ2mTDs3mLzD1TqJxlWDYf
oOmRAvsgByFdHnKD+i1C8hFCJAFoax9E4jb80s0SV0236TK2wEtFJO+v8aHdGiN7
S6/jj6R92K6kGRzrPxv9JxqLBG7pPAPMXwOyIgBmyPOlSxjA85gyZv6/l3isj4ru
y8EDQ3U+fdYuPVapevPDQhOGEAtVr9yxPo296tYtbk8XFIfWlSdsHKmLZuarTpik
fGq+uMoBVNhEVRq2Rp6Hp+GlRH5ZTLqEtAAxXv8Lc/fk9On/X33B2u1yQ17nNLO8
Ue0LEsfY1e2TEn4Cv1IS7fJWji3LxwEZXzBtfe6UxnUU1VNeJZoY
-----END CERTIFICATE-----
Generated at Sun Apr 19 11:22:31 2026 by rpki-client