Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/zrJcGVRGitKhq3kfj1Tr_6et-3U.roa
File: zrJcGVRGitKhq3kfj1Tr_6et-3U.roa (raw, json)
Hash identifier: n4hXOAzqsvvYiSIL3U74ShvwGUlbu7jKRLpRH+vKps4=
Subject key identifier: CE:B2:5C:19:54:46:8A:D2:A1:AB:79:1F:8F:54:EB:FF:A7:AD:FB:75
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019D35A3C2F9740D3BCE81012B6273BB5303
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/zrJcGVRGitKhq3kfj1Tr_6et-3U.roa
Signing time: Sat 28 Mar 2026 18:10:17 +0000
ROA not before: Sat 28 Mar 2026 18:10:17 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 36137
IP address blocks: 103.86.37.0/24 maxlen: 24
103.124.156.0/23 maxlen: 24
116.204.166.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:35:a3:c2:f9:74:0d:3b:ce:81:01:2b:62:73:bb:53:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Mar 28 18:10:17 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ceb25c1954468ad2a1ab791f8f54ebffa7adfb75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:6a:e2:a2:b2:51:fe:93:fc:5d:c6:10:67:68:
a8:93:db:59:3f:c7:47:7a:2b:df:01:e7:60:38:84:
bd:f9:9b:61:eb:b5:f4:f3:02:4c:b2:4a:9d:12:be:
fb:9f:da:a3:c3:b5:96:ba:34:84:50:60:a9:2e:e0:
50:79:da:e5:ad:2c:a0:37:f3:58:1b:7d:4a:f2:ac:
c5:4f:58:bd:e1:29:80:d0:95:df:d0:56:21:68:e2:
98:c8:ae:a5:7c:11:4d:e4:57:e7:ff:47:27:9b:f6:
61:f1:0f:e3:20:0b:ab:0e:00:cb:bb:df:28:b0:ac:
a9:20:35:be:57:6e:95:82:cd:d1:b7:56:ac:e7:21:
0e:14:37:df:5f:dd:5c:95:93:4c:9e:63:30:21:10:
1d:96:a3:e0:bc:87:07:de:9a:bc:01:6f:63:4a:58:
98:ad:42:9e:b2:b1:e9:c0:75:b9:2b:9d:d4:06:48:
8d:21:48:64:fe:a0:73:9c:4a:4c:17:8f:78:e4:cf:
b5:36:b7:5f:63:3b:58:0d:6a:be:1b:cc:b5:39:05:
79:3c:ee:f6:7e:22:0c:b0:33:b1:da:2e:4c:60:5f:
34:67:a0:e5:f8:fe:c7:f9:21:fa:17:cd:20:8c:d2:
64:5b:63:2c:c8:b9:a0:aa:38:e0:70:aa:77:4a:20:
4f:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:B2:5C:19:54:46:8A:D2:A1:AB:79:1F:8F:54:EB:FF:A7:AD:FB:75
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/zrJcGVRGitKhq3kfj1Tr_6et-3U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.86.37.0/24
103.124.156.0/23
116.204.166.0/24
Signature Algorithm: sha256WithRSAEncryption
72:03:e9:46:48:ff:46:f1:30:dd:15:6a:d3:c0:7c:fd:a7:d7:
c4:ea:61:87:a5:af:42:a8:9e:ca:62:ab:25:a8:fe:9e:2f:88:
26:29:2a:b1:88:dc:09:1f:d7:80:63:25:f3:33:4d:70:60:cd:
42:bf:2c:c7:72:de:09:a0:14:54:8c:ed:8f:dd:60:b3:81:28:
95:d1:19:27:46:cf:25:48:4e:84:54:49:9c:03:1e:2a:20:9b:
3b:2b:e4:2d:59:02:2c:ea:13:2f:4f:03:03:00:47:49:4b:41:
6d:be:1f:43:17:bb:3a:4d:be:e4:1b:5a:39:a9:3a:20:f0:b9:
50:e9:d7:ca:65:b0:6a:fd:59:f9:e4:b4:85:f3:ec:75:b5:e7:
7b:64:5f:3d:63:f2:b9:d1:6c:1c:59:ba:56:61:2d:52:8e:50:
04:fe:a5:fb:dc:ea:a8:f5:c2:0d:a4:81:f1:30:8e:18:8b:e3:
f8:2a:29:03:8d:a4:3c:8a:f6:8f:fb:ad:93:b8:c0:63:fe:f4:
93:80:4a:ba:7b:1d:57:72:c9:ed:dc:f4:7f:4d:28:c1:fb:e4:
7e:d1:bd:9f:d9:c7:9a:9a:37:87:f7:9b:e4:11:5b:60:2d:7d:
16:27:11:e2:d0:9b:19:02:6f:fa:fb:43:26:00:18:35:e3:11:
a3:14:0d:c6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ01o8L5dA07zoEBK2Jzu1MDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzI4MTgxMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWIyNWMxOTU0NDY4YWQyYTFhYjc5MWY4ZjU0ZWJmZmE3YWRmYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGriorJR/pP8XcYQZ2iok9tZP8dH
eivfAedgOIS9+Zth67X08wJMskqdEr77n9qjw7WWujSEUGCpLuBQedrlrSygN/NY
G31K8qzFT1i94SmA0JXf0FYhaOKYyK6lfBFN5Ffn/0cnm/Zh8Q/jIAurDgDLu98o
sKypIDW+V26Vgs3Rt1as5yEOFDffX91clZNMnmMwIRAdlqPgvIcH3pq8AW9jSliY
rUKesrHpwHW5K53UBkiNIUhk/qBznEpMF4945M+1NrdfYztYDWq+G8y1OQV5PO72
fiIMsDOx2i5MYF80Z6Dl+P7H+SH6F80gjNJkW2MsyLmgqjjgcKp3SiBPVwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM6yXBlURorSoat5H49U6/+nrft1MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvenJKY0dWUkdpdEtocTNrZmoxVHJfNmV0LTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAZ1YlAwQB
Z3ycAwQAdMymMA0GCSqGSIb3DQEBCwUAA4IBAQByA+lGSP9G8TDdFWrTwHz9p9fE
6mGHpa9CqJ7KYqslqP6eL4gmKSqxiNwJH9eAYyXzM01wYM1CvyzHct4JoBRUjO2P
3WCzgSiV0RknRs8lSE6EVEmcAx4qIJs7K+QtWQIs6hMvTwMDAEdJS0Ftvh9DF7s6
Tb7kG1o5qTog8LlQ6dfKZbBq/Vn55LSF8+x1ted7ZF89Y/K50WwcWbpWYS1SjlAE
/qX73Oqo9cINpIHxMI4Yi+P4KikDjaQ8ivaP+62TuMBj/vSTgEq6ex1Xcsnt3PR/
TSjB++R+0b2f2ceamjeH95vkEVtgLX0WJxHi0JsZAm/6+0MmABg14xGjFA3G
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:30:32 2026 by rpki-client