Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/jFMyXReftDBObIji5fbuWeHPPWQ.roa
File: jFMyXReftDBObIji5fbuWeHPPWQ.roa (raw, json)
Hash identifier: 0tJfIrSZd7jqVA4yoSOu30eU3DK0ZW1q29jI0om8eT4=
Subject key identifier: 8C:53:32:5D:17:9F:B4:30:4E:6C:88:E2:E5:F6:EE:59:E1:CF:3D:64
Certificate issuer: /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial: 019D7C84A1DE003F0BA9BC4E2CED325EEF8F
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/jFMyXReftDBObIji5fbuWeHPPWQ.roa
Signing time: Sat 11 Apr 2026 12:29:20 +0000
ROA not before: Sat 11 Apr 2026 12:29:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 213702
IP address blocks: 103.27.157.0/24 maxlen: 24
132.243.221.0/24 maxlen: 24
132.243.223.0/24 maxlen: 24
132.243.225.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:7c:84:a1:de:00:3f:0b:a9:bc:4e:2c:ed:32:5e:ef:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Validity
Not Before: Apr 11 12:29:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=8c53325d179fb4304e6c88e2e5f6ee59e1cf3d64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:56:a8:c5:bc:fe:13:35:8c:66:f5:9c:e2:44:
5e:03:ae:3f:79:f9:ae:bb:3c:a4:fd:f1:15:e0:79:
34:0e:45:07:c7:b6:36:27:37:ab:76:3d:f7:18:72:
00:cf:0f:47:56:3f:df:bc:52:00:64:8a:23:e6:3c:
28:2b:c5:22:12:fd:31:a4:17:b1:87:eb:a2:b8:08:
d1:f6:4f:63:70:fb:43:98:43:50:77:20:01:73:38:
66:79:4c:f6:ee:34:1e:4a:99:2e:a7:18:ae:03:af:
94:4b:0b:2f:37:a8:1f:d2:51:96:4a:2e:73:41:00:
c5:23:61:e1:56:b3:f4:73:53:85:4a:20:7c:b6:ee:
a0:f8:83:a9:f1:b4:f2:d9:c6:e3:8e:e0:e3:a5:48:
9c:aa:15:1f:7c:ff:06:47:f4:70:b9:fb:1d:2c:42:
ce:e1:b2:e6:c8:42:65:b4:df:d8:f9:52:a3:c2:6c:
73:0f:9d:5d:df:47:52:f7:14:e9:0f:fe:3c:19:bd:
bb:eb:b5:b5:68:a1:48:09:33:0b:b7:a2:5a:75:8e:
33:13:70:e6:9f:08:f5:fe:4d:9a:cb:35:0e:2c:fd:
5d:68:fe:68:36:23:47:7c:df:fb:81:99:4f:b3:cb:
49:b0:0c:be:f4:b0:90:bd:c2:cc:54:c2:cd:97:b4:
e7:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:53:32:5D:17:9F:B4:30:4E:6C:88:E2:E5:F6:EE:59:E1:CF:3D:64
X509v3 Authority Key Identifier:
keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/jFMyXReftDBObIji5fbuWeHPPWQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.27.157.0/24
132.243.221.0/24
132.243.223.0/24
132.243.225.0/24
Signature Algorithm: sha256WithRSAEncryption
1a:83:fd:8a:18:0b:fe:6d:26:73:6b:88:41:94:53:ed:d5:c1:
ae:d5:d1:3e:b0:1c:f8:24:06:bb:5f:ee:a4:b9:fb:3b:be:e6:
85:01:9f:61:17:cf:54:e7:da:55:53:82:e9:95:78:2c:43:29:
c5:f0:66:09:b2:1b:22:64:2b:4f:01:1a:0b:d7:ed:07:e4:46:
86:f0:00:bc:70:87:bd:9e:b6:4d:73:cd:3d:8b:c4:20:49:c4:
1a:d7:36:4f:1b:39:20:2a:7c:24:56:09:9d:40:c3:a7:42:63:
46:0f:8b:bf:d0:e4:d2:37:a0:62:2a:8a:6e:11:49:0d:70:40:
99:b9:a4:0d:f3:0f:e7:fa:29:04:4f:8e:47:37:4a:88:6b:d9:
2f:95:3a:a2:74:5d:5c:dd:88:40:e1:0b:63:b8:48:cf:42:b7:
84:59:96:b6:fe:b6:7d:3c:2d:5d:d7:c5:a3:49:27:f9:eb:0d:
0c:1d:07:91:a3:72:49:df:e8:42:be:00:d9:a6:48:53:f9:3e:
65:8b:90:9c:9c:76:19:e3:00:0d:9b:64:6c:06:6e:d1:f6:e1:
49:e5:42:e1:91:24:71:92:14:51:52:dd:28:cb:a8:3d:84:0a:
08:14:00:68:12:ec:8b:0e:9d:69:36:1b:96:1e:1f:86:48:23:
e4:2b:bd:25
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ18hKHeAD8LqbxOLO0yXu+PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNDExMTIyOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzUzMzI1ZDE3OWZiNDMwNGU2Yzg4ZTJlNWY2ZWU1OWUxY2YzZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4laoxbz+EzWMZvWc4kReA64/efmu
uzyk/fEV4Hk0DkUHx7Y2Jzerdj33GHIAzw9HVj/fvFIAZIoj5jwoK8UiEv0xpBex
h+uiuAjR9k9jcPtDmENQdyABczhmeUz27jQeSpkupxiuA6+USwsvN6gf0lGWSi5z
QQDFI2HhVrP0c1OFSiB8tu6g+IOp8bTy2cbjjuDjpUicqhUffP8GR/RwufsdLELO
4bLmyEJltN/Y+VKjwmxzD51d30dS9xTpD/48Gb2767W1aKFICTMLt6JadY4zE3Dm
nwj1/k2ayzUOLP1daP5oNiNHfN/7gZlPs8tJsAy+9LCQvcLMVMLNl7TnbQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIxTMl0Xn7QwTmyI4uX27lnhzz1kMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvakZNeVhSZWZ0REJPYklqaTVmYnVXZUhQUFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAZxudAwQA
hPPdAwQAhPPfAwQAhPPhMA0GCSqGSIb3DQEBCwUAA4IBAQAag/2KGAv+bSZza4hB
lFPt1cGu1dE+sBz4JAa7X+6kufs7vuaFAZ9hF89U59pVU4LplXgsQynF8GYJshsi
ZCtPARoL1+0H5EaG8AC8cIe9nrZNc809i8QgScQa1zZPGzkgKnwkVgmdQMOnQmNG
D4u/0OTSN6BiKopuEUkNcECZuaQN8w/n+ikET45HN0qIa9kvlTqidF1c3YhA4Qtj
uEjPQreEWZa2/rZ9PC1d18WjSSf56w0MHQeRo3JJ3+hCvgDZpkhT+T5li5CcnHYZ
4wANm2RsBm7R9uFJ5ULhkSRxkhRRUt0oy6g9hAoIFABoEuyLDp1pNhuWHh+GSCPk
K70l
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:27:00 2026 by rpki-client