Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/L4IJqQQf0QdLdsBFi-HlCxlOJ8U.roa
File: L4IJqQQf0QdLdsBFi-HlCxlOJ8U.roa (raw, json)
Hash identifier: q9X5zVcAK6o2xHWxt+CsUrNsfroyrYFaqF4Uc91Atpk=
Subject key identifier: 2F:82:09:A9:04:1F:D1:07:4B:76:C0:45:8B:E1:E5:0B:19:4E:27:C5
Certificate issuer: /CN=9e481c098a649265291d402f5f02fc43dda0fc8c
Certificate serial: 019DCE6A503183752F59CFD8EF4D24ADAF00
Authority key identifier: 9E:48:1C:09:8A:64:92:65:29:1D:40:2F:5F:02:FC:43:DD:A0:FC:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/L4IJqQQf0QdLdsBFi-HlCxlOJ8U.roa
Signing time: Mon 27 Apr 2026 10:09:26 +0000
ROA not before: Mon 27 Apr 2026 10:09:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 208486
IP address blocks: 103.253.140.0/22 maxlen: 22
103.253.140.0/23 maxlen: 23
103.253.140.0/24 maxlen: 24
103.253.141.0/24 maxlen: 24
103.253.142.0/23 maxlen: 23
103.253.142.0/24 maxlen: 24
103.253.143.0/24 maxlen: 24
194.147.226.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.crl
rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.mft
rsync://rpki.ripe.net/repository/DEFAULT/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 04:01:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:ce:6a:50:31:83:75:2f:59:cf:d8:ef:4d:24:ad:af:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9e481c098a649265291d402f5f02fc43dda0fc8c
Validity
Not Before: Apr 27 10:09:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2f8209a9041fd1074b76c0458be1e50b194e27c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:20:f9:00:40:65:9a:cf:21:ae:0b:38:0b:92:
a7:01:26:2a:82:0f:42:76:c5:a1:ee:32:a3:ce:ab:
30:67:ae:d8:b9:ae:8c:cf:89:fc:d3:15:62:4e:f2:
c5:ef:10:e1:a6:53:7f:69:6a:89:0b:41:08:ae:bf:
be:da:5f:d6:2d:f3:c1:de:e5:a0:6a:80:9e:f8:7b:
a9:d5:f5:6e:95:eb:d1:a0:45:60:70:cd:f8:41:ae:
ec:40:09:e1:5a:f0:46:79:f5:26:84:49:ae:2d:10:
2f:a9:c9:34:05:66:d4:5a:b0:4d:e7:83:5f:89:cb:
6e:26:5d:96:46:33:25:23:9b:b4:45:e7:d7:61:2f:
07:6c:2b:58:46:93:ee:9d:2d:b5:ab:e0:c9:72:1f:
1d:fb:d8:da:40:4a:c5:a0:9a:b8:2a:30:69:37:cb:
ed:fb:59:97:36:d1:2a:19:e8:27:8e:15:ca:a6:8a:
9d:29:0b:e8:0a:fb:cb:a7:ff:a0:13:58:06:a2:5b:
3f:2c:a8:0d:86:d4:1a:12:40:ab:28:7a:18:b7:b7:
c7:66:f3:8a:0c:da:6e:4c:1d:77:e9:5f:68:69:4b:
03:9d:20:0d:54:cd:5d:94:54:ee:2d:aa:87:ee:d0:
28:01:45:ef:f2:ca:bd:1a:a6:56:4d:63:54:cb:21:
96:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:82:09:A9:04:1F:D1:07:4B:76:C0:45:8B:E1:E5:0B:19:4E:27:C5
X509v3 Authority Key Identifier:
keyid:9E:48:1C:09:8A:64:92:65:29:1D:40:2F:5F:02:FC:43:DD:A0:FC:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/L4IJqQQf0QdLdsBFi-HlCxlOJ8U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/e64169-d2bd-4494-b1f9-d69857ef7d1a/1/nkgcCYpkkmUpHUAvXwL8Q92g_Iw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.253.140.0/22
194.147.226.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:2b:8a:3a:85:b4:a3:13:a0:3e:8f:e7:72:cf:2d:69:f0:3c:
19:47:5f:9a:3a:74:49:42:d1:83:c5:2f:b3:2d:99:77:f4:40:
39:ef:82:77:c3:56:b6:55:e7:16:d3:68:62:9e:77:ae:a9:97:
43:36:b9:bd:fd:7e:d1:50:10:56:e7:95:2b:75:ca:2e:6e:3a:
9a:af:15:33:68:31:15:d5:08:30:a2:21:32:2a:7e:70:8a:14:
d4:b1:b0:60:86:3e:d5:30:75:a4:22:88:62:3e:f6:37:3e:16:
8c:eb:fd:b5:9e:83:50:fd:00:d1:f3:92:b2:db:c1:9c:a9:ad:
ab:1f:c8:f6:20:96:89:ea:77:a6:3a:c9:44:26:63:32:71:9a:
03:c5:07:b5:a7:9f:7c:9f:7e:d6:60:c1:86:4d:d5:e2:39:6e:
c9:33:0c:29:7a:86:c8:d7:01:a4:62:ab:39:17:2a:83:11:5b:
a3:1e:93:e1:dd:78:96:8c:03:63:48:b5:8b:71:e7:f5:9c:e1:
d9:5f:99:d3:36:4c:ea:73:f8:26:10:b3:71:eb:ef:a0:fd:e3:
e0:d5:68:af:26:77:4c:e9:37:e3:00:37:e7:62:5b:42:41:a9:
2c:97:23:f7:1d:f2:a4:6c:6a:82:23:c0:9f:7f:13:22:1b:d6:
1a:23:ad:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3OalAxg3UvWc/Y700kra8AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDgxYzA5OGE2NDkyNjUyOTFkNDAyZjVmMDJmYzQzZGRh
MGZjOGMwHhcNMjYwNDI3MTAwOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjgyMDlhOTA0MWZkMTA3NGI3NmMwNDU4YmUxZTUwYjE5NGUyN2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SD5AEBlms8hrgs4C5KnASYqgg9C
dsWh7jKjzqswZ67Yua6Mz4n80xViTvLF7xDhplN/aWqJC0EIrr++2l/WLfPB3uWg
aoCe+Hup1fVulevRoEVgcM34Qa7sQAnhWvBGefUmhEmuLRAvqck0BWbUWrBN54Nf
ictuJl2WRjMlI5u0RefXYS8HbCtYRpPunS21q+DJch8d+9jaQErFoJq4KjBpN8vt
+1mXNtEqGegnjhXKpoqdKQvoCvvLp/+gE1gGols/LKgNhtQaEkCrKHoYt7fHZvOK
DNpuTB136V9oaUsDnSANVM1dlFTuLaqH7tAoAUXv8sq9GqZWTWNUyyGW1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC+CCakEH9EHS3bARYvh5QsZTifFMB8GA1UdIwQY
MBaAFJ5IHAmKZJJlKR1AL18C/EPdoPyMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtnY0NZcGtrbVVwSFVBdlh3TDhROTJnX0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9lNjQxNjktZDJiZC00NDk0LWIxZjkt
ZDY5ODU3ZWY3ZDFhLzEvTDRJSnFRUWYwUWRMZHNCRmktSGxDeGxPSjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9lNjQxNjktZDJiZC00NDk0LWIxZjktZDY5ODU3ZWY3ZDFh
LzEvbmtnY0NZcGtrbVVwSFVBdlh3TDhROTJnX0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCZ/2MAwQA
wpPiMA0GCSqGSIb3DQEBCwUAA4IBAQB9K4o6hbSjE6A+j+dyzy1p8DwZR1+aOnRJ
QtGDxS+zLZl39EA574J3w1a2VecW02hinneuqZdDNrm9/X7RUBBW55Urdcoubjqa
rxUzaDEV1QgwoiEyKn5wihTUsbBghj7VMHWkIohiPvY3PhaM6/21noNQ/QDR85Ky
28Gcqa2rH8j2IJaJ6nemOslEJmMycZoDxQe1p598n37WYMGGTdXiOW7JMwwpeobI
1wGkYqs5FyqDEVujHpPh3XiWjANjSLWLcef1nOHZX5nTNkzqc/gmELNx6++g/ePg
1WivJndM6TfjADfnYltCQakslyP3HfKkbGqCI8CffxMiG9YaI61P
-----END CERTIFICATE-----
Generated at Wed May 13 13:31:31 2026 by rpki-client