Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/LzqGXQnC-qnRKkQW8ZtzaQ68Swo.roa
File: LzqGXQnC-qnRKkQW8ZtzaQ68Swo.roa (raw, json)
Hash identifier: oeald+VPB6DzmQgP1eDlCAW2zHveX5ZnMDE5xwR1Bxk=
Subject key identifier: 2F:3A:86:5D:09:C2:FA:A9:D1:2A:44:16:F1:9B:73:69:0E:BC:4B:0A
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 0197C117F641DE55D2B793810AC88AD18B57
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/LzqGXQnC-qnRKkQW8ZtzaQ68Swo.roa
Signing time: Mon 30 Jun 2025 13:47:42 +0000
ROA not before: Mon 30 Jun 2025 13:47:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 36137
IP address blocks: 103.17.202.0/24 maxlen: 24
103.17.203.0/24 maxlen: 24
103.86.36.0/23 maxlen: 24
103.124.156.0/23 maxlen: 24
110.34.32.0/24 maxlen: 24
110.34.37.0/24 maxlen: 24
110.34.38.0/24 maxlen: 24
116.204.166.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 04 Jul 2025 04:00:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c1:17:f6:41:de:55:d2:b7:93:81:0a:c8:8a:d1:8b:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Jun 30 13:47:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2f3a865d09c2faa9d12a4416f19b73690ebc4b0a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:a3:a8:8f:df:17:f8:8e:f3:b8:17:0a:39:4a:
bb:f5:c2:6d:37:dd:54:0f:00:c0:d9:ae:f1:b2:83:
bb:7e:6f:a9:1c:3a:50:3a:1e:29:7e:98:f1:e4:5a:
5b:51:08:27:4d:87:12:d8:44:af:f1:ad:f3:24:50:
a1:b5:6a:91:82:4c:4a:27:e5:5f:cb:f9:98:5e:c7:
ac:a6:ce:da:4f:57:e4:70:5e:a4:4e:37:41:fe:e1:
48:a6:81:a6:32:e9:63:4c:6f:65:d9:ae:7c:10:05:
e3:0f:80:fa:6f:16:2f:8e:84:41:fe:3c:c1:fa:f2:
ac:31:90:66:9b:80:f2:75:ba:75:27:6c:c5:db:8b:
44:b0:48:d1:c9:47:24:43:9d:ff:43:5d:b9:a6:58:
45:88:61:06:93:b9:33:52:47:f4:0b:5a:4d:c4:1f:
6c:9b:88:06:41:bb:e0:48:4c:be:26:c8:14:91:87:
e4:9e:36:6a:4b:8c:ff:48:96:b7:7a:6f:15:2e:c0:
62:d2:a1:72:04:e2:72:45:c6:b8:04:56:18:83:eb:
98:47:ee:74:82:d4:d8:66:9b:56:64:61:fc:07:79:
db:6d:0f:eb:90:93:65:cd:50:50:bf:6a:46:8b:6b:
3a:9b:6b:97:95:67:b2:b0:e9:5d:e2:04:1f:0b:ea:
74:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:3A:86:5D:09:C2:FA:A9:D1:2A:44:16:F1:9B:73:69:0E:BC:4B:0A
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/LzqGXQnC-qnRKkQW8ZtzaQ68Swo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.17.202.0/23
103.86.36.0/23
103.124.156.0/23
110.34.32.0/24
110.34.37.0-110.34.38.255
116.204.166.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:95:f5:40:30:84:56:7d:2e:ce:9e:49:14:e9:30:c9:4a:f9:
d5:c1:a0:2d:9a:41:13:35:b1:63:ee:d4:29:93:8e:a8:d5:24:
bd:6b:c8:1e:8b:f4:a2:b8:b2:45:42:91:61:10:90:4c:79:85:
6e:04:25:3d:1d:fc:73:36:a7:94:6f:62:c1:c3:8c:fd:0e:3c:
15:e1:7c:16:f6:b8:3d:2d:32:9c:dc:08:23:71:10:30:21:93:
1e:65:57:1c:63:19:9b:b0:d5:8a:a4:b2:df:1d:34:10:47:6d:
34:8c:83:da:9c:40:d4:d9:f5:59:c8:f4:54:29:f9:a2:69:0a:
12:dc:49:68:ad:c1:7d:f3:b2:6c:02:e3:77:5e:66:52:20:bd:
6a:9b:c3:cc:c0:c0:30:c3:49:af:11:b7:14:b6:27:71:b5:c7:
7c:e9:9e:9b:f6:27:a5:85:50:98:8d:0c:18:8d:1e:2e:33:29:
5a:e9:c2:32:bd:57:79:a1:56:29:f2:2c:e8:57:e0:33:06:36:
6c:1c:fe:45:31:3c:e3:ea:8a:15:54:ce:c5:31:aa:8f:79:7c:
e2:4b:ee:fa:42:cf:57:64:2d:40:d4:17:2d:ef:ac:01:d2:ab:
91:ee:cd:35:d0:00:0d:ee:fb:41:ca:0e:99:b2:5c:f8:bc:21:
3e:c8:8e:3e
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZfBF/ZB3lXSt5OBCsiK0YtXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjUwNjMwMTM0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjNhODY1ZDA5YzJmYWE5ZDEyYTQ0MTZmMTliNzM2OTBlYmM0YjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaOoj98X+I7zuBcKOUq79cJtN91U
DwDA2a7xsoO7fm+pHDpQOh4pfpjx5FpbUQgnTYcS2ESv8a3zJFChtWqRgkxKJ+Vf
y/mYXsesps7aT1fkcF6kTjdB/uFIpoGmMuljTG9l2a58EAXjD4D6bxYvjoRB/jzB
+vKsMZBmm4Dydbp1J2zF24tEsEjRyUckQ53/Q125plhFiGEGk7kzUkf0C1pNxB9s
m4gGQbvgSEy+JsgUkYfknjZqS4z/SJa3em8VLsBi0qFyBOJyRca4BFYYg+uYR+50
gtTYZptWZGH8B3nbbQ/rkJNlzVBQv2pGi2s6m2uXlWeysOld4gQfC+p0GQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFC86hl0Jwvqp0SpEFvGbc2kOvEsKMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvTHpxR1hRbkMtcW5SS2tRVzhadHphUTY4U3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBZxHKAwQB
Z1YkAwQBZ3ycAwQAbiIgMAwDBABuIiUDBABuIiYDBAB0zKYwDQYJKoZIhvcNAQEL
BQADggEBAGuV9UAwhFZ9Ls6eSRTpMMlK+dXBoC2aQRM1sWPu1CmTjqjVJL1ryB6L
9KK4skVCkWEQkEx5hW4EJT0d/HM2p5RvYsHDjP0OPBXhfBb2uD0tMpzcCCNxEDAh
kx5lVxxjGZuw1Yqkst8dNBBHbTSMg9qcQNTZ9VnI9FQp+aJpChLcSWitwX3zsmwC
43deZlIgvWqbw8zAwDDDSa8RtxS2J3G1x3zpnpv2J6WFUJiNDBiNHi4zKVrpwjK9
V3mhVinyLOhX4DMGNmwc/kUxPOPqihVUzsUxqo95fOJL7vpCz1dkLUDUFy3vrAHS
q5HuzTXQAA3u+0HKDpmyXPi8IT7Ijj4=
-----END CERTIFICATE-----
Generated at Thu Jul 3 09:59:27 2025 by rpki-client