Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/3stAg-Vp-mAmAe3853JA3htYeqY.roa
File: 3stAg-Vp-mAmAe3853JA3htYeqY.roa (raw, json)
Hash identifier: DsanPhgR9/ltKrQ1Ug8KjKpqJIn/QRv22HH5Q6g9fVM=
Subject key identifier: DE:CB:40:83:E5:69:FA:60:26:01:ED:FC:E7:72:40:DE:1B:58:7A:A6
Certificate issuer: /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial: 019D2F72994FA799D4BD9026A51E6E4F9752
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/3stAg-Vp-mAmAe3853JA3htYeqY.roa
Signing time: Fri 27 Mar 2026 13:18:52 +0000
ROA not before: Fri 27 Mar 2026 13:18:52 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 834
IP address blocks: 110.34.37.0/24 maxlen: 24
222.167.224.0/24 maxlen: 24
222.167.231.0/24 maxlen: 24
222.167.249.0/24 maxlen: 24
222.167.252.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 28 Mar 2026 13:18:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:2f:72:99:4f:a7:99:d4:bd:90:26:a5:1e:6e:4f:97:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Validity
Not Before: Mar 27 13:18:52 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=decb4083e569fa602601edfce77240de1b587aa6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:ee:f3:56:03:f0:73:97:4a:89:ff:44:c3:7a:
43:da:0f:30:40:99:7c:f8:16:e7:68:74:a0:03:58:
30:76:eb:26:09:31:9f:7d:d3:43:48:29:76:54:09:
1f:e6:a8:5b:30:a4:2f:e9:8c:58:2a:03:c2:98:f8:
0d:09:ff:63:27:10:1e:e5:04:95:19:17:b9:18:c5:
7b:fd:c5:5d:94:22:8c:16:5e:e1:99:c7:1c:2a:b1:
bb:12:8c:41:bc:71:59:10:cb:4b:a0:84:06:dc:b9:
56:ee:03:43:e9:d0:07:6c:8c:18:3d:77:73:a8:6a:
66:03:16:da:fb:9a:6b:23:80:7f:20:14:4d:71:02:
2b:79:ac:ce:b2:3e:cb:03:42:5f:33:da:6f:c7:3c:
10:14:35:54:3d:8f:df:29:95:5f:4f:77:13:3c:e9:
a4:9a:20:23:cd:56:10:e7:d1:fe:83:73:7a:32:bb:
dc:29:04:81:50:a5:e7:f8:29:72:d1:84:8f:18:6d:
b1:f6:2a:c9:87:61:f9:cb:74:57:1b:0c:9f:29:22:
b6:c1:77:5f:67:90:02:5b:d7:24:ac:5f:75:6e:2d:
39:f7:db:23:8e:fe:e1:71:0a:d2:4b:33:0d:b5:0b:
b9:a9:7d:e0:71:53:1e:de:46:83:bd:b8:65:7c:f3:
b9:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:CB:40:83:E5:69:FA:60:26:01:ED:FC:E7:72:40:DE:1B:58:7A:A6
X509v3 Authority Key Identifier:
keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/3stAg-Vp-mAmAe3853JA3htYeqY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
110.34.37.0/24
222.167.224.0/24
222.167.231.0/24
222.167.249.0/24
222.167.252.0/24
Signature Algorithm: sha256WithRSAEncryption
48:a3:6c:3a:79:03:89:29:87:77:aa:0b:9a:b1:c5:19:53:45:
c7:61:9f:40:96:df:13:ec:2e:f4:7d:fa:cd:f7:e1:32:8a:fc:
85:2b:4c:c5:5f:69:80:eb:cf:18:e0:c0:98:b2:a5:fe:ba:79:
5e:01:3a:4d:8b:c0:78:df:e1:89:5c:6f:b7:c3:47:1f:51:08:
6c:c8:f0:0a:f9:6e:dd:b9:e6:4e:4e:42:de:0b:d7:dc:e2:2b:
cc:fb:45:10:bb:b6:2d:5c:d8:65:ca:ba:3b:bc:6a:a7:79:f3:
b7:de:f2:7d:ee:da:f4:c8:17:a5:ba:28:b8:0b:6e:18:6e:a0:
27:6d:02:31:44:5d:86:22:26:8f:cd:5b:16:7a:f5:35:cf:2e:
0c:5c:a2:57:46:9c:23:a4:96:ea:0f:c6:5f:40:ec:99:d1:17:
64:08:8a:46:3d:4f:3b:a8:e2:3b:18:fe:8f:66:0c:17:7c:e8:
71:62:59:79:15:61:ed:6d:23:05:13:48:e7:1e:ba:ea:04:57:
81:22:52:3e:dc:db:63:d4:80:85:fb:aa:8f:65:38:ec:7b:44:
e0:a6:48:ba:42:33:22:2e:a7:80:f4:02:8b:a6:f7:eb:a4:8f:
6d:66:e8:aa:0e:f4:ad:5b:a5:71:49:60:b5:1f:97:b5:e1:87:
c8:8a:6a:c5
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ0vcplPp5nUvZAmpR5uT5dSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjYwMzI3MTMxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWNiNDA4M2U1NjlmYTYwMjYwMWVkZmNlNzcyNDBkZTFiNTg3YWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8O7zVgPwc5dKif9Ew3pD2g8wQJl8
+BbnaHSgA1gwdusmCTGffdNDSCl2VAkf5qhbMKQv6YxYKgPCmPgNCf9jJxAe5QSV
GRe5GMV7/cVdlCKMFl7hmcccKrG7EoxBvHFZEMtLoIQG3LlW7gND6dAHbIwYPXdz
qGpmAxba+5prI4B/IBRNcQIreazOsj7LA0JfM9pvxzwQFDVUPY/fKZVfT3cTPOmk
miAjzVYQ59H+g3N6MrvcKQSBUKXn+Cly0YSPGG2x9irJh2H5y3RXGwyfKSK2wXdf
Z5ACW9ckrF91bi0599sjjv7hcQrSSzMNtQu5qX3gcVMe3kaDvbhlfPO5VQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFN7LQIPlafpgJgHt/OdyQN4bWHqmMB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvM3N0QWctVnAtbUFtQWUzODUzSkEzaHRZZXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAbiIlAwQA
3qfgAwQA3qfnAwQA3qf5AwQA3qf8MA0GCSqGSIb3DQEBCwUAA4IBAQBIo2w6eQOJ
KYd3qguascUZU0XHYZ9Alt8T7C70ffrN9+EyivyFK0zFX2mA688Y4MCYsqX+unle
ATpNi8B43+GJXG+3w0cfUQhsyPAK+W7dueZOTkLeC9fc4ivM+0UQu7YtXNhlyro7
vGqnefO33vJ97tr0yBeluii4C24YbqAnbQIxRF2GIiaPzVsWevU1zy4MXKJXRpwj
pJbqD8ZfQOyZ0RdkCIpGPU87qOI7GP6PZgwXfOhxYll5FWHtbSMFE0jnHrrqBFeB
IlI+3Ntj1ICF+6qPZTjse0Tgpki6QjMiLqeA9AKLpvfrpI9tZuiqDvStW6VxSWC1
H5e14YfIimrF
-----END CERTIFICATE-----
Generated at Fri Mar 27 23:58:39 2026 by rpki-client