Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YRDGdfe4fG9L3NYx5UaP168td4o.roa
File: YRDGdfe4fG9L3NYx5UaP168td4o.roa (raw, json)
Hash identifier: FPsgFoTxloVHirEe9pYwrIEkikCCPOQfdpyZt8U9FQQ=
Subject key identifier: 61:10:C6:75:F7:B8:7C:6F:4B:DC:D6:31:E5:46:8F:D7:AF:2D:77:8A
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01981975796F021BC27D53BD899CCB2EBB26
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YRDGdfe4fG9L3NYx5UaP168td4o.roa
Signing time: Thu 17 Jul 2025 17:36:25 +0000
ROA not before: Thu 17 Jul 2025 17:36:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43641
IP address blocks: 192.124.173.0/24 maxlen: 24
195.58.57.0/24 maxlen: 24
212.193.16.0/24 maxlen: 24
212.193.17.0/24 maxlen: 24
212.193.21.0/24 maxlen: 24
212.193.22.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 08:00:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:19:75:79:6f:02:1b:c2:7d:53:bd:89:9c:cb:2e:bb:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jul 17 17:36:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6110c675f7b87c6f4bdcd631e5468fd7af2d778a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:a8:17:4c:3f:56:84:2d:e4:99:07:52:ea:37:
ef:48:22:b4:28:68:3a:7b:09:f8:33:28:24:86:71:
1c:2c:08:c9:d1:42:c8:ca:77:9e:11:c5:38:4b:c7:
96:5a:70:0c:45:df:8c:ba:ef:1b:c0:9e:b7:53:db:
f7:65:3c:7c:c8:9b:c6:ad:28:80:78:25:ad:a9:8b:
54:fc:ae:25:5f:bc:b2:ec:07:42:5e:a9:39:d7:80:
59:d7:6f:92:6d:5f:2c:ed:4c:7f:90:0e:37:36:fd:
db:97:7d:dd:19:b5:28:01:66:98:a8:46:d9:31:7b:
6d:31:4e:40:8e:5e:d7:73:0a:80:be:92:e5:d3:85:
73:ba:f0:37:2b:20:db:c7:31:35:9c:ef:e7:a2:85:
ba:61:6d:2b:f7:71:66:3d:31:58:eb:01:96:48:60:
33:0b:ad:6f:25:f0:c0:a5:54:70:a2:0e:fe:36:c2:
48:4e:c9:a5:db:9f:37:e6:7c:b2:78:6f:98:3d:40:
e3:c7:fb:18:ec:7f:64:d1:50:11:8a:f5:dc:62:03:
8c:3f:8b:d6:ba:12:5d:b0:01:df:ef:ca:95:05:7c:
01:1c:5d:49:ae:f8:e8:73:6f:94:0d:59:d8:3e:1f:
32:e3:bf:aa:a2:7f:68:ef:90:d5:7f:d0:08:34:92:
54:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:10:C6:75:F7:B8:7C:6F:4B:DC:D6:31:E5:46:8F:D7:AF:2D:77:8A
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YRDGdfe4fG9L3NYx5UaP168td4o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.173.0/24
195.58.57.0/24
212.193.16.0/23
212.193.21.0-212.193.22.255
Signature Algorithm: sha256WithRSAEncryption
7b:b3:8f:ee:f5:05:ec:a2:bd:d6:bb:02:91:57:ba:de:24:e7:
41:11:49:e9:94:fa:ec:8a:6d:b6:cc:03:d9:06:cc:60:92:af:
05:b2:d8:db:0c:c7:00:9e:7c:a4:55:d4:0d:f3:49:4c:aa:65:
b5:fd:0a:24:25:3a:77:8a:0c:57:3d:bd:db:48:2f:58:1a:f5:
01:19:b8:8b:cd:98:4e:7d:40:68:30:9b:14:bd:06:21:b5:8e:
72:d4:10:a0:ab:55:16:27:13:4d:2c:ab:88:32:1f:0c:37:e8:
66:4f:5e:13:64:8d:38:09:bf:c4:8d:93:b1:74:6b:f2:60:e1:
59:09:98:59:96:c0:6d:e0:de:52:21:44:88:04:e8:31:31:26:
5d:4a:52:fb:38:35:d2:c6:88:58:4c:88:99:ce:eb:1b:d3:97:
ab:3f:4f:f3:d2:b8:43:37:a6:8e:8b:ec:36:6d:a9:e5:5c:22:
90:e5:ed:fe:18:16:57:e7:2f:68:c3:42:09:1d:8e:12:fb:d4:
69:f2:1e:b9:82:88:85:ee:68:53:37:07:29:e9:e7:7b:e8:8b:
96:5a:a2:d6:2a:26:d7:5e:1d:41:60:c8:39:df:b2:eb:c1:c4:
36:91:05:03:e2:4a:dc:3d:de:c7:ea:a8:0e:01:15:21:0a:ec:
e3:12:eb:90
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZgZdXlvAhvCfVO9iZzLLrsmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNzE3MTczNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTEwYzY3NWY3Yjg3YzZmNGJkY2Q2MzFlNTQ2OGZkN2FmMmQ3NzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6gXTD9WhC3kmQdS6jfvSCK0KGg6
ewn4MygkhnEcLAjJ0ULIyneeEcU4S8eWWnAMRd+Muu8bwJ63U9v3ZTx8yJvGrSiA
eCWtqYtU/K4lX7yy7AdCXqk514BZ12+SbV8s7Ux/kA43Nv3bl33dGbUoAWaYqEbZ
MXttMU5Ajl7XcwqAvpLl04VzuvA3KyDbxzE1nO/nooW6YW0r93FmPTFY6wGWSGAz
C61vJfDApVRwog7+NsJITsml25835nyyeG+YPUDjx/sY7H9k0VARivXcYgOMP4vW
uhJdsAHf78qVBXwBHF1Jrvjoc2+UDVnYPh8y47+qon9o75DVf9AINJJURwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFGEQxnX3uHxvS9zWMeVGj9evLXeKMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWVJER2RmZTRmRzlMM05ZeDVVYVAxNjh0ZDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAwHytAwQA
wzo5AwQB1MEQMAwDBADUwRUDBADUwRYwDQYJKoZIhvcNAQELBQADggEBAHuzj+71
Beyivda7ApFXut4k50ERSemU+uyKbbbMA9kGzGCSrwWy2NsMxwCefKRV1A3zSUyq
ZbX9CiQlOneKDFc9vdtIL1ga9QEZuIvNmE59QGgwmxS9BiG1jnLUEKCrVRYnE00s
q4gyHww36GZPXhNkjTgJv8SNk7F0a/Jg4VkJmFmWwG3g3lIhRIgE6DExJl1KUvs4
NdLGiFhMiJnO6xvTl6s/T/PSuEM3po6L7DZtqeVcIpDl7f4YFlfnL2jDQgkdjhL7
1GnyHrmCiIXuaFM3Bynp53voi5ZaotYqJtdeHUFgyDnfsuvBxDaRBQPiStw93sfq
qA4BFSEK7OMS65A=
-----END CERTIFICATE-----
Generated at Sun Jul 20 18:09:41 2025 by rpki-client