Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/Yi-_AOBIegyZbx8uOcbaz9DwrKE.roa
File: Yi-_AOBIegyZbx8uOcbaz9DwrKE.roa (raw, json)
Hash identifier: ER3+63xjq9p3EvqNEllUUZfmGZVR+0lO0rze97XuPy0=
Subject key identifier: 62:2F:BF:00:E0:48:7A:0C:99:6F:1F:2E:39:C6:DA:CF:D0:F0:AC:A1
Certificate issuer: /CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Certificate serial: 019822FF2ED5C7E80AD252B36E3704E83FD9
Authority key identifier: 9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/Yi-_AOBIegyZbx8uOcbaz9DwrKE.roa
Signing time: Sat 19 Jul 2025 14:03:25 +0000
ROA not before: Sat 19 Jul 2025 14:03:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25198
IP address blocks: 46.229.243.0/24 maxlen: 24
46.229.251.0/24 maxlen: 24
46.229.253.0/24 maxlen: 24
76.164.200.0/24 maxlen: 24
76.164.201.0/24 maxlen: 24
76.164.202.0/24 maxlen: 24
76.164.203.0/24 maxlen: 24
77.74.123.0/24 maxlen: 24
83.229.61.0/24 maxlen: 24
85.204.107.0/24 maxlen: 24
92.42.100.0/24 maxlen: 24
103.112.171.0/24 maxlen: 24
103.121.48.0/24 maxlen: 24
103.121.49.0/24 maxlen: 24
103.126.50.0/24 maxlen: 24
103.126.51.0/24 maxlen: 24
103.244.144.0/24 maxlen: 24
103.244.145.0/24 maxlen: 24
103.246.248.0/24 maxlen: 24
185.104.63.0/24 maxlen: 24
195.74.93.0/24 maxlen: 24
203.14.32.0/24 maxlen: 24
203.25.108.0/24 maxlen: 24
205.237.109.0/24 maxlen: 24
205.237.110.0/24 maxlen: 24
2a12:3200::/36 maxlen: 36
2a12:3200:1000::/36 maxlen: 36
2a12:3200:2000::/36 maxlen: 36
2a12:3200:3000::/36 maxlen: 36
2a12:3200:4000::/36 maxlen: 36
2a12:3200:5000::/36 maxlen: 36
2a12:3200:6000::/36 maxlen: 36
2a12:3200:7000::/36 maxlen: 36
2a12:3200:8000::/36 maxlen: 36
2a12:3200:9000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl
rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.mft
rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 05:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:22:ff:2e:d5:c7:e8:0a:d2:52:b3:6e:37:04:e8:3f:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Validity
Not Before: Jul 19 14:03:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=622fbf00e0487a0c996f1f2e39c6dacfd0f0aca1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:b5:a4:77:6b:69:e9:fc:06:55:03:b5:1b:5c:
20:87:fa:c2:e4:c6:4b:44:f8:58:d5:57:c9:d3:9c:
9a:46:7c:ba:4a:65:35:08:a7:7d:41:3a:74:0b:e5:
61:e2:29:e6:37:24:df:67:f1:05:4e:69:31:30:37:
f0:e0:f6:35:17:1e:ec:15:dc:3a:19:8f:ea:3f:28:
6a:b4:4d:4b:07:d2:b7:1c:16:a1:d6:96:9e:9e:8f:
d6:46:2c:99:79:c0:e2:78:40:25:0c:90:2f:43:6d:
2a:0d:8e:6d:5b:0d:f0:85:30:87:de:6e:e6:5d:db:
26:1d:bd:1d:99:ee:58:f2:9f:1e:f0:8b:e6:2e:19:
72:73:9b:b0:85:c7:01:73:9d:dc:da:79:bb:26:f7:
ec:73:91:d6:e8:2b:68:db:fd:50:49:64:b3:c5:d3:
db:cb:d6:f4:66:dc:01:41:a8:03:4a:3b:a8:d3:b6:
08:c0:47:0b:27:83:ac:40:29:d6:c5:5f:ef:34:ba:
77:1d:0e:ac:09:e4:76:8c:61:92:c5:43:7f:4f:6c:
f0:58:16:c4:2d:1a:36:26:a5:91:fa:b7:d2:6a:21:
46:bf:d5:c6:76:30:e3:fb:99:81:49:5a:05:be:fc:
ee:13:b7:84:e0:74:d0:f2:dc:cd:92:51:01:1d:ed:
68:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:2F:BF:00:E0:48:7A:0C:99:6F:1F:2E:39:C6:DA:CF:D0:F0:AC:A1
X509v3 Authority Key Identifier:
keyid:9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/Yi-_AOBIegyZbx8uOcbaz9DwrKE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.229.243.0/24
46.229.251.0/24
46.229.253.0/24
76.164.200.0/22
77.74.123.0/24
83.229.61.0/24
85.204.107.0/24
92.42.100.0/24
103.112.171.0/24
103.121.48.0/23
103.126.50.0/23
103.244.144.0/23
103.246.248.0/24
185.104.63.0/24
195.74.93.0/24
203.14.32.0/24
203.25.108.0/24
205.237.109.0-205.237.110.255
IPv6:
2a12:3200::-2a12:3200:9000:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
2b:c9:7d:1d:74:b9:20:18:c9:fa:a3:30:6e:9a:54:17:3e:8b:
90:36:8c:45:b6:0f:29:d1:9c:54:b3:2f:c8:25:30:c9:29:56:
8e:ea:78:da:60:c8:57:2b:c8:61:13:4c:db:8c:62:57:e9:97:
47:e3:7d:a8:ae:b0:9e:37:5d:71:0f:61:9d:9c:7e:35:90:b5:
73:c2:a1:00:f2:10:27:61:d1:c8:f2:f4:e4:05:55:ac:ac:42:
a9:b9:7d:64:61:9c:58:2f:03:26:fe:4b:6e:f8:33:75:af:33:
e5:d2:29:ba:1c:d7:82:92:1a:f1:ff:13:44:eb:48:72:97:78:
b7:a4:0b:c8:de:be:8f:4b:40:83:0a:57:30:00:1b:74:20:cc:
e2:c1:09:ba:c4:1f:65:71:35:2b:a1:cf:4d:5b:11:b0:1b:00:
3e:2d:83:b1:97:06:9c:d9:af:c3:cc:1b:e6:e9:7c:c3:f6:e5:
30:fe:b6:c1:d7:9f:7a:85:21:7b:7f:1b:c2:95:01:67:16:ae:
f7:ed:3f:67:fe:cc:ce:14:ae:8c:78:b4:f6:a7:00:a9:17:0f:
fa:d8:ef:e1:f2:a3:0f:8c:8e:65:d1:58:dd:28:95:75:39:ad:
7e:d3:62:e4:cb:2b:e3:a2:4d:e0:a1:dd:d3:d4:12:f7:8a:0f:
11:99:ca:78
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZgi/y7Vx+gK0lKzbjcE6D/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjUwZTUzODZjODA5YTBmYWU2NTMwYWE1ZThkOTgyNTI1
MWRlZDAwHhcNMjUwNzE5MTQwMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjJmYmYwMGUwNDg3YTBjOTk2ZjFmMmUzOWM2ZGFjZmQwZjBhY2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbWkd2tp6fwGVQO1G1wgh/rC5MZL
RPhY1VfJ05yaRny6SmU1CKd9QTp0C+Vh4inmNyTfZ/EFTmkxMDfw4PY1Fx7sFdw6
GY/qPyhqtE1LB9K3HBah1paeno/WRiyZecDieEAlDJAvQ20qDY5tWw3whTCH3m7m
XdsmHb0dme5Y8p8e8IvmLhlyc5uwhccBc53c2nm7Jvfsc5HW6Cto2/1QSWSzxdPb
y9b0ZtwBQagDSjuo07YIwEcLJ4OsQCnWxV/vNLp3HQ6sCeR2jGGSxUN/T2zwWBbE
LRo2JqWR+rfSaiFGv9XGdjDj+5mBSVoFvvzuE7eE4HTQ8tzNklEBHe1oWwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFGIvvwDgSHoMmW8fLjnG2s/Q8KyhMB8GA1UdIwQY
MBaAFJ61DlOGyAmg+uZTCqXo2YJSUd7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUt
MWNhZGE2ZThiMWE5LzEvWWktX0FPQkllZ3laYng4dU9jYmF6OUR3cktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUtMWNhZGE2ZThiMWE5
LzEvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGoBggrBgEFBQcBBwEB/wSBmDCBlTB6BAIAATB0AwQALuXz
AwQALuX7AwQALuX9AwQCTKTIAwQATUp7AwQAU+U9AwQAVcxrAwQAXCpkAwQAZ3Cr
AwQBZ3kwAwQBZ34yAwQBZ/SQAwQAZ/b4AwQAuWg/AwQAw0pdAwQAyw4gAwQAyxls
MAwDBADN7W0DBADN7W4wFwQCAAIwETAPAwQBKhIyAwcAKhIyAJAAMA0GCSqGSIb3
DQEBCwUAA4IBAQAryX0ddLkgGMn6ozBumlQXPouQNoxFtg8p0ZxUsy/IJTDJKVaO
6njaYMhXK8hhE0zbjGJX6ZdH432orrCeN11xD2GdnH41kLVzwqEA8hAnYdHI8vTk
BVWsrEKpuX1kYZxYLwMm/ktu+DN1rzPl0im6HNeCkhrx/xNE60hyl3i3pAvI3r6P
S0CDClcwABt0IMziwQm6xB9lcTUroc9NWxGwGwA+LYOxlwac2a/DzBvm6XzD9uUw
/rbB1596hSF7fxvClQFnFq737T9n/szOFK6MeLT2pwCpFw/62O/h8qMPjI5l0Vjd
KJV1Oa1+02Lkyyvjok3god3T1BL3ig8Rmcp4
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:57:46 2025 by rpki-client