Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/Y2_roQOUIthtVw1QejxD0nB1Z6Y.roa
File: Y2_roQOUIthtVw1QejxD0nB1Z6Y.roa (raw, json)
Hash identifier: stNdekHqHd38daoAs6CHIS4mgM26Z52wdTv8J9OHtKw=
Subject key identifier: 63:6F:EB:A1:03:94:22:D8:6D:57:0D:50:7A:3C:43:D2:70:75:67:A6
Certificate issuer: /CN=a0a647dac729f47b06369c4c9741cf943953dc59
Certificate serial: 019A1563A4E2E342C37852797E54EBE003D9
Authority key identifier: A0:A6:47:DA:C7:29:F4:7B:06:36:9C:4C:97:41:CF:94:39:53:DC:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oKZH2scp9HsGNpxMl0HPlDlT3Fk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/Y2_roQOUIthtVw1QejxD0nB1Z6Y.roa
Signing time: Fri 24 Oct 2025 08:44:03 +0000
ROA not before: Fri 24 Oct 2025 08:44:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214640
IP address blocks: 45.67.15.0/24 maxlen: 24
78.109.16.0/23 maxlen: 23
82.197.73.0/24 maxlen: 24
95.141.241.0/24 maxlen: 24
185.113.11.0/24 maxlen: 24
193.53.40.0/24 maxlen: 24
2a13:7c80::/32 maxlen: 32
2a13:7c81::/32 maxlen: 48
2a13:7c82::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/oKZH2scp9HsGNpxMl0HPlDlT3Fk.crl
rsync://rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/oKZH2scp9HsGNpxMl0HPlDlT3Fk.mft
rsync://rpki.ripe.net/repository/DEFAULT/oKZH2scp9HsGNpxMl0HPlDlT3Fk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:15:63:a4:e2:e3:42:c3:78:52:79:7e:54:eb:e0:03:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0a647dac729f47b06369c4c9741cf943953dc59
Validity
Not Before: Oct 24 08:44:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=636feba1039422d86d570d507a3c43d2707567a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:2b:89:95:b5:ec:3c:a7:91:f2:b4:ed:28:21:
e8:95:21:dd:ec:3e:1f:fd:4f:ed:ae:27:29:2a:17:
94:93:f2:25:5a:26:e7:d2:76:a8:30:2c:a9:f7:64:
11:54:9b:e7:b8:bc:9b:bd:f6:08:54:7d:86:f6:0b:
6c:b3:71:12:f6:23:c7:e8:46:d7:85:43:d6:ce:36:
83:76:b6:24:08:ac:76:6b:3c:03:15:41:84:c9:51:
5c:58:64:23:dd:eb:86:63:dd:c4:5b:4d:85:fb:e9:
e4:c7:fc:bb:39:63:01:22:36:aa:43:29:7c:d3:4f:
a0:d4:40:c6:76:8b:e5:62:e6:d1:de:ac:b9:19:df:
dd:5a:a4:d5:2f:6d:49:d7:b9:a3:fa:af:4d:a6:b4:
1d:bb:2b:b2:22:0a:2a:90:f0:30:c1:5e:f2:96:41:
18:38:4a:77:87:fa:c6:75:fa:ed:ae:38:82:81:d4:
e2:b5:23:6e:64:f4:b5:8d:39:bb:87:9d:04:fa:46:
74:6e:f2:f3:ab:df:ab:30:51:84:76:51:be:82:eb:
af:29:94:ee:b8:07:6e:df:c9:d3:27:1a:f0:39:f0:
1a:09:cf:56:3b:a4:e9:7c:5c:aa:ad:aa:f4:23:c8:
70:b6:69:ec:92:ef:47:7c:40:9d:4e:8a:a9:4e:25:
5e:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:6F:EB:A1:03:94:22:D8:6D:57:0D:50:7A:3C:43:D2:70:75:67:A6
X509v3 Authority Key Identifier:
keyid:A0:A6:47:DA:C7:29:F4:7B:06:36:9C:4C:97:41:CF:94:39:53:DC:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oKZH2scp9HsGNpxMl0HPlDlT3Fk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/Y2_roQOUIthtVw1QejxD0nB1Z6Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/oKZH2scp9HsGNpxMl0HPlDlT3Fk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.67.15.0/24
78.109.16.0/23
82.197.73.0/24
95.141.241.0/24
185.113.11.0/24
193.53.40.0/24
IPv6:
2a13:7c80::-2a13:7c82:fff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
37:9e:f7:3a:1d:4d:9d:ee:fd:9d:21:fe:18:c1:f1:55:a4:55:
36:17:49:aa:56:ca:15:af:68:6c:a3:e5:30:62:5b:c9:72:ba:
60:36:bf:05:3a:31:17:79:3e:40:18:91:62:91:c3:16:89:00:
57:dd:fa:fc:07:4f:d5:89:00:51:b8:47:1f:60:8f:b6:52:c9:
99:dc:84:32:c7:53:2c:06:6a:d6:70:f7:5b:9e:88:b4:51:08:
c4:07:3b:76:0e:f0:bd:90:41:cd:d0:93:0a:d4:1e:e1:23:d0:
b7:51:44:fb:6b:53:da:49:0f:8c:cd:d8:1c:4c:88:3e:c7:b0:
5e:16:a8:7d:8f:f1:1f:d1:29:e7:ef:7a:2e:32:d0:07:20:aa:
8b:14:be:41:ba:23:63:d2:58:91:53:c4:00:26:ad:a6:da:38:
dc:01:6c:db:ec:e6:d5:7f:8c:c3:65:15:7a:01:fc:f8:f4:d3:
58:45:74:31:ec:95:9d:8c:64:6c:58:2b:28:0b:11:6e:2a:22:
9c:e8:ce:96:67:aa:86:b2:18:9b:9d:93:05:cf:fa:4c:6f:04:
70:39:3f:eb:36:61:5f:7c:6e:fc:dd:c5:f3:d8:c6:d3:b0:ec:
98:24:18:8a:ca:08:3f:1b:e5:66:9c:5e:5d:91:fe:a3:3c:82:
60:c1:9c:65
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAZoVY6Ti40LDeFJ5flTr4APZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYTY0N2RhYzcyOWY0N2IwNjM2OWM0Yzk3NDFjZjk0Mzk1
M2RjNTkwHhcNMjUxMDI0MDg0NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzZmZWJhMTAzOTQyMmQ4NmQ1NzBkNTA3YTNjNDNkMjcwNzU2N2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCuJlbXsPKeR8rTtKCHolSHd7D4f
/U/tricpKheUk/IlWibn0naoMCyp92QRVJvnuLybvfYIVH2G9gtss3ES9iPH6EbX
hUPWzjaDdrYkCKx2azwDFUGEyVFcWGQj3euGY93EW02F++nkx/y7OWMBIjaqQyl8
00+g1EDGdovlYubR3qy5Gd/dWqTVL21J17mj+q9NprQduyuyIgoqkPAwwV7ylkEY
OEp3h/rGdfrtrjiCgdTitSNuZPS1jTm7h50E+kZ0bvLzq9+rMFGEdlG+guuvKZTu
uAdu38nTJxrwOfAaCc9WO6TpfFyqrar0I8hwtmnsku9HfECdToqpTiVe9wIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFGNv66EDlCLYbVcNUHo8Q9JwdWemMB8GA1UdIwQY
MBaAFKCmR9rHKfR7BjacTJdBz5Q5U9xZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0taSDJzY3A5SHNHTnB4TWwwSFBsRGxUM0ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iYTFmODgtNzA3Zi00MWJkLWI5YmQt
ZmI2OTgzY2U5ZGZmLzEvWTJfcm9RT1VJdGh0VncxUWVqeEQwbkIxWjZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iYTFmODgtNzA3Zi00MWJkLWI5YmQtZmI2OTgzY2U5ZGZm
LzEvb0taSDJzY3A5SHNHTnB4TWwwSFBsRGxUM0ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTAqBAIAATAkAwQALUMPAwQB
Tm0QAwQAUsVJAwQAX43xAwQAuXELAwQAwTUoMBcEAgACMBEwDwMFByoTfIADBgQq
E3yCADANBgkqhkiG9w0BAQsFAAOCAQEAN573Oh1Nne79nSH+GMHxVaRVNhdJqlbK
Fa9obKPlMGJbyXK6YDa/BToxF3k+QBiRYpHDFokAV936/AdP1YkAUbhHH2CPtlLJ
mdyEMsdTLAZq1nD3W56ItFEIxAc7dg7wvZBBzdCTCtQe4SPQt1FE+2tT2kkPjM3Y
HEyIPsewXhaofY/xH9Ep5+96LjLQByCqixS+QbojY9JYkVPEACatpto43AFs2+zm
1X+Mw2UVegH8+PTTWEV0MeyVnYxkbFgrKAsRbioinOjOlmeqhrIYm52TBc/6TG8E
cDk/6zZhX3xu/N3F89jG07DsmCQYisoIPxvlZpxeXZH+ozyCYMGcZQ==
-----END CERTIFICATE-----
Generated at Tue Oct 28 12:50:29 2025 by rpki-client