Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/YNMlkqBO5ooOleXSnffxPbTXpg8.roa
File: YNMlkqBO5ooOleXSnffxPbTXpg8.roa (raw, json)
Hash identifier: vjSOenD7+z79/tBOgAkQlmPnSp5mNUwpA8jmhjXUHX0=
Subject key identifier: 60:D3:25:92:A0:4E:E6:8A:0E:95:E5:D2:9D:F7:F1:3D:B4:D7:A6:0F
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019A3346B58678F93D14A9C11710F90DBFEF
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/YNMlkqBO5ooOleXSnffxPbTXpg8.roa
Signing time: Thu 30 Oct 2025 04:01:03 +0000
ROA not before: Thu 30 Oct 2025 04:01:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 396982
IP address blocks: 159.254.52.0/24 maxlen: 24
159.254.53.0/24 maxlen: 24
159.254.104.0/21 maxlen: 24
159.254.112.0/21 maxlen: 24
2a03:eec0:3701::/48 maxlen: 48
2a03:eec0:3702::/48 maxlen: 48
2a03:eec0:3703::/48 maxlen: 48
2a03:eec0:3704::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 04 Nov 2025 13:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:33:46:b5:86:78:f9:3d:14:a9:c1:17:10:f9:0d:bf:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Oct 30 04:01:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=60d32592a04ee68a0e95e5d29df7f13db4d7a60f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:3a:67:e1:e5:1a:6c:e4:e9:2c:2c:4c:ee:d9:
d0:9d:ce:0b:0d:22:14:77:b0:05:2e:1a:f0:4d:76:
fb:b3:bf:74:b0:fe:ee:7b:a5:22:82:5b:de:df:66:
6b:0d:46:c6:00:11:8e:4a:0a:03:95:d6:45:bc:50:
74:44:31:17:7c:0a:cd:cc:0c:82:07:9b:99:79:7b:
25:b2:45:29:d1:6a:f4:35:1b:b9:1e:0e:92:ac:4d:
2a:42:c4:93:20:28:e5:53:89:c0:70:19:b3:5a:86:
5b:b6:25:34:ab:90:9f:a1:ec:9f:50:27:20:db:68:
f4:fd:00:7a:af:8d:80:f6:ee:66:b8:09:14:d0:bd:
ac:ec:3a:ef:b3:63:49:a1:10:7a:01:93:d4:37:eb:
f0:5a:ee:7f:72:bf:24:24:68:f4:0e:2e:3e:4e:4f:
71:a1:15:f8:4d:de:8c:d1:c4:f3:b7:99:42:05:98:
9c:05:46:75:d2:bd:c2:42:18:8d:97:98:8a:fd:ad:
69:32:95:d4:77:d6:bd:10:88:ab:d2:85:25:84:0b:
83:48:d2:11:c2:08:cc:8f:46:eb:d7:a8:12:7b:cd:
f9:05:2a:a3:7f:82:d2:ad:e8:ef:76:f6:3b:64:84:
31:81:eb:f4:23:dc:07:f3:26:98:b6:9e:65:92:32:
30:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:D3:25:92:A0:4E:E6:8A:0E:95:E5:D2:9D:F7:F1:3D:B4:D7:A6:0F
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/YNMlkqBO5ooOleXSnffxPbTXpg8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.254.52.0/23
159.254.104.0-159.254.119.255
IPv6:
2a03:eec0:3701::-2a03:eec0:3704:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
02:66:e0:cf:84:c8:df:75:41:1b:df:a0:ac:06:79:31:57:5b:
42:c5:78:4b:b4:41:cd:92:1a:ed:d7:62:f8:1b:9e:65:86:19:
4d:ed:7f:c1:04:16:c3:2d:60:22:bc:a1:b0:9e:a1:d1:45:95:
fe:21:50:a4:3b:2f:2d:41:8c:0e:52:aa:d0:86:5e:56:6b:b8:
84:c0:ce:7c:2b:3b:3d:ad:60:a6:49:3b:ab:c3:b3:e6:91:5f:
b0:a4:a1:67:06:e7:c5:88:22:ec:17:1e:a0:4c:45:b4:3b:34:
a9:da:04:bd:f4:13:53:f9:dc:17:fe:1e:ea:8e:e7:c8:79:de:
ac:20:7a:63:67:97:ab:28:6b:77:8b:38:71:5d:46:d8:c4:60:
a9:6b:47:e4:64:55:ad:f0:2d:c5:f7:71:a4:2c:f7:85:0c:7e:
c1:1f:b6:cc:27:76:29:5c:ae:20:ee:a5:70:40:c7:ef:88:25:
ab:0f:06:29:2b:6f:17:9b:0f:8f:b0:6c:5c:59:72:c7:50:96:
e6:f7:d6:59:73:f0:c3:55:c7:88:ba:fb:0d:fb:3c:e8:9f:ab:
36:a6:3c:0c:fb:53:44:34:6b:24:c4:27:60:b4:d9:b9:4a:e2:
b5:ad:23:e9:f8:b6:79:a5:74:9b:68:ab:0b:59:80:7b:6f:49:
6b:5a:89:11
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZozRrWGePk9FKnBFxD5Db/vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjUxMDMwMDQwMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGQzMjU5MmEwNGVlNjhhMGU5NWU1ZDI5ZGY3ZjEzZGI0ZDdhNjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTpn4eUabOTpLCxM7tnQnc4LDSIU
d7AFLhrwTXb7s790sP7ue6Uiglve32ZrDUbGABGOSgoDldZFvFB0RDEXfArNzAyC
B5uZeXslskUp0Wr0NRu5Hg6SrE0qQsSTICjlU4nAcBmzWoZbtiU0q5CfoeyfUCcg
22j0/QB6r42A9u5muAkU0L2s7Drvs2NJoRB6AZPUN+vwWu5/cr8kJGj0Di4+Tk9x
oRX4Td6M0cTzt5lCBZicBUZ10r3CQhiNl5iK/a1pMpXUd9a9EIir0oUlhAuDSNIR
wgjMj0br16gSe835BSqjf4LSrejvdvY7ZIQxgev0I9wH8yaYtp5lkjIwVQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGDTJZKgTuaKDpXl0p338T2016YPMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvWU5NbGtxQk81b29PbGVYU25mZnhQYlRYcGc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAaBAIAATAUAwQBn/40MAwD
BAOf/mgDBAOf/nAwGgQCAAIwFDASAwcAKgPuwDcBAwcAKgPuwDcEMA0GCSqGSIb3
DQEBCwUAA4IBAQACZuDPhMjfdUEb36CsBnkxV1tCxXhLtEHNkhrt12L4G55lhhlN
7X/BBBbDLWAivKGwnqHRRZX+IVCkOy8tQYwOUqrQhl5Wa7iEwM58Kzs9rWCmSTur
w7PmkV+wpKFnBufFiCLsFx6gTEW0OzSp2gS99BNT+dwX/h7qjufIed6sIHpjZ5er
KGt3izhxXUbYxGCpa0fkZFWt8C3F93GkLPeFDH7BH7bMJ3YpXK4g7qVwQMfviCWr
DwYpK28Xmw+PsGxcWXLHUJbm99ZZc/DDVceIuvsN+zzon6s2pjwM+1NENGskxCdg
tNm5SuK1rSPp+LZ5pXSbaKsLWYB7b0lrWokR
-----END CERTIFICATE-----
Generated at Mon Nov 3 21:51:01 2025 by rpki-client