Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/YStL0HC2iupvMB3K_nzQ1mY2mqA.roa
File: YStL0HC2iupvMB3K_nzQ1mY2mqA.roa (raw, json)
Hash identifier: WukKHdtA8Ogh36RPRpLQPR04BbShXxNlIo1JfOr0Q7A=
Subject key identifier: 61:2B:4B:D0:70:B6:8A:EA:6F:30:1D:CA:FE:7C:D0:D6:66:36:9A:A0
Certificate issuer: /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial: 0198F0C6AA1D8B8EA079B9A457B7143A2826
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/YStL0HC2iupvMB3K_nzQ1mY2mqA.roa
Signing time: Thu 28 Aug 2025 13:03:28 +0000
ROA not before: Thu 28 Aug 2025 13:03:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43877
IP address blocks: 87.99.77.0/24 maxlen: 24
195.245.194.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 10 Sep 2025 21:45:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:f0:c6:aa:1d:8b:8e:a0:79:b9:a4:57:b7:14:3a:28:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Validity
Not Before: Aug 28 13:03:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=612b4bd070b68aea6f301dcafe7cd0d666369aa0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:1b:5f:52:3c:72:48:13:b9:c5:30:95:c9:e7:
92:ba:dd:e7:5c:c8:fd:4d:a1:70:85:1e:85:13:ad:
05:4b:a6:5f:6c:58:50:17:01:e2:8f:82:1a:1f:df:
e9:b4:37:39:02:7c:93:d2:d3:8b:c0:03:81:63:29:
c5:37:d0:19:10:64:e0:93:08:1e:56:e6:24:1b:f5:
46:8b:ec:a9:ef:17:5f:0d:e5:f8:43:8f:3a:e3:2c:
a1:d0:fe:eb:94:15:a5:40:a6:25:62:66:29:e2:ed:
66:c1:16:b8:f6:4d:b7:d2:06:2f:08:58:6c:44:1e:
a7:20:4c:dd:80:61:f2:d1:b9:76:45:a7:70:85:b4:
56:87:85:ea:fe:f2:33:88:5e:fb:67:ff:f8:a9:b0:
8d:97:9e:33:bb:82:17:e6:a5:e4:10:32:fc:5a:7d:
d9:c5:bc:9e:6b:22:be:35:14:6d:2f:f5:9d:94:74:
c1:0c:5e:d2:55:82:54:63:05:8a:cf:43:a2:fa:3b:
d6:98:29:6f:f1:e1:5c:b9:2c:76:c4:78:80:09:b3:
50:76:d2:b6:20:8e:f9:8f:38:8e:68:db:b8:35:b1:
6d:fd:1f:a1:7b:f0:a2:84:54:60:10:df:52:f2:61:
fc:50:9c:a4:6f:b2:17:01:48:4f:67:65:3b:a9:27:
fd:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:2B:4B:D0:70:B6:8A:EA:6F:30:1D:CA:FE:7C:D0:D6:66:36:9A:A0
X509v3 Authority Key Identifier:
keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/YStL0HC2iupvMB3K_nzQ1mY2mqA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.99.77.0/24
195.245.194.0/24
Signature Algorithm: sha256WithRSAEncryption
69:46:dc:67:04:f0:16:d3:86:4c:18:c7:4f:4b:71:0d:f6:cf:
3a:b5:ea:91:b6:7e:f4:d8:66:74:4f:78:2f:d3:12:cc:a6:5d:
5f:60:9f:80:e8:ed:8c:88:43:b2:c9:ba:a3:13:8d:8f:0e:21:
3a:da:43:34:33:89:80:ee:5b:4c:ab:4d:f1:45:7e:6d:84:c2:
3d:15:e7:94:b2:c1:18:3c:49:93:2b:7e:c5:6e:bf:78:bf:42:
8d:de:6b:2b:b9:59:21:a0:ee:29:c1:b8:30:88:fb:d1:dd:c0:
c7:5c:79:3b:e8:2b:08:f3:48:7b:dc:b6:5c:7b:11:05:71:6a:
64:b3:06:af:80:f5:e9:2d:c5:d5:ff:76:28:94:54:b9:5d:18:
f5:c4:4a:25:bc:77:aa:ec:2d:7e:7f:35:ee:3c:27:68:a9:91:
49:12:d8:d2:68:b9:80:29:72:e8:8e:3b:30:32:5d:2b:c2:2e:
22:6d:7c:4a:30:c8:98:80:c9:85:a2:66:1a:ce:4e:05:e1:32:
ec:e3:e3:8f:bb:c3:c6:57:02:ac:bf:a9:1d:66:39:8c:0d:71:
0d:44:e4:8f:62:57:7a:9c:2a:a1:55:88:49:d9:95:ea:ce:d3:
fa:75:db:d0:45:1f:d3:9f:82:0c:d5:12:7f:66:5a:71:8d:b2:
07:41:5d:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjwxqodi46gebmkV7cUOigmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUwODI4MTMwMzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTJiNGJkMDcwYjY4YWVhNmYzMDFkY2FmZTdjZDBkNjY2MzY5YWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5htfUjxySBO5xTCVyeeSut3nXMj9
TaFwhR6FE60FS6ZfbFhQFwHij4IaH9/ptDc5AnyT0tOLwAOBYynFN9AZEGTgkwge
VuYkG/VGi+yp7xdfDeX4Q4864yyh0P7rlBWlQKYlYmYp4u1mwRa49k230gYvCFhs
RB6nIEzdgGHy0bl2RadwhbRWh4Xq/vIziF77Z//4qbCNl54zu4IX5qXkEDL8Wn3Z
xbyeayK+NRRtL/WdlHTBDF7SVYJUYwWKz0Oi+jvWmClv8eFcuSx2xHiACbNQdtK2
II75jziOaNu4NbFt/R+he/CihFRgEN9S8mH8UJykb7IXAUhPZ2U7qSf90wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGErS9BwtorqbzAdyv580NZmNpqgMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvWVN0TDBIQzJpdXB2TUIzS19uelExbVkybXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV2NNAwQA
w/XCMA0GCSqGSIb3DQEBCwUAA4IBAQBpRtxnBPAW04ZMGMdPS3EN9s86teqRtn70
2GZ0T3gv0xLMpl1fYJ+A6O2MiEOyybqjE42PDiE62kM0M4mA7ltMq03xRX5thMI9
FeeUssEYPEmTK37Fbr94v0KN3msruVkhoO4pwbgwiPvR3cDHXHk76CsI80h73LZc
exEFcWpkswavgPXpLcXV/3YolFS5XRj1xEolvHeq7C1+fzXuPCdoqZFJEtjSaLmA
KXLojjswMl0rwi4ibXxKMMiYgMmFomYazk4F4TLs4+OPu8PGVwKsv6kdZjmMDXEN
ROSPYld6nCqhVYhJ2ZXqztP6ddvQRR/Tn4IM1RJ/ZlpxjbIHQV1M
-----END CERTIFICATE-----
Generated at Wed Sep 10 06:54:01 2025 by rpki-client