Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/yLgXC3_uku3HNIHAaDHjvP1nyXU.roa
File: yLgXC3_uku3HNIHAaDHjvP1nyXU.roa (raw, json)
Hash identifier: XSDpWRFQBPxl1G5fsYQst0Sn+gxOi/ccmGw4k68hqt4=
Subject key identifier: C8:B8:17:0B:7F:EE:92:ED:C7:34:81:C0:68:31:E3:BC:FD:67:C9:75
Certificate issuer: /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial: 019A15D35678A1DF57FEB0348ED0FDC83797
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/yLgXC3_uku3HNIHAaDHjvP1nyXU.roa
Signing time: Fri 24 Oct 2025 10:46:03 +0000
ROA not before: Fri 24 Oct 2025 10:46:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 63023
IP address blocks: 170.168.61.0/24 maxlen: 24
170.168.62.0/24 maxlen: 24
170.168.89.0/24 maxlen: 24
170.168.90.0/24 maxlen: 24
170.168.103.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 26 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:15:d3:56:78:a1:df:57:fe:b0:34:8e:d0:fd:c8:37:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Validity
Not Before: Oct 24 10:46:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c8b8170b7fee92edc73481c06831e3bcfd67c975
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:75:a0:73:2b:ef:05:ac:3b:f7:ca:c7:81:73:
5a:d4:c3:34:69:a7:95:f4:c8:23:8e:6b:35:88:ec:
24:69:33:99:b0:3f:96:0f:be:a0:56:bd:7f:67:e6:
6e:e1:29:22:7c:55:8c:5c:01:00:66:91:1e:47:36:
bc:42:6a:d8:cb:10:3d:f2:ee:54:78:45:6d:4f:7c:
69:08:24:c5:cd:5c:96:c3:c9:34:89:60:56:0b:16:
f9:9a:ef:63:d2:4f:bb:4b:22:9b:09:f2:f4:c2:ba:
70:a4:fb:2a:d0:85:30:50:f9:4e:86:77:11:aa:33:
8b:17:02:65:34:a6:7d:c8:c7:07:d2:58:ff:d3:52:
a6:1f:bd:c1:57:f9:6b:fe:71:5c:9e:70:b7:f1:be:
0f:a2:75:2e:4e:e5:f2:15:50:e5:f1:29:12:e0:f3:
65:6b:7b:5c:ab:2d:21:b4:82:84:df:97:dc:b2:51:
5b:51:74:62:f0:f8:d3:49:21:44:20:ff:0a:df:ce:
19:88:d7:5c:02:11:a5:7c:7e:3e:30:ae:12:fe:e1:
3b:46:18:f9:74:70:a5:c9:3c:18:5a:3d:4d:5d:95:
fa:2d:d6:f2:9f:ce:b1:8a:63:1c:7b:19:2c:f7:94:
a7:ae:16:d5:b1:4b:16:e2:51:4f:9b:ca:c1:b2:09:
04:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:B8:17:0B:7F:EE:92:ED:C7:34:81:C0:68:31:E3:BC:FD:67:C9:75
X509v3 Authority Key Identifier:
keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/yLgXC3_uku3HNIHAaDHjvP1nyXU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
170.168.61.0-170.168.62.255
170.168.89.0-170.168.90.255
170.168.103.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:b0:9e:2c:1e:03:ff:dd:58:7d:7c:e2:8d:c6:7f:e0:0f:2c:
da:8e:30:e2:c2:0a:cd:66:78:24:b0:0f:61:44:05:28:9a:0a:
f9:b5:e2:1a:e2:00:36:82:d3:26:40:de:dc:ad:eb:ff:48:f1:
20:f8:09:3c:4e:bb:62:e0:51:33:92:ee:9b:7a:3e:76:ca:fe:
0e:26:b3:d0:c4:2d:0e:9d:4f:c7:db:ad:97:6b:58:fe:f8:aa:
07:d9:85:5a:bc:35:04:6c:c6:3f:f4:cd:4a:9b:20:3a:e6:cb:
4c:0f:63:f5:a2:a1:c8:e0:17:66:84:47:06:8e:1f:d1:c9:a9:
d3:1d:8e:a6:d9:8a:cf:77:96:97:bd:33:95:be:fd:cf:d6:fd:
44:38:a9:94:70:7a:18:4b:50:08:5e:28:8f:ca:5b:2e:13:87:
95:51:a1:ed:79:bb:67:99:b0:09:6d:c2:7e:e1:ee:8e:c6:e8:
0a:a4:34:70:67:8b:0c:13:d9:3c:72:36:8c:ca:3b:bb:1a:17:
d0:4a:8b:37:68:bf:8c:73:7a:50:92:24:11:c3:9d:e1:27:11:
53:f3:81:83:e4:09:7f:fc:80:90:f0:b2:13:17:50:93:f5:c8:
ce:f3:d6:48:6b:c4:2b:5f:af:6b:2a:53:0b:4c:2f:f2:ff:ac:
ec:59:73:18
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZoV01Z4od9X/rA0jtD9yDeXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUxMDI0MTA0NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGI4MTcwYjdmZWU5MmVkYzczNDgxYzA2ODMxZTNiY2ZkNjdjOTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHWgcyvvBaw798rHgXNa1MM0aaeV
9Mgjjms1iOwkaTOZsD+WD76gVr1/Z+Zu4SkifFWMXAEAZpEeRza8QmrYyxA98u5U
eEVtT3xpCCTFzVyWw8k0iWBWCxb5mu9j0k+7SyKbCfL0wrpwpPsq0IUwUPlOhncR
qjOLFwJlNKZ9yMcH0lj/01KmH73BV/lr/nFcnnC38b4PonUuTuXyFVDl8SkS4PNl
a3tcqy0htIKE35fcslFbUXRi8PjTSSFEIP8K384ZiNdcAhGlfH4+MK4S/uE7Rhj5
dHClyTwYWj1NXZX6Ldbyn86ximMcexks95SnrhbVsUsW4lFPm8rBsgkEjQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFMi4Fwt/7pLtxzSBwGgx47z9Z8l1MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEveUxnWEMzX3VrdTNITklIQWFESGp2UDFueVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBACqqD0D
BACqqD4wDAMEAKqoWQMEAKqoWgMEAKqoZzANBgkqhkiG9w0BAQsFAAOCAQEAirCe
LB4D/91YfXzijcZ/4A8s2o4w4sIKzWZ4JLAPYUQFKJoK+bXiGuIANoLTJkDe3K3r
/0jxIPgJPE67YuBRM5Lum3o+dsr+Diaz0MQtDp1Px9utl2tY/viqB9mFWrw1BGzG
P/TNSpsgOubLTA9j9aKhyOAXZoRHBo4f0cmp0x2OptmKz3eWl70zlb79z9b9RDip
lHB6GEtQCF4oj8pbLhOHlVGh7Xm7Z5mwCW3CfuHujsboCqQ0cGeLDBPZPHI2jMo7
uxoX0EqLN2i/jHN6UJIkEcOd4ScRU/OBg+QJf/yAkPCyExdQk/XIzvPWSGvEK1+v
aypTC0wv8v+s7FlzGA==
-----END CERTIFICATE-----
Generated at Sat Oct 25 09:40:00 2025 by rpki-client