Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/yaQ7VGjAsEQRr3MX_AiuNL7A9jE.roa
File: yaQ7VGjAsEQRr3MX_AiuNL7A9jE.roa (raw, json)
Hash identifier: io+LzSfCXNwPFD3txUCEZ0tHgOdPVC0wYWBLcgYdkFU=
Subject key identifier: C9:A4:3B:54:68:C0:B0:44:11:AF:73:17:FC:08:AE:34:BE:C0:F6:31
Certificate issuer: /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial: 019A1C0F1A9DE4B903E87D2FF6D98A131BE1
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/yaQ7VGjAsEQRr3MX_AiuNL7A9jE.roa
Signing time: Sat 25 Oct 2025 15:49:03 +0000
ROA not before: Sat 25 Oct 2025 15:49:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50670
IP address blocks: 81.21.8.0/22 maxlen: 22
81.21.8.0/24 maxlen: 24
81.21.9.0/24 maxlen: 24
81.21.10.0/24 maxlen: 24
81.21.11.0/24 maxlen: 24
81.21.12.0/24 maxlen: 24
81.21.13.0/24 maxlen: 24
81.21.14.0/24 maxlen: 24
81.21.15.0/24 maxlen: 24
109.237.192.0/20 maxlen: 24
109.237.192.0/24 maxlen: 24
109.237.193.0/24 maxlen: 24
109.237.194.0/24 maxlen: 24
109.237.195.0/24 maxlen: 24
109.237.196.0/24 maxlen: 24
109.237.197.0/24 maxlen: 24
109.237.198.0/24 maxlen: 24
109.237.199.0/24 maxlen: 24
109.237.200.0/24 maxlen: 24
109.237.201.0/24 maxlen: 24
109.237.202.0/24 maxlen: 24
109.237.203.0/24 maxlen: 24
109.237.204.0/24 maxlen: 24
109.237.205.0/24 maxlen: 24
109.237.206.0/24 maxlen: 24
109.237.207.0/24 maxlen: 24
176.241.64.0/21 maxlen: 24
176.241.64.0/24 maxlen: 24
176.241.65.0/24 maxlen: 24
176.241.66.0/24 maxlen: 24
176.241.67.0/24 maxlen: 24
176.241.68.0/24 maxlen: 24
176.241.69.0/24 maxlen: 24
176.241.70.0/24 maxlen: 24
176.241.71.0/24 maxlen: 24
178.20.184.0/21 maxlen: 24
178.20.184.0/24 maxlen: 24
178.20.185.0/24 maxlen: 24
178.20.186.0/24 maxlen: 24
178.20.187.0/24 maxlen: 24
178.20.188.0/24 maxlen: 24
178.20.189.0/24 maxlen: 24
178.20.190.0/24 maxlen: 24
178.20.191.0/24 maxlen: 24
185.51.212.0/22 maxlen: 22
185.51.212.0/24 maxlen: 24
185.51.213.0/24 maxlen: 24
185.51.214.0/24 maxlen: 24
185.51.215.0/24 maxlen: 24
185.193.176.0/22 maxlen: 22
185.193.176.0/24 maxlen: 24
185.193.177.0/24 maxlen: 24
185.193.178.0/24 maxlen: 24
185.193.179.0/24 maxlen: 24
2a01:1d0::/29 maxlen: 29
2a01:1d0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 04 Nov 2025 12:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:1c:0f:1a:9d:e4:b9:03:e8:7d:2f:f6:d9:8a:13:1b:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
Validity
Not Before: Oct 25 15:49:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c9a43b5468c0b04411af7317fc08ae34bec0f631
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:31:f1:d6:38:81:51:8a:5c:e1:86:b7:2d:4a:
68:82:21:07:68:d1:4d:88:f8:4d:6a:e3:8b:fd:17:
87:90:26:2a:60:58:89:24:ac:8e:0d:f4:fe:f1:04:
d1:df:7b:29:06:41:5c:e7:e1:95:03:da:a3:da:bc:
42:5b:4f:6e:5d:06:0a:ea:51:33:2e:50:5d:c1:94:
c3:07:81:37:0e:73:31:af:fc:0a:54:f9:14:78:e4:
79:59:10:68:bb:a4:86:f5:21:02:55:b6:ce:35:ea:
5a:09:b4:c0:7c:29:a9:92:18:bf:00:71:8f:e1:44:
7a:37:7a:10:05:bf:89:c1:ba:6b:d7:61:0b:6b:46:
80:37:37:1c:31:05:61:46:60:c1:55:65:3d:78:7b:
59:54:1c:b6:79:bf:c7:d9:e1:94:93:e7:68:af:b2:
0b:ee:c5:32:e1:19:4c:fd:4b:4b:7d:f5:ff:cb:20:
f4:60:72:04:7c:75:ce:0e:c7:75:ce:5a:67:3c:a8:
f6:91:0b:5c:13:31:e9:93:a7:1e:98:1c:7d:fd:c5:
6f:ea:b3:51:09:1d:0d:8f:dc:a4:fd:51:90:9f:31:
86:46:16:d7:21:c3:c4:84:96:c2:dd:07:61:5e:73:
74:90:a1:d8:9c:02:d0:74:ad:85:21:4e:3a:92:35:
e1:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:A4:3B:54:68:C0:B0:44:11:AF:73:17:FC:08:AE:34:BE:C0:F6:31
X509v3 Authority Key Identifier:
keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/yaQ7VGjAsEQRr3MX_AiuNL7A9jE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.8.0/21
109.237.192.0/20
176.241.64.0/21
178.20.184.0/21
185.51.212.0/22
185.193.176.0/22
IPv6:
2a01:1d0::/29
Signature Algorithm: sha256WithRSAEncryption
b7:60:e1:cf:52:f9:57:c8:e0:fa:77:dd:af:a8:da:08:35:8a:
e8:c4:e3:38:10:26:73:bb:64:5c:89:2b:d6:84:6c:d2:fc:24:
d9:34:47:e7:33:d4:4f:6a:1a:e9:5c:9f:51:c2:a5:63:42:66:
d9:82:f0:87:e4:1b:0e:a1:78:f7:66:db:35:1f:70:da:0a:0f:
1d:09:a7:b9:56:8e:d3:56:5b:2d:0b:55:7b:56:1a:5b:38:91:
33:32:bb:53:23:da:f1:aa:6a:9b:07:32:47:c3:d7:e3:a0:c9:
a9:ea:85:a4:e6:10:e2:b1:4e:61:49:be:7c:c7:7b:a6:53:92:
de:5f:13:84:bb:68:7d:ff:29:5e:a6:3b:74:34:dc:05:98:e4:
a8:76:4d:5c:0e:ed:18:0d:6e:39:e1:4c:58:5d:00:78:12:4e:
f1:3d:20:bd:51:14:3f:60:6b:ce:0a:cd:a4:bc:0f:ff:9e:d0:
b8:be:4b:ee:3d:f3:c4:41:20:eb:b9:d8:02:70:6f:05:58:50:
33:0b:9d:7e:07:49:0d:69:c4:1f:06:97:9e:4f:3e:f6:5e:dd:
6f:19:3e:52:ed:74:96:83:90:91:dc:1f:51:65:0a:70:3b:0a:
00:e6:b3:5a:2e:cb:03:5b:45:09:f1:a1:e9:4d:be:b7:75:ae:
b2:a7:15:ac
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZocDxqd5LkD6H0v9tmKExvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUxMDI1MTU0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWE0M2I1NDY4YzBiMDQ0MTFhZjczMTdmYzA4YWUzNGJlYzBmNjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzHx1jiBUYpc4Ya3LUpogiEHaNFN
iPhNauOL/ReHkCYqYFiJJKyODfT+8QTR33spBkFc5+GVA9qj2rxCW09uXQYK6lEz
LlBdwZTDB4E3DnMxr/wKVPkUeOR5WRBou6SG9SECVbbONepaCbTAfCmpkhi/AHGP
4UR6N3oQBb+Jwbpr12ELa0aANzccMQVhRmDBVWU9eHtZVBy2eb/H2eGUk+dor7IL
7sUy4RlM/UtLffX/yyD0YHIEfHXODsd1zlpnPKj2kQtcEzHpk6cemBx9/cVv6rNR
CR0Nj9yk/VGQnzGGRhbXIcPEhJbC3QdhXnN0kKHYnALQdK2FIU46kjXhPwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFMmkO1RowLBEEa9zF/wIrjS+wPYxMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEveWFRN1ZHakFzRVFScjNNWF9BaXVOTDdBOWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDURUIAwQE
be3AAwQDsPFAAwQDshS4AwQCuTPUAwQCucGwMA0EAgACMAcDBQMqAQHQMA0GCSqG
SIb3DQEBCwUAA4IBAQC3YOHPUvlXyOD6d92vqNoINYroxOM4ECZzu2RciSvWhGzS
/CTZNEfnM9RPahrpXJ9RwqVjQmbZgvCH5BsOoXj3Zts1H3DaCg8dCae5Vo7TVlst
C1V7VhpbOJEzMrtTI9rxqmqbBzJHw9fjoMmp6oWk5hDisU5hSb58x3umU5LeXxOE
u2h9/ylepjt0NNwFmOSodk1cDu0YDW454UxYXQB4Ek7xPSC9URQ/YGvOCs2kvA//
ntC4vkvuPfPEQSDrudgCcG8FWFAzC51+B0kNacQfBpeeTz72Xt1vGT5S7XSWg5CR
3B9RZQpwOwoA5rNaLssDW0UJ8aHpTb63da6ypxWs
-----END CERTIFICATE-----
Generated at Mon Nov 3 18:09:43 2025 by rpki-client