Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/y1GZakxfDMhnYM67WFZnbI1Fq_U.roa
File: y1GZakxfDMhnYM67WFZnbI1Fq_U.roa (raw, json)
Hash identifier: eZDK423BIvAOmlVY8pkzRU1DP2iw+/7YQMIXGyKvPFY=
Subject key identifier: CB:51:99:6A:4C:5F:0C:C8:67:60:CE:BB:58:56:67:6C:8D:45:AB:F5
Certificate issuer: /CN=cfd6e161dcfb7b72775149d435b79ba9d56d1417
Certificate serial: 019A53775DEB47096FB752C6CA35EC5FD00A
Authority key identifier: CF:D6:E1:61:DC:FB:7B:72:77:51:49:D4:35:B7:9B:A9:D5:6D:14:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z9bhYdz7e3J3UUnUNbebqdVtFBc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/y1GZakxfDMhnYM67WFZnbI1Fq_U.roa
Signing time: Wed 05 Nov 2025 10:02:03 +0000
ROA not before: Wed 05 Nov 2025 10:02:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2856
IP address blocks: 5.80.0.0/15 maxlen: 15
5.81.0.0/16 maxlen: 16
31.48.0.0/13 maxlen: 13
62.6.0.0/16 maxlen: 16
62.7.0.0/16 maxlen: 16
62.172.0.0/16 maxlen: 16
81.128.0.0/11 maxlen: 11
81.128.0.0/12 maxlen: 12
86.128.0.0/10 maxlen: 10
86.128.0.0/11 maxlen: 11
86.128.0.0/12 maxlen: 12
109.144.0.0/12 maxlen: 12
185.93.168.0/22 maxlen: 22
192.12.73.0/24 maxlen: 24
193.37.160.0/20 maxlen: 20
194.72.0.0/14 maxlen: 14
194.79.48.0/22 maxlen: 22
195.171.0.0/16 maxlen: 16
212.82.0.0/19 maxlen: 19
213.120.0.0/14 maxlen: 14
217.32.0.0/12 maxlen: 12
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/z9bhYdz7e3J3UUnUNbebqdVtFBc.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/z9bhYdz7e3J3UUnUNbebqdVtFBc.mft
rsync://rpki.ripe.net/repository/DEFAULT/z9bhYdz7e3J3UUnUNbebqdVtFBc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 19:00:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:53:77:5d:eb:47:09:6f:b7:52:c6:ca:35:ec:5f:d0:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfd6e161dcfb7b72775149d435b79ba9d56d1417
Validity
Not Before: Nov 5 10:02:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cb51996a4c5f0cc86760cebb5856676c8d45abf5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:ab:21:4e:3a:5b:13:4f:72:ef:88:c6:0d:aa:
35:42:63:b6:f3:39:aa:a4:bb:c5:d9:30:70:d9:3c:
df:17:45:0a:58:c7:01:99:4f:35:fb:ff:57:d4:c2:
cf:a4:ec:7b:ff:6c:87:d5:d9:d5:52:5f:8b:0b:23:
70:d2:96:60:5b:8e:2b:16:d9:bd:55:c9:0e:4e:8d:
a5:88:b9:70:52:22:51:16:3d:28:3b:fb:38:04:d0:
c4:49:98:3d:6f:df:55:76:e5:d5:e4:86:9c:01:0d:
8c:6b:b9:75:1c:3b:41:fb:51:c5:5c:cc:b3:3f:56:
76:61:0d:ff:1b:29:e8:82:01:50:aa:be:1a:0b:3c:
6d:0a:9f:a4:66:bc:ce:60:78:42:b4:94:62:13:26:
ae:1b:55:cf:e9:9a:36:79:88:8b:15:af:00:95:17:
db:a3:11:6f:4b:09:86:66:77:ea:a1:5b:34:9d:84:
46:c9:81:78:ed:ec:b3:79:61:4a:87:26:c6:41:b5:
96:cd:79:44:8c:da:9b:92:d5:8b:e3:61:51:7a:58:
c1:bb:a1:0c:e9:df:4c:a0:18:13:ab:a3:8c:78:cf:
55:ad:9b:a0:7a:98:92:87:42:ae:04:31:cf:04:05:
2a:3e:22:c1:18:ae:c4:ab:6a:c4:8d:54:c6:60:07:
9e:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:51:99:6A:4C:5F:0C:C8:67:60:CE:BB:58:56:67:6C:8D:45:AB:F5
X509v3 Authority Key Identifier:
keyid:CF:D6:E1:61:DC:FB:7B:72:77:51:49:D4:35:B7:9B:A9:D5:6D:14:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z9bhYdz7e3J3UUnUNbebqdVtFBc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/y1GZakxfDMhnYM67WFZnbI1Fq_U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/852140-a27f-449b-b5ff-223742ee4375/1/z9bhYdz7e3J3UUnUNbebqdVtFBc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.80.0.0/15
31.48.0.0/13
62.6.0.0/15
62.172.0.0/16
81.128.0.0/11
86.128.0.0/10
109.144.0.0/12
185.93.168.0/22
192.12.73.0/24
193.37.160.0/20
194.72.0.0/14
194.79.48.0/22
195.171.0.0/16
212.82.0.0/19
213.120.0.0/14
217.32.0.0/12
Signature Algorithm: sha256WithRSAEncryption
27:cc:f5:d2:61:d1:6d:56:e1:f4:41:6a:82:65:60:7e:2a:1f:
3e:74:07:20:86:00:77:d0:81:36:c1:1e:8d:30:fc:31:e1:fa:
f8:b3:c9:c9:1e:ae:3c:81:53:ee:31:2c:59:a3:1a:67:19:79:
a0:40:94:14:80:c6:60:b4:8e:c6:ef:0d:8e:92:65:40:e1:15:
24:cd:cf:28:bf:1d:e2:2f:4c:2d:d8:ee:3b:14:9f:f5:59:60:
25:de:c3:6d:4f:b1:0c:cf:6d:7d:29:9b:f9:98:d8:3b:05:37:
7e:a3:d1:fe:66:85:a4:c6:03:f3:db:0b:91:1f:72:8a:1f:f5:
ac:60:be:7a:ae:78:70:0e:7e:30:76:5d:bf:18:2d:39:1b:a6:
87:b7:1a:88:88:52:f4:5d:ab:7a:f1:00:9b:4d:a8:df:39:e2:
4e:3b:ca:83:e4:ff:13:a3:c5:03:35:09:9e:06:be:07:24:e3:
18:9e:4b:a4:4a:15:47:18:bd:4a:5d:d7:b9:83:16:78:15:81:
d4:ec:e9:35:64:1b:91:a0:b2:6a:53:af:dc:92:52:7e:93:7b:
f1:c8:53:f5:ff:37:c3:bc:39:1e:00:29:51:c7:6e:d0:9a:51:
8d:66:13:7f:18:91:ff:a6:e0:30:f4:a9:4a:d2:98:3c:43:6f:
8f:c4:5a:d7
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAZpTd13rRwlvt1LGyjXsX9AKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZDZlMTYxZGNmYjdiNzI3NzUxNDlkNDM1Yjc5YmE5ZDU2
ZDE0MTcwHhcNMjUxMTA1MTAwMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjUxOTk2YTRjNWYwY2M4Njc2MGNlYmI1ODU2Njc2YzhkNDVhYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqshTjpbE09y74jGDao1QmO28zmq
pLvF2TBw2TzfF0UKWMcBmU81+/9X1MLPpOx7/2yH1dnVUl+LCyNw0pZgW44rFtm9
VckOTo2liLlwUiJRFj0oO/s4BNDESZg9b99VduXV5IacAQ2Ma7l1HDtB+1HFXMyz
P1Z2YQ3/GynoggFQqr4aCzxtCp+kZrzOYHhCtJRiEyauG1XP6Zo2eYiLFa8AlRfb
oxFvSwmGZnfqoVs0nYRGyYF47eyzeWFKhybGQbWWzXlEjNqbktWL42FReljBu6EM
6d9MoBgTq6OMeM9VrZugepiSh0KuBDHPBAUqPiLBGK7Eq2rEjVTGYAeeDwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFMtRmWpMXwzIZ2DOu1hWZ2yNRav1MB8GA1UdIwQY
MBaAFM/W4WHc+3tyd1FJ1DW3m6nVbRQXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejliaFlkejdlM0ozVVVuVU5iZWJxZFZ0RkJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS84NTIxNDAtYTI3Zi00NDliLWI1ZmYt
MjIzNzQyZWU0Mzc1LzEveTFHWmFreGZETWhuWU02N1dGWm5iSTFGcV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS84NTIxNDAtYTI3Zi00NDliLWI1ZmYtMjIzNzQyZWU0Mzc1
LzEvejliaFlkejdlM0ozVVVuVU5iZWJxZFZ0RkJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBbBAIAATBVAwMBBVADAwMf
MAMDAT4GAwMAPqwDAwVRgAMDBlaAAwMEbZADBAK5XagDBADADEkDBATBJaADAwLC
SAMEAsJPMAMDAMOrAwQF1FIAAwMC1XgDAwTZIDANBgkqhkiG9w0BAQsFAAOCAQEA
J8z10mHRbVbh9EFqgmVgfiofPnQHIIYAd9CBNsEejTD8MeH6+LPJyR6uPIFT7jEs
WaMaZxl5oECUFIDGYLSOxu8NjpJlQOEVJM3PKL8d4i9MLdjuOxSf9VlgJd7DbU+x
DM9tfSmb+ZjYOwU3fqPR/maFpMYD89sLkR9yih/1rGC+eq54cA5+MHZdvxgtORum
h7caiIhS9F2revEAm02o3zniTjvKg+T/E6PFAzUJnga+ByTjGJ5LpEoVRxi9Sl3X
uYMWeBWB1OzpNWQbkaCyalOv3JJSfpN78chT9f83w7w5HgApUcdu0JpRjWYTfxiR
/6bgMPSpStKYPENvj8Ra1w==
-----END CERTIFICATE-----
Generated at Thu Nov 6 03:00:43 2025 by rpki-client