Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/YGSNOkCocvx3kovgnO_-l9-zdRc.roa
File: YGSNOkCocvx3kovgnO_-l9-zdRc.roa (raw, json)
Hash identifier: BK+U8p9wzCoZ1b9hp3xe8wF3PMuEUE1T98uyrS2lHGI=
Subject key identifier: 60:64:8D:3A:40:A8:72:FC:77:92:8B:E0:9C:EF:FE:97:DF:B3:75:17
Certificate issuer: /CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
Certificate serial: 0198E24E13F0C4212575BFE752AABDD2D08F
Authority key identifier: 96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/YGSNOkCocvx3kovgnO_-l9-zdRc.roa
Signing time: Mon 25 Aug 2025 17:37:04 +0000
ROA not before: Mon 25 Aug 2025 17:37:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39855
IP address blocks: 85.203.9.0/24 maxlen: 24
85.203.16.0/24 maxlen: 24
85.203.25.0/24 maxlen: 24
85.203.38.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl
rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.mft
rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 17:17:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:e2:4e:13:f0:c4:21:25:75:bf:e7:52:aa:bd:d2:d0:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
Validity
Not Before: Aug 25 17:37:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=60648d3a40a872fc77928be09ceffe97dfb37517
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:6e:c1:74:70:ba:3b:17:ee:20:49:d4:13:64:
bb:c2:5e:24:4d:c8:92:bd:f3:90:a9:e2:05:07:12:
0f:e8:b2:94:56:48:c3:64:f2:07:de:af:c6:2c:f9:
27:7d:02:fd:c9:c5:b0:95:ec:9d:31:fd:53:07:63:
36:22:a6:c2:c1:7a:a2:ab:fc:1c:1c:90:88:6e:40:
f3:45:08:24:f7:52:62:c9:4a:29:1f:55:ee:d5:1c:
2d:5c:8d:2c:f6:c4:44:32:1d:c5:43:b7:16:8b:19:
c3:9e:ea:73:63:57:4b:65:a7:7c:42:b9:c6:6a:0e:
f6:36:b8:f9:2f:a8:c2:20:34:00:ab:48:c1:ec:f7:
9b:9a:ca:3e:db:d1:19:10:13:89:4b:78:46:71:da:
38:9b:55:91:7e:4c:ec:de:c7:bc:6d:39:f0:21:f4:
f1:8b:c9:a6:ba:8d:f2:38:46:a9:de:c8:7e:7d:19:
63:28:e1:39:d4:0d:c2:d7:43:ae:65:13:18:1a:73:
b4:9c:53:c6:3f:eb:4e:c4:af:c6:7e:6b:c7:96:31:
58:8f:aa:bc:da:bc:f8:d1:34:10:bf:58:b5:12:ab:
9c:ec:fe:f7:ce:fe:51:2c:01:79:f2:c9:b8:8d:f2:
13:74:d9:ae:3d:29:f3:0c:27:f3:e1:7b:71:af:ae:
f2:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:64:8D:3A:40:A8:72:FC:77:92:8B:E0:9C:EF:FE:97:DF:B3:75:17
X509v3 Authority Key Identifier:
keyid:96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/YGSNOkCocvx3kovgnO_-l9-zdRc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.203.9.0/24
85.203.16.0/24
85.203.25.0/24
85.203.38.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:3c:49:8d:7c:6f:2a:22:8f:1e:32:27:16:c4:c5:8d:de:c7:
45:f2:85:af:88:12:18:72:15:5c:bd:46:1a:99:61:86:81:b0:
43:55:8a:00:96:da:59:95:b6:26:c9:ec:28:60:19:a1:e5:d6:
ce:3c:5d:ea:38:12:31:94:ad:64:64:e7:b0:cd:b3:70:f4:df:
cb:85:d7:93:30:75:e2:05:72:37:e5:e4:14:b2:dd:e4:e7:8e:
99:ca:53:23:3e:6a:d1:29:45:af:26:75:d3:09:a9:14:ff:ea:
3d:a0:4e:90:21:da:2c:c6:38:5f:1b:b6:8d:44:70:14:b8:2f:
e1:26:d8:24:1e:d5:98:c3:09:9f:90:fc:cc:b9:e7:d2:04:c7:
7d:de:5e:63:ef:f3:aa:88:c2:f8:3b:7d:9b:1e:d2:82:4f:1a:
4e:43:9b:ea:41:0d:3f:b0:74:1e:6e:39:d8:cb:8b:ec:6b:e9:
fe:56:a8:98:b8:e5:35:ae:e1:64:d0:24:d5:17:49:7f:e6:94:
1f:d4:03:42:c3:02:e4:9b:ce:46:24:78:70:4b:19:66:5d:10:
6c:4b:a5:fe:6a:ad:34:a9:63:5e:51:1a:4c:7f:cf:10:43:82:
2b:fb:80:c2:c1:8d:da:4d:c1:c5:06:b9:f4:f0:e3:d7:32:47:
b7:bf:c6:b4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZjiThPwxCEldb/nUqq90tCPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmJkNzZhNWNhYzI4M2VjZTBhMGY4ZWFiMmM5NzAyMTQw
MWZiODkwHhcNMjUwODI1MTczNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDY0OGQzYTQwYTg3MmZjNzc5MjhiZTA5Y2VmZmU5N2RmYjM3NTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwG7BdHC6OxfuIEnUE2S7wl4kTciS
vfOQqeIFBxIP6LKUVkjDZPIH3q/GLPknfQL9ycWwleydMf1TB2M2IqbCwXqiq/wc
HJCIbkDzRQgk91JiyUopH1Xu1RwtXI0s9sREMh3FQ7cWixnDnupzY1dLZad8QrnG
ag72Nrj5L6jCIDQAq0jB7Pebmso+29EZEBOJS3hGcdo4m1WRfkzs3se8bTnwIfTx
i8mmuo3yOEap3sh+fRljKOE51A3C10OuZRMYGnO0nFPGP+tOxK/GfmvHljFYj6q8
2rz40TQQv1i1Equc7P73zv5RLAF58sm4jfITdNmuPSnzDCfz4Xtxr67yUQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGBkjTpAqHL8d5KL4Jzv/pffs3UXMB8GA1UdIwQY
MBaAFJYr12pcrCg+zgoPjqsslwIUAfuJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMt
NmFiMTExNTVmNmZiLzEvWUdTTk9rQ29jdngza292Z25PXy1sOS16ZFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMtNmFiMTExNTVmNmZi
LzEvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVcsJAwQA
VcsQAwQAVcsZAwQAVcsmMA0GCSqGSIb3DQEBCwUAA4IBAQAtPEmNfG8qIo8eMicW
xMWN3sdF8oWviBIYchVcvUYamWGGgbBDVYoAltpZlbYmyewoYBmh5dbOPF3qOBIx
lK1kZOewzbNw9N/LhdeTMHXiBXI35eQUst3k546ZylMjPmrRKUWvJnXTCakU/+o9
oE6QIdosxjhfG7aNRHAUuC/hJtgkHtWYwwmfkPzMuefSBMd93l5j7/OqiML4O32b
HtKCTxpOQ5vqQQ0/sHQebjnYy4vsa+n+VqiYuOU1ruFk0CTVF0l/5pQf1ANCwwLk
m85GJHhwSxlmXRBsS6X+aq00qWNeURpMf88QQ4Ir+4DCwY3aTcHFBrn08OPXMke3
v8a0
-----END CERTIFICATE-----
Generated at Sat Sep 6 02:38:32 2025 by rpki-client