Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Y29M1tOVTUW-9516IV1D4UfKzfA.roa
File: Y29M1tOVTUW-9516IV1D4UfKzfA.roa (raw, json)
Hash identifier: 9/2XQCajIXUvlfRUFk7kgZPjnay24f7gz+XQMKh2Zyk=
Subject key identifier: 63:6F:4C:D6:D3:95:4D:45:BE:F7:9D:7A:21:5D:43:E1:47:CA:CD:F0
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019A0532257725BDAD1705697539F9AF0B95
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Y29M1tOVTUW-9516IV1D4UfKzfA.roa
Signing time: Tue 21 Oct 2025 05:16:03 +0000
ROA not before: Tue 21 Oct 2025 05:16:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206766
IP address blocks: 37.202.192.0/24 maxlen: 24
151.244.219.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 12:30:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:05:32:25:77:25:bd:ad:17:05:69:75:39:f9:af:0b:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Oct 21 05:16:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=636f4cd6d3954d45bef79d7a215d43e147cacdf0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:7a:a6:55:b4:6d:50:01:6a:53:84:a5:ff:9e:
30:d0:3e:a4:3b:bf:b3:b0:ab:dd:1d:b5:fc:fb:82:
fe:83:e8:c1:fd:9c:3e:ec:28:b6:6f:4d:27:be:32:
15:74:ca:53:99:dc:0a:b2:38:9c:fe:36:dd:5f:a4:
cf:fb:49:18:d3:90:9c:74:80:2e:8f:1b:13:e1:71:
57:b6:e8:9f:78:3e:3e:3c:90:d7:0b:57:a5:44:90:
31:7b:9e:2f:2d:e1:1c:bd:f4:8d:89:c8:6b:19:6e:
66:9f:0e:d3:80:0f:5e:22:89:11:65:31:3b:a3:78:
86:55:4e:55:a6:9a:c4:a2:e0:0a:d4:37:23:f0:1c:
55:cc:62:ea:5e:6c:ac:51:1e:92:8b:98:ec:73:88:
6c:68:aa:69:dc:28:49:b6:2d:88:89:04:ed:17:c7:
b5:55:67:11:ae:3a:08:39:e8:99:4f:44:30:ff:a5:
81:1d:a2:fc:bc:5a:40:1f:d1:78:7b:43:79:05:20:
8a:b2:3d:c4:9b:83:77:d6:32:10:35:d4:c7:01:3c:
56:dd:90:5f:c9:93:e3:c2:c6:d1:63:0c:c8:b8:58:
1f:c8:88:03:fa:a5:55:29:42:c4:bd:bc:c6:22:cf:
e7:94:75:f2:7a:88:59:7a:16:38:08:23:3e:b6:ed:
ab:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:6F:4C:D6:D3:95:4D:45:BE:F7:9D:7A:21:5D:43:E1:47:CA:CD:F0
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Y29M1tOVTUW-9516IV1D4UfKzfA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.192.0/24
151.244.219.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:9e:7e:1b:60:10:01:3b:15:0f:d5:c9:cc:f6:2d:fb:7a:ef:
1a:53:f6:ee:c1:c6:7e:9c:88:99:6d:08:db:99:7b:82:96:d6:
32:8a:39:1e:7d:3e:03:bb:f6:8c:f6:b5:28:8c:65:79:3c:60:
98:91:cf:b2:93:30:b0:82:da:ea:ab:e5:de:67:8e:f4:7d:4a:
86:d6:32:41:9a:2d:c6:e4:b8:1e:36:12:36:3b:1e:aa:a5:6f:
b1:b1:0d:7c:b7:d9:24:6d:c9:10:eb:5a:1b:ff:69:22:a9:09:
c0:39:96:2c:45:d2:7c:1d:78:75:4a:fe:f4:a0:e3:5f:eb:24:
75:97:3f:dc:6f:d1:ca:04:0e:9c:4c:c5:66:61:72:87:3a:88:
d2:e1:16:bf:8d:9c:a0:40:be:57:29:0a:60:bc:46:30:e7:94:
21:55:99:99:56:d8:35:8d:8b:25:3b:f5:cf:58:1d:e0:8b:dd:
c3:bb:f8:73:9a:f9:f5:0f:ac:01:9c:1c:5d:e2:5e:26:76:df:
16:54:40:f7:db:ff:ac:4d:4c:14:01:89:89:82:e5:3d:f2:df:
24:c7:87:2b:08:a9:de:7c:1c:b5:10:37:2a:cc:2e:fa:59:c3:
e2:81:5f:c3:5c:e3:ba:c9:e7:82:8d:97:9d:e4:d3:1c:21:d1:
53:5e:4e:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoFMiV3Jb2tFwVpdTn5rwuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDIxMDUxNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzZmNGNkNmQzOTU0ZDQ1YmVmNzlkN2EyMTVkNDNlMTQ3Y2FjZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXqmVbRtUAFqU4Sl/54w0D6kO7+z
sKvdHbX8+4L+g+jB/Zw+7Ci2b00nvjIVdMpTmdwKsjic/jbdX6TP+0kY05CcdIAu
jxsT4XFXtuifeD4+PJDXC1elRJAxe54vLeEcvfSNichrGW5mnw7TgA9eIokRZTE7
o3iGVU5VpprEouAK1Dcj8BxVzGLqXmysUR6Si5jsc4hsaKpp3ChJti2IiQTtF8e1
VWcRrjoIOeiZT0Qw/6WBHaL8vFpAH9F4e0N5BSCKsj3Em4N31jIQNdTHATxW3ZBf
yZPjwsbRYwzIuFgfyIgD+qVVKULEvbzGIs/nlHXyeohZehY4CCM+tu2rTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGNvTNbTlU1FvvedeiFdQ+FHys3wMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWTI5TTF0T1ZUVVctOTUxNklWMUQ0VWZLemZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJcrAAwQA
l/TbMA0GCSqGSIb3DQEBCwUAA4IBAQB+nn4bYBABOxUP1cnM9i37eu8aU/buwcZ+
nIiZbQjbmXuCltYyijkefT4Du/aM9rUojGV5PGCYkc+ykzCwgtrqq+XeZ470fUqG
1jJBmi3G5LgeNhI2Ox6qpW+xsQ18t9kkbckQ61ob/2kiqQnAOZYsRdJ8HXh1Sv70
oONf6yR1lz/cb9HKBA6cTMVmYXKHOojS4Ra/jZygQL5XKQpgvEYw55QhVZmZVtg1
jYslO/XPWB3gi93Du/hzmvn1D6wBnBxd4l4mdt8WVED32/+sTUwUAYmJguU98t8k
x4crCKnefBy1EDcqzC76WcPigV/DXOO6yeeCjZed5NMcIdFTXk7Q
-----END CERTIFICATE-----
Generated at Tue Oct 21 18:26:17 2025 by rpki-client