Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/ykW5ULPwORPge7AHkkCo1mHBpUA.roa
File: ykW5ULPwORPge7AHkkCo1mHBpUA.roa (raw, json)
Hash identifier: Ct05VSnDaAgri5P22k5xDAwGDSLOykmk0IoiObwkPWI=
Subject key identifier: CA:45:B9:50:B3:F0:39:13:E0:7B:B0:07:92:40:A8:D6:61:C1:A5:40
Certificate issuer: /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial: 0199287D997B9F7FD4D41AE1D74B78D2E0CD
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/ykW5ULPwORPge7AHkkCo1mHBpUA.roa
Signing time: Mon 08 Sep 2025 08:42:23 +0000
ROA not before: Mon 08 Sep 2025 08:42:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 47376
IP address blocks: 91.222.196.0/24 maxlen: 24
91.222.197.0/24 maxlen: 24
103.215.220.0/22 maxlen: 22
103.215.220.0/24 maxlen: 24
103.215.221.0/24 maxlen: 24
103.215.223.0/24 maxlen: 24
185.221.239.0/24 maxlen: 24
195.28.11.0/24 maxlen: 24
195.234.191.0/24 maxlen: 24
195.238.231.0/24 maxlen: 24
195.238.240.0/24 maxlen: 24
195.238.247.0/24 maxlen: 24
2a05:63c0::/29 maxlen: 29
2a05:63c0::/30 maxlen: 30
2a05:63c0::/48 maxlen: 48
2a0f:c040::/29 maxlen: 29
2a10:ef04:1001::/48 maxlen: 48
2a10:ef04:1002::/48 maxlen: 48
2a10:ef04:1003::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 05:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:28:7d:99:7b:9f:7f:d4:d4:1a:e1:d7:4b:78:d2:e0:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
Validity
Not Before: Sep 8 08:42:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ca45b950b3f03913e07bb0079240a8d661c1a540
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:ad:11:7d:d0:4e:67:70:7b:e2:a2:ed:e5:10:
aa:b2:b8:e4:b9:c1:0d:34:a8:3d:66:e2:ad:74:e6:
ca:83:3d:83:05:3f:2f:95:38:38:93:21:be:9a:72:
43:1d:b4:7b:de:12:cb:7d:0f:96:04:a4:4f:69:c9:
e1:af:69:bb:c7:cf:3d:cf:f2:d5:ea:24:ff:71:bc:
34:9f:fa:47:1d:72:6f:a0:be:e1:07:29:fb:67:2a:
24:b1:f0:16:a2:66:2f:ed:f1:3c:a3:fa:a1:fc:a3:
97:2d:7e:75:0a:a1:00:a9:3a:da:8e:2c:bd:a7:da:
6c:15:6c:73:4d:76:e5:bd:62:cd:1c:8c:dd:0e:87:
55:27:c3:9d:eb:3b:c8:a3:0b:0b:a5:cb:00:f2:b4:
9b:39:63:99:47:b8:32:e0:52:d1:47:e5:bd:f6:c2:
9d:95:80:ee:ab:4b:2c:c9:46:81:07:d6:16:f8:bc:
42:72:19:2f:50:bd:5f:1a:c1:c3:65:68:e4:f3:eb:
3e:a2:10:60:16:88:92:ba:14:9d:64:82:4d:ee:ad:
b6:d3:94:3a:47:d4:7d:26:8b:1c:3e:1d:45:6f:07:
93:71:8d:2c:77:1d:be:9c:44:7b:32:86:21:fb:ac:
a6:4a:be:b5:bf:89:f7:ab:1a:7c:7d:e9:5b:a1:ec:
1e:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:45:B9:50:B3:F0:39:13:E0:7B:B0:07:92:40:A8:D6:61:C1:A5:40
X509v3 Authority Key Identifier:
keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/ykW5ULPwORPge7AHkkCo1mHBpUA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.222.196.0/23
103.215.220.0/22
185.221.239.0/24
195.28.11.0/24
195.234.191.0/24
195.238.231.0/24
195.238.240.0/24
195.238.247.0/24
IPv6:
2a05:63c0::/29
2a0f:c040::/29
2a10:ef04:1001::-2a10:ef04:1003:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
55:70:40:32:32:7d:48:02:39:77:f3:21:29:05:0c:57:f9:76:
57:32:c4:2f:73:9f:e5:22:08:d0:20:37:95:1a:57:c0:fb:2d:
11:8c:bf:1f:dd:50:25:a3:d3:b7:93:02:8b:b9:95:98:f8:18:
c7:0b:af:fd:bf:cb:05:cd:b1:4d:97:53:4d:15:21:80:d6:15:
7c:4d:05:ba:34:dd:08:55:ad:e1:26:49:fc:98:6a:8a:28:0d:
8d:84:0e:23:e9:66:2c:7c:7c:d1:a1:ea:b2:91:e2:96:ae:0f:
b7:2c:74:2e:81:c6:02:3a:9c:cb:42:6e:ee:92:f9:57:40:0b:
08:a1:f5:10:32:63:43:2f:ba:fa:91:e1:ec:a6:37:42:de:4b:
60:56:e3:8c:b3:ff:ff:61:fc:f2:fa:07:28:87:2e:79:e7:39:
55:a2:b3:ea:47:3c:5d:a5:4a:33:ea:9e:52:bc:45:4b:fb:21:
30:a9:6c:a5:b1:f1:20:70:c9:9a:53:e5:0d:e7:ed:12:f8:a6:
f0:d1:14:be:3e:23:39:82:2b:7d:a5:89:68:bd:34:8c:da:c2:
c6:39:0b:1b:3e:0a:ec:97:34:6d:71:45:de:7d:b4:d3:19:f7:
a3:9f:3c:9c:c2:70:a6:04:85:aa:53:e5:db:d5:01:eb:2f:15:
ff:e6:0d:84
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZkofZl7n3/U1Brh10t40uDNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjUwOTA4MDg0MjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQ1Yjk1MGIzZjAzOTEzZTA3YmIwMDc5MjQwYThkNjYxYzFhNTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyq0RfdBOZ3B74qLt5RCqsrjkucEN
NKg9ZuKtdObKgz2DBT8vlTg4kyG+mnJDHbR73hLLfQ+WBKRPacnhr2m7x889z/LV
6iT/cbw0n/pHHXJvoL7hByn7ZyoksfAWomYv7fE8o/qh/KOXLX51CqEAqTrajiy9
p9psFWxzTXblvWLNHIzdDodVJ8Od6zvIowsLpcsA8rSbOWOZR7gy4FLRR+W99sKd
lYDuq0ssyUaBB9YW+LxCchkvUL1fGsHDZWjk8+s+ohBgFoiSuhSdZIJN7q2205Q6
R9R9JoscPh1FbweTcY0sdx2+nER7MoYh+6ymSr61v4n3qxp8felboeweFwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFMpFuVCz8DkT4HuwB5JAqNZhwaVAMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEveWtXNVVMUHdPUlBnZTdBSGtrQ28xbUhCcFVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjA2BAIAATAwAwQBW97EAwQC
Z9fcAwQAud3vAwQAwxwLAwQAw+q/AwQAw+7nAwQAw+7wAwQAw+73MCgEAgACMCID
BQMqBWPAAwUDKg/AQDASAwcAKhDvBBABAwcCKhDvBBAAMA0GCSqGSIb3DQEBCwUA
A4IBAQBVcEAyMn1IAjl38yEpBQxX+XZXMsQvc5/lIgjQIDeVGlfA+y0RjL8f3VAl
o9O3kwKLuZWY+BjHC6/9v8sFzbFNl1NNFSGA1hV8TQW6NN0IVa3hJkn8mGqKKA2N
hA4j6WYsfHzRoeqykeKWrg+3LHQugcYCOpzLQm7ukvlXQAsIofUQMmNDL7r6keHs
pjdC3ktgVuOMs///Yfzy+gcohy555zlVorPqRzxdpUoz6p5SvEVL+yEwqWylsfEg
cMmaU+UN5+0S+Kbw0RS+PiM5git9pYlovTSM2sLGOQsbPgrslzRtcUXefbTTGfej
nzycwnCmBIWqU+Xb1QHrLxX/5g2E
-----END CERTIFICATE-----
Generated at Wed Sep 10 12:58:37 2025 by rpki-client