Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/VqIWjBWlYBceSFr-zqKzJgNUIvM.roa
File: VqIWjBWlYBceSFr-zqKzJgNUIvM.roa (raw, json)
Hash identifier: Goyl+zMBt9K8bsmInK/tMhspP8k2k8ODxJhJDONQhxk=
Subject key identifier: 56:A2:16:8C:15:A5:60:17:1E:48:5A:FE:CE:A2:B3:26:03:54:22:F3
Certificate issuer: /CN=61fbd8887da84471318d83884ac005f01b44fd49
Certificate serial: 01991958576269432755B375B1D0760342AB
Authority key identifier: 61:FB:D8:88:7D:A8:44:71:31:8D:83:88:4A:C0:05:F0:1B:44:FD:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/VqIWjBWlYBceSFr-zqKzJgNUIvM.roa
Signing time: Fri 05 Sep 2025 10:07:23 +0000
ROA not before: Fri 05 Sep 2025 10:07:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203412
IP address blocks: 79.142.36.0/24 maxlen: 24
79.142.44.0/22 maxlen: 22
185.125.172.0/22 maxlen: 22
2a07:f00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/YfvYiH2oRHExjYOISsAF8BtE_Uk.crl
rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/YfvYiH2oRHExjYOISsAF8BtE_Uk.mft
rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 01:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:19:58:57:62:69:43:27:55:b3:75:b1:d0:76:03:42:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61fbd8887da84471318d83884ac005f01b44fd49
Validity
Not Before: Sep 5 10:07:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=56a2168c15a560171e485afecea2b326035422f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:78:ec:4e:88:0d:f8:e3:11:f6:12:2d:d8:82:
ef:79:ec:bc:33:44:b7:69:56:ee:51:46:45:19:72:
2c:fb:f9:54:d8:d8:3e:c8:1f:66:64:31:cf:f0:2b:
00:6e:1f:24:ac:d7:e0:af:d7:90:ac:07:77:d3:d4:
04:ec:61:8d:f7:43:46:97:de:a1:95:ee:03:d5:53:
cc:9d:b5:81:65:00:78:e4:88:08:91:03:69:f9:3e:
22:06:64:24:71:0b:ba:e9:22:59:2d:43:00:6f:00:
cf:bf:f9:8c:e6:d4:87:d0:f5:b5:73:68:66:70:90:
25:0b:ab:be:ea:b4:25:d7:97:35:5e:d7:e1:19:49:
a8:1c:aa:6d:61:ee:b2:79:71:6f:e1:8d:c2:d0:ca:
cb:76:7b:1c:8a:18:07:a6:49:98:66:74:ef:50:00:
20:37:df:4d:6f:8b:f5:5a:75:db:95:30:ee:2e:66:
33:f5:8b:35:6f:56:f6:f7:35:40:35:5e:c3:56:18:
d1:a7:2e:d9:84:6c:8a:0d:ba:6b:19:90:45:71:30:
98:d2:bc:00:63:51:f0:1b:76:60:2b:fa:9b:01:ac:
23:76:31:7d:fe:65:a5:ce:7d:b0:e6:6a:3a:7e:2a:
b3:9d:1d:a7:9f:c7:e6:46:50:1a:7e:a4:27:96:02:
1c:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:A2:16:8C:15:A5:60:17:1E:48:5A:FE:CE:A2:B3:26:03:54:22:F3
X509v3 Authority Key Identifier:
keyid:61:FB:D8:88:7D:A8:44:71:31:8D:83:88:4A:C0:05:F0:1B:44:FD:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/VqIWjBWlYBceSFr-zqKzJgNUIvM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/YfvYiH2oRHExjYOISsAF8BtE_Uk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.142.36.0/24
79.142.44.0/22
185.125.172.0/22
IPv6:
2a07:f00::/29
Signature Algorithm: sha256WithRSAEncryption
1a:8c:16:f7:74:57:15:97:cd:a9:1a:35:df:09:02:37:7c:58:
51:f2:0c:e5:72:12:26:4c:b7:f2:88:09:39:fb:70:cc:37:ae:
90:66:c7:b5:1c:2f:71:8d:f9:2e:28:2f:21:7f:7b:d7:e3:f2:
3e:5b:56:31:d9:ef:9c:ad:a4:65:5a:a2:c4:6f:5d:f1:5f:e7:
58:bc:05:13:1f:90:28:22:5f:01:97:67:32:72:01:9b:df:9d:
35:ce:99:b8:aa:f9:1c:59:e9:a7:38:e9:36:7a:1b:93:d9:70:
50:71:3a:cd:bb:68:fc:d7:a8:95:bd:b7:27:1d:3a:e6:25:63:
f8:a4:08:ae:6b:8a:44:65:ab:90:72:c0:00:dd:63:6f:d5:eb:
08:c1:fa:3a:f9:65:ce:a1:76:e1:d1:fb:90:97:07:a8:3e:76:
ad:b6:e9:f5:e9:79:8d:2f:58:77:da:46:c0:0b:14:00:71:7a:
77:39:fa:91:83:a0:fe:28:43:bd:86:ab:cb:e2:3d:7b:76:7f:
9e:bc:c2:93:b2:41:8e:fb:b5:23:6f:01:2a:7f:30:e8:31:f4:
9b:86:28:e1:2f:7a:55:ef:11:e6:87:b3:57:d3:ae:d6:30:a1:
e1:cc:b5:12:71:55:0b:89:c1:59:19:1b:0a:c6:67:6b:66:73:
ab:e7:2e:cb
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZkZWFdiaUMnVbN1sdB2A0KrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZmJkODg4N2RhODQ0NzEzMThkODM4ODRhYzAwNWYwMWI0
NGZkNDkwHhcNMjUwOTA1MTAwNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmEyMTY4YzE1YTU2MDE3MWU0ODVhZmVjZWEyYjMyNjAzNTQyMmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHjsTogN+OMR9hIt2ILveey8M0S3
aVbuUUZFGXIs+/lU2Ng+yB9mZDHP8CsAbh8krNfgr9eQrAd309QE7GGN90NGl96h
le4D1VPMnbWBZQB45IgIkQNp+T4iBmQkcQu66SJZLUMAbwDPv/mM5tSH0PW1c2hm
cJAlC6u+6rQl15c1XtfhGUmoHKptYe6yeXFv4Y3C0MrLdnscihgHpkmYZnTvUAAg
N99Nb4v1WnXblTDuLmYz9Ys1b1b29zVANV7DVhjRpy7ZhGyKDbprGZBFcTCY0rwA
Y1HwG3ZgK/qbAawjdjF9/mWlzn2w5mo6fiqznR2nn8fmRlAafqQnlgIcNwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFFaiFowVpWAXHkha/s6isyYDVCLzMB8GA1UdIwQY
MBaAFGH72Ih9qERxMY2DiErABfAbRP1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWZ2WWlIMm9SSEV4allPSVNzQUY4QnRFX1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8wY2U1NjktYWI4ZS00NzEyLTk0OWEt
Y2VjOWUxN2Y1MDRiLzEvVnFJV2pCV2xZQmNlU0ZyLXpxS3pKZ05VSXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8wY2U1NjktYWI4ZS00NzEyLTk0OWEtY2VjOWUxN2Y1MDRi
LzEvWWZ2WWlIMm9SSEV4allPSVNzQUY4QnRFX1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAT44kAwQC
T44sAwQCuX2sMA0EAgACMAcDBQMqBw8AMA0GCSqGSIb3DQEBCwUAA4IBAQAajBb3
dFcVl82pGjXfCQI3fFhR8gzlchImTLfyiAk5+3DMN66QZse1HC9xjfkuKC8hf3vX
4/I+W1Yx2e+craRlWqLEb13xX+dYvAUTH5AoIl8Bl2cycgGb3501zpm4qvkcWemn
OOk2ehuT2XBQcTrNu2j816iVvbcnHTrmJWP4pAiua4pEZauQcsAA3WNv1esIwfo6
+WXOoXbh0fuQlweoPnattun16XmNL1h32kbACxQAcXp3OfqRg6D+KEO9hqvL4j17
dn+evMKTskGO+7UjbwEqfzDoMfSbhijhL3pV7xHmh7NX067WMKHhzLUScVULicFZ
GRsKxmdrZnOr5y7L
-----END CERTIFICATE-----
Generated at Mon Sep 8 08:35:05 2025 by rpki-client