Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/LYrINpBkGiqMBKci7kDEkT4clMM.roa
File: LYrINpBkGiqMBKci7kDEkT4clMM.roa (raw, json)
Hash identifier: rpmajg0c6Lkm2tGH4aWf1gD3QwFb6C9vHxZey3xWrlo=
Subject key identifier: 2D:8A:C8:36:90:64:1A:2A:8C:04:A7:22:EE:40:C4:91:3E:1C:94:C3
Certificate issuer: /CN=420387c94134d9a08ffd32630967703adc582b6c
Certificate serial: 0198E5D4F3ADF0BD293019CBE65ABBC596AE
Authority key identifier: 42:03:87:C9:41:34:D9:A0:8F:FD:32:63:09:67:70:3A:DC:58:2B:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QgOHyUE02aCP_TJjCWdwOtxYK2w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/LYrINpBkGiqMBKci7kDEkT4clMM.roa
Signing time: Tue 26 Aug 2025 10:03:15 +0000
ROA not before: Tue 26 Aug 2025 10:03:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200918
IP address blocks: 185.186.36.0/24 maxlen: 24
185.186.37.0/24 maxlen: 24
185.186.38.0/24 maxlen: 24
185.186.39.0/24 maxlen: 24
2a06:bfc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/QgOHyUE02aCP_TJjCWdwOtxYK2w.crl
rsync://rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/QgOHyUE02aCP_TJjCWdwOtxYK2w.mft
rsync://rpki.ripe.net/repository/DEFAULT/QgOHyUE02aCP_TJjCWdwOtxYK2w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 11 Sep 2025 01:02:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:e5:d4:f3:ad:f0:bd:29:30:19:cb:e6:5a:bb:c5:96:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=420387c94134d9a08ffd32630967703adc582b6c
Validity
Not Before: Aug 26 10:03:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2d8ac83690641a2a8c04a722ee40c4913e1c94c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:c2:00:b2:66:a4:a5:03:33:4b:aa:02:4b:22:
eb:b9:33:a2:3e:5f:61:6b:ca:fe:f0:c6:e8:9a:16:
a8:a2:a1:a8:f3:f6:41:0e:14:0f:e6:bf:e0:ab:05:
f7:79:13:9b:17:fe:ee:7b:2c:86:b2:52:b6:95:e0:
f7:6d:ba:f3:b5:11:8f:0d:65:32:6e:25:0d:ad:b7:
5d:8c:69:06:87:42:21:0b:b8:15:42:45:60:36:e1:
3c:34:7f:03:8c:5b:30:c3:69:c2:c8:aa:e5:69:a3:
23:a0:28:17:8a:e4:27:27:78:ba:da:60:7d:74:f7:
b8:8b:58:e3:41:fe:f0:04:ee:89:dc:21:2d:45:c7:
8c:2b:f6:2f:df:ee:4d:6c:75:2c:44:4f:5b:2a:62:
d8:82:32:37:3a:31:73:94:8b:05:47:82:12:bd:19:
8f:ee:63:6c:c1:b8:77:28:b2:69:1b:6a:b8:16:dd:
82:9a:c5:39:0a:f5:a0:78:15:8b:81:c8:36:83:02:
fe:56:ee:e0:24:b2:74:ba:d1:9e:84:29:ab:30:78:
e3:56:86:d5:bd:92:a4:5d:a4:72:87:5c:a6:ec:88:
00:d0:a1:c6:b3:66:ce:f8:a9:09:73:7f:80:ec:96:
77:54:76:66:3c:ce:cd:d1:a8:6c:03:7e:e0:6d:10:
1c:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:8A:C8:36:90:64:1A:2A:8C:04:A7:22:EE:40:C4:91:3E:1C:94:C3
X509v3 Authority Key Identifier:
keyid:42:03:87:C9:41:34:D9:A0:8F:FD:32:63:09:67:70:3A:DC:58:2B:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QgOHyUE02aCP_TJjCWdwOtxYK2w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/LYrINpBkGiqMBKci7kDEkT4clMM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a38a87-0159-490e-b69c-376f4b4d9da6/1/QgOHyUE02aCP_TJjCWdwOtxYK2w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.186.36.0/22
IPv6:
2a06:bfc0::/29
Signature Algorithm: sha256WithRSAEncryption
53:9a:d3:eb:a9:ca:71:f0:ad:81:f0:36:80:c9:76:9f:d0:21:
c4:97:13:df:3a:24:a4:15:49:b1:c2:7f:77:e2:58:4d:2f:38:
7b:81:c4:0b:25:9a:83:66:ef:e9:c6:4a:83:78:59:16:c2:52:
12:cf:a8:9b:58:b3:5c:3b:39:fa:ea:9b:fa:a8:d8:8f:49:80:
16:de:c6:9f:d6:8d:fe:59:2c:14:85:87:32:6f:c2:f2:aa:bd:
50:ec:b5:64:73:4a:8d:a1:89:81:66:8e:e2:2a:65:5d:2b:e9:
8a:27:44:75:27:76:94:d5:9b:72:b4:63:38:25:c7:53:b6:a0:
32:bf:2e:6c:65:a3:82:1e:3b:02:f7:3e:52:e2:96:f4:95:e2:
67:bc:8e:46:eb:70:6d:e7:c1:be:a4:aa:e8:02:02:11:dc:32:
d8:22:1d:28:90:08:de:5b:a7:a1:5d:c4:b0:a0:21:9d:18:bd:
b5:85:b3:bf:cc:81:88:f7:27:d8:7c:33:07:ed:67:dc:fd:6e:
d5:ef:ea:43:15:3e:c0:4f:90:9b:68:f7:d7:52:05:30:92:70:
32:77:88:21:96:68:e1:fc:06:0e:bb:33:ce:5f:8e:0a:31:ee:
98:de:c0:8a:6b:fc:a9:78:96:8f:78:63:26:50:9d:57:40:30:
dd:8a:43:d9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZjl1POt8L0pMBnL5lq7xZauMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMDM4N2M5NDEzNGQ5YTA4ZmZkMzI2MzA5Njc3MDNhZGM1
ODJiNmMwHhcNMjUwODI2MTAwMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDhhYzgzNjkwNjQxYTJhOGMwNGE3MjJlZTQwYzQ5MTNlMWM5NGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcIAsmakpQMzS6oCSyLruTOiPl9h
a8r+8MbomhaooqGo8/ZBDhQP5r/gqwX3eRObF/7ueyyGslK2leD3bbrztRGPDWUy
biUNrbddjGkGh0IhC7gVQkVgNuE8NH8DjFsww2nCyKrlaaMjoCgXiuQnJ3i62mB9
dPe4i1jjQf7wBO6J3CEtRceMK/Yv3+5NbHUsRE9bKmLYgjI3OjFzlIsFR4ISvRmP
7mNswbh3KLJpG2q4Ft2CmsU5CvWgeBWLgcg2gwL+Vu7gJLJ0utGehCmrMHjjVobV
vZKkXaRyh1ym7IgA0KHGs2bO+KkJc3+A7JZ3VHZmPM7N0ahsA37gbRAcCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC2KyDaQZBoqjASnIu5AxJE+HJTDMB8GA1UdIwQY
MBaAFEIDh8lBNNmgj/0yYwlncDrcWCtsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWdPSHlVRTAyYUNQX1RKakNXZHdPdHhZSzJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9hMzhhODctMDE1OS00OTBlLWI2OWMt
Mzc2ZjRiNGQ5ZGE2LzEvTFlySU5wQmtHaXFNQktjaTdrREVrVDRjbE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9hMzhhODctMDE1OS00OTBlLWI2OWMtMzc2ZjRiNGQ5ZGE2
LzEvUWdPSHlVRTAyYUNQX1RKakNXZHdPdHhZSzJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubokMA0E
AgACMAcDBQMqBr/AMA0GCSqGSIb3DQEBCwUAA4IBAQBTmtPrqcpx8K2B8DaAyXaf
0CHElxPfOiSkFUmxwn934lhNLzh7gcQLJZqDZu/pxkqDeFkWwlISz6ibWLNcOzn6
6pv6qNiPSYAW3saf1o3+WSwUhYcyb8Lyqr1Q7LVkc0qNoYmBZo7iKmVdK+mKJ0R1
J3aU1ZtytGM4JcdTtqAyvy5sZaOCHjsC9z5S4pb0leJnvI5G63Bt58G+pKroAgIR
3DLYIh0okAjeW6ehXcSwoCGdGL21hbO/zIGI9yfYfDMH7Wfc/W7V7+pDFT7AT5Cb
aPfXUgUwknAyd4ghlmjh/AYOuzPOX44KMe6Y3sCKa/ypeJaPeGMmUJ1XQDDdikPZ
-----END CERTIFICATE-----
Generated at Wed Sep 10 09:07:13 2025 by rpki-client