Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/1c49eb-4dda-44ef-bf04-ec00e1a27cc8/1/lyYoYFNGC2A9WNKCueXrm4mkRZo.roa
File: lyYoYFNGC2A9WNKCueXrm4mkRZo.roa (raw, json)
Hash identifier: IZrpJH4Ut/OiG1jPgHzsJ5IYnAXiTXDkQvi3YTSJS9g=
Subject key identifier: 97:26:28:60:53:46:0B:60:3D:58:D2:82:B9:E5:EB:9B:89:A4:45:9A
Certificate issuer: /CN=421cba589920beebb19bc572ae6d501b8cf6bbf0
Certificate serial: 0199F0B357A1A16B47E43AECC5CD1E74AF3D
Authority key identifier: 42:1C:BA:58:99:20:BE:EB:B1:9B:C5:72:AE:6D:50:1B:8C:F6:BB:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Qhy6WJkgvuuxm8Vyrm1QG4z2u_A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/1c49eb-4dda-44ef-bf04-ec00e1a27cc8/1/lyYoYFNGC2A9WNKCueXrm4mkRZo.roa
Signing time: Fri 17 Oct 2025 05:45:09 +0000
ROA not before: Fri 17 Oct 2025 05:45:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214790
IP address blocks: 185.37.8.0/24 maxlen: 24
194.117.88.0/24 maxlen: 24
2a10:c943::/32 maxlen: 32
2a10:c943:100::/48 maxlen: 48
2a10:c943:200::/48 maxlen: 48
2a10:c944::/32 maxlen: 32
2a10:c944:100::/48 maxlen: 48
2a10:c944:321::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0f/1c49eb-4dda-44ef-bf04-ec00e1a27cc8/1/Qhy6WJkgvuuxm8Vyrm1QG4z2u_A.crl
rsync://rpki.ripe.net/repository/DEFAULT/0f/1c49eb-4dda-44ef-bf04-ec00e1a27cc8/1/Qhy6WJkgvuuxm8Vyrm1QG4z2u_A.mft
rsync://rpki.ripe.net/repository/DEFAULT/Qhy6WJkgvuuxm8Vyrm1QG4z2u_A.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:f0:b3:57:a1:a1:6b:47:e4:3a:ec:c5:cd:1e:74:af:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=421cba589920beebb19bc572ae6d501b8cf6bbf0
Validity
Not Before: Oct 17 05:45:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9726286053460b603d58d282b9e5eb9b89a4459a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:57:49:b9:60:5c:53:49:cb:91:7e:51:10:6b:
c2:ce:bc:8b:8a:3a:6c:f0:ea:94:0f:ce:37:d9:b8:
48:d7:92:d1:19:84:88:c7:66:15:4b:da:89:e6:ef:
83:ec:56:51:bc:0d:86:ce:d4:a3:87:61:71:eb:83:
21:26:c9:61:5e:6d:53:bd:dd:8c:ba:8d:ba:3b:fc:
33:24:c5:fe:93:9c:36:aa:82:93:2c:36:2a:ec:8b:
07:6b:a3:a5:98:aa:f3:15:b2:c3:98:d5:91:3e:c0:
a0:ad:89:ce:b0:26:74:46:4f:85:0b:4e:0c:0e:ef:
51:dc:5a:c2:ae:93:d3:2e:60:7c:f3:ab:88:0c:6f:
f4:0f:e2:c4:a2:cd:3f:ef:d5:1a:3d:37:e6:da:84:
74:88:58:7e:95:ce:d0:93:23:cc:80:a2:74:ce:8b:
71:c5:95:59:74:55:f6:35:d3:91:40:95:a3:6d:50:
32:15:ae:70:de:78:79:cb:8e:38:25:f3:1e:71:2e:
57:f9:69:e1:5e:f6:0f:39:29:74:ba:f8:e5:fe:21:
28:9b:79:1c:d5:41:4d:dc:9c:75:b5:2b:bf:99:91:
2b:68:1c:c6:4e:12:8f:e8:89:f2:a5:93:26:04:52:
1e:fa:3e:db:97:dd:2b:f0:3b:e2:8b:26:c6:5c:26:
63:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:26:28:60:53:46:0B:60:3D:58:D2:82:B9:E5:EB:9B:89:A4:45:9A
X509v3 Authority Key Identifier:
keyid:42:1C:BA:58:99:20:BE:EB:B1:9B:C5:72:AE:6D:50:1B:8C:F6:BB:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qhy6WJkgvuuxm8Vyrm1QG4z2u_A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/1c49eb-4dda-44ef-bf04-ec00e1a27cc8/1/lyYoYFNGC2A9WNKCueXrm4mkRZo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/1c49eb-4dda-44ef-bf04-ec00e1a27cc8/1/Qhy6WJkgvuuxm8Vyrm1QG4z2u_A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.37.8.0/24
194.117.88.0/24
IPv6:
2a10:c943::-2a10:c944:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
52:fe:45:bf:e7:cb:49:64:30:ac:e0:fe:33:f8:04:f7:f1:83:
a3:36:89:7e:51:c6:79:fb:56:0c:f3:30:55:8a:78:85:40:68:
fe:47:84:06:3a:32:84:7b:7f:f5:4b:13:d9:27:68:d6:55:b5:
0e:7b:55:d8:87:d4:cc:40:24:7b:03:b5:9e:fe:a2:7a:81:d4:
1a:1f:1b:12:2e:64:ff:45:22:64:d2:85:c6:79:7b:eb:1e:df:
c2:a8:37:a9:6c:47:61:9d:0c:59:e9:7f:15:9a:7e:7f:df:80:
15:90:ba:25:37:71:b7:02:bc:31:47:7f:4c:b5:be:81:8d:fc:
d5:68:48:ab:11:8c:af:62:85:c2:8f:2c:9c:b0:0c:68:49:cc:
06:75:4f:b7:03:79:bc:c7:42:06:74:b1:95:d3:8d:a2:40:01:
0e:c9:53:57:2c:17:5a:16:7f:76:61:10:98:87:cf:1d:20:25:
fa:ef:88:37:dc:16:64:f1:ef:27:d5:8a:df:9d:0d:81:a1:93:
05:66:36:2a:29:e7:fa:6c:db:3b:bc:50:7e:b6:94:7b:6d:ca:
eb:06:97:6e:04:af:fc:ac:cb:3b:7c:26:eb:08:28:a5:0b:07:
a6:8a:85:ee:cb:db:88:95:eb:35:69:c5:ed:5b:4f:37:cd:24:
a9:eb:6f:16
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZnws1ehoWtH5Drsxc0edK89MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMWNiYTU4OTkyMGJlZWJiMTliYzU3MmFlNmQ1MDFiOGNm
NmJiZjAwHhcNMjUxMDE3MDU0NTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzI2Mjg2MDUzNDYwYjYwM2Q1OGQyODJiOWU1ZWI5Yjg5YTQ0NTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1dJuWBcU0nLkX5REGvCzryLijps
8OqUD8432bhI15LRGYSIx2YVS9qJ5u+D7FZRvA2GztSjh2Fx64MhJslhXm1Tvd2M
uo26O/wzJMX+k5w2qoKTLDYq7IsHa6OlmKrzFbLDmNWRPsCgrYnOsCZ0Rk+FC04M
Du9R3FrCrpPTLmB886uIDG/0D+LEos0/79UaPTfm2oR0iFh+lc7QkyPMgKJ0zotx
xZVZdFX2NdORQJWjbVAyFa5w3nh5y444JfMecS5X+WnhXvYPOSl0uvjl/iEom3kc
1UFN3Jx1tSu/mZEraBzGThKP6InypZMmBFIe+j7bl90r8DviiybGXCZjgwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJcmKGBTRgtgPVjSgrnl65uJpEWaMB8GA1UdIwQY
MBaAFEIculiZIL7rsZvFcq5tUBuM9rvwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWh5NldKa2d2dXV4bThWeXJtMVFHNHoydV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8xYzQ5ZWItNGRkYS00NGVmLWJmMDQt
ZWMwMGUxYTI3Y2M4LzEvbHlZb1lGTkdDMkE5V05LQ3VlWHJtNG1rUlpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8xYzQ5ZWItNGRkYS00NGVmLWJmMDQtZWMwMGUxYTI3Y2M4
LzEvUWh5NldKa2d2dXV4bThWeXJtMVFHNHoydV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQAuSUIAwQA
wnVYMBYEAgACMBAwDgMFACoQyUMDBQAqEMlEMA0GCSqGSIb3DQEBCwUAA4IBAQBS
/kW/58tJZDCs4P4z+AT38YOjNol+UcZ5+1YM8zBViniFQGj+R4QGOjKEe3/1SxPZ
J2jWVbUOe1XYh9TMQCR7A7We/qJ6gdQaHxsSLmT/RSJk0oXGeXvrHt/CqDepbEdh
nQxZ6X8Vmn5/34AVkLolN3G3ArwxR39Mtb6BjfzVaEirEYyvYoXCjyycsAxoScwG
dU+3A3m8x0IGdLGV042iQAEOyVNXLBdaFn92YRCYh88dICX674g33BZk8e8n1Yrf
nQ2BoZMFZjYqKef6bNs7vFB+tpR7bcrrBpduBK/8rMs7fCbrCCilCwemioXuy9uI
les1acXtW083zSSp628W
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:01:14 2025 by rpki-client