Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/LypcCnsjIYXK3ly5y0ZTusXUd-8.roa
File: LypcCnsjIYXK3ly5y0ZTusXUd-8.roa (raw, json)
Hash identifier: vs16L07TptJdGwReeM/nBjnrLdh8KQKHxx0qkIGyQYc=
Subject key identifier: 2F:2A:5C:0A:7B:23:21:85:CA:DE:5C:B9:CB:46:53:BA:C5:D4:77:EF
Certificate issuer: /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial: 01997A68AAD78BC254B29747922C0C756700
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/LypcCnsjIYXK3ly5y0ZTusXUd-8.roa
Signing time: Wed 24 Sep 2025 06:28:23 +0000
ROA not before: Wed 24 Sep 2025 06:28:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 63023
IP address blocks: 5.8.18.0/24 maxlen: 24
5.101.81.0/24 maxlen: 24
5.101.82.0/24 maxlen: 24
5.101.83.0/24 maxlen: 24
5.101.84.0/24 maxlen: 24
5.101.85.0/24 maxlen: 24
46.161.0.0/24 maxlen: 24
146.185.233.0/24 maxlen: 24
146.185.239.0/24 maxlen: 24
193.93.192.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:7a:68:aa:d7:8b:c2:54:b2:97:47:92:2c:0c:75:67:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Validity
Not Before: Sep 24 06:28:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2f2a5c0a7b232185cade5cb9cb4653bac5d477ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:ac:10:6f:ca:d9:c7:b3:ec:40:d8:fd:dc:70:
40:d4:0a:89:f6:5e:b5:4a:69:cd:f0:42:43:e9:af:
00:c9:66:5a:9c:f0:1c:c4:87:56:dd:3d:7a:4b:df:
3f:a6:e6:c5:3f:04:5d:d9:4c:fd:42:a1:a6:d9:ed:
3a:8d:0f:b2:f6:59:04:3c:d4:61:6d:bd:06:fb:36:
da:39:8c:36:cd:ae:06:75:65:24:e2:21:7c:c1:f8:
1b:be:4a:b9:d9:2e:49:62:41:5f:ef:f4:24:79:37:
57:31:06:0b:d3:f3:d9:47:66:b9:15:27:9b:95:4a:
3c:43:fe:28:1f:f5:65:80:21:00:ed:d1:30:22:0a:
50:c4:9d:58:bd:74:dc:d5:ab:36:44:e4:32:e9:74:
40:32:1d:e7:c1:c6:b2:5d:4d:cf:2b:34:d8:f2:c5:
80:1e:40:d0:5d:70:dc:20:b5:68:ae:c6:a8:23:f2:
e2:ea:43:15:35:1f:6d:a7:49:13:a2:00:23:3d:56:
df:40:69:a1:e4:41:36:d9:a8:f9:d9:42:31:e9:bf:
fe:b5:98:17:57:36:9a:0e:93:86:e2:4d:07:78:de:
ce:86:37:e9:82:ec:e1:84:9b:47:09:35:16:a3:74:
38:16:98:f7:51:5e:0c:f2:97:8c:91:e9:74:a6:64:
10:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:2A:5C:0A:7B:23:21:85:CA:DE:5C:B9:CB:46:53:BA:C5:D4:77:EF
X509v3 Authority Key Identifier:
keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/LypcCnsjIYXK3ly5y0ZTusXUd-8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.8.18.0/24
5.101.81.0-5.101.85.255
46.161.0.0/24
146.185.233.0/24
146.185.239.0/24
193.93.192.0/24
Signature Algorithm: sha256WithRSAEncryption
64:1c:b8:33:e7:e9:be:7a:a6:41:77:32:e1:07:91:c6:8c:c6:
e1:22:00:08:70:63:fb:01:4b:0e:fb:85:22:f3:f7:2d:d0:53:
db:48:67:43:75:fe:23:85:48:d6:66:e3:8f:63:76:00:7d:23:
16:fe:4b:e2:08:3f:c3:2a:0a:53:f4:f7:3d:87:ba:df:9a:0e:
40:ee:e7:78:0f:1b:a4:c4:62:a3:1e:e7:74:a1:f5:09:82:09:
38:31:be:38:c1:b5:d8:21:47:cd:7d:90:62:b9:cc:b5:0e:00:
d1:95:f2:02:f2:69:10:2b:25:6e:82:29:5e:9b:02:6f:b4:d2:
c2:bf:34:8d:98:eb:c3:34:98:5d:75:d0:30:cd:4b:0e:36:0d:
50:b1:9f:83:fd:6b:d6:03:fb:51:80:27:d3:f5:97:43:6a:28:
7b:8d:1d:4d:3e:fc:63:b4:28:1d:e9:d6:6d:f5:07:38:20:a1:
be:1b:83:b7:e0:62:22:77:b4:e0:82:d9:c2:2e:8a:e6:6d:56:
34:7d:b9:b7:42:c7:ae:17:6a:10:ac:ac:8c:e0:b1:35:76:46:
ef:86:7f:aa:fd:80:75:73:40:f4:03:8c:c6:bd:c9:71:3f:20:
b2:f1:f1:0d:e5:fd:25:9c:a7:a8:c8:27:53:3c:ff:59:0e:22:
92:be:c4:c2
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZl6aKrXi8JUspdHkiwMdWcAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwOTI0MDYyODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjJhNWMwYTdiMjMyMTg1Y2FkZTVjYjljYjQ2NTNiYWM1ZDQ3N2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KwQb8rZx7PsQNj93HBA1AqJ9l61
SmnN8EJD6a8AyWZanPAcxIdW3T16S98/pubFPwRd2Uz9QqGm2e06jQ+y9lkEPNRh
bb0G+zbaOYw2za4GdWUk4iF8wfgbvkq52S5JYkFf7/QkeTdXMQYL0/PZR2a5FSeb
lUo8Q/4oH/VlgCEA7dEwIgpQxJ1YvXTc1as2ROQy6XRAMh3nwcayXU3PKzTY8sWA
HkDQXXDcILVorsaoI/Li6kMVNR9tp0kTogAjPVbfQGmh5EE22aj52UIx6b/+tZgX
VzaaDpOG4k0HeN7OhjfpguzhhJtHCTUWo3Q4Fpj3UV4M8peMkel0pmQQ1wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFC8qXAp7IyGFyt5cuctGU7rF1HfvMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvTHlwY0Nuc2pJWVhLM2x5NXkwWlR1c1hVZC04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQABQgSMAwD
BAAFZVEDBAEFZVQDBAAuoQADBACSuekDBACSue8DBADBXcAwDQYJKoZIhvcNAQEL
BQADggEBAGQcuDPn6b56pkF3MuEHkcaMxuEiAAhwY/sBSw77hSLz9y3QU9tIZ0N1
/iOFSNZm449jdgB9Ixb+S+IIP8MqClP09z2Hut+aDkDu53gPG6TEYqMe53Sh9QmC
CTgxvjjBtdghR819kGK5zLUOANGV8gLyaRArJW6CKV6bAm+00sK/NI2Y68M0mF11
0DDNSw42DVCxn4P9a9YD+1GAJ9P1l0NqKHuNHU0+/GO0KB3p1m31Bzggob4bg7fg
YiJ3tOCC2cIuiuZtVjR9ubdCx64XahCsrIzgsTV2Ru+Gf6r9gHVzQPQDjMa9yXE/
ILLx8Q3l/SWcp6jIJ1M8/1kOIpK+xMI=
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:22:54 2025 by rpki-client