Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/yyk6Di2XbNlkRGc89Nu-_03BSyA.roa
File: yyk6Di2XbNlkRGc89Nu-_03BSyA.roa (raw, json)
Hash identifier: fjtXv9Ycls9ttlFxVrAfyjqDfoCq3GWEcLByl3LaF+I=
Subject key identifier: CB:29:3A:0E:2D:97:6C:D9:64:44:67:3C:F4:DB:BE:FF:4D:C1:4B:20
Certificate issuer: /CN=123c3de61011de07101e14dc0727395171cb03ab
Certificate serial: 0199C36F0946EC9F867C5AD42FFB67BDB08D
Authority key identifier: 12:3C:3D:E6:10:11:DE:07:10:1E:14:DC:07:27:39:51:71:CB:03:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/yyk6Di2XbNlkRGc89Nu-_03BSyA.roa
Signing time: Wed 08 Oct 2025 10:47:37 +0000
ROA not before: Wed 08 Oct 2025 10:47:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203459
IP address blocks: 185.122.252.0/24 maxlen: 24
185.122.253.0/24 maxlen: 24
185.122.254.0/24 maxlen: 24
185.122.255.0/24 maxlen: 24
185.133.224.0/24 maxlen: 24
185.133.225.0/24 maxlen: 24
185.133.226.0/24 maxlen: 24
185.133.227.0/24 maxlen: 24
2a06:7fc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c3:6f:09:46:ec:9f:86:7c:5a:d4:2f:fb:67:bd:b0:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=123c3de61011de07101e14dc0727395171cb03ab
Validity
Not Before: Oct 8 10:47:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cb293a0e2d976cd96444673cf4dbbeff4dc14b20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:78:d0:e9:e1:e0:cf:fc:b3:75:94:4e:08:60:
4e:65:c0:46:78:20:ff:36:5f:51:e4:45:0a:bb:aa:
4c:61:22:f6:64:06:c9:61:6b:af:34:98:e8:08:5f:
fa:61:c1:c3:99:71:04:4e:a2:6f:fb:88:2d:ba:08:
23:76:89:cc:39:af:23:36:23:d2:2a:8a:fc:d3:ba:
75:0d:08:23:84:10:42:2d:93:20:e8:15:8f:2f:05:
f0:61:24:35:8c:52:86:e2:78:d4:5e:ba:d4:65:1f:
a1:ba:13:11:b4:3b:42:c2:f2:4c:fa:8c:04:00:63:
18:90:bd:00:fb:36:13:4d:91:d5:86:4e:e9:bd:09:
c1:8c:6a:ab:dd:9a:73:8b:45:65:12:a9:e9:88:5b:
60:9f:22:8e:35:43:db:c5:53:34:dc:ba:af:ba:1b:
46:26:8b:b1:aa:c8:78:2d:b7:83:2a:d3:b6:f6:e4:
7a:7d:76:ac:16:ff:35:77:a6:f8:6d:01:8c:fc:03:
0a:62:3e:e5:48:1e:0f:0c:e2:58:cf:db:95:54:fd:
1e:09:ff:ce:9c:9e:7b:ce:9b:4a:67:95:0f:59:7d:
30:e2:e0:d1:bb:d7:f5:6f:59:2b:18:90:1f:c6:e4:
00:23:4c:95:e1:4b:a0:fc:5b:32:eb:fe:fe:a5:f9:
2d:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:29:3A:0E:2D:97:6C:D9:64:44:67:3C:F4:DB:BE:FF:4D:C1:4B:20
X509v3 Authority Key Identifier:
keyid:12:3C:3D:E6:10:11:DE:07:10:1E:14:DC:07:27:39:51:71:CB:03:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/yyk6Di2XbNlkRGc89Nu-_03BSyA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.122.252.0/22
185.133.224.0/22
IPv6:
2a06:7fc0::/29
Signature Algorithm: sha256WithRSAEncryption
3c:ce:93:90:43:e9:e4:5c:c1:c4:e9:73:c8:bd:84:d6:eb:39:
84:d6:01:99:38:06:a8:18:56:12:5c:92:07:a0:e1:eb:82:da:
44:1b:3c:86:d0:e1:35:3d:39:f3:cd:59:30:76:fc:7e:af:c2:
5f:f3:03:38:3d:fc:6f:4a:f6:6e:67:e0:24:ce:a7:14:db:2b:
a6:48:82:87:40:4f:42:80:52:72:29:f4:a2:bc:d7:fd:63:ae:
b9:22:3b:d5:41:2f:33:60:26:04:a1:69:5d:0a:ca:7e:dd:45:
d3:98:a0:88:22:27:f2:79:46:3d:99:65:a0:8f:f7:65:14:1f:
46:b2:63:ba:56:3e:f7:0a:28:a3:82:0e:b6:b1:cd:2c:99:8f:
df:d1:65:c9:aa:b0:3d:6f:8a:98:9d:ca:76:a5:57:d8:cc:4c:
3d:ff:6e:05:57:e8:a2:d2:6f:85:4d:47:1c:7c:bb:e9:98:d7:
46:1d:90:83:ce:5f:22:4d:2d:c6:4f:18:ca:e8:bd:d5:fd:a5:
a9:23:5a:e6:09:8e:e5:ec:eb:d5:4a:d1:0d:39:62:e7:64:a1:
be:30:c3:66:f3:a5:58:ce:db:89:a9:0c:59:f7:6f:80:8f:ae:
99:3c:9e:11:bf:ed:05:d9:2f:72:29:d0:0f:6f:43:d3:dc:d7:
f8:23:e0:a1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZnDbwlG7J+GfFrUL/tnvbCNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyM2MzZGU2MTAxMWRlMDcxMDFlMTRkYzA3MjczOTUxNzFj
YjAzYWIwHhcNMjUxMDA4MTA0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjI5M2EwZTJkOTc2Y2Q5NjQ0NDY3M2NmNGRiYmVmZjRkYzE0YjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHjQ6eHgz/yzdZROCGBOZcBGeCD/
Nl9R5EUKu6pMYSL2ZAbJYWuvNJjoCF/6YcHDmXEETqJv+4gtuggjdonMOa8jNiPS
Kor807p1DQgjhBBCLZMg6BWPLwXwYSQ1jFKG4njUXrrUZR+huhMRtDtCwvJM+owE
AGMYkL0A+zYTTZHVhk7pvQnBjGqr3Zpzi0VlEqnpiFtgnyKONUPbxVM03LqvuhtG
Jouxqsh4LbeDKtO29uR6fXasFv81d6b4bQGM/AMKYj7lSB4PDOJYz9uVVP0eCf/O
nJ57zptKZ5UPWX0w4uDRu9f1b1krGJAfxuQAI0yV4Uug/Fsy6/7+pfktXwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMspOg4tl2zZZERnPPTbvv9NwUsgMB8GA1UdIwQY
MBaAFBI8PeYQEd4HEB4U3AcnOVFxywOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWp3OTVoQVIzZ2NRSGhUY0J5YzVVWEhMQTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8yMjk2NTAtOGEwMS00MzcwLTk5MWUt
YjUwNGM5YWU5YmJjLzEveXlrNkRpMlhiTmxrUkdjODlOdS1fMDNCU3lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8yMjk2NTAtOGEwMS00MzcwLTk5MWUtYjUwNGM5YWU5YmJj
LzEvRWp3OTVoQVIzZ2NRSGhUY0J5YzVVWEhMQTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuXr8AwQC
uYXgMA0EAgACMAcDBQMqBn/AMA0GCSqGSIb3DQEBCwUAA4IBAQA8zpOQQ+nkXMHE
6XPIvYTW6zmE1gGZOAaoGFYSXJIHoOHrgtpEGzyG0OE1PTnzzVkwdvx+r8Jf8wM4
PfxvSvZuZ+AkzqcU2yumSIKHQE9CgFJyKfSivNf9Y665IjvVQS8zYCYEoWldCsp+
3UXTmKCIIifyeUY9mWWgj/dlFB9GsmO6Vj73Ciijgg62sc0smY/f0WXJqrA9b4qY
ncp2pVfYzEw9/24FV+ii0m+FTUccfLvpmNdGHZCDzl8iTS3GTxjK6L3V/aWpI1rm
CY7l7OvVStENOWLnZKG+MMNm86VYztuJqQxZ92+Aj66ZPJ4Rv+0F2S9yKdAPb0PT
3Nf4I+Ch
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:42:56 2025 by rpki-client