Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/yvAJ5WSxMiY2fSSOB3e8cpHiZfU.roa
File: yvAJ5WSxMiY2fSSOB3e8cpHiZfU.roa (raw, json)
Hash identifier: KTOMVvsvz4h5d6D3nU2DXHzCUkCfWCuHH2Bn/jAChn4=
Subject key identifier: CA:F0:09:E5:64:B1:32:26:36:7D:24:8E:07:77:BC:72:91:E2:65:F5
Certificate issuer: /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial: 01988955E6CD8B429524BB79BA6044A11604
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/yvAJ5WSxMiY2fSSOB3e8cpHiZfU.roa
Signing time: Fri 08 Aug 2025 10:59:24 +0000
ROA not before: Fri 08 Aug 2025 10:59:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42216
IP address blocks: 31.210.47.0/24 maxlen: 24
77.92.142.0/24 maxlen: 24
77.92.143.0/24 maxlen: 24
77.92.152.0/24 maxlen: 24
78.135.86.0/24 maxlen: 24
78.135.98.0/24 maxlen: 24
188.132.228.0/24 maxlen: 24
2a10:9440::/48 maxlen: 48
2a10:9440:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 13:02:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:89:55:e6:cd:8b:42:95:24:bb:79:ba:60:44:a1:16:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
Validity
Not Before: Aug 8 10:59:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=caf009e564b13226367d248e0777bc7291e265f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:9d:5e:c2:2a:04:19:d9:ae:b9:64:40:11:6b:
59:fa:f1:b8:ef:ed:b8:0c:df:56:e4:6c:8c:41:61:
77:fd:5d:f1:24:9a:72:40:e3:f8:86:f5:49:ef:55:
81:a0:01:7c:a9:ae:c6:09:39:3d:b1:71:29:68:d1:
dc:1a:3b:de:fe:6b:f1:64:0f:44:a3:3a:b4:d6:23:
3c:7f:ab:36:d9:ee:8c:f5:a3:32:7a:c0:ab:24:c8:
d6:bc:ad:1f:69:c1:ef:1a:70:5d:26:5c:da:f0:fe:
47:26:0f:06:d0:7d:e3:be:1f:72:42:c6:0d:1c:1b:
6e:bb:92:96:8b:02:d0:b4:4b:e4:7c:62:46:43:d8:
07:61:0f:a5:7a:5e:50:c7:be:04:45:0d:07:7b:c0:
54:75:1d:03:51:2b:00:da:ff:a1:82:bc:8c:db:b5:
df:ff:6b:76:10:5c:73:9f:6b:70:66:a4:fa:87:d1:
39:11:ba:e8:7c:5b:bb:e4:82:39:71:11:74:21:28:
f1:c4:8d:95:48:f0:6e:94:f0:a9:13:84:9e:db:4f:
46:70:61:8e:de:d2:e1:ba:29:cf:46:5e:0b:72:9a:
3a:05:e1:ae:83:74:57:8f:73:6d:c6:16:c4:e7:81:
b8:de:19:d5:f2:1f:a9:4e:ee:87:11:78:6d:f6:55:
24:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:F0:09:E5:64:B1:32:26:36:7D:24:8E:07:77:BC:72:91:E2:65:F5
X509v3 Authority Key Identifier:
keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/yvAJ5WSxMiY2fSSOB3e8cpHiZfU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.210.47.0/24
77.92.142.0/23
77.92.152.0/24
78.135.86.0/24
78.135.98.0/24
188.132.228.0/24
IPv6:
2a10:9440::/47
Signature Algorithm: sha256WithRSAEncryption
64:7d:1d:f3:65:d0:0a:b5:7b:f3:b1:89:28:b2:18:8b:b1:15:
ef:a9:f3:03:47:a1:20:6d:d1:1b:e8:74:58:fe:32:f9:98:2f:
b2:e4:93:bb:b8:31:f5:09:a4:e8:b9:0f:95:a1:f5:ab:5a:80:
91:ac:cc:97:f5:e6:bc:30:0d:67:e4:c4:46:b8:9c:c2:ab:d2:
e5:f4:ba:80:af:9b:5f:90:c7:34:6c:aa:94:52:ab:bb:be:71:
17:57:dd:53:d8:2a:e0:8a:03:48:02:9b:75:44:05:16:93:40:
6d:f5:de:ce:79:ae:2e:44:2d:9c:f0:8f:8a:c7:ef:b7:2b:a7:
15:61:4c:61:1f:a4:3e:f6:15:84:4f:d5:bc:78:a2:29:51:2b:
86:00:19:7b:cf:c7:05:4d:91:3e:5d:46:16:d1:d1:83:2f:9d:
aa:ca:ba:25:36:3e:9b:2f:b9:52:13:1a:e7:f8:27:74:91:1d:
68:0a:2e:ac:16:f1:27:11:e9:d7:d4:62:69:23:fb:16:33:83:
85:74:36:6f:70:b3:c5:0e:15:4d:93:3e:20:2d:c9:18:9c:09:
6c:09:7e:94:40:c9:af:33:37:63:d5:bd:9a:9b:47:f4:6f:eb:
1e:9d:bc:58:42:ef:1b:60:7c:f2:66:60:c8:40:b9:f1:6a:e1:
9e:63:ea:da
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZiJVebNi0KVJLt5umBEoRYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwODA4MTA1OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWYwMDllNTY0YjEzMjI2MzY3ZDI0OGUwNzc3YmM3MjkxZTI2NWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn51ewioEGdmuuWRAEWtZ+vG47+24
DN9W5GyMQWF3/V3xJJpyQOP4hvVJ71WBoAF8qa7GCTk9sXEpaNHcGjve/mvxZA9E
ozq01iM8f6s22e6M9aMyesCrJMjWvK0facHvGnBdJlza8P5HJg8G0H3jvh9yQsYN
HBtuu5KWiwLQtEvkfGJGQ9gHYQ+lel5Qx74ERQ0He8BUdR0DUSsA2v+hgryM27Xf
/2t2EFxzn2twZqT6h9E5EbrofFu75II5cRF0ISjxxI2VSPBulPCpE4Se209GcGGO
3tLhuinPRl4Lcpo6BeGug3RXj3NtxhbE54G43hnV8h+pTu6HEXht9lUkUwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFMrwCeVksTImNn0kjgd3vHKR4mX1MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEveXZBSjVXU3hNaVkyZlNTT0IzZThjcEhpWmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAqBAIAATAkAwQAH9IvAwQB
TVyOAwQATVyYAwQATodWAwQATodiAwQAvITkMA8EAgACMAkDBwEqEJRAAAAwDQYJ
KoZIhvcNAQELBQADggEBAGR9HfNl0Aq1e/OxiSiyGIuxFe+p8wNHoSBt0RvodFj+
MvmYL7Lkk7u4MfUJpOi5D5Wh9atagJGszJf15rwwDWfkxEa4nMKr0uX0uoCvm1+Q
xzRsqpRSq7u+cRdX3VPYKuCKA0gCm3VEBRaTQG313s55ri5ELZzwj4rH77crpxVh
TGEfpD72FYRP1bx4oilRK4YAGXvPxwVNkT5dRhbR0YMvnarKuiU2PpsvuVITGuf4
J3SRHWgKLqwW8ScR6dfUYmkj+xYzg4V0Nm9ws8UOFU2TPiAtyRicCWwJfpRAya8z
N2PVvZqbR/Rv6x6dvFhC7xtgfPJmYMhAufFq4Z5j6to=
-----END CERTIFICATE-----
Generated at Sun Aug 24 00:24:16 2025 by rpki-client