Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/yfYVimwILKV-qGFqMNBusDCcVjQ.roa
File: yfYVimwILKV-qGFqMNBusDCcVjQ.roa (raw, json)
Hash identifier: nk++/uFa+Aub+3IrRDF5TU2OMotYcxaO9cJ/XQbZB+M=
Subject key identifier: C9:F6:15:8A:6C:08:2C:A5:7E:A8:61:6A:30:D0:6E:B0:30:9C:56:34
Certificate issuer: /CN=8f2824c61357dc344bbdf35b83577459b9d3fc44
Certificate serial: 0199295ED255759029965CEDBF7A9722CCB1
Authority key identifier: 8F:28:24:C6:13:57:DC:34:4B:BD:F3:5B:83:57:74:59:B9:D3:FC:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/yfYVimwILKV-qGFqMNBusDCcVjQ.roa
Signing time: Mon 08 Sep 2025 12:48:24 +0000
ROA not before: Mon 08 Sep 2025 12:48:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 93.157.38.0/23 maxlen: 24
2a00:4bc0:2000::/44 maxlen: 56
2a00:4bc0:2100::/40 maxlen: 48
2a00:4bc0:2300::/40 maxlen: 48
2a00:4bc0:2400::/40 maxlen: 48
2a00:4bc0:2500::/40 maxlen: 48
2a00:4bc0:2600::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 18:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:29:5e:d2:55:75:90:29:96:5c:ed:bf:7a:97:22:cc:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8f2824c61357dc344bbdf35b83577459b9d3fc44
Validity
Not Before: Sep 8 12:48:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c9f6158a6c082ca57ea8616a30d06eb0309c5634
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:d6:c4:1e:90:91:c4:41:7d:6d:25:72:0e:53:
bd:88:fd:f3:a8:cf:62:ca:c9:cb:27:1a:63:bd:56:
21:75:47:d9:8e:23:ec:bc:09:c1:f1:04:95:6a:a4:
e1:70:4c:4b:2a:05:f8:47:5e:e7:b3:c3:72:f2:7c:
3d:62:77:9f:9e:00:be:33:a0:56:d3:19:f0:08:75:
f7:48:3a:03:47:83:52:18:9c:80:bc:24:d2:88:35:
58:06:ca:7b:1a:77:b5:4e:ec:7c:20:1c:e0:e2:e0:
86:3e:11:e8:17:e8:16:c4:d9:34:18:e4:fd:33:13:
24:9b:fe:34:46:8a:06:60:67:b4:55:ac:35:1e:9c:
8c:e0:56:17:6b:2b:b2:95:6c:3c:ad:0f:e2:fd:5f:
2c:02:8f:f1:58:5b:ac:39:ee:ab:b4:dc:6c:df:31:
79:8c:6c:de:1e:67:da:ed:36:36:20:1d:80:2b:15:
5a:39:92:ba:3f:17:bf:f6:08:39:c3:52:f3:26:bb:
1f:b4:db:fc:e8:f2:f3:f3:a5:a8:c8:17:d9:3f:20:
7d:00:e0:59:98:2b:98:ce:7c:23:af:40:e9:d1:63:
50:77:90:09:98:7f:bb:09:17:0b:a6:a4:70:e7:8c:
c4:e3:5e:c6:30:58:df:e8:e4:1e:4f:97:b4:de:ed:
06:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:F6:15:8A:6C:08:2C:A5:7E:A8:61:6A:30:D0:6E:B0:30:9C:56:34
X509v3 Authority Key Identifier:
keyid:8F:28:24:C6:13:57:DC:34:4B:BD:F3:5B:83:57:74:59:B9:D3:FC:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/yfYVimwILKV-qGFqMNBusDCcVjQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.157.38.0/23
IPv6:
2a00:4bc0:2000::/44
2a00:4bc0:2100::/40
2a00:4bc0:2300::-2a00:4bc0:26ff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
4f:9b:85:30:a6:18:9a:36:de:97:f4:55:fa:1d:1f:81:85:1a:
41:cd:93:3d:c4:0e:d2:5f:13:af:ef:3a:b4:a7:61:b4:17:77:
61:70:8c:0e:44:8a:c0:b5:3d:b9:2c:3d:da:7a:a3:12:2d:86:
a5:c9:c9:5f:32:e7:24:fa:c1:3f:2d:3e:d8:17:92:5c:62:fc:
c5:48:0d:15:88:4e:69:a3:d7:7b:c5:f3:e1:89:88:01:57:c8:
e1:d4:24:2b:8d:b6:49:68:60:ac:eb:50:b7:a9:91:59:13:d8:
d3:d4:f4:c1:ba:0d:46:48:c5:55:df:58:61:3e:9c:f8:e2:46:
5d:1b:b5:71:37:46:0c:7d:38:63:3d:4e:77:33:75:a0:22:d2:
5b:da:05:fc:cd:b1:15:6e:12:74:ff:a0:d7:42:e2:9d:45:56:
d3:23:07:cb:88:03:f1:61:5a:58:0b:53:b3:9a:ac:ad:69:aa:
e7:eb:bf:44:0f:8a:e5:9f:92:fd:f4:1a:b9:55:c9:5a:12:06:
10:5b:1c:47:0e:03:14:16:7c:68:0e:37:b8:4c:34:f4:68:fb:
ea:d4:c6:cb:b3:de:a5:c6:5c:ee:3b:05:50:c8:35:53:b9:8d:
5e:a7:20:76:7d:f8:5e:59:8c:52:d8:c1:09:29:b2:02:c0:5a:
07:48:fd:90
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZkpXtJVdZApllztv3qXIsyxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMjgyNGM2MTM1N2RjMzQ0YmJkZjM1YjgzNTc3NDU5Yjlk
M2ZjNDQwHhcNMjUwOTA4MTI0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWY2MTU4YTZjMDgyY2E1N2VhODYxNmEzMGQwNmViMDMwOWM1NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstbEHpCRxEF9bSVyDlO9iP3zqM9i
ysnLJxpjvVYhdUfZjiPsvAnB8QSVaqThcExLKgX4R17ns8Ny8nw9YnefngC+M6BW
0xnwCHX3SDoDR4NSGJyAvCTSiDVYBsp7Gne1Tux8IBzg4uCGPhHoF+gWxNk0GOT9
MxMkm/40RooGYGe0Vaw1HpyM4FYXayuylWw8rQ/i/V8sAo/xWFusOe6rtNxs3zF5
jGzeHmfa7TY2IB2AKxVaOZK6Pxe/9gg5w1LzJrsftNv86PLz86WoyBfZPyB9AOBZ
mCuYznwjr0Dp0WNQd5AJmH+7CRcLpqRw54zE417GMFjf6OQeT5e03u0G2wIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFMn2FYpsCCylfqhhajDQbrAwnFY0MB8GA1UdIwQY
MBaAFI8oJMYTV9w0S73zW4NXdFm50/xEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanlna3hoTlgzRFJMdmZOYmcxZDBXYm5UX0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82NTJlYjQtMzIxYy00OGMwLTkyNzIt
M2FlNzExYWYwMzRiLzEveWZZVmltd0lMS1YtcUdGcU1OQnVzRENjVmpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82NTJlYjQtMzIxYy00OGMwLTkyNzItM2FlNzExYWYwMzRi
LzEvanlna3hoTlgzRFJMdmZOYmcxZDBXYm5UX0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAMBAIAATAGAwQBXZ0mMCkE
AgACMCMDBwQqAEvAIAADBgAqAEvAITAQAwYAKgBLwCMDBgAqAEvAJjANBgkqhkiG
9w0BAQsFAAOCAQEAT5uFMKYYmjbel/RV+h0fgYUaQc2TPcQO0l8Tr+86tKdhtBd3
YXCMDkSKwLU9uSw92nqjEi2GpcnJXzLnJPrBPy0+2BeSXGL8xUgNFYhOaaPXe8Xz
4YmIAVfI4dQkK422SWhgrOtQt6mRWRPY09T0wboNRkjFVd9YYT6c+OJGXRu1cTdG
DH04Yz1OdzN1oCLSW9oF/M2xFW4SdP+g10LinUVW0yMHy4gD8WFaWAtTs5qsrWmq
5+u/RA+K5Z+S/fQauVXJWhIGEFscRw4DFBZ8aA43uEw09Gj76tTGy7PepcZc7jsF
UMg1U7mNXqcgdn34XlmMUtjBCSmyAsBaB0j9kA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:18:25 2025 by rpki-client