Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/YaicB_OOi5EW-gKC6JoYl28PzLQ.roa
File: YaicB_OOi5EW-gKC6JoYl28PzLQ.roa (raw, json)
Hash identifier: qfLaG4KQWd6C25QxiPcjO1Twne57/Sd7uQzmgG9dqKA=
Subject key identifier: 61:A8:9C:07:F3:8E:8B:91:16:FA:02:82:E8:9A:18:97:6F:0F:CC:B4
Certificate issuer: /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial: 01978C5496B29B7EB369FBD28AA379DD3E49
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/YaicB_OOi5EW-gKC6JoYl28PzLQ.roa
Signing time: Fri 20 Jun 2025 07:54:03 +0000
ROA not before: Fri 20 Jun 2025 07:54:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202015
IP address blocks: 103.144.160.0/23 maxlen: 23
103.149.130.0/23 maxlen: 23
103.228.84.0/22 maxlen: 22
139.5.20.0/23 maxlen: 23
209.40.216.0/21 maxlen: 21
209.92.8.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 02 Jul 2025 13:02:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:8c:54:96:b2:9b:7e:b3:69:fb:d2:8a:a3:79:dd:3e:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
Validity
Not Before: Jun 20 07:54:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=61a89c07f38e8b9116fa0282e89a18976f0fccb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:8c:86:c8:60:c9:11:72:88:94:fb:77:5d:6e:
84:9e:26:73:21:73:03:44:e8:db:b7:aa:ca:ea:e0:
c3:74:87:be:09:47:1e:ef:2d:93:a3:1c:0d:d3:03:
a8:76:87:7c:9b:a0:3d:7b:74:65:be:a5:0d:8d:45:
20:62:df:bc:07:9c:75:3e:6f:95:e0:3b:6f:e8:f5:
6c:cc:8c:e9:aa:83:87:16:dd:02:44:80:1d:32:29:
7f:55:08:4c:60:83:74:81:aa:e2:cf:6a:65:2b:f9:
cf:2d:ea:b5:ae:1b:f2:51:dc:83:c2:49:91:76:0b:
98:f9:6a:e7:9f:7b:5a:c0:25:ae:c3:00:3a:ff:63:
08:40:d4:c0:2d:70:19:27:70:a8:72:50:f9:f6:8f:
ec:40:d5:af:52:45:cf:c0:c1:21:70:32:00:8e:9d:
9e:8c:f3:e9:94:1b:12:45:f0:f2:d7:e4:d4:8e:a8:
f3:11:55:a0:c4:b4:2f:ba:e0:73:73:3f:be:67:82:
48:28:6f:ab:3b:eb:e8:c8:f4:ae:c7:c2:b8:93:27:
38:68:1e:f3:7b:51:65:fe:73:6c:bd:71:d8:ae:e3:
6d:57:f5:a1:29:f9:91:4e:57:78:f7:13:af:04:dc:
31:c7:66:e7:53:1f:3c:fc:5d:f2:e9:ca:34:59:2c:
18:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:A8:9C:07:F3:8E:8B:91:16:FA:02:82:E8:9A:18:97:6F:0F:CC:B4
X509v3 Authority Key Identifier:
keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/YaicB_OOi5EW-gKC6JoYl28PzLQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.144.160.0/23
103.149.130.0/23
103.228.84.0/22
139.5.20.0/23
209.40.216.0/21
209.92.8.0/21
Signature Algorithm: sha256WithRSAEncryption
87:7e:3e:1e:96:49:f0:f0:0e:07:83:2f:09:d5:bf:68:26:1d:
a2:e9:32:32:63:7a:0b:7f:c2:dd:65:54:a2:cb:19:28:a6:97:
67:f2:88:5d:30:4e:b5:41:1a:62:18:00:a0:cf:e4:9e:62:ef:
23:4d:4f:ad:5d:da:aa:48:95:ed:16:81:56:3f:65:5c:bf:f7:
cd:ec:b1:60:0f:38:1e:07:ee:0c:c1:ad:53:4f:db:45:56:fa:
68:45:17:bb:0b:ae:de:32:e0:68:13:5c:95:76:fa:6e:b4:c0:
f9:d8:1f:aa:4a:58:94:de:21:12:d4:1c:88:59:cc:c7:d7:b0:
66:64:88:46:32:4f:bc:4d:51:dc:79:a1:35:e5:36:e0:c7:26:
da:0f:8a:7b:b1:8c:3c:50:2f:3e:47:44:6e:99:ed:c6:11:f4:
96:bd:9c:42:bc:b5:24:05:be:e9:32:1d:4d:f9:6e:b8:c1:83:
2e:63:b0:06:26:75:95:23:bb:d2:df:bb:4a:8b:83:27:4c:d3:
08:05:cc:46:30:ed:2e:55:72:bf:a4:f2:e4:1c:70:56:19:ea:
e9:93:29:78:a3:4e:df:8c:c9:e3:29:1a:6f:15:24:de:de:0f:
43:4f:f1:87:10:11:c9:07:8a:46:6e:d7:f7:61:7d:ba:9b:ad:
86:19:d5:b8
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZeMVJaym36zafvSiqN53T5JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjUwNjIwMDc1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWE4OWMwN2YzOGU4YjkxMTZmYTAyODJlODlhMTg5NzZmMGZjY2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYyGyGDJEXKIlPt3XW6EniZzIXMD
ROjbt6rK6uDDdIe+CUce7y2ToxwN0wOodod8m6A9e3RlvqUNjUUgYt+8B5x1Pm+V
4Dtv6PVszIzpqoOHFt0CRIAdMil/VQhMYIN0gariz2plK/nPLeq1rhvyUdyDwkmR
dguY+Wrnn3tawCWuwwA6/2MIQNTALXAZJ3CoclD59o/sQNWvUkXPwMEhcDIAjp2e
jPPplBsSRfDy1+TUjqjzEVWgxLQvuuBzcz++Z4JIKG+rO+voyPSux8K4kyc4aB7z
e1Fl/nNsvXHYruNtV/WhKfmRTld49xOvBNwxx2bnUx88/F3y6co0WSwYmQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFGGonAfzjouRFvoCguiaGJdvD8y0MB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvWWFpY0JfT09pNUVXLWdLQzZKb1lsMjhQekxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBZ5CgAwQB
Z5WCAwQCZ+RUAwQBiwUUAwQD0SjYAwQD0VwIMA0GCSqGSIb3DQEBCwUAA4IBAQCH
fj4elknw8A4Hgy8J1b9oJh2i6TIyY3oLf8LdZVSiyxkoppdn8ohdME61QRpiGACg
z+SeYu8jTU+tXdqqSJXtFoFWP2Vcv/fN7LFgDzgeB+4Mwa1TT9tFVvpoRRe7C67e
MuBoE1yVdvputMD52B+qSliU3iES1ByIWczH17BmZIhGMk+8TVHceaE15Tbgxyba
D4p7sYw8UC8+R0Rume3GEfSWvZxCvLUkBb7pMh1N+W64wYMuY7AGJnWVI7vS37tK
i4MnTNMIBcxGMO0uVXK/pPLkHHBWGerpkyl4o07fjMnjKRpvFSTe3g9DT/GHEBHJ
B4pGbtf3YX26m62GGdW4
-----END CERTIFICATE-----
Generated at Tue Jul 1 19:11:20 2025 by rpki-client