Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/yl2_YgC-tBVxL8RhU8L2adT98-I.roa
File: yl2_YgC-tBVxL8RhU8L2adT98-I.roa (raw, json)
Hash identifier: AMuPFgWghyfaBGHNj/l+7jY+wwAmCTQqhQ3xsaE8j4o=
Subject key identifier: CA:5D:BF:62:00:BE:B4:15:71:2F:C4:61:53:C2:F6:69:D4:FD:F3:E2
Certificate issuer: /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial: 019986A71C99F3A1A23D6560A1207527B24E
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/yl2_YgC-tBVxL8RhU8L2adT98-I.roa
Signing time: Fri 26 Sep 2025 15:32:02 +0000
ROA not before: Fri 26 Sep 2025 15:32:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51295
IP address blocks: 45.153.88.0/24 maxlen: 24
45.153.91.0/24 maxlen: 24
185.165.184.0/22 maxlen: 22
185.179.156.0/22 maxlen: 22
185.248.196.0/22 maxlen: 22
193.29.227.0/24 maxlen: 24
194.165.26.0/24 maxlen: 24
2a0a:8880::/48 maxlen: 48
2a0a:8880:1::/48 maxlen: 48
2a0a:8880:2::/48 maxlen: 48
2a0a:8880:aaaa::/48 maxlen: 48
2a0f:4440:aaaa::/48 maxlen: 48
2a0f:4440:abcd::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl
rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.mft
rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:86:a7:1c:99:f3:a1:a2:3d:65:60:a1:20:75:27:b2:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Validity
Not Before: Sep 26 15:32:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ca5dbf6200beb415712fc46153c2f669d4fdf3e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:f5:59:ef:a3:d3:cf:64:a4:86:74:bd:5c:fa:
c3:ac:0d:65:18:75:fe:68:d6:63:35:2b:ef:e3:ad:
1c:ce:3a:eb:14:73:27:ea:4e:31:0f:05:63:f8:1e:
f9:fa:ba:97:27:e8:a0:82:fd:cd:73:89:38:3d:bb:
42:a0:f2:5d:e6:07:ae:08:0c:59:a6:cd:3a:fa:85:
c3:b1:fb:f9:f8:2d:ec:52:c7:9b:85:d7:42:6a:bb:
d3:e0:ad:0c:59:c7:45:e5:9a:8a:73:32:34:7e:94:
bf:9c:6f:da:e7:ef:3c:09:6b:83:22:58:57:30:69:
97:be:66:fe:68:8c:ce:fa:db:d6:bb:c8:39:70:5e:
d5:81:ff:59:4d:38:b0:ac:82:6a:d0:c3:73:f5:7d:
7a:b5:0a:1d:34:53:b4:3d:43:67:47:74:be:43:3c:
02:3d:23:4d:8e:05:cf:e9:7b:d2:8d:2e:54:dc:04:
28:b4:0e:8e:dc:ae:fe:56:14:9f:49:ac:e1:ae:4d:
d2:b9:74:00:00:91:95:bb:cd:9a:fe:a0:67:3d:6a:
7f:3a:cd:e0:39:9e:e8:5c:06:3d:0c:c1:47:55:fc:
d4:fa:54:07:42:f8:b0:0d:0a:fa:71:db:a4:5a:df:
e4:16:61:21:d1:94:8c:c9:44:a6:d1:ad:7f:61:84:
e6:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:5D:BF:62:00:BE:B4:15:71:2F:C4:61:53:C2:F6:69:D4:FD:F3:E2
X509v3 Authority Key Identifier:
keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/yl2_YgC-tBVxL8RhU8L2adT98-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.153.88.0/24
45.153.91.0/24
185.165.184.0/22
185.179.156.0/22
185.248.196.0/22
193.29.227.0/24
194.165.26.0/24
IPv6:
2a0a:8880::-2a0a:8880:2:ffff:ffff:ffff:ffff:ffff
2a0a:8880:aaaa::/48
2a0f:4440:aaaa::/48
2a0f:4440:abcd::/48
Signature Algorithm: sha256WithRSAEncryption
02:9b:6e:a6:f2:1b:5e:fc:78:b9:55:b7:de:0f:0c:83:e4:e5:
51:b2:d7:db:e6:b3:8a:98:2c:21:9b:f0:d4:69:d0:cd:2c:3b:
3c:08:e5:cf:65:b7:f3:42:08:0d:6c:0b:53:95:44:a7:fc:d2:
2d:3c:18:13:3c:c9:7f:6d:d0:3b:ce:8d:fe:b1:59:3a:b0:d3:
18:38:0c:5f:05:5a:6e:09:cc:84:d0:9d:23:75:54:1e:23:b9:
78:83:12:e5:8d:41:ee:b2:6f:4a:8e:45:3a:c1:f8:07:b4:cf:
bb:18:39:9e:46:f1:85:41:0f:60:74:f4:3f:62:50:2a:62:26:
08:f0:90:ae:62:d3:29:57:19:b8:63:a2:6b:7f:a3:19:c2:fc:
16:cf:d0:0b:e7:fa:ce:d4:0c:b3:8b:12:a4:58:a2:29:e3:63:
38:52:be:05:95:ae:d0:9e:f1:bc:bb:fe:f7:15:e8:70:06:b0:
6f:34:18:c7:d3:f5:53:ed:67:4d:d6:87:81:b6:dc:b7:6a:e1:
92:3d:1f:d1:9a:a7:e2:df:f9:78:d2:8d:f4:98:38:94:1f:4e:
3c:26:29:36:6d:53:62:5f:dc:59:c1:d8:b7:ea:19:0a:05:4d:
c3:da:19:30:ce:ac:45:d5:5a:c8:83:92:95:c7:4b:81:59:17:
be:fb:7a:6f
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZmGpxyZ86GiPWVgoSB1J7JOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI0N2QzZjgxNDcyZGJiYTA2ZGJlYTliZDE5Yzc4NWQx
OGJhYmUwHhcNMjUwOTI2MTUzMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTVkYmY2MjAwYmViNDE1NzEyZmM0NjE1M2MyZjY2OWQ0ZmRmM2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPVZ76PTz2SkhnS9XPrDrA1lGHX+
aNZjNSvv460czjrrFHMn6k4xDwVj+B75+rqXJ+iggv3Nc4k4PbtCoPJd5geuCAxZ
ps06+oXDsfv5+C3sUsebhddCarvT4K0MWcdF5ZqKczI0fpS/nG/a5+88CWuDIlhX
MGmXvmb+aIzO+tvWu8g5cF7Vgf9ZTTiwrIJq0MNz9X16tQodNFO0PUNnR3S+QzwC
PSNNjgXP6XvSjS5U3AQotA6O3K7+VhSfSazhrk3SuXQAAJGVu82a/qBnPWp/Os3g
OZ7oXAY9DMFHVfzU+lQHQviwDQr6cdukWt/kFmEh0ZSMyUSm0a1/YYTmrQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFMpdv2IAvrQVcS/EYVPC9mnU/fPiMB8GA1UdIwQY
MBaAFNmCR9P4FHLbugbb6pvRnHhdGLq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgt
YTMwMzI2MTU2NjBjLzEveWwyX1lnQy10QlZ4TDhSaFU4TDJhZFQ5OC1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgtYTMwMzI2MTU2NjBj
LzEvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzAwBAIAATAqAwQALZlYAwQA
LZlbAwQCuaW4AwQCubOcAwQCufjEAwQAwR3jAwQAwqUaMDMEAgACMC0wEAMFByoK
iIADBwAqCoiAAAIDBwAqCoiAqqoDBwAqD0RAqqoDBwAqD0RAq80wDQYJKoZIhvcN
AQELBQADggEBAAKbbqbyG178eLlVt94PDIPk5VGy19vms4qYLCGb8NRp0M0sOzwI
5c9lt/NCCA1sC1OVRKf80i08GBM8yX9t0DvOjf6xWTqw0xg4DF8FWm4JzITQnSN1
VB4juXiDEuWNQe6yb0qORTrB+Ae0z7sYOZ5G8YVBD2B09D9iUCpiJgjwkK5i0ylX
Gbhjomt/oxnC/BbP0Avn+s7UDLOLEqRYoinjYzhSvgWVrtCe8by7/vcV6HAGsG80
GMfT9VPtZ03Wh4G23Ldq4ZI9H9Gap+Lf+XjSjfSYOJQfTjwmKTZtU2Jf3FnB2Lfq
GQoFTcPaGTDOrEXVWsiDkpXHS4FZF777em8=
-----END CERTIFICATE-----
Generated at Mon Oct 20 00:07:33 2025 by rpki-client