Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Y6s6cpOFDB4o8Olwu7BDwFdi334.roa
File: Y6s6cpOFDB4o8Olwu7BDwFdi334.roa (raw, json)
Hash identifier: HD+fAQto30SmGE5lBvM4Gw74e88AyoLNbubpfD3gI0o=
Subject key identifier: 63:AB:3A:72:93:85:0C:1E:28:F0:E9:70:BB:B0:43:C0:57:62:DF:7E
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 01999F8282D7BE7E8D5CDC1D2495DE5C8FB2
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Y6s6cpOFDB4o8Olwu7BDwFdi334.roa
Signing time: Wed 01 Oct 2025 11:22:34 +0000
ROA not before: Wed 01 Oct 2025 11:22:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6762
IP address blocks: 2.16.19.0/24 maxlen: 24
2.16.70.0/23 maxlen: 23
2.16.146.0/23 maxlen: 23
2.16.220.0/22 maxlen: 22
2.18.0.0/22 maxlen: 22
2.19.16.0/20 maxlen: 20
2.20.4.0/22 maxlen: 22
2.20.109.0/24 maxlen: 24
2.20.110.0/24 maxlen: 24
2.20.112.0/22 maxlen: 22
2.20.242.0/24 maxlen: 24
2.20.252.0/24 maxlen: 24
2.21.2.0/24 maxlen: 24
2.21.14.0/24 maxlen: 24
2.21.100.0/22 maxlen: 22
2.22.216.0/22 maxlen: 22
2.22.234.0/24 maxlen: 24
88.221.28.0/22 maxlen: 22
88.221.100.0/22 maxlen: 22
92.122.68.0/22 maxlen: 22
92.122.225.0/24 maxlen: 24
92.122.248.0/22 maxlen: 22
92.123.48.0/24 maxlen: 24
92.123.106.0/24 maxlen: 24
92.123.208.0/22 maxlen: 22
95.100.136.0/22 maxlen: 22
95.101.35.0/24 maxlen: 24
95.101.68.0/22 maxlen: 22
95.101.78.0/24 maxlen: 24
95.101.114.0/24 maxlen: 24
95.101.156.0/22 maxlen: 22
2a02:26f0:b00::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 05:01:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:9f:82:82:d7:be:7e:8d:5c:dc:1d:24:95:de:5c:8f:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Oct 1 11:22:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=63ab3a7293850c1e28f0e970bbb043c05762df7e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:7f:ce:f8:dd:31:1e:05:32:66:d8:52:5a:65:
ac:bb:54:81:ef:92:70:99:d2:63:bf:98:cf:2d:16:
44:06:7b:af:47:92:10:28:0b:ce:81:98:f9:bb:b7:
a3:32:e4:c1:22:fe:6d:39:8c:36:5f:20:3c:09:2a:
dd:a3:d3:96:59:bc:2b:3b:80:57:2a:53:b1:10:73:
b3:f1:f6:af:d2:b2:36:09:d0:f7:d9:72:d3:8e:98:
64:ab:d8:3a:ba:4e:88:9f:2c:0d:0b:1c:2d:59:ac:
21:75:90:bd:80:aa:ed:97:ad:1b:b4:e3:21:20:4d:
48:20:0a:5c:54:86:de:2e:c9:9a:3c:61:db:8a:66:
34:34:f4:ad:68:14:3b:4f:02:28:c9:61:80:d4:4d:
73:52:21:a6:3b:17:00:b1:99:f3:40:a1:eb:d9:dc:
b4:c1:ab:50:1f:e0:56:b5:05:97:1f:f7:d0:b3:b5:
5c:6f:05:0f:30:91:66:78:c3:3d:dc:59:01:0e:7e:
f4:83:c4:da:96:24:42:75:55:cb:03:2e:e3:55:86:
2c:9a:89:27:20:81:67:98:60:55:3e:46:d9:cc:68:
33:df:f6:8d:b3:94:18:69:f1:d6:c9:68:d7:a0:27:
6e:4f:60:68:fd:6d:5a:a6:d9:a9:7a:5e:75:83:46:
27:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:AB:3A:72:93:85:0C:1E:28:F0:E9:70:BB:B0:43:C0:57:62:DF:7E
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Y6s6cpOFDB4o8Olwu7BDwFdi334.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.16.19.0/24
2.16.70.0/23
2.16.146.0/23
2.16.220.0/22
2.18.0.0/22
2.19.16.0/20
2.20.4.0/22
2.20.109.0-2.20.110.255
2.20.112.0/22
2.20.242.0/24
2.20.252.0/24
2.21.2.0/24
2.21.14.0/24
2.21.100.0/22
2.22.216.0/22
2.22.234.0/24
88.221.28.0/22
88.221.100.0/22
92.122.68.0/22
92.122.225.0/24
92.122.248.0/22
92.123.48.0/24
92.123.106.0/24
92.123.208.0/22
95.100.136.0/22
95.101.35.0/24
95.101.68.0/22
95.101.78.0/24
95.101.114.0/24
95.101.156.0/22
IPv6:
2a02:26f0:b00::/48
Signature Algorithm: sha256WithRSAEncryption
1d:ec:92:06:f5:23:16:57:46:a7:7d:d3:49:89:05:44:52:27:
91:0c:9c:ed:c1:5d:f1:c8:2c:cc:a1:5f:d6:c2:84:ad:28:ed:
ed:13:88:c5:1e:0b:93:a1:18:6d:90:18:33:b1:06:15:2c:72:
13:fa:7d:ef:a0:81:c8:d0:74:0b:44:ad:54:d4:89:4d:d6:38:
c3:7c:4b:ab:c2:17:ba:75:06:c0:35:51:82:3e:70:59:55:4d:
b9:7e:35:38:0c:9f:6e:dd:16:71:d3:0f:fd:57:57:31:3e:d7:
77:ce:66:50:0f:a9:23:fe:55:8f:24:3d:af:dc:53:7c:bb:fd:
d4:3a:46:69:31:db:d7:b5:50:28:23:66:07:c9:4a:61:5f:53:
87:e9:3f:88:f6:2d:6d:4c:e1:81:69:0d:f0:be:2b:61:48:5e:
d7:fa:a0:27:11:bd:5a:57:cd:fb:48:fd:9e:e8:2d:ab:69:1f:
f4:62:b7:66:76:62:3c:1a:87:ac:89:ce:18:73:7b:38:ff:d3:
6d:77:e6:a3:62:47:41:7b:d1:eb:51:b4:73:d7:e1:94:3c:55:
e1:0d:17:00:b4:6f:a6:82:ba:4a:fd:33:1a:28:22:0c:80:8f:
0a:a3:e4:1b:b9:c0:77:17:68:96:d7:95:e6:05:14:09:0d:fc:
70:1b:87:82
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgISAZmfgoLXvn6NXNwdJJXeXI+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUxMDAxMTEyMjM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2FiM2E3MjkzODUwYzFlMjhmMGU5NzBiYmIwNDNjMDU3NjJkZjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn/O+N0xHgUyZthSWmWsu1SB75Jw
mdJjv5jPLRZEBnuvR5IQKAvOgZj5u7ejMuTBIv5tOYw2XyA8CSrdo9OWWbwrO4BX
KlOxEHOz8fav0rI2CdD32XLTjphkq9g6uk6InywNCxwtWawhdZC9gKrtl60btOMh
IE1IIApcVIbeLsmaPGHbimY0NPStaBQ7TwIoyWGA1E1zUiGmOxcAsZnzQKHr2dy0
watQH+BWtQWXH/fQs7VcbwUPMJFmeMM93FkBDn70g8TaliRCdVXLAy7jVYYsmokn
IIFnmGBVPkbZzGgz3/aNs5QYafHWyWjXoCduT2Bo/W1aptmpel51g0YnIQIDAQAB
o4IC1TCCAtEwHQYDVR0OBBYEFGOrOnKThQweKPDpcLuwQ8BXYt9+MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvWTZzNmNwT0ZEQjRvOE9sd3U3QkR3RmRpMzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHqBggrBgEFBQcBBwEB/wSB2jCB1zCBwwQCAAEwgbwDBAAC
EBMDBAECEEYDBAECEJIDBAICENwDBAICEgADBAQCExADBAICFAQwDAMEAAIUbQME
AAIUbgMEAgIUcAMEAAIU8gMEAAIU/AMEAAIVAgMEAAIVDgMEAgIVZAMEAgIW2AME
AAIW6gMEAljdHAMEAljdZAMEAlx6RAMEAFx64QMEAlx6+AMEAFx7MAMEAFx7agME
Alx70AMEAl9kiAMEAF9lIwMEAl9lRAMEAF9lTgMEAF9lcgMEAl9lnDAPBAIAAjAJ
AwcAKgIm8AsAMA0GCSqGSIb3DQEBCwUAA4IBAQAd7JIG9SMWV0anfdNJiQVEUieR
DJztwV3xyCzMoV/WwoStKO3tE4jFHguToRhtkBgzsQYVLHIT+n3voIHI0HQLRK1U
1IlN1jjDfEurwhe6dQbANVGCPnBZVU25fjU4DJ9u3RZx0w/9V1cxPtd3zmZQD6kj
/lWPJD2v3FN8u/3UOkZpMdvXtVAoI2YHyUphX1OH6T+I9i1tTOGBaQ3wvithSF7X
+qAnEb1aV837SP2e6C2raR/0YrdmdmI8Goesic4Yc3s4/9Ntd+ajYkdBe9HrUbRz
1+GUPFXhDRcAtG+mgrpK/TMaKCIMgI8Ko+QbucB3F2iW15XmBRQJDfxwG4eC
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:24:40 2025 by rpki-client