Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/YgI-v6xyCyvCdaFE_0gi8JebnCU.roa
File: YgI-v6xyCyvCdaFE_0gi8JebnCU.roa (raw, json)
Hash identifier: 8nUg6t7h+Myv8fLu/m3fBl/zsOujrUMcs0usjBSVmFI=
Subject key identifier: 62:02:3E:BF:AC:72:0B:2B:C2:75:A1:44:FF:48:22:F0:97:9B:9C:25
Certificate issuer: /CN=db641fc903d5b4cc971649324a4b34e4f82422c5
Certificate serial: 0199DFA860F26ACE511C278AED6FCE4CF487
Authority key identifier: DB:64:1F:C9:03:D5:B4:CC:97:16:49:32:4A:4B:34:E4:F8:24:22:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/22QfyQPVtMyXFkkySks05PgkIsU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/YgI-v6xyCyvCdaFE_0gi8JebnCU.roa
Signing time: Mon 13 Oct 2025 22:19:38 +0000
ROA not before: Mon 13 Oct 2025 22:19:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8426
IP address blocks: 77.91.200.0/21 maxlen: 21
80.172.0.0/16 maxlen: 18
80.172.250.0/24 maxlen: 24
80.172.251.0/24 maxlen: 24
188.93.224.0/21 maxlen: 21
194.62.240.0/22 maxlen: 22
195.22.0.0/19 maxlen: 19
195.35.66.0/24 maxlen: 24
195.72.136.0/22 maxlen: 22
2001:4cc0::/32 maxlen: 48
2a03:73c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/22QfyQPVtMyXFkkySks05PgkIsU.crl
rsync://rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/22QfyQPVtMyXFkkySks05PgkIsU.mft
rsync://rpki.ripe.net/repository/DEFAULT/22QfyQPVtMyXFkkySks05PgkIsU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:df:a8:60:f2:6a:ce:51:1c:27:8a:ed:6f:ce:4c:f4:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=db641fc903d5b4cc971649324a4b34e4f82422c5
Validity
Not Before: Oct 13 22:19:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=62023ebfac720b2bc275a144ff4822f0979b9c25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:cb:ba:d4:e5:0b:6b:90:cc:88:c2:27:dc:96:
61:6a:9d:b5:55:69:13:71:8c:6a:56:f6:da:70:85:
85:1b:3a:f8:81:52:58:2c:03:33:4b:4d:85:09:74:
8f:70:76:ed:86:9b:73:74:2c:22:de:73:f5:2d:ff:
9b:52:2f:ce:fc:d8:5b:69:b5:d1:3e:79:70:74:e2:
b2:e0:26:90:a4:ff:47:20:b2:03:a4:0d:05:95:27:
8a:64:a9:4d:0f:67:c7:76:75:d2:85:98:e6:22:2b:
3c:3d:dd:2d:52:43:1c:96:88:5d:4f:c0:90:d8:ae:
11:b6:d8:a9:34:f4:af:da:60:eb:0c:43:e2:28:5a:
03:aa:5c:b3:16:9f:f3:77:3c:29:bd:37:a8:41:b3:
7c:45:71:04:83:9f:c0:49:65:37:d2:93:cb:ab:28:
3c:fa:8f:64:01:0f:16:1d:7c:90:5d:54:a4:40:40:
4a:55:95:c4:91:c3:b2:8f:39:51:89:62:ed:4a:bd:
29:28:23:a5:df:59:b7:f4:ca:0a:22:aa:cd:18:49:
86:0e:97:b2:b8:1d:66:8b:a2:b3:11:ad:91:1e:8a:
f8:9b:f5:48:c3:b6:4f:b9:30:08:14:cc:95:a4:5e:
34:4d:c1:a8:9c:e3:10:f4:55:4d:b1:28:51:da:4c:
a0:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:02:3E:BF:AC:72:0B:2B:C2:75:A1:44:FF:48:22:F0:97:9B:9C:25
X509v3 Authority Key Identifier:
keyid:DB:64:1F:C9:03:D5:B4:CC:97:16:49:32:4A:4B:34:E4:F8:24:22:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/22QfyQPVtMyXFkkySks05PgkIsU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/YgI-v6xyCyvCdaFE_0gi8JebnCU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/22QfyQPVtMyXFkkySks05PgkIsU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.91.200.0/21
80.172.0.0/16
188.93.224.0/21
194.62.240.0/22
195.22.0.0/19
195.35.66.0/24
195.72.136.0/22
IPv6:
2001:4cc0::/32
2a03:73c0::/48
Signature Algorithm: sha256WithRSAEncryption
a9:ce:e4:e3:10:3f:b7:72:25:0e:18:a9:b2:76:ef:87:94:16:
8c:f8:99:3a:2e:05:52:9c:c9:20:da:59:91:bc:3f:fb:4a:7e:
ba:f2:cc:e2:08:17:30:ce:42:07:6f:ad:a0:e3:87:e6:67:94:
b8:11:b8:b5:56:4e:92:23:ee:1a:7e:8d:1b:8c:af:54:dd:78:
21:36:bf:3d:c3:27:45:a6:04:27:8d:a1:05:8b:7c:60:ac:62:
6b:35:fa:e2:ed:d9:4e:fc:5f:0d:10:1a:05:3e:4e:00:10:3d:
f4:6d:29:ce:c1:cd:b2:43:03:51:c9:59:ab:f8:bc:60:65:09:
7c:51:4a:1e:86:1c:9d:16:99:04:d4:c3:aa:8e:30:ff:dd:e9:
e1:6f:12:cc:18:c1:b0:13:31:27:d7:52:48:a0:f5:2f:92:fa:
e7:d6:0d:89:e4:cd:72:c1:7f:75:4b:7b:c1:5e:3b:3f:e7:5d:
34:d9:34:99:8b:c0:3c:26:5e:53:58:70:02:98:7e:fb:53:b7:
ca:ca:8e:c3:fb:30:5d:1b:50:5d:bd:7a:03:b6:1d:ce:d0:5c:
b7:66:3f:a5:2a:83:b2:d0:be:40:20:e2:a6:9d:0d:9e:28:b4:
1e:9a:7f:df:61:5e:54:03:77:ab:12:dc:fd:ed:5b:14:3f:65:
21:7b:47:cd
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAZnfqGDyas5RHCeK7W/OTPSHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiNjQxZmM5MDNkNWI0Y2M5NzE2NDkzMjRhNGIzNGU0Zjgy
NDIyYzUwHhcNMjUxMDEzMjIxOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjAyM2ViZmFjNzIwYjJiYzI3NWExNDRmZjQ4MjJmMDk3OWI5YzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcu61OULa5DMiMIn3JZhap21VWkT
cYxqVvbacIWFGzr4gVJYLAMzS02FCXSPcHbthptzdCwi3nP1Lf+bUi/O/NhbabXR
PnlwdOKy4CaQpP9HILIDpA0FlSeKZKlND2fHdnXShZjmIis8Pd0tUkMclohdT8CQ
2K4RttipNPSv2mDrDEPiKFoDqlyzFp/zdzwpvTeoQbN8RXEEg5/ASWU30pPLqyg8
+o9kAQ8WHXyQXVSkQEBKVZXEkcOyjzlRiWLtSr0pKCOl31m39MoKIqrNGEmGDpey
uB1mi6KzEa2RHor4m/VIw7ZPuTAIFMyVpF40TcGonOMQ9FVNsShR2kyg3wIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFGICPr+scgsrwnWhRP9IIvCXm5wlMB8GA1UdIwQY
MBaAFNtkH8kD1bTMlxZJMkpLNOT4JCLFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjJRZnlRUFZ0TXlYRmtreVNrczA1UGdrSXNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8xMDA5NWYtZmQzNS00YTA2LThmMzkt
N2ZlZTU5MWEyMDljLzEvWWdJLXY2eHlDeXZDZGFGRV8wZ2k4SmVibkNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8xMDA5NWYtZmQzNS00YTA2LThmMzktN2ZlZTU5MWEyMDlj
LzEvMjJRZnlRUFZ0TXlYRmtreVNrczA1UGdrSXNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTAvBAIAATApAwQDTVvIAwMA
UKwDBAO8XeADBALCPvADBAXDFgADBADDI0IDBALDSIgwFgQCAAIwEAMFACABTMAD
BwAqA3PAAAAwDQYJKoZIhvcNAQELBQADggEBAKnO5OMQP7dyJQ4YqbJ274eUFoz4
mTouBVKcySDaWZG8P/tKfrryzOIIFzDOQgdvraDjh+ZnlLgRuLVWTpIj7hp+jRuM
r1TdeCE2vz3DJ0WmBCeNoQWLfGCsYms1+uLt2U78Xw0QGgU+TgAQPfRtKc7BzbJD
A1HJWav4vGBlCXxRSh6GHJ0WmQTUw6qOMP/d6eFvEswYwbATMSfXUkig9S+S+ufW
DYnkzXLBf3VLe8FeOz/nXTTZNJmLwDwmXlNYcAKYfvtTt8rKjsP7MF0bUF29egO2
Hc7QXLdmP6Uqg7LQvkAg4qadDZ4otB6af99hXlQDd6sS3P3tWxQ/ZSF7R80=
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:42:52 2025 by rpki-client