Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/YMJHPYOCkpMfZfNHoGYeBjxWaOI.roa
File: YMJHPYOCkpMfZfNHoGYeBjxWaOI.roa (raw, json)
Hash identifier: yJjrgN8kBsEfpA42zaZLGGIadnU9Q2CCBpQQsiqKfFk=
Subject key identifier: 60:C2:47:3D:83:82:92:93:1F:65:F3:47:A0:66:1E:06:3C:56:68:E2
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019862F65B56E42C1C97BC776A5060F7BC02
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/YMJHPYOCkpMfZfNHoGYeBjxWaOI.roa
Signing time: Fri 01 Aug 2025 00:09:29 +0000
ROA not before: Fri 01 Aug 2025 00:09:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 53813
IP address blocks: 147.161.192.0/23 maxlen: 24
147.161.194.0/23 maxlen: 24
147.161.196.0/23 maxlen: 24
147.161.198.0/23 maxlen: 24
147.161.200.0/23 maxlen: 24
147.161.204.0/23 maxlen: 24
147.161.208.0/23 maxlen: 24
147.161.210.0/23 maxlen: 24
147.161.212.0/23 maxlen: 24
147.161.214.0/23 maxlen: 24
147.161.216.0/23 maxlen: 24
147.161.218.0/23 maxlen: 24
147.161.220.0/23 maxlen: 24
164.137.56.0/24 maxlen: 24
164.137.57.0/24 maxlen: 24
164.137.58.0/24 maxlen: 24
164.137.59.0/24 maxlen: 24
164.137.60.0/24 maxlen: 24
164.137.69.0/24 maxlen: 24
164.137.109.0/24 maxlen: 24
164.137.159.0/24 maxlen: 24
164.137.160.0/24 maxlen: 24
164.137.161.0/24 maxlen: 24
164.137.162.0/24 maxlen: 24
164.137.163.0/24 maxlen: 24
164.137.164.0/24 maxlen: 24
164.137.165.0/24 maxlen: 24
164.137.166.0/24 maxlen: 24
164.137.167.0/24 maxlen: 24
164.137.168.0/24 maxlen: 24
164.137.169.0/24 maxlen: 24
164.137.170.0/24 maxlen: 24
164.137.171.0/24 maxlen: 24
164.137.172.0/24 maxlen: 24
164.137.173.0/24 maxlen: 24
164.137.174.0/24 maxlen: 24
164.137.175.0/24 maxlen: 24
164.137.176.0/24 maxlen: 24
164.137.177.0/24 maxlen: 24
164.137.178.0/24 maxlen: 24
164.137.179.0/24 maxlen: 24
164.137.180.0/24 maxlen: 24
164.137.181.0/24 maxlen: 24
164.137.182.0/24 maxlen: 24
164.137.183.0/24 maxlen: 24
164.137.184.0/24 maxlen: 24
164.137.185.0/24 maxlen: 24
164.137.186.0/24 maxlen: 24
164.137.187.0/24 maxlen: 24
164.137.188.0/24 maxlen: 24
164.137.189.0/24 maxlen: 24
164.137.190.0/24 maxlen: 24
164.137.191.0/24 maxlen: 24
164.137.192.0/24 maxlen: 24
2a03:eec0:3211::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft
rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 07 Aug 2025 06:01:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:62:f6:5b:56:e4:2c:1c:97:bc:77:6a:50:60:f7:bc:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Aug 1 00:09:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=60c2473d838292931f65f347a0661e063c5668e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:e0:d8:72:5f:d1:b5:a1:bb:3a:52:ff:6d:74:
fd:f9:f0:ff:46:0e:22:80:81:01:63:74:e8:f2:7a:
98:00:e4:a7:41:ed:c4:6a:ea:66:0d:0d:38:ee:54:
cf:41:92:d8:a8:7b:55:cd:87:8a:4d:84:3a:dd:97:
d9:2c:55:84:be:6a:eb:b4:74:08:db:be:77:4e:46:
18:43:57:9d:45:d2:69:0d:c3:4b:ac:9b:d3:62:84:
6e:35:27:f4:45:4e:88:57:39:7b:fc:f8:bf:56:5d:
55:8c:1c:a0:6b:d9:e2:bb:e7:f7:58:ff:08:23:6f:
24:66:5d:a7:d6:30:ed:b1:e3:9f:1e:2b:11:e4:a1:
80:f5:53:be:b8:0c:48:c5:dd:62:39:93:3e:dd:30:
41:a7:9e:c6:28:e9:2a:b0:56:96:d1:9a:c6:ce:cb:
2c:ea:df:65:b6:f1:27:ac:df:7a:b5:70:fc:64:36:
c0:b6:17:ee:4e:9d:92:bd:03:3d:1e:62:c6:89:da:
fe:22:31:75:31:a3:49:6b:be:26:cd:e6:88:36:ed:
b0:20:d0:a1:e3:c0:74:6c:fb:75:b7:ee:03:27:17:
aa:fc:fc:3e:0e:94:a2:95:28:25:bb:d8:fd:e6:fe:
02:ce:81:a9:61:94:64:17:27:b2:04:a1:6f:48:d2:
65:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:C2:47:3D:83:82:92:93:1F:65:F3:47:A0:66:1E:06:3C:56:68:E2
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/YMJHPYOCkpMfZfNHoGYeBjxWaOI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.161.192.0-147.161.201.255
147.161.204.0/23
147.161.208.0-147.161.221.255
164.137.56.0-164.137.60.255
164.137.69.0/24
164.137.109.0/24
164.137.159.0-164.137.192.255
IPv6:
2a03:eec0:3211::/48
Signature Algorithm: sha256WithRSAEncryption
6b:8e:02:80:91:87:a8:c5:f7:20:2f:ca:0a:ea:21:c6:df:17:
81:9a:76:eb:08:f8:cf:75:05:fa:1a:8b:95:97:22:03:db:0b:
91:c1:28:0d:7d:e3:df:3e:7f:be:ec:4b:6f:7e:1b:b5:28:f5:
79:70:76:b4:0a:54:c3:a3:0e:34:11:82:a0:d5:4b:f1:9a:3d:
dc:ad:49:59:f6:ad:eb:4c:b7:1b:e9:f4:c2:4e:f5:08:61:1e:
0e:e1:7f:49:21:45:40:3b:13:00:19:be:a1:7f:9f:06:53:6c:
92:9c:c0:23:7b:da:cd:bf:dc:45:43:c6:f3:73:cf:83:52:16:
1f:f5:09:6b:3c:ce:c6:af:2a:5a:d1:fc:8b:75:90:0d:6b:36:
35:7c:c6:bd:e8:be:40:65:0e:7c:f6:f6:89:4c:bf:f8:57:0d:
4a:af:e6:f6:f5:33:ba:ae:dd:1d:78:04:f1:f4:a4:50:f3:60:
5a:ae:5c:25:30:b4:ac:3f:ac:d2:d7:c8:c4:28:c7:d7:c9:15:
f3:28:51:9a:5c:c6:a0:c2:79:67:29:05:0a:78:84:09:fd:f1:
c3:eb:9b:a6:ab:79:5c:ce:77:85:a7:0b:55:0c:f9:cc:3b:d5:
40:fa:9c:98:e9:5e:c3:de:2d:31:e8:c2:87:19:50:17:43:e2:
e4:da:e6:25
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAZhi9ltW5Cwcl7x3alBg97wCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjUwODAxMDAwOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGMyNDczZDgzODI5MjkzMWY2NWYzNDdhMDY2MWUwNjNjNTY2OGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueDYcl/RtaG7OlL/bXT9+fD/Rg4i
gIEBY3To8nqYAOSnQe3EaupmDQ047lTPQZLYqHtVzYeKTYQ63ZfZLFWEvmrrtHQI
2753TkYYQ1edRdJpDcNLrJvTYoRuNSf0RU6IVzl7/Pi/Vl1VjByga9niu+f3WP8I
I28kZl2n1jDtseOfHisR5KGA9VO+uAxIxd1iOZM+3TBBp57GKOkqsFaW0ZrGzsss
6t9ltvEnrN96tXD8ZDbAthfuTp2SvQM9HmLGidr+IjF1MaNJa74mzeaINu2wINCh
48B0bPt1t+4DJxeq/Pw+DpSilSglu9j95v4CzoGpYZRkFyeyBKFvSNJlVQIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFGDCRz2DgpKTH2XzR6BmHgY8VmjiMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvWU1KSFBZT0NrcE1mWmZOSG9HWWVCanhXYU9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBQBAIAATBKMAwDBAaTocAD
BAGTocgDBAGTocwwDAMEBJOh0AMEAZOh3DAMAwQDpIk4AwQApIk8AwQApIlFAwQA
pIltMAwDBACkiZ8DBACkicAwDwQCAAIwCQMHACoD7sAyETANBgkqhkiG9w0BAQsF
AAOCAQEAa44CgJGHqMX3IC/KCuohxt8XgZp26wj4z3UF+hqLlZciA9sLkcEoDX3j
3z5/vuxLb34btSj1eXB2tApUw6MONBGCoNVL8Zo93K1JWfat60y3G+n0wk71CGEe
DuF/SSFFQDsTABm+oX+fBlNskpzAI3vazb/cRUPG83PPg1IWH/UJazzOxq8qWtH8
i3WQDWs2NXzGvei+QGUOfPb2iUy/+FcNSq/m9vUzuq7dHXgE8fSkUPNgWq5cJTC0
rD+s0tfIxCjH18kV8yhRmlzGoMJ5ZykFCniECf3xw+ubpqt5XM53hacLVQz5zDvV
QPqcmOlew94tMejChxlQF0Pi5NrmJQ==
-----END CERTIFICATE-----
Generated at Wed Aug 6 11:05:04 2025 by rpki-client