Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/YyuaBUM2DfGwrhhloV5aHuzBCI4.roa
File: YyuaBUM2DfGwrhhloV5aHuzBCI4.roa (raw, json)
Hash identifier: CVz/owS5fTPJx5btZA+MB4GhmLyvwbOLmAgKI8HaW2k=
Subject key identifier: 63:2B:9A:05:43:36:0D:F1:B0:AE:18:65:A1:5E:5A:1E:EC:C1:08:8E
Certificate issuer: /CN=3890e7a4549a571f68b688dad4f5ced8e529068b
Certificate serial: 019B7910023DF40C37556A1AF300595D8E40
Authority key identifier: 38:90:E7:A4:54:9A:57:1F:68:B6:88:DA:D4:F5:CE:D8:E5:29:06:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OJDnpFSaVx9otoja1PXO2OUpBos.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/YyuaBUM2DfGwrhhloV5aHuzBCI4.roa
Signing time: Thu 01 Jan 2026 10:17:30 +0000
ROA not before: Thu 01 Jan 2026 10:17:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 201644
IP address blocks: 185.68.88.0/22 maxlen: 22
185.68.88.0/23 maxlen: 23
185.68.88.0/24 maxlen: 24
185.68.89.0/24 maxlen: 24
185.68.90.0/23 maxlen: 23
185.68.90.0/24 maxlen: 24
185.68.91.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/OJDnpFSaVx9otoja1PXO2OUpBos.crl
rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/OJDnpFSaVx9otoja1PXO2OUpBos.mft
rsync://rpki.ripe.net/repository/DEFAULT/OJDnpFSaVx9otoja1PXO2OUpBos.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:79:10:02:3d:f4:0c:37:55:6a:1a:f3:00:59:5d:8e:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3890e7a4549a571f68b688dad4f5ced8e529068b
Validity
Not Before: Jan 1 10:17:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=632b9a0543360df1b0ae1865a15e5a1eecc1088e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:22:ff:eb:97:61:bb:b6:66:37:a9:3c:4b:36:
24:0e:f2:f5:e3:df:bd:09:80:81:3b:48:e3:35:8b:
d4:62:cc:f2:25:72:07:8f:30:b0:46:74:33:bf:12:
69:aa:aa:ac:dc:e0:ca:11:f3:52:0a:c8:11:73:5b:
a2:e8:f7:ab:1b:c0:eb:92:01:c3:a9:54:88:9a:73:
3d:59:5f:03:6e:12:91:14:59:ca:a0:f6:1c:9d:9c:
7f:14:89:86:6b:75:60:65:a6:7f:62:11:e4:8c:9a:
c6:88:bf:f2:2b:8f:2b:b8:c1:04:73:e3:c9:ad:6c:
fe:1f:d6:a4:0e:6b:aa:0f:16:19:27:62:be:a8:2d:
6a:ab:85:ab:69:97:d4:34:47:d9:c1:7f:67:93:8d:
4f:c3:82:f9:61:b9:77:96:c1:37:f0:95:62:53:3e:
27:58:16:92:11:30:3b:2f:a4:ca:4c:d2:3b:10:61:
35:18:d5:51:5d:cb:a9:2a:1a:3c:1a:3b:03:82:79:
37:91:fb:41:b8:a9:ec:f9:16:33:70:d8:e7:a4:9f:
2b:07:8b:85:a4:ce:fd:09:10:74:75:be:bb:c1:71:
fd:fe:ab:6c:d6:74:35:3f:8e:0f:29:be:57:4c:68:
59:04:62:b9:7a:f9:9b:6d:77:a0:cb:7b:d6:ce:d2:
a6:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:2B:9A:05:43:36:0D:F1:B0:AE:18:65:A1:5E:5A:1E:EC:C1:08:8E
X509v3 Authority Key Identifier:
keyid:38:90:E7:A4:54:9A:57:1F:68:B6:88:DA:D4:F5:CE:D8:E5:29:06:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OJDnpFSaVx9otoja1PXO2OUpBos.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/YyuaBUM2DfGwrhhloV5aHuzBCI4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/OJDnpFSaVx9otoja1PXO2OUpBos.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.68.88.0/22
Signature Algorithm: sha256WithRSAEncryption
a7:a2:69:53:ed:3e:f2:b7:fa:06:36:51:16:9e:56:af:91:93:
1f:bd:89:f2:cb:8f:e4:88:58:17:72:1f:8c:b4:af:b1:98:b0:
3d:46:d0:18:2c:07:b5:2f:04:7a:de:ee:35:6c:b7:b5:5a:75:
3e:5a:73:6f:4e:c6:3f:0f:6c:31:da:2a:5d:54:02:87:cc:86:
ed:cf:ad:93:bf:b6:2a:88:35:9d:a4:77:b5:b7:5d:ee:f8:42:
9f:51:d4:26:f9:df:29:0b:79:91:c3:d7:1c:4a:e5:49:1a:f6:
f0:8a:17:15:43:40:0d:86:bb:1b:a2:54:bd:9b:cb:d0:2b:f3:
f8:0c:df:2b:e5:36:c6:70:c9:8a:e1:f4:da:2d:08:02:1f:88:
93:e1:3a:6c:05:2c:c3:52:42:73:9d:40:e9:de:1c:af:0b:07:
3a:6e:5c:c8:3e:6b:65:61:86:03:89:91:23:16:c1:97:6d:66:
5f:1b:52:ac:63:72:51:88:9a:be:40:f3:3e:24:45:90:a9:dc:
c9:09:f6:fd:a1:71:d8:93:cb:a5:a0:65:41:b1:11:39:ac:cb:
07:9f:27:97:f4:9b:e7:a3:b0:c5:50:44:a2:49:25:77:3b:9a:
21:30:f7:71:92:05:ee:9f:e0:8c:2f:fe:f6:c5:75:7a:98:49:
c5:e2:62:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EAI99Aw3VWoa8wBZXY5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4OTBlN2E0NTQ5YTU3MWY2OGI2ODhkYWQ0ZjVjZWQ4ZTUy
OTA2OGIwHhcNMjYwMTAxMTAxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzJiOWEwNTQzMzYwZGYxYjBhZTE4NjVhMTVlNWExZWVjYzEwODhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCL/65dhu7ZmN6k8SzYkDvL149+9
CYCBO0jjNYvUYszyJXIHjzCwRnQzvxJpqqqs3ODKEfNSCsgRc1ui6PerG8DrkgHD
qVSImnM9WV8DbhKRFFnKoPYcnZx/FImGa3VgZaZ/YhHkjJrGiL/yK48ruMEEc+PJ
rWz+H9akDmuqDxYZJ2K+qC1qq4WraZfUNEfZwX9nk41Pw4L5Ybl3lsE38JViUz4n
WBaSETA7L6TKTNI7EGE1GNVRXcupKho8GjsDgnk3kftBuKns+RYzcNjnpJ8rB4uF
pM79CRB0db67wXH9/qts1nQ1P44PKb5XTGhZBGK5evmbbXegy3vWztKmUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMrmgVDNg3xsK4YZaFeWh7swQiOMB8GA1UdIwQY
MBaAFDiQ56RUmlcfaLaI2tT1ztjlKQaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0pEbnBGU2FWeDlvdG9qYTFQWE8yT1VwQm9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8yNWRmNGUtYWZjNS00YzUwLThkZTIt
OTQ4MTJjN2Y0NDllLzEvWXl1YUJVTTJEZkd3cmhobG9WNWFIdXpCQ0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8yNWRmNGUtYWZjNS00YzUwLThkZTItOTQ4MTJjN2Y0NDll
LzEvT0pEbnBGU2FWeDlvdG9qYTFQWE8yT1VwQm9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuURYMA0G
CSqGSIb3DQEBCwUAA4IBAQCnomlT7T7yt/oGNlEWnlavkZMfvYnyy4/kiFgXch+M
tK+xmLA9RtAYLAe1LwR63u41bLe1WnU+WnNvTsY/D2wx2ipdVAKHzIbtz62Tv7Yq
iDWdpHe1t13u+EKfUdQm+d8pC3mRw9ccSuVJGvbwihcVQ0ANhrsbolS9m8vQK/P4
DN8r5TbGcMmK4fTaLQgCH4iT4TpsBSzDUkJznUDp3hyvCwc6blzIPmtlYYYDiZEj
FsGXbWZfG1KsY3JRiJq+QPM+JEWQqdzJCfb9oXHYk8uloGVBsRE5rMsHnyeX9Jvn
o7DFUESiSSV3O5ohMPdxkgXun+CML/72xXV6mEnF4mJH
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:09:38 2026 by rpki-client