Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/y2q7rrJdCufFxC9jfB5GgeeL964.roa
File: y2q7rrJdCufFxC9jfB5GgeeL964.roa (raw, json)
Hash identifier: nGcKe+UNcFVqcQrvyOzGyMq2AYMF9+votVilnKBTS/o=
Subject key identifier: CB:6A:BB:AE:B2:5D:0A:E7:C5:C4:2F:63:7C:1E:46:81:E7:8B:F7:AE
Certificate issuer: /CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Certificate serial: 019873443F188E83AB45347203639F076CD0
Authority key identifier: F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/y2q7rrJdCufFxC9jfB5GgeeL964.roa
Signing time: Mon 04 Aug 2025 04:08:29 +0000
ROA not before: Mon 04 Aug 2025 04:08:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58172
IP address blocks: 85.116.176.0/23 maxlen: 23
85.116.178.0/24 maxlen: 24
85.116.179.0/24 maxlen: 24
85.116.180.0/24 maxlen: 24
85.116.181.0/24 maxlen: 24
85.116.183.0/24 maxlen: 24
85.116.184.0/23 maxlen: 23
85.116.184.0/24 maxlen: 24
85.116.186.0/23 maxlen: 23
85.116.188.0/23 maxlen: 23
85.116.190.0/24 maxlen: 24
85.116.191.0/24 maxlen: 24
91.132.148.0/24 maxlen: 24
91.132.149.0/24 maxlen: 24
91.132.150.0/24 maxlen: 24
91.132.151.0/24 maxlen: 24
91.239.101.0/24 maxlen: 24
128.127.96.0/24 maxlen: 24
128.127.97.0/24 maxlen: 24
128.127.98.0/24 maxlen: 24
128.127.99.0/24 maxlen: 24
128.127.100.0/24 maxlen: 24
128.127.101.0/24 maxlen: 24
128.127.102.0/24 maxlen: 24
128.127.103.0/24 maxlen: 24
178.20.176.0/24 maxlen: 24
178.20.177.0/24 maxlen: 24
178.20.178.0/24 maxlen: 24
178.20.179.0/24 maxlen: 24
178.20.180.0/24 maxlen: 24
178.20.181.0/24 maxlen: 24
178.20.182.0/24 maxlen: 24
178.20.183.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.mft
rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 10 Aug 2025 19:01:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:73:44:3f:18:8e:83:ab:45:34:72:03:63:9f:07:6c:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Validity
Not Before: Aug 4 04:08:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cb6abbaeb25d0ae7c5c42f637c1e4681e78bf7ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:a3:82:d5:af:6d:1d:1b:6f:32:9a:42:44:5a:
94:52:ee:0a:1c:0a:f5:6b:02:6c:0c:39:d7:60:9a:
2d:bb:9f:67:3c:cc:9e:dc:6d:55:6c:2a:35:f7:df:
21:12:00:b6:e5:22:c0:bb:75:51:1b:65:28:39:a2:
7d:12:1c:9b:a7:c1:63:87:d1:92:78:34:53:c4:95:
de:9d:74:a6:ef:75:ae:61:52:6c:4b:b1:0d:fe:85:
bf:87:08:8d:dc:a8:7a:26:0c:4d:47:14:95:b5:20:
c1:85:3b:f4:7a:a8:3d:00:dd:ed:86:3d:95:90:c9:
4b:88:b7:a1:90:83:1a:66:71:73:32:19:5b:39:ca:
89:a7:b3:5d:35:f4:29:e8:e1:66:10:bf:10:5f:54:
b4:45:1f:30:0a:aa:8e:96:13:c3:a5:c1:5c:c8:18:
ac:91:64:9b:23:b6:ac:ad:72:b4:06:29:71:78:a7:
8c:85:55:d5:64:37:a8:1c:25:d5:fa:e9:d4:62:cf:
20:99:15:56:91:40:3a:8c:5d:2b:fe:30:21:9c:3e:
df:fc:a2:a5:a6:c0:92:83:29:c6:bc:6a:25:ae:3f:
df:15:d1:6e:ab:03:a0:45:81:27:7c:6f:1f:ad:6a:
40:93:23:b1:24:ea:27:af:12:7b:fb:c9:a3:b7:d0:
99:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:6A:BB:AE:B2:5D:0A:E7:C5:C4:2F:63:7C:1E:46:81:E7:8B:F7:AE
X509v3 Authority Key Identifier:
keyid:F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/y2q7rrJdCufFxC9jfB5GgeeL964.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.116.176.0-85.116.181.255
85.116.183.0-85.116.191.255
91.132.148.0/22
91.239.101.0/24
128.127.96.0/21
178.20.176.0/21
Signature Algorithm: sha256WithRSAEncryption
1f:bc:92:74:17:54:b9:40:ca:37:fb:e7:17:ab:d3:6c:b2:fb:
ee:e0:ba:28:43:7b:09:9d:e0:58:73:b7:b1:86:b1:d5:56:62:
e5:e8:2f:db:60:45:05:df:2d:8d:d2:1d:db:e0:0c:4d:96:55:
a6:0b:3d:ab:8d:7c:44:a8:cc:53:42:ac:ff:4f:7c:c7:34:f5:
6f:15:15:2a:dd:65:98:59:9b:50:10:f8:0e:2a:ab:62:f3:f2:
a1:19:74:57:ce:92:1b:c7:7f:41:14:c0:b8:8c:5b:1c:43:b4:
70:29:98:94:9f:c7:c1:0e:93:5c:4e:73:70:51:b9:0b:37:df:
10:17:b2:d0:51:ee:6c:4c:cf:63:3f:58:0c:58:8d:5e:bd:65:
23:f2:68:a5:8a:ca:f4:7c:a6:4d:f3:50:0d:05:9a:09:a1:ef:
f6:3b:93:27:f9:fc:e5:72:0f:f3:af:f7:6c:28:a6:a9:97:52:
33:c4:02:73:04:e8:fb:cb:e2:a7:c4:9c:0b:a0:2c:02:cd:9b:
cd:5f:c0:f9:d4:13:2c:39:77:4e:50:33:b4:bf:92:f7:c3:f1:
0b:92:9a:7e:61:c7:e9:f4:e8:4c:7b:8f:bf:13:94:e7:a9:86:
b6:14:8c:d5:e9:06:d5:10:ad:d7:4c:55:dc:3a:f0:77:e7:f6:
72:63:25:fa
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZhzRD8YjoOrRTRyA2OfB2zQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzExMzQxM2QwZGY1YjhmYTA2OTAxMWVlYjEwOWYwNjdi
NTU3OWEwHhcNMjUwODA0MDQwODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjZhYmJhZWIyNWQwYWU3YzVjNDJmNjM3YzFlNDY4MWU3OGJmN2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6OC1a9tHRtvMppCRFqUUu4KHAr1
awJsDDnXYJotu59nPMye3G1VbCo1998hEgC25SLAu3VRG2UoOaJ9Ehybp8Fjh9GS
eDRTxJXenXSm73WuYVJsS7EN/oW/hwiN3Kh6JgxNRxSVtSDBhTv0eqg9AN3thj2V
kMlLiLehkIMaZnFzMhlbOcqJp7NdNfQp6OFmEL8QX1S0RR8wCqqOlhPDpcFcyBis
kWSbI7asrXK0BilxeKeMhVXVZDeoHCXV+unUYs8gmRVWkUA6jF0r/jAhnD7f/KKl
psCSgynGvGolrj/fFdFuqwOgRYEnfG8frWpAkyOxJOonrxJ7+8mjt9CZVwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFMtqu66yXQrnxcQvY3weRoHni/euMB8GA1UdIwQY
MBaAFPDBE0E9DfW4+gaQEe6xCfBntVeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUt
NTAyNjFiMTE5MTZiLzEveTJxN3JySmRDdWZGeEM5amZCNUdnZWVMOTY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUtNTAyNjFiMTE5MTZi
LzEvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBARVdLAD
BAFVdLQwDAMEAFV0twMEBlV0gAMEAluElAMEAFvvZQMEA4B/YAMEA7IUsDANBgkq
hkiG9w0BAQsFAAOCAQEAH7ySdBdUuUDKN/vnF6vTbLL77uC6KEN7CZ3gWHO3sYax
1VZi5egv22BFBd8tjdId2+AMTZZVpgs9q418RKjMU0Ks/098xzT1bxUVKt1lmFmb
UBD4DiqrYvPyoRl0V86SG8d/QRTAuIxbHEO0cCmYlJ/HwQ6TXE5zcFG5CzffEBey
0FHubEzPYz9YDFiNXr1lI/JopYrK9HymTfNQDQWaCaHv9juTJ/n85XIP86/3bCim
qZdSM8QCcwTo+8vip8ScC6AsAs2bzV/A+dQTLDl3TlAztL+S98PxC5KafmHH6fTo
THuPvxOU56mGthSM1ekG1RCt10xV3Drwd+f2cmMl+g==
-----END CERTIFICATE-----
Generated at Sun Aug 10 05:35:17 2025 by rpki-client