Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/y1CrQxuvHr23V7lls5C194EsRDs.roa
File: y1CrQxuvHr23V7lls5C194EsRDs.roa (raw, json)
Hash identifier: EpAbDQcFTvTrlLRJ1zIrH3uM7P6AB1uxGlDmxfGif9I=
Subject key identifier: CB:50:AB:43:1B:AF:1E:BD:B7:57:B9:65:B3:90:B5:F7:81:2C:44:3B
Certificate issuer: /CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
Certificate serial: 019A4941692A5B1C9193BADACCCDD69B3804
Authority key identifier: 1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/y1CrQxuvHr23V7lls5C194EsRDs.roa
Signing time: Mon 03 Nov 2025 10:26:54 +0000
ROA not before: Mon 03 Nov 2025 10:26:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 398781
IP address blocks: 46.33.24.0/23 maxlen: 32
79.108.168.0/21 maxlen: 32
79.108.176.0/21 maxlen: 32
79.108.184.0/21 maxlen: 32
79.108.192.0/21 maxlen: 32
82.158.64.0/21 maxlen: 32
82.158.72.0/21 maxlen: 32
82.158.80.0/21 maxlen: 32
82.198.36.0/22 maxlen: 32
84.234.48.0/22 maxlen: 32
84.234.52.0/22 maxlen: 32
84.234.60.0/22 maxlen: 32
91.238.12.0/22 maxlen: 32
95.36.16.0/20 maxlen: 32
95.36.32.0/20 maxlen: 32
95.36.48.0/20 maxlen: 32
109.175.232.0/23 maxlen: 32
109.175.244.0/23 maxlen: 32
167.150.180.0/22 maxlen: 32
167.150.188.0/22 maxlen: 32
167.150.208.0/22 maxlen: 32
167.150.236.0/22 maxlen: 32
198.13.200.0/21 maxlen: 32
199.182.80.0/20 maxlen: 32
209.16.224.0/21 maxlen: 32
209.16.232.0/21 maxlen: 32
209.16.240.0/21 maxlen: 32
209.16.248.0/21 maxlen: 32
213.5.20.0/22 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.mft
rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:49:41:69:2a:5b:1c:91:93:ba:da:cc:cd:d6:9b:38:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
Validity
Not Before: Nov 3 10:26:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cb50ab431baf1ebdb757b965b390b5f7812c443b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:cd:25:98:39:cf:d4:0d:79:43:ac:eb:56:7f:
33:01:38:cc:5b:fd:56:b9:ea:3a:01:1d:9e:e2:66:
2e:33:9e:e7:4b:03:10:42:eb:4b:f6:9e:da:40:1d:
32:da:e3:f4:26:84:45:3a:5a:be:18:30:f5:9d:4a:
7e:dc:de:fe:7a:93:b0:bc:ad:93:cf:59:e4:28:62:
ca:a0:c0:60:d4:f0:a4:8f:18:84:47:64:df:f0:16:
22:4c:cf:5a:eb:70:1c:fc:59:a4:b6:1c:df:cc:c1:
e6:ff:da:e4:4b:94:1e:de:24:55:6d:6b:a0:a4:bc:
9e:29:8a:c8:f2:6a:6e:27:b7:46:52:9d:e0:57:bf:
60:1d:b5:68:c0:50:ac:2c:0e:22:88:d6:6a:5b:2b:
c2:88:e2:02:c9:d2:ac:69:d2:aa:e4:e0:75:7a:c3:
b5:5d:a0:46:4e:a4:cd:95:25:7b:86:c7:90:44:64:
7d:a6:c0:dd:07:3c:9b:79:6c:73:c6:bb:d7:d2:d6:
d9:f6:1d:a2:57:34:7f:e2:e6:b4:68:bc:61:69:47:
2f:b0:18:41:59:fd:31:b6:00:9b:38:df:f4:bc:f4:
b2:d0:26:98:2b:37:c6:4f:b5:c4:f6:41:23:28:40:
1e:39:07:84:a8:71:35:21:bb:c8:bf:0d:22:be:c9:
16:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:50:AB:43:1B:AF:1E:BD:B7:57:B9:65:B3:90:B5:F7:81:2C:44:3B
X509v3 Authority Key Identifier:
keyid:1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/y1CrQxuvHr23V7lls5C194EsRDs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.33.24.0/23
79.108.168.0-79.108.199.255
82.158.64.0-82.158.87.255
82.198.36.0/22
84.234.48.0/21
84.234.60.0/22
91.238.12.0/22
95.36.16.0-95.36.63.255
109.175.232.0/23
109.175.244.0/23
167.150.180.0/22
167.150.188.0/22
167.150.208.0/22
167.150.236.0/22
198.13.200.0/21
199.182.80.0/20
209.16.224.0/19
213.5.20.0/22
Signature Algorithm: sha256WithRSAEncryption
99:33:7d:69:16:bf:f4:d4:13:ae:e9:a3:24:9f:ec:4d:d4:07:
16:c5:77:58:56:5f:12:ae:bf:32:9d:86:39:19:ee:3c:cf:94:
20:9e:d6:ec:11:8c:a1:3c:1f:9a:4b:dd:a1:9c:58:c2:87:79:
40:32:81:85:4d:c0:5e:1b:a1:4f:6d:b3:a9:e4:84:55:79:3d:
93:a1:c3:8f:14:e9:6f:cf:6f:85:28:f4:73:bf:c8:38:d0:fd:
07:ac:ae:d4:f0:24:a4:3b:47:eb:a1:73:e8:fd:b1:21:ae:63:
93:c6:2e:2b:e9:b5:a6:c7:01:7d:26:e1:5e:3b:ef:9c:c6:9a:
9d:35:a6:37:fc:d5:0a:84:72:43:0b:31:23:e4:a5:78:4a:e8:
a0:d5:6e:d2:b2:e7:72:67:74:ce:1a:83:64:31:c5:c8:bd:b4:
e1:4f:38:74:61:96:55:cb:11:ea:fc:9d:60:c1:12:6d:5e:b7:
60:ea:38:03:93:36:24:31:a7:73:34:57:47:71:30:27:54:30:
8f:b7:c3:a5:2b:c1:cd:d9:fb:09:fd:70:a3:5d:f7:59:36:4c:
41:21:09:ae:f4:2f:a6:0b:97:ba:87:e7:0d:38:fa:50:10:3e:
36:3f:f5:89:c1:f7:44:b5:6d:80:2a:dd:91:73:a0:7f:ad:33:
50:68:a9:14
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAZpJQWkqWxyRk7razM3WmzgEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYTUxYTBiYzBmMGFmZWJiZjZkNWQ5MjdmZTFmOTgxNmY1
MjM1MmQwHhcNMjUxMTAzMTAyNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjUwYWI0MzFiYWYxZWJkYjc1N2I5NjViMzkwYjVmNzgxMmM0NDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzM0lmDnP1A15Q6zrVn8zATjMW/1W
ueo6AR2e4mYuM57nSwMQQutL9p7aQB0y2uP0JoRFOlq+GDD1nUp+3N7+epOwvK2T
z1nkKGLKoMBg1PCkjxiER2Tf8BYiTM9a63Ac/FmkthzfzMHm/9rkS5Qe3iRVbWug
pLyeKYrI8mpuJ7dGUp3gV79gHbVowFCsLA4iiNZqWyvCiOICydKsadKq5OB1esO1
XaBGTqTNlSV7hseQRGR9psDdBzybeWxzxrvX0tbZ9h2iVzR/4ua0aLxhaUcvsBhB
Wf0xtgCbON/0vPSy0CaYKzfGT7XE9kEjKEAeOQeEqHE1IbvIvw0ivskWqwIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFMtQq0Mbrx69t1e5ZbOQtfeBLEQ7MB8GA1UdIwQY
MBaAFBulGgvA8K/rv21dkn/h+YFvUjUtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQt
ODcxZjllZDcwOGUwLzEveTFDclF4dXZIcjIzVjdsbHM1QzE5NEVzUkRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQtODcxZjllZDcwOGUw
LzEvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGhBggrBgEFBQcBBwEB/wSBkTCBjjCBiwQCAAEwgYQDBAEu
IRgwDAMEA09sqAMEA09swDAMAwQGUp5AAwQDUp5QAwQCUsYkAwQDVOowAwQCVOo8
AwQCW+4MMAwDBARfJBADBAZfJAADBAFtr+gDBAFtr/QDBAKnlrQDBAKnlrwDBAKn
ltADBAKnluwDBAPGDcgDBATHtlADBAXREOADBALVBRQwDQYJKoZIhvcNAQELBQAD
ggEBAJkzfWkWv/TUE67poySf7E3UBxbFd1hWXxKuvzKdhjkZ7jzPlCCe1uwRjKE8
H5pL3aGcWMKHeUAygYVNwF4boU9ts6nkhFV5PZOhw48U6W/Pb4Uo9HO/yDjQ/Qes
rtTwJKQ7R+uhc+j9sSGuY5PGLivptabHAX0m4V4775zGmp01pjf81QqEckMLMSPk
pXhK6KDVbtKy53JndM4ag2Qxxci9tOFPOHRhllXLEer8nWDBEm1et2DqOAOTNiQx
p3M0V0dxMCdUMI+3w6Urwc3Z+wn9cKNd91k2TEEhCa70L6YLl7qH5w04+lAQPjY/
9YnB90S1bYAq3ZFzoH+tM1BoqRQ=
-----END CERTIFICATE-----
Generated at Wed Nov 5 00:03:47 2025 by rpki-client