Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/yMSeuAa3_Q3isG4V5xgKNphOKMM.roa
File: yMSeuAa3_Q3isG4V5xgKNphOKMM.roa (raw, json)
Hash identifier: BbbggzpZ1LYSMsSpb6m/RdWTAN0ir/nCUyEfsxCRTww=
Subject key identifier: C8:C4:9E:B8:06:B7:FD:0D:E2:B0:6E:15:E7:18:0A:36:98:4E:28:C3
Certificate issuer: /CN=4b98127943e7175734964010c89ef821416a31b3
Certificate serial: 019A361DA4063ED79085F4A4586D21A4D17A
Authority key identifier: 4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/yMSeuAa3_Q3isG4V5xgKNphOKMM.roa
Signing time: Thu 30 Oct 2025 17:15:03 +0000
ROA not before: Thu 30 Oct 2025 17:15:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2856
IP address blocks: 2.24.0.0/13 maxlen: 13
31.64.0.0/12 maxlen: 12
31.90.0.0/15 maxlen: 15
31.92.0.0/15 maxlen: 15
31.94.0.0/16 maxlen: 16
31.96.0.0/16 maxlen: 16
31.99.0.0/16 maxlen: 16
31.99.0.0/18 maxlen: 18
31.99.64.0/18 maxlen: 18
31.99.128.0/18 maxlen: 18
31.99.192.0/18 maxlen: 18
31.100.0.0/14 maxlen: 14
31.104.0.0/16 maxlen: 16
31.105.0.0/16 maxlen: 16
31.106.0.0/15 maxlen: 15
31.112.0.0/14 maxlen: 14
31.116.0.0/14 maxlen: 14
31.116.0.0/16 maxlen: 16
31.117.0.0/16 maxlen: 16
31.118.0.0/16 maxlen: 16
31.119.0.0/16 maxlen: 16
31.120.0.0/16 maxlen: 16
31.121.0.0/16 maxlen: 16
31.122.0.0/15 maxlen: 15
31.124.0.0/16 maxlen: 16
31.126.0.0/15 maxlen: 15
46.68.66.0/24 maxlen: 24
95.144.0.0/13 maxlen: 13
109.180.0.0/15 maxlen: 15
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.crl
rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.mft
rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:36:1d:a4:06:3e:d7:90:85:f4:a4:58:6d:21:a4:d1:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b98127943e7175734964010c89ef821416a31b3
Validity
Not Before: Oct 30 17:15:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c8c49eb806b7fd0de2b06e15e7180a36984e28c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:9c:90:5a:6f:36:c8:f7:0c:87:1c:9c:b9:35:
ba:37:91:19:23:18:c6:a3:dc:97:45:33:4e:44:e1:
c8:cb:97:5e:bb:f1:c8:b9:a7:74:eb:96:05:5d:0d:
97:ff:e1:35:39:2b:71:f8:01:74:48:54:5a:37:22:
89:d6:40:e0:2b:1a:7c:78:18:a1:f0:22:f8:54:7e:
3b:12:33:fb:42:50:6d:ad:a2:8d:15:94:c1:6c:23:
56:c6:23:62:7b:09:71:54:61:5a:d9:f1:3b:7e:0f:
d3:31:31:13:16:f7:b2:e1:fe:d1:1a:d0:dd:da:ac:
d5:5a:d6:01:92:e9:3c:e7:86:90:8f:1d:e9:24:3f:
94:13:5b:38:c6:15:37:4f:07:34:53:27:07:f7:f6:
1e:a5:04:22:dd:f6:9b:1f:05:6c:a2:66:9c:23:7b:
85:25:68:6b:3e:f6:fe:c7:d5:17:d3:25:d9:fb:85:
d1:1e:64:28:fc:5c:fe:12:bb:a6:8f:12:52:54:0a:
a7:99:a9:f1:96:53:7e:d3:c6:e7:21:d7:5a:28:b4:
3d:5f:96:7b:68:2e:0b:b1:e0:f2:9e:35:21:ec:d6:
34:01:02:95:db:91:cf:09:b3:c2:ef:de:99:6d:4c:
79:a1:c7:0c:4e:19:1a:d6:3b:b3:9a:63:98:8e:69:
39:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:C4:9E:B8:06:B7:FD:0D:E2:B0:6E:15:E7:18:0A:36:98:4E:28:C3
X509v3 Authority Key Identifier:
keyid:4B:98:12:79:43:E7:17:57:34:96:40:10:C8:9E:F8:21:41:6A:31:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5gSeUPnF1c0lkAQyJ74IUFqMbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/yMSeuAa3_Q3isG4V5xgKNphOKMM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/f20df3-2753-4353-a668-621792f7e56a/1/S5gSeUPnF1c0lkAQyJ74IUFqMbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.24.0.0/13
31.64.0.0/12
31.90.0.0-31.94.255.255
31.96.0.0/16
31.99.0.0-31.107.255.255
31.112.0.0-31.124.255.255
31.126.0.0/15
46.68.66.0/24
95.144.0.0/13
109.180.0.0/15
Signature Algorithm: sha256WithRSAEncryption
09:a5:6d:ff:cf:92:2e:e6:c0:a7:d1:f4:03:eb:df:8b:c5:ce:
cb:f7:85:fe:1b:b1:da:6d:20:7a:db:00:82:a2:56:c7:ef:3c:
ce:7d:ea:8f:f0:52:da:bc:ef:53:70:62:77:b9:4d:c0:3c:77:
e6:ab:7d:f7:b5:e8:df:e8:c2:bd:67:39:a8:df:c3:35:6a:1a:
c9:91:1e:e3:bc:1a:4c:f6:e1:cc:1c:f2:4b:67:4b:1b:81:d3:
53:2d:cd:fa:88:0b:9f:ac:e2:60:8e:13:ee:80:0c:63:c8:38:
46:03:26:04:75:42:d1:91:45:ea:62:98:39:20:69:de:72:77:
04:1d:e2:9a:2a:8d:d6:2a:6c:b1:d6:ed:bc:e3:51:0f:e3:2b:
b6:7d:cb:0a:c5:aa:c2:cc:fd:dc:31:b5:de:f2:7b:a1:74:08:
b9:54:5f:a1:d0:6a:ff:20:02:f1:39:a1:a9:4f:30:a8:33:de:
cb:ea:cd:7c:4f:cc:fd:02:d2:8f:f9:e6:9d:9a:76:c1:d5:38:
a3:7e:57:90:e1:cf:d5:0a:9d:11:9a:1f:2f:70:98:cc:75:28:
e4:c5:43:0a:20:48:95:f3:a3:97:84:33:11:d3:05:5b:49:1a:
8d:1a:b0:f8:09:a4:d7:10:f4:e7:d8:0b:d4:f6:f7:40:55:27:
2d:da:83:36
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZo2HaQGPteQhfSkWG0hpNF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTgxMjc5NDNlNzE3NTczNDk2NDAxMGM4OWVmODIxNDE2
YTMxYjMwHhcNMjUxMDMwMTcxNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGM0OWViODA2YjdmZDBkZTJiMDZlMTVlNzE4MGEzNjk4NGUyOGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZyQWm82yPcMhxycuTW6N5EZIxjG
o9yXRTNOROHIy5deu/HIuad065YFXQ2X/+E1OStx+AF0SFRaNyKJ1kDgKxp8eBih
8CL4VH47EjP7QlBtraKNFZTBbCNWxiNiewlxVGFa2fE7fg/TMTETFvey4f7RGtDd
2qzVWtYBkuk854aQjx3pJD+UE1s4xhU3Twc0UycH9/YepQQi3fabHwVsomacI3uF
JWhrPvb+x9UX0yXZ+4XRHmQo/Fz+ErumjxJSVAqnmanxllN+08bnIddaKLQ9X5Z7
aC4LseDynjUh7NY0AQKV25HPCbPC796ZbUx5occMThka1juzmmOYjmk5RQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFMjEnrgGt/0N4rBuFecYCjaYTijDMB8GA1UdIwQY
MBaAFEuYEnlD5xdXNJZAEMie+CFBajGzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2Njgt
NjIxNzkyZjdlNTZhLzEveU1TZXVBYTNfUTNpc0c0VjV4Z0tOcGhPS01NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mMjBkZjMtMjc1My00MzUzLWE2NjgtNjIxNzkyZjdlNTZh
LzEvUzVnU2VVUG5GMWMwbGtBUXlKNzRJVUZxTWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwMDAhgDAwQf
QDAKAwMBH1oDAwAfXgMDAB9gMAoDAwAfYwMDAh9oMAoDAwQfcAMDAB98AwMBH34D
BAAuREIDAwNfkAMDAW20MA0GCSqGSIb3DQEBCwUAA4IBAQAJpW3/z5Iu5sCn0fQD
69+Lxc7L94X+G7HabSB62wCColbH7zzOfeqP8FLavO9TcGJ3uU3APHfmq333tejf
6MK9Zzmo38M1ahrJkR7jvBpM9uHMHPJLZ0sbgdNTLc36iAufrOJgjhPugAxjyDhG
AyYEdULRkUXqYpg5IGnecncEHeKaKo3WKmyx1u2841EP4yu2fcsKxarCzP3cMbXe
8nuhdAi5VF+h0Gr/IALxOaGpTzCoM97L6s18T8z9AtKP+eadmnbB1TijfleQ4c/V
Cp0Rmh8vcJjMdSjkxUMKIEiV86OXhDMR0wVbSRqNGrD4CaTXEPTn2AvU9vdAVSct
2oM2
-----END CERTIFICATE-----
Generated at Wed Nov 5 10:33:19 2025 by rpki-client