Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/haVl-IddpVIOhoadpyJZ_a5CgAY.roa
File: haVl-IddpVIOhoadpyJZ_a5CgAY.roa (raw, json)
Hash identifier: xEVD5o+b6swUkv0iGkz/lglqYHWH3tPCrwBEj8vxyI4=
Subject key identifier: 85:A5:65:F8:87:5D:A5:52:0E:86:86:9D:A7:22:59:FD:AE:42:80:06
Certificate issuer: /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial: 01970B0213EA42A2AB74D03B63509B16BA56
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/haVl-IddpVIOhoadpyJZ_a5CgAY.roa
Signing time: Mon 26 May 2025 05:12:54 +0000
ROA not before: Mon 26 May 2025 05:12:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207333
IP address blocks: 31.14.27.0/24 maxlen: 24
86.107.44.0/24 maxlen: 24
86.107.45.0/24 maxlen: 24
86.107.198.0/24 maxlen: 24
86.107.199.0/24 maxlen: 24
89.33.41.0/24 maxlen: 24
89.35.124.0/24 maxlen: 24
89.35.125.0/24 maxlen: 24
89.46.33.0/24 maxlen: 24
89.46.34.0/24 maxlen: 24
92.114.7.0/24 maxlen: 24
109.235.112.0/24 maxlen: 24
109.235.113.0/24 maxlen: 24
109.235.114.0/24 maxlen: 24
109.235.115.0/24 maxlen: 24
109.235.116.0/24 maxlen: 24
109.235.117.0/24 maxlen: 24
109.235.118.0/24 maxlen: 24
109.235.119.0/24 maxlen: 24
185.98.5.0/24 maxlen: 24
185.98.6.0/24 maxlen: 24
185.98.7.0/24 maxlen: 24
185.100.64.0/24 maxlen: 24
185.100.65.0/24 maxlen: 24
185.100.67.0/24 maxlen: 24
185.111.104.0/24 maxlen: 24
185.111.105.0/24 maxlen: 24
185.111.106.0/24 maxlen: 24
185.111.107.0/24 maxlen: 24
185.113.132.0/24 maxlen: 24
185.113.134.0/24 maxlen: 24
185.113.135.0/24 maxlen: 24
185.121.80.0/24 maxlen: 24
185.121.81.0/24 maxlen: 24
185.121.82.0/24 maxlen: 24
185.121.83.0/24 maxlen: 24
185.125.89.0/24 maxlen: 24
185.129.48.0/24 maxlen: 24
185.129.49.0/24 maxlen: 24
185.129.50.0/24 maxlen: 24
185.129.51.0/24 maxlen: 24
188.241.216.0/24 maxlen: 24
188.241.217.0/24 maxlen: 24
2a06:940::/48 maxlen: 48
2a06:940:2::/48 maxlen: 48
2a06:942::/48 maxlen: 48
2a06:942:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.mft
rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 14:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:0b:02:13:ea:42:a2:ab:74:d0:3b:63:50:9b:16:ba:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Validity
Not Before: May 26 05:12:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85a565f8875da5520e86869da72259fdae428006
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:c1:c0:5c:7a:d3:1f:ed:ff:64:9a:07:ab:04:
c2:21:28:05:a5:c9:c1:28:b6:cd:1c:ad:a1:3a:7a:
66:d6:24:e7:86:17:83:61:17:c5:4f:dd:84:1c:b0:
77:6e:40:ab:30:68:c8:50:13:e4:e0:59:89:17:d7:
13:33:98:d2:55:9e:1e:90:be:b7:da:8e:77:c8:35:
cb:f8:d9:c9:19:94:dd:7b:25:b4:27:7c:dd:b6:85:
1e:ed:52:7f:21:f6:6d:90:84:6c:e2:e3:c5:2a:34:
a6:6e:28:8b:1e:0c:ba:f7:71:20:db:a4:af:e8:70:
36:e8:56:be:67:90:be:23:8c:2d:4c:3d:c8:c5:cf:
a5:7d:fb:37:06:fb:de:6c:d3:8e:26:b7:f9:d2:10:
b3:38:c4:c6:4a:33:c1:81:8d:7d:4d:48:e0:3b:6f:
ec:ef:d6:f1:dc:79:21:f2:a8:57:1d:24:33:d9:44:
d9:0c:d0:72:03:fa:e0:91:45:c3:a9:da:f3:14:09:
4a:9c:44:09:77:fa:54:4c:d8:0f:57:6f:d5:04:e4:
a9:2d:de:d9:fe:6d:6e:32:75:1c:50:14:73:e9:5c:
55:41:69:8a:0b:fa:ea:fe:fc:aa:b9:5c:ec:9f:96:
ff:ff:4d:57:54:1d:ff:6e:df:83:39:af:25:a5:aa:
ca:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:A5:65:F8:87:5D:A5:52:0E:86:86:9D:A7:22:59:FD:AE:42:80:06
X509v3 Authority Key Identifier:
keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/haVl-IddpVIOhoadpyJZ_a5CgAY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.27.0/24
86.107.44.0/23
86.107.198.0/23
89.33.41.0/24
89.35.124.0/23
89.46.33.0-89.46.34.255
92.114.7.0/24
109.235.112.0/21
185.98.5.0-185.98.7.255
185.100.64.0/23
185.100.67.0/24
185.111.104.0/22
185.113.132.0/24
185.113.134.0/23
185.121.80.0/22
185.125.89.0/24
185.129.48.0/22
188.241.216.0/23
IPv6:
2a06:940::/48
2a06:940:2::/48
2a06:942::/48
2a06:942:2::/48
Signature Algorithm: sha256WithRSAEncryption
cb:19:c4:3e:78:05:cc:93:d8:7b:73:25:a6:fa:2b:1d:99:a2:
6d:ee:f1:ea:e2:da:63:96:87:51:2e:71:38:7d:0f:3b:2b:32:
0e:cb:c3:bf:57:12:61:89:d7:6c:99:55:8c:f7:f6:cb:e3:08:
0c:d6:e3:24:82:5b:80:5c:11:b6:11:0e:f5:60:01:67:49:cf:
39:c7:51:6b:37:d2:59:33:90:40:24:a0:f1:70:1b:a6:09:5d:
79:22:de:1e:56:e6:88:3e:65:43:dc:8f:50:10:16:f1:9f:2e:
1b:31:2c:1d:44:c7:06:d7:52:46:8d:b0:f9:26:fa:57:ce:1b:
34:1c:5d:28:e7:d6:ac:83:cd:83:5d:83:43:ee:24:11:e1:7b:
d2:b3:44:c4:d8:d6:3b:e1:10:ad:b1:3b:3c:79:dd:1d:f4:b9:
ea:4e:31:f5:73:c3:a8:e2:15:26:c7:ed:a8:87:81:93:a4:9f:
f7:13:62:04:8a:10:84:f1:7b:8d:3b:a3:f2:4a:b7:39:9f:a0:
a6:03:56:24:91:ef:06:21:1f:03:f9:dc:15:0a:79:52:d8:bb:
af:b0:64:5d:da:2a:ae:ab:5b:0a:e0:a2:97:9a:37:be:6d:11:
67:52:a4:27:e6:ee:a0:b4:b5:d8:fc:36:ba:e5:f4:92:58:2b:
d5:39:fb:60
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZcLAhPqQqKrdNA7Y1CbFrpWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjUwNTI2MDUxMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWE1NjVmODg3NWRhNTUyMGU4Njg2OWRhNzIyNTlmZGFlNDI4MDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8HAXHrTH+3/ZJoHqwTCISgFpcnB
KLbNHK2hOnpm1iTnhheDYRfFT92EHLB3bkCrMGjIUBPk4FmJF9cTM5jSVZ4ekL63
2o53yDXL+NnJGZTdeyW0J3zdtoUe7VJ/IfZtkIRs4uPFKjSmbiiLHgy693Eg26Sv
6HA26Fa+Z5C+I4wtTD3Ixc+lffs3BvvebNOOJrf50hCzOMTGSjPBgY19TUjgO2/s
79bx3Hkh8qhXHSQz2UTZDNByA/rgkUXDqdrzFAlKnEQJd/pUTNgPV2/VBOSpLd7Z
/m1uMnUcUBRz6VxVQWmKC/rq/vyquVzsn5b//01XVB3/bt+DOa8lparKLwIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFIWlZfiHXaVSDoaGnaciWf2uQoAGMB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvaGFWbC1JZGRwVklPaG9hZHB5SlpfYTVDZ0FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHEBggrBgEFBQcBBwEB/wSBtDCBsTCBggQCAAEwfAMEAB8O
GwMEAVZrLAMEAVZrxgMEAFkhKQMEAVkjfDAMAwQAWS4hAwQAWS4iAwQAXHIHAwQD
betwMAwDBAC5YgUDBAO5YgADBAG5ZEADBAC5ZEMDBAK5b2gDBAC5cYQDBAG5cYYD
BAK5eVADBAC5fVkDBAK5gTADBAG88dgwKgQCAAIwJAMHACoGCUAAAAMHACoGCUAA
AgMHACoGCUIAAAMHACoGCUIAAjANBgkqhkiG9w0BAQsFAAOCAQEAyxnEPngFzJPY
e3MlpvorHZmibe7x6uLaY5aHUS5xOH0POysyDsvDv1cSYYnXbJlVjPf2y+MIDNbj
JIJbgFwRthEO9WABZ0nPOcdRazfSWTOQQCSg8XAbpgldeSLeHlbmiD5lQ9yPUBAW
8Z8uGzEsHUTHBtdSRo2w+Sb6V84bNBxdKOfWrIPNg12DQ+4kEeF70rNExNjWO+EQ
rbE7PHndHfS56k4x9XPDqOIVJsftqIeBk6Sf9xNiBIoQhPF7jTuj8kq3OZ+gpgNW
JJHvBiEfA/ncFQp5Uti7r7BkXdoqrqtbCuCil5o3vm0RZ1KkJ+buoLS12Pw2uuX0
klgr1Tn7YA==
-----END CERTIFICATE-----
Generated at Sun Jun 8 00:10:09 2025 by rpki-client