Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/h-R5SrdfAe7rN8zMOqkX0BtsnJ4.roa
File: h-R5SrdfAe7rN8zMOqkX0BtsnJ4.roa (raw, json)
Hash identifier: 3D3z76pesB4+PkPGfBCrb/veNRexeyxDAf3xN4YJwnQ=
Subject key identifier: 87:E4:79:4A:B7:5F:01:EE:EB:37:CC:CC:3A:A9:17:D0:1B:6C:9C:9E
Certificate issuer: /CN=29ad8bfe07ad5d2ccb43b0d1dba6b192cb51dbea
Certificate serial: 0194266C0FB23E21FEF5CB91BDEDFB8F3598
Authority key identifier: 29:AD:8B:FE:07:AD:5D:2C:CB:43:B0:D1:DB:A6:B1:92:CB:51:DB:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ka2L_getXSzLQ7DR26axkstR2-o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/h-R5SrdfAe7rN8zMOqkX0BtsnJ4.roa
Signing time: Thu 02 Jan 2025 09:50:03 +0000
ROA not before: Thu 02 Jan 2025 09:50:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 63949
IP address blocks: 80.85.84.0/22 maxlen: 24
85.90.244.0/22 maxlen: 24
85.159.208.0/21 maxlen: 24
88.80.184.0/21 maxlen: 24
109.74.192.0/20 maxlen: 24
109.237.24.0/22 maxlen: 24
151.236.216.0/21 maxlen: 24
176.58.96.0/19 maxlen: 24
178.79.128.0/18 maxlen: 24
185.3.92.0/22 maxlen: 24
192.46.208.0/21 maxlen: 24
192.46.216.0/22 maxlen: 24
192.46.220.0/23 maxlen: 24
192.46.222.0/23 maxlen: 24
192.46.224.0/21 maxlen: 24
192.46.232.0/21 maxlen: 24
192.53.112.0/21 maxlen: 24
192.53.120.0/22 maxlen: 24
192.53.124.0/22 maxlen: 24
192.53.160.0/21 maxlen: 24
192.53.168.0/23 maxlen: 24
192.53.170.0/23 maxlen: 24
192.53.172.0/22 maxlen: 24
194.195.112.0/21 maxlen: 24
194.195.120.0/21 maxlen: 24
194.195.208.0/21 maxlen: 24
194.195.216.0/21 maxlen: 24
194.195.240.0/21 maxlen: 24
194.195.248.0/21 maxlen: 24
194.233.160.0/21 maxlen: 24
194.233.168.0/21 maxlen: 24
194.233.176.0/21 maxlen: 24
194.233.184.0/21 maxlen: 24
212.71.232.0/21 maxlen: 24
212.71.244.0/22 maxlen: 24
212.71.248.0/21 maxlen: 24
212.111.40.0/22 maxlen: 24
213.52.128.0/22 maxlen: 24
213.168.248.0/22 maxlen: 24
213.219.36.0/22 maxlen: 24
2a01:7e00::/32 maxlen: 48
2a01:7e01::/32 maxlen: 48
2a01:7e02::/32 maxlen: 48
2a01:7e03::/32 maxlen: 48
2a01:7e04::/32 maxlen: 48
2a01:7e05::/32 maxlen: 48
2a01:7e06::/32 maxlen: 48
2a01:7e07::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/Ka2L_getXSzLQ7DR26axkstR2-o.crl
rsync://rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/Ka2L_getXSzLQ7DR26axkstR2-o.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ka2L_getXSzLQ7DR26axkstR2-o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 16:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6c:0f:b2:3e:21:fe:f5:cb:91:bd:ed:fb:8f:35:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29ad8bfe07ad5d2ccb43b0d1dba6b192cb51dbea
Validity
Not Before: Jan 2 09:50:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=87e4794ab75f01eeeb37cccc3aa917d01b6c9c9e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:f8:c0:8d:c1:ef:ab:0e:7f:43:f0:90:74:40:
73:c3:28:74:36:ba:a6:be:7b:e1:8a:df:9c:ed:3d:
ad:0e:d0:b1:23:71:12:00:1a:ef:66:af:cd:80:5d:
eb:01:bf:08:06:fe:af:de:0e:86:ce:cc:31:3f:03:
0c:e1:3d:13:3e:60:3d:19:a2:e7:fe:c3:c7:fe:39:
4e:76:41:16:31:0a:74:27:e7:2e:63:e0:1e:63:7a:
d3:7f:6c:70:4b:db:3a:fa:db:66:1b:9b:e3:b7:c0:
92:ba:48:3a:9b:3b:73:51:7c:b7:57:74:24:ce:f2:
20:22:f1:f0:80:ec:d3:20:c4:35:c5:a5:96:32:4b:
50:d3:5b:a2:97:6d:ca:4e:dc:35:b6:d5:98:82:6d:
b5:bb:81:26:68:14:00:ce:dd:62:89:ab:79:e4:b6:
23:83:02:75:a5:12:c7:ed:f6:d6:ef:7b:a8:f4:5b:
6b:11:ee:b1:2c:b9:29:86:f9:8d:fb:b6:c2:9f:1b:
76:7a:45:a9:fb:a9:40:d3:b8:e2:59:68:81:86:36:
69:f7:2b:b2:95:d0:c9:34:4b:35:00:98:69:04:e1:
f2:8f:b4:29:35:8b:c0:1c:bb:99:e4:36:6e:21:5a:
a3:1f:25:a0:ed:b9:57:ab:99:fe:74:d1:b7:b2:20:
80:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:E4:79:4A:B7:5F:01:EE:EB:37:CC:CC:3A:A9:17:D0:1B:6C:9C:9E
X509v3 Authority Key Identifier:
keyid:29:AD:8B:FE:07:AD:5D:2C:CB:43:B0:D1:DB:A6:B1:92:CB:51:DB:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ka2L_getXSzLQ7DR26axkstR2-o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/h-R5SrdfAe7rN8zMOqkX0BtsnJ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/Ka2L_getXSzLQ7DR26axkstR2-o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.85.84.0/22
85.90.244.0/22
85.159.208.0/21
88.80.184.0/21
109.74.192.0/20
109.237.24.0/22
151.236.216.0/21
176.58.96.0/19
178.79.128.0/18
185.3.92.0/22
192.46.208.0-192.46.239.255
192.53.112.0/20
192.53.160.0/20
194.195.112.0/20
194.195.208.0/20
194.195.240.0/20
194.233.160.0/19
212.71.232.0/21
212.71.244.0-212.71.255.255
212.111.40.0/22
213.52.128.0/22
213.168.248.0/22
213.219.36.0/22
IPv6:
2a01:7e00::/29
Signature Algorithm: sha256WithRSAEncryption
61:e7:80:35:8d:b8:23:8b:62:3a:15:e5:25:be:6a:e3:0f:a9:
bc:ae:17:f6:a3:62:64:37:90:9f:7a:c1:04:16:15:58:3f:6d:
2b:fc:ec:98:64:2c:3c:22:da:33:2a:54:07:63:21:26:10:0a:
dd:69:17:75:bf:d3:76:fc:47:c5:5e:9a:97:96:b0:05:7f:0c:
56:d0:b4:56:90:ad:c6:84:8a:44:ad:3b:88:28:55:3f:c0:e2:
0e:ea:04:29:b7:e0:d8:9b:ad:03:b6:e1:7e:78:60:fd:5e:45:
26:91:fe:bf:83:51:9e:75:50:5f:12:63:d6:f1:ea:ae:3a:51:
d0:69:aa:38:64:49:b7:d6:46:8c:89:0d:a5:43:19:28:f5:37:
1e:10:db:8c:9d:14:fa:08:a7:40:66:c3:29:95:e8:1c:fb:7e:
2f:cc:af:7a:53:7f:3e:7a:c8:3d:8a:84:ba:1e:fc:ce:00:b7:
1a:c1:0a:6a:b6:df:fa:a2:4b:65:6c:6d:b5:18:2a:e3:07:73:
11:23:c7:d6:99:b7:11:f5:f9:9e:b3:fb:35:49:eb:e4:0a:53:
3f:c0:84:4c:da:d5:60:f4:de:4f:f4:e7:43:a8:7e:60:e5:3d:
9c:55:97:d3:08:1d:cf:3f:23:12:5c:07:2d:e1:53:5b:b6:1b:
3f:a2:29:0b
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAZQmbA+yPiH+9cuRve37jzWYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YWQ4YmZlMDdhZDVkMmNjYjQzYjBkMWRiYTZiMTkyY2I1
MWRiZWEwHhcNMjUwMTAyMDk1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2U0Nzk0YWI3NWYwMWVlZWIzN2NjY2MzYWE5MTdkMDFiNmM5YzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3fjAjcHvqw5/Q/CQdEBzwyh0Nrqm
vnvhit+c7T2tDtCxI3ESABrvZq/NgF3rAb8IBv6v3g6GzswxPwMM4T0TPmA9GaLn
/sPH/jlOdkEWMQp0J+cuY+AeY3rTf2xwS9s6+ttmG5vjt8CSukg6mztzUXy3V3Qk
zvIgIvHwgOzTIMQ1xaWWMktQ01uil23KTtw1ttWYgm21u4EmaBQAzt1iiat55LYj
gwJ1pRLH7fbW73uo9FtrEe6xLLkphvmN+7bCnxt2ekWp+6lA07jiWWiBhjZp9yuy
ldDJNEs1AJhpBOHyj7QpNYvAHLuZ5DZuIVqjHyWg7blXq5n+dNG3siCAPQIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFIfkeUq3XwHu6zfMzDqpF9AbbJyeMB8GA1UdIwQY
MBaAFCmti/4HrV0sy0Ow0dumsZLLUdvqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2EyTF9nZXRYU3pMUTdEUjI2YXhrc3RSMi1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yMzVkMjYtNzA5NC00ZmViLTljYTkt
Mzc4NDk5Mzk4ZjE4LzEvaC1SNVNyZGZBZTdyTjh6TU9xa1gwQnRzbko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8yMzVkMjYtNzA5NC00ZmViLTljYTktMzc4NDk5Mzk4ZjE4
LzEvS2EyTF9nZXRYU3pMUTdEUjI2YXhrc3RSMi1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBoAQCAAEwgZkDBAJQ
VVQDBAJVWvQDBANVn9ADBANYULgDBARtSsADBAJt7RgDBAOX7NgDBAWwOmADBAay
T4ADBAK5A1wwDAMEBMAu0AMEBMAu4AMEBMA1cAMEBMA1oAMEBMLDcAMEBMLD0AME
BMLD8AMEBcLpoAMEA9RH6DALAwQC1Ef0AwMD1EADBALUbygDBALVNIADBALVqPgD
BALV2yQwDQQCAAIwBwMFAyoBfgAwDQYJKoZIhvcNAQELBQADggEBAGHngDWNuCOL
YjoV5SW+auMPqbyuF/ajYmQ3kJ96wQQWFVg/bSv87JhkLDwi2jMqVAdjISYQCt1p
F3W/03b8R8VempeWsAV/DFbQtFaQrcaEikStO4goVT/A4g7qBCm34NibrQO24X54
YP1eRSaR/r+DUZ51UF8SY9bx6q46UdBpqjhkSbfWRoyJDaVDGSj1Nx4Q24ydFPoI
p0BmwymV6Bz7fi/Mr3pTfz56yD2KhLoe/M4AtxrBCmq23/qiS2VsbbUYKuMHcxEj
x9aZtxH1+Z6z+zVJ6+QKUz/AhEza1WD03k/050OofmDlPZxVl9MIHc8/IxJcBy3h
U1u2Gz+iKQs=
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:56:27 2025 by rpki-client