Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/htFXYL1G4eCbcC3mPYaIkosKB6Q.roa
File: htFXYL1G4eCbcC3mPYaIkosKB6Q.roa (raw, json)
Hash identifier: oJWFKr4H9EjNjtC5DQyq80O2d4aINMVPyWSnIqkyv3g=
Subject key identifier: 86:D1:57:60:BD:46:E1:E0:9B:70:2D:E6:3D:86:88:92:8B:0A:07:A4
Certificate issuer: /CN=896ed6e4b5c7c19db98c57432af4dcf630bf60ae
Certificate serial: 019425FC5E90B1CAA35206C896D9E404B0E5
Authority key identifier: 89:6E:D6:E4:B5:C7:C1:9D:B9:8C:57:43:2A:F4:DC:F6:30:BF:60:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/htFXYL1G4eCbcC3mPYaIkosKB6Q.roa
Signing time: Thu 02 Jan 2025 07:48:03 +0000
ROA not before: Thu 02 Jan 2025 07:48:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50710
IP address blocks: 109.224.0.0/18 maxlen: 18
109.224.0.0/21 maxlen: 21
109.224.1.0/24 maxlen: 24
109.224.2.0/23 maxlen: 23
109.224.4.0/22 maxlen: 22
109.224.8.0/21 maxlen: 21
109.224.8.0/22 maxlen: 22
109.224.12.0/23 maxlen: 23
109.224.12.0/24 maxlen: 24
109.224.13.0/24 maxlen: 24
109.224.14.0/23 maxlen: 23
109.224.14.0/24 maxlen: 24
109.224.15.0/24 maxlen: 24
109.224.16.0/22 maxlen: 22
109.224.20.0/22 maxlen: 22
109.224.24.0/22 maxlen: 22
109.224.28.0/24 maxlen: 24
109.224.29.0/24 maxlen: 24
109.224.30.0/23 maxlen: 23
109.224.32.0/22 maxlen: 22
109.224.32.0/24 maxlen: 24
109.224.36.0/22 maxlen: 22
109.224.40.0/21 maxlen: 21
109.224.40.0/24 maxlen: 24
109.224.41.0/24 maxlen: 24
109.224.42.0/23 maxlen: 23
109.224.42.0/24 maxlen: 24
109.224.43.0/24 maxlen: 24
109.224.44.0/22 maxlen: 22
109.224.44.0/24 maxlen: 24
109.224.45.0/24 maxlen: 24
109.224.46.0/24 maxlen: 24
109.224.47.0/24 maxlen: 24
109.224.48.0/21 maxlen: 21
109.224.48.0/22 maxlen: 22
109.224.52.0/22 maxlen: 22
109.224.56.0/21 maxlen: 21
109.224.56.0/22 maxlen: 22
109.224.60.0/22 maxlen: 22
185.118.96.0/22 maxlen: 22
185.118.96.0/24 maxlen: 24
185.141.9.0/24 maxlen: 24
185.141.10.0/24 maxlen: 24
185.141.11.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.crl
rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.mft
rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 03:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:5e:90:b1:ca:a3:52:06:c8:96:d9:e4:04:b0:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=896ed6e4b5c7c19db98c57432af4dcf630bf60ae
Validity
Not Before: Jan 2 07:48:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=86d15760bd46e1e09b702de63d8688928b0a07a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:bc:1b:63:97:f7:db:4a:56:a6:a1:0a:6c:9f:
dd:e5:83:54:0d:95:15:c9:a1:5f:0e:b6:e1:20:cf:
58:6f:66:f6:cc:b7:a4:eb:cd:45:bc:7f:a2:cc:01:
20:cc:74:c1:fa:11:d2:83:08:e6:61:38:09:a6:23:
61:08:a6:11:9d:df:c4:77:db:2b:e4:09:a8:91:e6:
60:ea:50:51:a6:7a:47:67:e7:3c:58:61:d0:a1:9c:
60:0f:b6:ca:f4:1a:dd:59:d9:50:af:1d:b5:c7:06:
01:9c:f0:d3:d9:71:96:7b:7b:c5:aa:ef:0e:d4:8c:
c9:f1:fe:d6:cc:0b:33:97:df:a6:72:a6:07:54:ca:
47:08:e8:49:c8:f0:ff:2d:f4:34:b9:f1:ef:62:93:
b9:6e:d4:91:66:8f:2e:9a:f6:33:5c:93:78:f0:41:
72:c7:a4:9c:ec:8b:18:80:01:87:31:c4:69:49:42:
80:66:e3:9e:13:1b:a2:19:83:46:fe:b0:35:2d:53:
73:76:d0:2a:8a:21:3a:03:c2:7c:32:d7:d3:8c:44:
41:1f:2c:9f:54:d7:04:70:bb:96:e5:02:a8:54:39:
4f:b0:69:a1:d6:d4:8a:56:e9:e1:ff:f0:db:dc:18:
95:50:72:2e:6b:f4:ec:9d:93:b3:35:e2:93:a4:5a:
bc:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:D1:57:60:BD:46:E1:E0:9B:70:2D:E6:3D:86:88:92:8B:0A:07:A4
X509v3 Authority Key Identifier:
keyid:89:6E:D6:E4:B5:C7:C1:9D:B9:8C:57:43:2A:F4:DC:F6:30:BF:60:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iW7W5LXHwZ25jFdDKvTc9jC_YK4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/htFXYL1G4eCbcC3mPYaIkosKB6Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/98/900444-dd40-4a04-a616-dc1ff6746d2e/1/iW7W5LXHwZ25jFdDKvTc9jC_YK4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.0.0/18
185.118.96.0/22
185.141.9.0-185.141.11.255
Signature Algorithm: sha256WithRSAEncryption
bf:a3:79:28:a7:24:b8:4b:15:c5:22:24:60:5f:e1:50:28:c8:
27:ee:27:01:fe:fe:a1:9a:32:d1:dd:6c:87:ef:de:c6:6c:5e:
c0:2d:84:2e:e7:68:67:1b:6b:2e:d7:0e:f5:31:f1:cc:35:d6:
7b:37:a3:eb:56:97:6a:e4:31:d1:39:9e:25:76:b3:cb:e2:95:
8c:de:02:9e:49:c3:f6:d9:67:4d:ba:88:f1:23:d2:ce:7d:2e:
3a:12:3d:8b:33:98:16:0b:09:e3:f2:91:50:d3:17:f2:b4:85:
0b:54:c2:e3:ee:0c:ea:f7:e2:5e:9a:45:74:05:33:f1:ff:c8:
42:e6:60:af:f6:27:72:b6:17:08:b7:5e:d4:02:6f:32:6e:e3:
a7:71:87:2b:08:b9:e5:5d:a4:fa:d8:a2:e1:36:9f:a0:b6:f0:
5a:a6:62:1c:a7:3a:79:e7:bc:61:81:4d:9d:19:cb:b0:bf:f1:
5a:f1:80:ec:9e:9d:2c:1b:d8:53:f1:93:09:a9:d2:fe:95:ff:
2f:c4:4b:fe:2e:45:3f:48:e6:5e:e3:d1:17:31:9c:8d:33:4b:
4f:ea:fa:07:66:42:32:21:18:38:b6:0d:98:73:3c:30:02:9d:
66:1f:3a:f5:89:f2:f2:42:4f:1b:00:16:dd:cb:a8:d8:e3:8f:
2d:cd:77:db
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQl/F6QscqjUgbIltnkBLDlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmVkNmU0YjVjN2MxOWRiOThjNTc0MzJhZjRkY2Y2MzBi
ZjYwYWUwHhcNMjUwMTAyMDc0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmQxNTc2MGJkNDZlMWUwOWI3MDJkZTYzZDg2ODg5MjhiMGEwN2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurwbY5f320pWpqEKbJ/d5YNUDZUV
yaFfDrbhIM9Yb2b2zLek681FvH+izAEgzHTB+hHSgwjmYTgJpiNhCKYRnd/Ed9sr
5AmokeZg6lBRpnpHZ+c8WGHQoZxgD7bK9BrdWdlQrx21xwYBnPDT2XGWe3vFqu8O
1IzJ8f7WzAszl9+mcqYHVMpHCOhJyPD/LfQ0ufHvYpO5btSRZo8umvYzXJN48EFy
x6Sc7IsYgAGHMcRpSUKAZuOeExuiGYNG/rA1LVNzdtAqiiE6A8J8MtfTjERBHyyf
VNcEcLuW5QKoVDlPsGmh1tSKVunh//Db3BiVUHIua/TsnZOzNeKTpFq8gQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIbRV2C9RuHgm3At5j2GiJKLCgekMB8GA1UdIwQY
MBaAFIlu1uS1x8GduYxXQyr03PYwv2CuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVc3VzVMWEh3WjI1akZkREt2VGM5akNfWUs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC85MDA0NDQtZGQ0MC00YTA0LWE2MTYt
ZGMxZmY2NzQ2ZDJlLzEvaHRGWFlMMUc0ZUNiY0MzbVBZYUlrb3NLQjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC85MDA0NDQtZGQ0MC00YTA0LWE2MTYtZGMxZmY2NzQ2ZDJl
LzEvaVc3VzVMWEh3WjI1akZkREt2VGM5akNfWUs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQGbeAAAwQC
uXZgMAwDBAC5jQkDBAK5jQgwDQYJKoZIhvcNAQELBQADggEBAL+jeSinJLhLFcUi
JGBf4VAoyCfuJwH+/qGaMtHdbIfv3sZsXsAthC7naGcbay7XDvUx8cw11ns3o+tW
l2rkMdE5niV2s8vilYzeAp5Jw/bZZ026iPEj0s59LjoSPYszmBYLCePykVDTF/K0
hQtUwuPuDOr34l6aRXQFM/H/yELmYK/2J3K2Fwi3XtQCbzJu46dxhysIueVdpPrY
ouE2n6C28FqmYhynOnnnvGGBTZ0Zy7C/8VrxgOyenSwb2FPxkwmp0v6V/y/ES/4u
RT9I5l7j0RcxnI0zS0/q+gdmQjIhGDi2DZhzPDACnWYfOvWJ8vJCTxsAFt3LqNjj
jy3Nd9s=
-----END CERTIFICATE-----
Generated at Sun Apr 13 10:10:10 2025 by rpki-client