Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/HlHW7XBX8ZvIde3YcV5P6ReshMk.roa
File: HlHW7XBX8ZvIde3YcV5P6ReshMk.roa (raw, json)
Hash identifier: 6qh5uJT+VrASAo+GezCNr4MsU+LUfxw3LvGNNOPJtbA=
Subject key identifier: 1E:51:D6:ED:70:57:F1:9B:C8:75:ED:D8:71:5E:4F:E9:17:AC:84:C9
Certificate issuer: /CN=6401adedbc9c8f1c6cf2389fc7f741edf4f19f2c
Certificate serial: 019734622BC64146765EE4D22D60AF3E124D
Authority key identifier: 64:01:AD:ED:BC:9C:8F:1C:6C:F2:38:9F:C7:F7:41:ED:F4:F1:9F:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZAGt7bycjxxs8jifx_dB7fTxnyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/HlHW7XBX8ZvIde3YcV5P6ReshMk.roa
Signing time: Tue 03 Jun 2025 06:02:18 +0000
ROA not before: Tue 03 Jun 2025 06:02:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208666
IP address blocks: 31.193.185.0/24 maxlen: 24
83.229.2.0/24 maxlen: 24
147.236.164.0/24 maxlen: 24
147.236.165.0/24 maxlen: 24
213.255.192.0/24 maxlen: 24
216.150.30.0/23 maxlen: 23
216.150.30.0/24 maxlen: 24
216.150.31.0/24 maxlen: 24
2a09:b300::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/ZAGt7bycjxxs8jifx_dB7fTxnyw.crl
rsync://rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/ZAGt7bycjxxs8jifx_dB7fTxnyw.mft
rsync://rpki.ripe.net/repository/DEFAULT/ZAGt7bycjxxs8jifx_dB7fTxnyw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 10 Jun 2025 02:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:34:62:2b:c6:41:46:76:5e:e4:d2:2d:60:af:3e:12:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6401adedbc9c8f1c6cf2389fc7f741edf4f19f2c
Validity
Not Before: Jun 3 06:02:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1e51d6ed7057f19bc875edd8715e4fe917ac84c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:38:f8:9a:db:c6:96:b7:67:54:16:9c:93:fa:
90:f2:9a:5d:27:c6:24:d7:4d:f1:2f:69:ac:24:0b:
81:cf:f4:55:16:27:20:f0:fc:ce:0d:1c:67:8f:06:
30:0f:e9:9c:32:4f:3a:34:46:9f:53:4f:6a:78:bb:
fd:c9:2c:a4:89:19:50:f1:2d:31:50:ab:8a:16:57:
de:8c:2d:48:ee:30:ef:ae:89:64:86:76:17:5e:a1:
a5:3d:45:60:1f:ae:e3:6a:00:a0:aa:4c:d6:07:40:
1b:b7:66:09:d5:d0:29:5a:34:4b:a4:73:7f:70:98:
78:13:b9:25:dd:2e:dd:0f:2c:2c:2c:5f:d9:e5:d4:
36:fc:68:95:f5:d8:45:de:9f:ca:d3:bf:45:b1:24:
e7:25:4a:2b:5c:ee:9e:91:54:19:4d:52:0f:9c:e4:
d3:6b:00:6a:e7:ea:a1:1d:f1:85:44:5b:61:48:9e:
9c:86:58:e6:95:1e:0d:24:81:d6:c0:2a:ff:13:1c:
50:5d:3c:0d:68:0b:04:7a:dc:6f:8b:33:e5:cb:c7:
cc:3c:03:df:7e:0e:e2:84:35:41:90:09:f0:80:fc:
90:4f:51:1e:33:fc:00:1a:8c:9d:0d:2e:48:c1:63:
c8:30:06:20:c5:97:f0:01:77:24:99:6d:df:2d:24:
d7:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:51:D6:ED:70:57:F1:9B:C8:75:ED:D8:71:5E:4F:E9:17:AC:84:C9
X509v3 Authority Key Identifier:
keyid:64:01:AD:ED:BC:9C:8F:1C:6C:F2:38:9F:C7:F7:41:ED:F4:F1:9F:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZAGt7bycjxxs8jifx_dB7fTxnyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/HlHW7XBX8ZvIde3YcV5P6ReshMk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/98c860-5298-4846-beaa-356c096bc6f9/1/ZAGt7bycjxxs8jifx_dB7fTxnyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.193.185.0/24
83.229.2.0/24
147.236.164.0/23
213.255.192.0/24
216.150.30.0/23
IPv6:
2a09:b300::/29
Signature Algorithm: sha256WithRSAEncryption
38:9d:23:55:d5:7d:63:74:5c:c2:49:50:7a:eb:f9:d8:d4:ca:
bc:56:cf:21:98:f8:8e:b3:4c:7a:61:bf:e1:80:b0:92:83:4f:
4b:90:11:11:46:6b:37:9c:6e:6e:72:ad:a2:b4:15:f5:59:dc:
76:ec:be:01:23:9d:43:77:7f:03:28:00:36:44:93:e3:fc:43:
68:fa:9c:34:35:b9:cc:a2:f5:27:c7:0e:33:3a:a8:be:a9:39:
cd:81:fa:14:4d:e9:cf:c1:26:4c:1e:f5:62:a6:71:d0:03:b9:
4d:1a:9b:97:e4:cc:b9:85:63:da:47:1d:c3:77:bb:31:7f:96:
7f:a2:bf:54:e1:49:58:df:a3:70:73:53:0b:4a:96:fb:da:0c:
e3:dc:9e:a4:cd:71:c5:2e:88:eb:9d:51:17:af:ae:cb:b6:0c:
bc:91:27:b6:aa:96:f6:d2:1e:c8:c6:a7:1c:d4:8e:ec:59:56:
1b:22:fc:b1:8f:14:f0:65:44:5a:60:0e:1c:1a:70:17:fe:75:
5b:23:66:8f:db:47:e5:6d:27:9b:be:8a:c4:39:83:28:b1:34:
b5:3b:a4:cf:dc:8f:8f:b6:24:bd:36:19:c5:f9:e9:da:a0:e0:
8e:58:cc:3b:62:99:b5:cf:31:cb:72:0c:a4:9c:46:48:35:20:
47:69:3e:44
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZc0YivGQUZ2XuTSLWCvPhJNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MDFhZGVkYmM5YzhmMWM2Y2YyMzg5ZmM3Zjc0MWVkZjRm
MTlmMmMwHhcNMjUwNjAzMDYwMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTUxZDZlZDcwNTdmMTliYzg3NWVkZDg3MTVlNGZlOTE3YWM4NGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTj4mtvGlrdnVBack/qQ8ppdJ8Yk
103xL2msJAuBz/RVFicg8PzODRxnjwYwD+mcMk86NEafU09qeLv9ySykiRlQ8S0x
UKuKFlfejC1I7jDvrolkhnYXXqGlPUVgH67jagCgqkzWB0Abt2YJ1dApWjRLpHN/
cJh4E7kl3S7dDywsLF/Z5dQ2/GiV9dhF3p/K079FsSTnJUorXO6ekVQZTVIPnOTT
awBq5+qhHfGFRFthSJ6chljmlR4NJIHWwCr/ExxQXTwNaAsEetxvizPly8fMPAPf
fg7ihDVBkAnwgPyQT1EeM/wAGoydDS5IwWPIMAYgxZfwAXckmW3fLSTXBQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFB5R1u1wV/GbyHXt2HFeT+kXrITJMB8GA1UdIwQY
MBaAFGQBre28nI8cbPI4n8f3Qe308Z8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkFHdDdieWNqeHhzOGppZnhfZEI3ZlR4bnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS85OGM4NjAtNTI5OC00ODQ2LWJlYWEt
MzU2YzA5NmJjNmY5LzEvSGxIVzdYQlg4WnZJZGUzWWNWNVA2UmVzaE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS85OGM4NjAtNTI5OC00ODQ2LWJlYWEtMzU2YzA5NmJjNmY5
LzEvWkFHdDdieWNqeHhzOGppZnhfZEI3ZlR4bnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAH8G5AwQA
U+UCAwQBk+ykAwQA1f/AAwQB2JYeMA0EAgACMAcDBQMqCbMAMA0GCSqGSIb3DQEB
CwUAA4IBAQA4nSNV1X1jdFzCSVB66/nY1Mq8Vs8hmPiOs0x6Yb/hgLCSg09LkBER
Rms3nG5ucq2itBX1Wdx27L4BI51Dd38DKAA2RJPj/ENo+pw0NbnMovUnxw4zOqi+
qTnNgfoUTenPwSZMHvVipnHQA7lNGpuX5My5hWPaRx3Dd7sxf5Z/or9U4UlY36Nw
c1MLSpb72gzj3J6kzXHFLojrnVEXr67Ltgy8kSe2qpb20h7Ixqcc1I7sWVYbIvyx
jxTwZURaYA4cGnAX/nVbI2aP20flbSebvorEOYMosTS1O6TP3I+PtiS9NhnF+ena
oOCOWMw7Ypm1zzHLcgyknEZINSBHaT5E
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:33:51 2025 by rpki-client