Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/htFOW-XmMj7BJ2xxKH9ZbScjuDI.roa
File: htFOW-XmMj7BJ2xxKH9ZbScjuDI.roa (raw, json)
Hash identifier: ZFm0jPOe+3zqTIFKKKMxNVBgV6Bxc3rfyAc3cKcGfos=
Subject key identifier: 86:D1:4E:5B:E5:E6:32:3E:C1:27:6C:71:28:7F:59:6D:27:23:B8:32
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 019423D72AC1D30AB108C1D7020AB9789C58
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/htFOW-XmMj7BJ2xxKH9ZbScjuDI.roa
Signing time: Wed 01 Jan 2025 21:48:11 +0000
ROA not before: Wed 01 Jan 2025 21:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211443
IP address blocks: 91.217.77.0/24 maxlen: 24
192.162.100.0/24 maxlen: 24
192.162.101.0/24 maxlen: 24
192.162.102.0/24 maxlen: 24
192.162.103.0/24 maxlen: 24
193.0.200.0/24 maxlen: 24
193.0.203.0/24 maxlen: 24
193.168.226.0/24 maxlen: 24
194.63.140.0/24 maxlen: 24
194.63.141.0/24 maxlen: 24
194.63.142.0/24 maxlen: 24
194.63.143.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:2a:c1:d3:0a:b1:08:c1:d7:02:0a:b9:78:9c:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Jan 1 21:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=86d14e5be5e6323ec1276c71287f596d2723b832
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:60:e4:9c:c4:91:1f:c5:35:c6:72:2b:35:1c:
e9:45:96:e6:5a:31:4c:e5:2c:c4:ad:e6:cd:5e:ea:
52:bb:a1:e7:cb:8d:65:43:77:05:76:7f:2f:36:50:
ac:ef:8f:ae:46:75:a7:12:3c:24:19:8e:b8:8b:da:
48:4b:8d:ee:9b:b7:25:b2:6c:b7:55:da:a2:5a:58:
f4:ce:58:a8:44:57:d8:bc:a2:bc:04:8a:25:70:75:
73:d2:3d:f5:68:e6:ce:27:2c:36:b6:a0:91:49:7e:
03:d3:28:5f:64:12:89:ba:24:9a:cd:a1:5b:8e:4e:
3a:35:51:98:91:9a:86:93:22:d8:97:b3:73:56:9e:
53:36:71:59:c0:c0:af:9b:0a:e5:85:ab:29:46:6f:
03:6f:59:32:5c:32:95:3e:c6:32:21:a7:f9:5f:75:
d4:4a:b3:37:c1:c2:bf:94:8c:2e:b4:9a:02:5c:3d:
9b:5b:3a:95:37:dc:57:02:23:ab:38:6e:2d:a4:5c:
3f:d9:2b:ed:d4:e0:ef:2f:a4:1a:7e:ca:d1:69:05:
13:7e:ca:02:7a:29:ae:75:32:62:db:07:ab:88:82:
a8:fa:3f:bb:36:5f:26:4d:7f:f8:4a:44:e6:a4:fe:
58:fa:5f:f2:8f:ca:e0:55:c5:30:6a:5b:ee:47:c1:
83:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:D1:4E:5B:E5:E6:32:3E:C1:27:6C:71:28:7F:59:6D:27:23:B8:32
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/htFOW-XmMj7BJ2xxKH9ZbScjuDI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.217.77.0/24
192.162.100.0/22
193.0.200.0/24
193.0.203.0/24
193.168.226.0/24
194.63.140.0/22
Signature Algorithm: sha256WithRSAEncryption
9d:bd:b5:df:22:c6:cb:0d:04:8c:69:42:0e:61:20:a5:54:18:
30:18:73:30:86:1b:76:03:30:cb:94:53:0d:49:3d:0d:ba:9c:
3c:55:93:a8:91:00:4d:58:80:03:40:33:77:07:3a:3b:6d:f4:
51:17:38:9f:b5:14:2c:af:27:62:90:43:98:e7:74:c7:d6:40:
df:01:81:55:6a:9d:66:a2:11:a2:0e:e7:6b:d5:68:de:0d:c9:
01:1f:7e:c1:73:67:f2:76:ec:c6:57:96:4b:d3:75:84:19:50:
20:26:89:77:fd:1a:e4:9a:b4:39:d6:17:6b:16:6c:70:5f:af:
94:68:78:7e:4a:6d:44:5c:18:96:d3:2e:13:07:7a:6e:4f:27:
ec:ce:80:27:53:a6:0d:f5:f2:21:dc:ac:11:9f:b4:a3:5a:dd:
84:1f:27:12:58:ac:77:23:a8:fa:04:bb:41:d2:66:2b:74:e7:
5f:72:d1:d7:1a:94:6b:a9:d8:8b:ee:14:c4:be:f5:e2:d2:74:
eb:fa:7f:77:40:43:c6:79:8d:6b:9c:f8:00:72:0b:99:8e:ec:
71:00:21:e0:a5:3a:76:f5:1a:8d:c3:06:3c:bd:92:70:40:b8:
00:49:3d:04:b6:81:e9:5c:ce:ff:60:29:e0:77:97:47:f2:46:
c6:24:b3:62
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQj1yrB0wqxCMHXAgq5eJxYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmQxNGU1YmU1ZTYzMjNlYzEyNzZjNzEyODdmNTk2ZDI3MjNiODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWDknMSRH8U1xnIrNRzpRZbmWjFM
5SzErebNXupSu6Hny41lQ3cFdn8vNlCs74+uRnWnEjwkGY64i9pIS43um7clsmy3
VdqiWlj0zlioRFfYvKK8BIolcHVz0j31aObOJyw2tqCRSX4D0yhfZBKJuiSazaFb
jk46NVGYkZqGkyLYl7NzVp5TNnFZwMCvmwrlhaspRm8Db1kyXDKVPsYyIaf5X3XU
SrM3wcK/lIwutJoCXD2bWzqVN9xXAiOrOG4tpFw/2Svt1ODvL6QafsrRaQUTfsoC
eimudTJi2weriIKo+j+7Nl8mTX/4SkTmpP5Y+l/yj8rgVcUwalvuR8GD2wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIbRTlvl5jI+wSdscSh/WW0nI7gyMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvaHRGT1ctWG1NajdCSjJ4eEtIOVpiU2NqdURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAW9lNAwQC
wKJkAwQAwQDIAwQAwQDLAwQAwajiAwQCwj+MMA0GCSqGSIb3DQEBCwUAA4IBAQCd
vbXfIsbLDQSMaUIOYSClVBgwGHMwhht2AzDLlFMNST0Nupw8VZOokQBNWIADQDN3
Bzo7bfRRFziftRQsrydikEOY53TH1kDfAYFVap1mohGiDudr1WjeDckBH37Bc2fy
duzGV5ZL03WEGVAgJol3/RrkmrQ51hdrFmxwX6+UaHh+Sm1EXBiW0y4TB3puTyfs
zoAnU6YN9fIh3KwRn7SjWt2EHycSWKx3I6j6BLtB0mYrdOdfctHXGpRrqdiL7hTE
vvXi0nTr+n93QEPGeY1rnPgAcguZjuxxACHgpTp29RqNwwY8vZJwQLgAST0EtoHp
XM7/YCngd5dH8kbGJLNi
-----END CERTIFICATE-----
Generated at Wed Feb 19 20:33:03 2025 by rpki-client