Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/hYxEeDcN-ZCvWfxbhWHRTnBKx5w.roa
File: hYxEeDcN-ZCvWfxbhWHRTnBKx5w.roa (raw, json)
Hash identifier: abkpNh2rbEaJURGIshnWIsN6jClRtBNny3ctzSY8Z2Q=
Subject key identifier: 85:8C:44:78:37:0D:F9:90:AF:59:FC:5B:85:61:D1:4E:70:4A:C7:9C
Certificate issuer: /CN=89b5fad18dd9110413a31b4d8e18765a27d4c3f1
Certificate serial: 01967BDB959F0427D1F6B18A0BF2C7B65A63
Authority key identifier: 89:B5:FA:D1:8D:D9:11:04:13:A3:1B:4D:8E:18:76:5A:27:D4:C3:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ibX60Y3ZEQQToxtNjhh2WifUw_E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/hYxEeDcN-ZCvWfxbhWHRTnBKx5w.roa
Signing time: Mon 28 Apr 2025 10:05:10 +0000
ROA not before: Mon 28 Apr 2025 10:05:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8412
IP address blocks: 62.178.0.0/16 maxlen: 17
80.108.0.0/15 maxlen: 16
80.109.254.0/24 maxlen: 24
80.110.0.0/16 maxlen: 17
80.110.64.0/23 maxlen: 23
80.241.16.0/20 maxlen: 21
84.112.0.0/14 maxlen: 15
84.115.208.0/20 maxlen: 20
84.115.224.0/20 maxlen: 20
185.35.152.0/22 maxlen: 23
195.34.128.0/23 maxlen: 24
195.34.131.0/24 maxlen: 24
195.34.136.0/21 maxlen: 22
195.34.144.0/20 maxlen: 21
212.17.64.0/18 maxlen: 19
212.186.0.0/16 maxlen: 17
213.47.0.0/17 maxlen: 18
213.47.128.0/18 maxlen: 19
213.47.192.0/20 maxlen: 21
213.47.208.0/21 maxlen: 22
213.47.216.0/22 maxlen: 23
213.47.224.0/19 maxlen: 20
217.25.112.0/20 maxlen: 22
217.25.122.0/23 maxlen: 23
2a00:e360::/32 maxlen: 33
2a02:8380::/28 maxlen: 29
2a02:8380::/30 maxlen: 33
2a02:8383:1d::/48 maxlen: 48
2a02:8384::/31 maxlen: 32
2a02:8384:8000::/36 maxlen: 40
2a02:8388::/29 maxlen: 30
2a02:8388::/31 maxlen: 36
2a02:8389:c000::/36 maxlen: 36
2a02:838a::/41 maxlen: 44
2a02:838a:2000::/36 maxlen: 40
2a02:838c::/30 maxlen: 30
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/ibX60Y3ZEQQToxtNjhh2WifUw_E.crl
rsync://rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/ibX60Y3ZEQQToxtNjhh2WifUw_E.mft
rsync://rpki.ripe.net/repository/DEFAULT/ibX60Y3ZEQQToxtNjhh2WifUw_E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 29 Apr 2025 15:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7b:db:95:9f:04:27:d1:f6:b1:8a:0b:f2:c7:b6:5a:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=89b5fad18dd9110413a31b4d8e18765a27d4c3f1
Validity
Not Before: Apr 28 10:05:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=858c4478370df990af59fc5b8561d14e704ac79c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:f0:20:9d:ca:ea:e1:cb:6c:ba:d6:a4:29:2c:
f3:a3:ad:7c:eb:d0:b0:08:aa:cd:43:dd:ab:7e:07:
f9:e7:c0:25:72:63:00:70:59:13:b8:2c:82:fa:44:
83:fd:a5:fa:ad:26:42:e6:4a:f8:bb:71:e6:a1:47:
59:bd:6f:89:fc:5f:fb:29:4d:0f:d9:08:00:55:f7:
21:56:53:63:59:5e:8f:c5:8e:01:ed:2a:e1:f2:f9:
3e:b7:d9:42:a4:bb:b1:5e:3d:5e:5f:77:4a:75:89:
62:f9:26:07:3b:b0:97:69:b4:fa:33:1d:97:c1:53:
22:4e:a0:6f:93:8c:c6:4a:53:8b:5d:69:15:a7:34:
cf:48:9e:60:fa:30:e4:79:26:23:b7:ed:a2:2d:50:
d2:1e:13:f0:a9:3b:a0:0b:76:8b:8c:6f:c3:91:ec:
8d:69:74:be:47:6e:d6:01:28:70:73:04:44:6a:58:
87:b7:fd:67:4a:0a:29:b9:91:8b:29:9a:dc:cc:aa:
52:d5:1e:a4:7b:7c:70:34:c6:67:08:30:53:52:41:
5f:cd:93:d8:f5:b5:0d:13:14:23:bc:ff:a8:dd:41:
b8:c0:95:8b:a3:34:7b:1e:82:5a:f7:b5:ea:52:9a:
f3:0f:f4:df:52:70:7f:4e:6f:2a:6c:ee:e7:a1:ae:
db:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:8C:44:78:37:0D:F9:90:AF:59:FC:5B:85:61:D1:4E:70:4A:C7:9C
X509v3 Authority Key Identifier:
keyid:89:B5:FA:D1:8D:D9:11:04:13:A3:1B:4D:8E:18:76:5A:27:D4:C3:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ibX60Y3ZEQQToxtNjhh2WifUw_E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/hYxEeDcN-ZCvWfxbhWHRTnBKx5w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/ibX60Y3ZEQQToxtNjhh2WifUw_E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.178.0.0/16
80.108.0.0-80.110.255.255
80.241.16.0/20
84.112.0.0/14
185.35.152.0/22
195.34.128.0/23
195.34.131.0/24
195.34.136.0-195.34.159.255
212.17.64.0/18
212.186.0.0/16
213.47.0.0-213.47.219.255
213.47.224.0/19
217.25.112.0/20
IPv6:
2a00:e360::/32
2a02:8380::/28
Signature Algorithm: sha256WithRSAEncryption
5f:15:63:7f:74:3f:d1:97:70:76:29:fe:fd:d3:70:90:f7:98:
d3:d6:b1:fe:c5:ce:97:71:29:a2:a0:d8:77:c5:a9:f7:f7:35:
07:8e:0c:09:a7:13:2f:9e:8f:57:ed:0b:15:9a:0e:d3:0d:9d:
c9:1c:80:54:23:dd:ba:93:1b:86:be:1d:67:1f:d3:17:e4:02:
93:8e:a0:16:81:6e:22:cb:94:b8:f8:4e:de:bc:de:26:40:c5:
5b:59:eb:35:06:1e:bc:b1:4a:ad:4b:18:8c:e5:f7:b4:f1:4e:
28:67:8a:ef:be:59:e3:bf:0b:aa:ed:b7:f8:c1:58:c1:af:b0:
84:cf:22:ae:94:f4:bc:b5:ac:2c:bb:df:26:20:a8:04:e4:b9:
5f:33:38:67:f9:91:92:7b:7c:17:81:ee:27:22:6b:c5:95:43:
f3:9c:ae:56:42:08:36:58:dc:7e:3c:99:40:e2:ed:b4:02:27:
75:17:1b:7f:07:fd:6a:d5:cd:4b:ba:63:8e:b0:0e:73:03:25:
f1:66:a8:8e:f4:a2:93:26:3c:82:9c:77:91:c6:20:d6:ba:c1:
89:ca:38:be:4d:73:d0:ad:68:1c:1c:29:d1:6b:ef:97:22:12:
84:11:8b:1e:e8:04:48:d9:52:93:09:e2:29:48:0c:93:9d:03:
3a:c4:ed:a4
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAZZ725WfBCfR9rGKC/LHtlpjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YjVmYWQxOGRkOTExMDQxM2EzMWI0ZDhlMTg3NjVhMjdk
NGMzZjEwHhcNMjUwNDI4MTAwNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NThjNDQ3ODM3MGRmOTkwYWY1OWZjNWI4NTYxZDE0ZTcwNGFjNzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvAgncrq4ctsutakKSzzo61869Cw
CKrNQ92rfgf558AlcmMAcFkTuCyC+kSD/aX6rSZC5kr4u3HmoUdZvW+J/F/7KU0P
2QgAVfchVlNjWV6PxY4B7Srh8vk+t9lCpLuxXj1eX3dKdYli+SYHO7CXabT6Mx2X
wVMiTqBvk4zGSlOLXWkVpzTPSJ5g+jDkeSYjt+2iLVDSHhPwqTugC3aLjG/DkeyN
aXS+R27WAShwcwREaliHt/1nSgopuZGLKZrczKpS1R6ke3xwNMZnCDBTUkFfzZPY
9bUNExQjvP+o3UG4wJWLozR7HoJa97XqUprzD/TfUnB/Tm8qbO7noa7bzQIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFIWMRHg3DfmQr1n8W4Vh0U5wSsecMB8GA1UdIwQY
MBaAFIm1+tGN2REEE6MbTY4Ydlon1MPxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWJYNjBZM1pFUVFUb3h0TmpoaDJXaWZVd19FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85MDFhZDItNmM2Yy00M2M2LWEyODAt
NDI1MGNlNTUxN2Q5LzEvaFl4RWVEY04tWkN2V2Z4YmhXSFJUbkJLeDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85MDFhZDItNmM2Yy00M2M2LWEyODAtNDI1MGNlNTUxN2Q5
LzEvaWJYNjBZM1pFUVFUb3h0TmpoaDJXaWZVd19FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MGYEAgABMGADAwA+sjAK
AwMCUGwDAwBQbgMEBFDxEAMDAlRwAwQCuSOYAwQBwyKAAwQAwyKDMAwDBAPDIogD
BAXDIoADBAbUEUADAwDUujALAwMA1S8DBALVL9gDBAXVL+ADBATZGXAwFAQCAAIw
DgMFACoA42ADBQQqAoOAMA0GCSqGSIb3DQEBCwUAA4IBAQBfFWN/dD/Rl3B2Kf79
03CQ95jT1rH+xc6XcSmioNh3xan39zUHjgwJpxMvno9X7QsVmg7TDZ3JHIBUI926
kxuGvh1nH9MX5AKTjqAWgW4iy5S4+E7evN4mQMVbWes1Bh68sUqtSxiM5fe08U4o
Z4rvvlnjvwuq7bf4wVjBr7CEzyKulPS8tawsu98mIKgE5LlfMzhn+ZGSe3wXge4n
ImvFlUPznK5WQgg2WNx+PJlA4u20Aid1Fxt/B/1q1c1LumOOsA5zAyXxZqiO9KKT
JjyCnHeRxiDWusGJyji+TXPQrWgcHCnRa++XIhKEEYse6ARI2VKTCeIpSAyTnQM6
xO2k
-----END CERTIFICATE-----
Generated at Mon Apr 28 22:34:18 2025 by rpki-client