Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/ldnhn_HcdxbmKydPEkl1v4zgEq4.roa
File: ldnhn_HcdxbmKydPEkl1v4zgEq4.roa (raw, json)
Hash identifier: SSQVI5X02ZNHeqKS7hQmKhf33IKgywQaf0lBe0I6EpY=
Subject key identifier: 95:D9:E1:9F:F1:DC:77:16:E6:2B:27:4F:12:49:75:BF:8C:E0:12:AE
Certificate issuer: /CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Certificate serial: 01990F0475CACB1DBEF114540F5ADBA190E4
Authority key identifier: F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/ldnhn_HcdxbmKydPEkl1v4zgEq4.roa
Signing time: Wed 03 Sep 2025 09:59:34 +0000
ROA not before: Wed 03 Sep 2025 09:59:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58172
IP address blocks: 85.116.176.0/24 maxlen: 24
85.116.177.0/24 maxlen: 24
85.116.178.0/24 maxlen: 24
85.116.179.0/24 maxlen: 24
85.116.180.0/24 maxlen: 24
85.116.181.0/24 maxlen: 24
85.116.183.0/24 maxlen: 24
85.116.184.0/24 maxlen: 24
85.116.185.0/24 maxlen: 24
85.116.186.0/23 maxlen: 23
85.116.188.0/23 maxlen: 23
85.116.190.0/24 maxlen: 24
85.116.191.0/24 maxlen: 24
91.132.148.0/24 maxlen: 24
91.132.149.0/24 maxlen: 24
91.132.150.0/24 maxlen: 24
91.132.151.0/24 maxlen: 24
91.239.101.0/24 maxlen: 24
128.127.96.0/24 maxlen: 24
128.127.97.0/24 maxlen: 24
128.127.98.0/24 maxlen: 24
128.127.99.0/24 maxlen: 24
128.127.100.0/24 maxlen: 24
128.127.101.0/24 maxlen: 24
128.127.102.0/24 maxlen: 24
128.127.103.0/24 maxlen: 24
178.20.176.0/24 maxlen: 24
178.20.177.0/24 maxlen: 24
178.20.178.0/24 maxlen: 24
178.20.179.0/24 maxlen: 24
178.20.180.0/24 maxlen: 24
178.20.181.0/24 maxlen: 24
178.20.182.0/24 maxlen: 24
178.20.183.0/24 maxlen: 24
2a04:3b00::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.mft
rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0f:04:75:ca:cb:1d:be:f1:14:54:0f:5a:db:a1:90:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Validity
Not Before: Sep 3 09:59:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=95d9e19ff1dc7716e62b274f124975bf8ce012ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:eb:b5:f0:8d:d1:f9:c8:91:97:1e:69:bb:7c:
fe:e4:ba:4b:4a:a0:1d:76:d3:e1:97:b1:d7:98:a9:
9c:fe:0f:3e:c4:81:e0:3c:33:d6:c6:1b:d9:c8:ad:
07:39:6f:9b:9d:db:d9:80:66:38:25:1f:b1:95:ba:
4a:f8:46:64:7b:0d:04:f6:0b:fd:25:95:f1:5e:9a:
4f:9c:38:97:db:e3:07:4b:74:b3:0d:c8:51:f2:fe:
2c:af:06:35:4d:1e:6f:18:13:38:50:5d:35:d1:10:
c3:b3:08:3c:ad:86:f5:29:3c:dc:77:35:f0:cb:f1:
4b:36:b0:25:2f:35:27:84:47:91:3d:18:bd:bd:5f:
e5:c0:54:1b:72:fd:81:f4:d2:82:71:fd:0e:71:06:
a9:8c:cc:92:92:49:f0:f8:ea:6b:83:0d:8f:10:f8:
03:a2:c7:3d:fb:f1:1f:cb:cc:75:ae:2a:7c:34:e3:
aa:68:a4:37:70:d5:87:25:36:56:ff:46:c3:aa:f9:
2f:e6:eb:b9:65:7b:e0:d4:3f:a6:cd:22:7d:bd:40:
e9:42:d2:35:ca:1d:ee:3e:5d:75:91:a8:f8:be:34:
4b:77:0d:fe:95:17:6e:4d:35:13:fc:10:20:75:c1:
0a:eb:80:e4:d7:05:cd:d5:3a:b1:1d:49:49:3c:56:
00:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:D9:E1:9F:F1:DC:77:16:E6:2B:27:4F:12:49:75:BF:8C:E0:12:AE
X509v3 Authority Key Identifier:
keyid:F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/ldnhn_HcdxbmKydPEkl1v4zgEq4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.116.176.0-85.116.181.255
85.116.183.0-85.116.191.255
91.132.148.0/22
91.239.101.0/24
128.127.96.0/21
178.20.176.0/21
IPv6:
2a04:3b00::/36
Signature Algorithm: sha256WithRSAEncryption
66:44:6a:23:fe:46:f4:81:14:a8:57:d5:e6:c4:aa:47:72:25:
c5:1d:23:35:83:c0:39:ce:0c:f1:f2:0a:75:69:7e:3d:16:c1:
25:cf:9c:fd:d4:06:96:eb:fb:8d:a6:a6:7f:3c:0d:dc:7f:d6:
02:42:f0:0e:63:6f:92:d2:98:e7:e8:ae:6d:ca:aa:e5:08:bd:
5c:a7:72:fc:62:ff:4b:40:0c:78:d3:74:3c:06:29:5b:16:0a:
69:be:3b:b5:f7:77:77:5e:f9:fc:40:f9:fe:3f:3e:ee:af:e3:
1c:b6:d7:fd:83:cc:2b:78:24:bf:f7:22:f1:d9:28:ce:5a:0a:
67:14:1b:76:b1:b0:bd:55:09:72:3b:ba:7a:e9:bc:cb:a2:a4:
11:ca:07:1f:a3:0e:78:22:30:b6:33:82:40:12:35:96:fa:b5:
27:6c:b6:52:a5:0a:22:f6:52:32:db:38:fd:c2:f9:f1:f8:ce:
b3:10:1d:d8:de:8c:06:38:62:95:1d:0a:49:58:1a:4c:9c:6c:
bb:f9:82:d7:75:d0:93:49:a9:1d:94:75:15:b7:f7:28:b4:b8:
15:85:6b:0a:54:01:96:19:43:a5:f1:8f:cc:eb:da:d4:3a:c4:
c4:ff:d8:a2:b0:ef:71:6e:8c:c1:47:9d:f9:c5:bb:ab:c7:c4:
86:be:0e:41
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZkPBHXKyx2+8RRUD1rboZDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzExMzQxM2QwZGY1YjhmYTA2OTAxMWVlYjEwOWYwNjdi
NTU3OWEwHhcNMjUwOTAzMDk1OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWQ5ZTE5ZmYxZGM3NzE2ZTYyYjI3NGYxMjQ5NzViZjhjZTAxMmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+u18I3R+ciRlx5pu3z+5LpLSqAd
dtPhl7HXmKmc/g8+xIHgPDPWxhvZyK0HOW+bndvZgGY4JR+xlbpK+EZkew0E9gv9
JZXxXppPnDiX2+MHS3SzDchR8v4srwY1TR5vGBM4UF010RDDswg8rYb1KTzcdzXw
y/FLNrAlLzUnhEeRPRi9vV/lwFQbcv2B9NKCcf0OcQapjMySkknw+Oprgw2PEPgD
osc9+/Efy8x1rip8NOOqaKQ3cNWHJTZW/0bDqvkv5uu5ZXvg1D+mzSJ9vUDpQtI1
yh3uPl11kaj4vjRLdw3+lRduTTUT/BAgdcEK64Dk1wXN1TqxHUlJPFYARQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFJXZ4Z/x3HcW5isnTxJJdb+M4BKuMB8GA1UdIwQY
MBaAFPDBE0E9DfW4+gaQEe6xCfBntVeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUt
NTAyNjFiMTE5MTZiLzEvbGRuaG5fSGNkeGJtS3lkUEVrbDF2NHpnRXE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUtNTAyNjFiMTE5MTZi
LzEvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDA6BAIAATA0MAwDBARVdLAD
BAFVdLQwDAMEAFV0twMEBlV0gAMEAluElAMEAFvvZQMEA4B/YAMEA7IUsDAOBAIA
AjAIAwYEKgQ7AAAwDQYJKoZIhvcNAQELBQADggEBAGZEaiP+RvSBFKhX1ebEqkdy
JcUdIzWDwDnODPHyCnVpfj0WwSXPnP3UBpbr+42mpn88Ddx/1gJC8A5jb5LSmOfo
rm3KquUIvVyncvxi/0tADHjTdDwGKVsWCmm+O7X3d3de+fxA+f4/Pu6v4xy21/2D
zCt4JL/3IvHZKM5aCmcUG3axsL1VCXI7unrpvMuipBHKBx+jDngiMLYzgkASNZb6
tSdstlKlCiL2UjLbOP3C+fH4zrMQHdjejAY4YpUdCklYGkycbLv5gtd10JNJqR2U
dRW39yi0uBWFawpUAZYZQ6Xxj8zr2tQ6xMT/2KKw73FujMFHnfnFu6vHxIa+DkE=
-----END CERTIFICATE-----
Generated at Mon Oct 20 21:11:18 2025 by rpki-client