Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/68t40YprqKwMf4i-a8gdOB11SP0.roa
File: 68t40YprqKwMf4i-a8gdOB11SP0.roa (raw, json)
Hash identifier: E+RwymFgAOdPYZBfxBjqBqWwvvVrO63OsrPUGv7M2M4=
Subject key identifier: EB:CB:78:D1:8A:6B:A8:AC:0C:7F:88:BE:6B:C8:1D:38:1D:75:48:FD
Certificate issuer: /CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Certificate serial: 0191E5DC591DE0DC44ED0201A56C0B74B04B
Authority key identifier: FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/68t40YprqKwMf4i-a8gdOB11SP0.roa
Signing time: Thu 12 Sep 2024 10:51:48 +0000
ROA not before: Thu 12 Sep 2024 10:51:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 21412
IP address blocks: 5.20.0.0/20 maxlen: 21
5.20.0.0/21 maxlen: 32
5.20.8.0/21 maxlen: 21
5.20.16.0/20 maxlen: 20
5.20.32.0/19 maxlen: 19
5.20.64.0/19 maxlen: 19
5.20.96.0/21 maxlen: 21
5.20.104.0/21 maxlen: 21
5.20.112.0/21 maxlen: 21
5.20.120.0/21 maxlen: 21
5.20.128.0/19 maxlen: 19
5.20.160.0/19 maxlen: 19
5.20.192.0/19 maxlen: 19
5.20.224.0/21 maxlen: 21
5.20.232.0/21 maxlen: 21
5.20.240.0/20 maxlen: 20
37.157.144.0/21 maxlen: 21
46.251.32.0/19 maxlen: 19
77.87.8.0/21 maxlen: 21
77.221.64.0/19 maxlen: 19
79.133.224.0/19 maxlen: 19
80.240.0.0/20 maxlen: 20
81.29.16.0/20 maxlen: 20
87.239.112.0/21 maxlen: 21
87.247.64.0/18 maxlen: 18
91.187.160.0/19 maxlen: 19
178.16.32.0/20 maxlen: 20
178.250.32.0/21 maxlen: 21
185.26.132.0/22 maxlen: 22
185.198.32.0/22 maxlen: 22
212.52.32.0/19 maxlen: 19
212.117.0.0/19 maxlen: 19
217.17.80.0/20 maxlen: 20
2a00:7600::/32 maxlen: 32
2a01:a1c0::/32 maxlen: 32
2a04:ce00::/29 maxlen: 29
2a04:eb00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.mft
rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 26 Nov 2024 07:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:e5:dc:59:1d:e0:dc:44:ed:02:01:a5:6c:0b:74:b0:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Validity
Not Before: Sep 12 10:51:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ebcb78d18a6ba8ac0c7f88be6bc81d381d7548fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:1b:27:ec:aa:16:6a:74:65:24:91:14:21:56:
cf:c7:0d:3c:0d:7d:aa:2d:0a:ba:1a:95:3b:3c:75:
21:26:46:28:85:c3:a0:db:10:6e:9b:1e:c0:11:24:
96:dc:ec:d5:89:11:3a:78:68:5b:ab:e5:af:23:17:
e6:00:f1:ae:e4:68:8c:1e:7e:5e:9b:82:f3:35:b6:
76:7f:71:ed:82:c8:46:a7:d0:fd:a0:41:4d:45:fc:
e9:d5:49:68:bd:82:22:77:3f:c0:82:d7:0e:7a:08:
65:84:db:0b:2a:dc:a1:42:be:ae:f1:df:b5:ad:a4:
98:9b:1f:33:e4:d1:c4:4a:4b:0a:d6:27:d0:14:34:
ac:08:f5:5b:f0:c2:20:dd:0b:b3:81:b7:59:52:00:
13:9c:f7:ec:b8:70:a1:0c:99:0c:0c:10:a8:1e:ee:
18:3a:1b:87:9e:58:be:0c:2c:25:84:35:e9:4a:53:
20:53:1e:90:18:eb:02:07:fa:9d:f0:c2:3f:00:1d:
7d:fc:f0:d6:20:d8:2a:f4:66:6b:ab:e6:f0:47:aa:
86:33:8d:97:0f:c1:a7:a9:1a:5e:b1:9b:e1:32:19:
3e:4f:1b:17:47:ba:28:d3:44:ae:96:55:08:2f:8b:
97:4c:e3:e4:a6:f2:bd:a9:e7:d0:29:ba:d3:c0:b8:
6d:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:CB:78:D1:8A:6B:A8:AC:0C:7F:88:BE:6B:C8:1D:38:1D:75:48:FD
X509v3 Authority Key Identifier:
keyid:FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/68t40YprqKwMf4i-a8gdOB11SP0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.20.0.0/16
37.157.144.0/21
46.251.32.0/19
77.87.8.0/21
77.221.64.0/19
79.133.224.0/19
80.240.0.0/20
81.29.16.0/20
87.239.112.0/21
87.247.64.0/18
91.187.160.0/19
178.16.32.0/20
178.250.32.0/21
185.26.132.0/22
185.198.32.0/22
212.52.32.0/19
212.117.0.0/19
217.17.80.0/20
IPv6:
2a00:7600::/32
2a01:a1c0::/32
2a04:ce00::/29
2a04:eb00::/29
Signature Algorithm: sha256WithRSAEncryption
30:d0:9f:5e:0f:81:f2:7b:db:64:68:f0:5a:fc:8c:95:8f:f6:
e4:ce:86:1d:b5:b5:7d:bd:05:80:a1:84:78:2e:e3:91:8b:28:
8d:33:fd:16:bc:8b:25:29:b8:14:eb:df:ed:bc:a7:ed:5a:eb:
ef:62:73:f8:ed:9f:cc:79:ca:13:38:08:27:29:af:a2:43:f0:
ee:00:1c:cc:b9:6e:a3:be:ea:56:94:df:f2:1e:8f:da:62:b7:
16:d4:23:6c:e5:87:d6:6f:08:3d:9c:cd:e4:11:7b:4c:96:2e:
03:4b:20:9f:e3:13:89:cb:76:c3:a9:ec:b5:bb:2e:d5:c0:6c:
d7:5d:f0:1d:4c:65:51:33:3c:95:30:0a:fe:d2:df:b7:e7:40:
e7:22:38:86:64:e8:2f:1f:d7:00:2d:5e:c5:7d:a5:17:fc:69:
29:22:ad:db:98:37:61:07:60:a3:4f:a1:3f:06:07:4f:f7:c0:
e6:bd:6e:cd:96:82:a5:43:fe:60:5c:c8:d4:1b:5f:c0:c9:21:
11:9b:66:28:91:58:0c:a2:77:06:17:8c:b5:ed:f0:12:a9:c7:
14:a2:8f:f3:0a:ce:6d:b6:9e:06:c0:c4:5a:7d:c7:c5:82:85:
1e:65:2c:5c:3e:79:b6:03:53:fe:44:4c:0e:2c:88:7c:c0:73:
e1:76:a0:cf
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAZHl3Fkd4NxE7QIBpWwLdLBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGQwNjk3ODk2OWE4YmRhYjZkNjM1OTA2MmQ3NzgxZTAz
NDQ5Y2EwHhcNMjQwOTEyMTA1MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmNiNzhkMThhNmJhOGFjMGM3Zjg4YmU2YmM4MWQzODFkNzU0OGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhsn7KoWanRlJJEUIVbPxw08DX2q
LQq6GpU7PHUhJkYohcOg2xBumx7AESSW3OzViRE6eGhbq+WvIxfmAPGu5GiMHn5e
m4LzNbZ2f3HtgshGp9D9oEFNRfzp1UlovYIidz/AgtcOeghlhNsLKtyhQr6u8d+1
raSYmx8z5NHESksK1ifQFDSsCPVb8MIg3QuzgbdZUgATnPfsuHChDJkMDBCoHu4Y
OhuHnli+DCwlhDXpSlMgUx6QGOsCB/qd8MI/AB19/PDWINgq9GZrq+bwR6qGM42X
D8GnqRpesZvhMhk+TxsXR7oo00SullUIL4uXTOPkpvK9qefQKbrTwLht2wIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFOvLeNGKa6isDH+IvmvIHTgddUj9MB8GA1UdIwQY
MBaAFPxNBpeJaai9q21jWQYtd4HgNEnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEt
ZGEwM2JmN2EyZWMyLzEvNjh0NDBZcHJxS3dNZjRpLWE4Z2RPQjExU1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEtZGEwM2JmN2EyZWMy
LzEvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGqBggrBgEFBQcBBwEB/wSBmjCBlzBxBAIAATBrAwMABRQD
BAMlnZADBAUu+yADBANNVwgDBAVN3UADBAVPheADBARQ8AADBARRHRADBANX73AD
BAZX90ADBAVbu6ADBASyECADBAOy+iADBAK5GoQDBAK5xiADBAXUNCADBAXUdQAD
BATZEVAwIgQCAAIwHAMFACoAdgADBQAqAaHAAwUDKgTOAAMFAyoE6wAwDQYJKoZI
hvcNAQELBQADggEBADDQn14PgfJ722Ro8Fr8jJWP9uTOhh21tX29BYChhHgu45GL
KI0z/Ra8iyUpuBTr3+28p+1a6+9ic/jtn8x5yhM4CCcpr6JD8O4AHMy5bqO+6laU
3/Iej9pitxbUI2zlh9ZvCD2czeQRe0yWLgNLIJ/jE4nLdsOp7LW7LtXAbNdd8B1M
ZVEzPJUwCv7S37fnQOciOIZk6C8f1wAtXsV9pRf8aSkirduYN2EHYKNPoT8GB0/3
wOa9bs2WgqVD/mBcyNQbX8DJIRGbZiiRWAyidwYXjLXt8BKpxxSij/MKzm22ngbA
xFp9x8WChR5lLFw+ebYDU/5ETA4siHzAc+F2oM8=
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:38:55 2024 by rpki-client on console-ams.rpki-client.org