Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/U_SB6028ltV40-Q2YFUdKqR3818.roa
File: U_SB6028ltV40-Q2YFUdKqR3818.roa (raw, json)
Hash identifier: 2CnxfGcjSkh6o8BNZdn6OmavaRW2jjued/CY3wCZ/qs=
Subject key identifier: 53:F4:81:EB:4D:BC:96:D5:78:D3:E4:36:60:55:1D:2A:A4:77:F3:5F
Certificate issuer: /CN=859d5177077b90818c6f90ae4e44332d8cacbb74
Certificate serial: 018CC5012EC9F8579BD3A14CA8F48019D41E
Authority key identifier: 85:9D:51:77:07:7B:90:81:8C:6F:90:AE:4E:44:33:2D:8C:AC:BB:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/U_SB6028ltV40-Q2YFUdKqR3818.roa
Signing time: Mon 01 Jan 2024 12:30:38 +0000
ROA not before: Mon 01 Jan 2024 12:30:38 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50583
IP address blocks: 212.114.0.0/21 maxlen: 21
212.114.0.0/20 maxlen: 20
212.114.7.0/24 maxlen: 24
212.114.8.0/21 maxlen: 21
46.33.190.51/32 maxlen: 32
46.33.160.0/24 maxlen: 24
46.33.160.0/19 maxlen: 19
46.33.162.0/24 maxlen: 24
46.33.161.0/24 maxlen: 24
46.33.164.0/24 maxlen: 24
46.33.163.0/24 maxlen: 24
46.33.166.0/24 maxlen: 24
46.33.165.0/24 maxlen: 24
46.33.172.0/24 maxlen: 24
46.33.167.0/24 maxlen: 24
46.33.169.0/24 maxlen: 24
46.33.168.0/24 maxlen: 24
46.33.171.0/24 maxlen: 24
46.33.170.0/24 maxlen: 24
195.191.172.0/24 maxlen: 24
195.191.172.0/23 maxlen: 23
195.191.173.0/24 maxlen: 24
46.30.184.0/22 maxlen: 22
46.33.175.0/24 maxlen: 24
46.33.173.0/24 maxlen: 24
46.33.174.0/24 maxlen: 24
46.33.176.0/24 maxlen: 24
46.33.178.0/24 maxlen: 24
185.173.125.0/24 maxlen: 24
185.173.124.0/22 maxlen: 22
185.173.124.0/24 maxlen: 24
46.33.177.0/24 maxlen: 24
46.33.179.0/24 maxlen: 24
46.33.186.0/24 maxlen: 24
185.173.126.0/24 maxlen: 24
46.33.180.0/24 maxlen: 24
46.33.181.0/24 maxlen: 24
185.173.127.0/24 maxlen: 24
46.33.183.0/24 maxlen: 24
46.33.182.0/24 maxlen: 24
46.33.185.0/24 maxlen: 24
46.33.184.0/24 maxlen: 24
46.33.187.0/24 maxlen: 24
46.33.188.0/24 maxlen: 24
46.33.190.0/24 maxlen: 24
46.33.189.0/24 maxlen: 24
46.33.191.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:2e:c9:f8:57:9b:d3:a1:4c:a8:f4:80:19:d4:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=859d5177077b90818c6f90ae4e44332d8cacbb74
Validity
Not Before: Jan 1 12:30:38 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=53f481eb4dbc96d578d3e43660551d2aa477f35f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:c3:50:31:42:9c:8e:c4:25:c0:1e:0e:96:78:
54:99:ec:41:c4:89:75:5b:6c:af:6e:92:8f:12:b9:
2f:62:97:9e:32:91:eb:fe:ae:44:1b:08:72:fc:59:
95:16:b5:6e:e0:76:76:c3:5f:0a:c5:e9:08:3f:86:
6a:d2:17:27:be:47:97:0a:8c:b1:79:02:fd:97:cb:
41:6f:0c:53:72:b3:87:94:4a:0d:3a:db:a9:64:e7:
c8:d9:18:17:34:65:48:d8:46:1d:26:ed:ef:de:f0:
27:53:2b:c5:c5:1e:ad:95:74:88:1a:ad:72:d8:3f:
82:9c:6a:61:77:9b:e4:dc:94:8e:28:91:73:86:20:
13:15:cc:d3:11:58:77:71:4a:9a:2c:52:b2:93:51:
5b:3a:6b:82:1b:39:db:00:f1:e8:88:3c:23:74:5e:
d3:17:20:6b:12:31:2b:04:1b:6a:d3:1b:f8:db:2f:
bd:d0:5e:26:e2:7a:8b:61:7d:19:51:93:23:79:61:
c1:cf:f5:94:38:b7:f1:b0:14:67:4d:2e:10:22:b0:
7a:82:41:7a:b8:e9:2d:ae:6a:d0:0c:b4:ef:53:92:
3b:de:8a:67:60:35:7c:72:4d:9b:84:c6:09:f2:f6:
71:bb:bd:4c:28:c0:c3:7e:f3:b3:9a:97:35:0b:b4:
10:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:F4:81:EB:4D:BC:96:D5:78:D3:E4:36:60:55:1D:2A:A4:77:F3:5F
X509v3 Authority Key Identifier:
keyid:85:9D:51:77:07:7B:90:81:8C:6F:90:AE:4E:44:33:2D:8C:AC:BB:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/U_SB6028ltV40-Q2YFUdKqR3818.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/faea43-f333-4509-a6db-3ac96be285e0/1/hZ1Rdwd7kIGMb5CuTkQzLYysu3Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.30.184.0/22
46.33.160.0/19
185.173.124.0/22
195.191.172.0/23
212.114.0.0/20
Signature Algorithm: sha256WithRSAEncryption
8f:86:5d:cb:12:70:53:03:59:c5:fb:37:f2:5f:ad:07:a0:55:
e0:2b:6d:19:ac:ac:92:c3:20:8a:48:53:4a:2e:35:95:aa:65:
b8:cb:81:6f:68:b8:3a:be:5e:6f:fa:82:dc:a7:7a:29:28:75:
60:84:8a:81:41:cf:50:c5:30:f9:70:47:b0:cd:5c:ff:37:fb:
45:9b:3c:fd:58:14:75:f8:03:71:67:d5:65:50:e2:c9:1f:ef:
43:b1:b5:05:9d:e6:73:aa:66:47:69:26:98:4a:b4:4e:24:29:
53:f5:49:c4:33:c3:a3:0f:c7:35:c2:90:9b:83:0e:cf:4a:86:
9f:30:3b:66:dd:59:06:b1:6a:d3:6d:c0:82:c0:e4:bb:0f:ad:
ef:c4:a8:c0:68:c2:f3:24:0b:95:ef:87:5d:47:a2:ce:d7:85:
ee:1b:05:fd:40:70:28:c0:85:a3:f2:1b:be:5f:f9:7c:bc:c4:
6f:5b:07:f6:ff:88:c6:86:0c:eb:1a:4c:49:56:7a:c4:e5:3b:
37:72:5e:4b:43:67:a0:1e:ba:59:16:ac:ef:97:df:dc:b2:dc:
1b:22:79:df:3a:7a:b2:ee:e8:db:5b:d5:d7:17:be:e3:21:c7:
e0:5c:05:67:e4:2c:0a:48:77:be:84:86:05:2f:fc:40:d5:28:
cb:24:87:6b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzFAS7J+Feb06FMqPSAGdQeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1OWQ1MTc3MDc3YjkwODE4YzZmOTBhZTRlNDQzMzJkOGNh
Y2JiNzQwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Y0ODFlYjRkYmM5NmQ1NzhkM2U0MzY2MDU1MWQyYWE0NzdmMzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cNQMUKcjsQlwB4OlnhUmexBxIl1
W2yvbpKPErkvYpeeMpHr/q5EGwhy/FmVFrVu4HZ2w18KxekIP4Zq0hcnvkeXCoyx
eQL9l8tBbwxTcrOHlEoNOtupZOfI2RgXNGVI2EYdJu3v3vAnUyvFxR6tlXSIGq1y
2D+CnGphd5vk3JSOKJFzhiATFczTEVh3cUqaLFKyk1FbOmuCGznbAPHoiDwjdF7T
FyBrEjErBBtq0xv42y+90F4m4nqLYX0ZUZMjeWHBz/WUOLfxsBRnTS4QIrB6gkF6
uOktrmrQDLTvU5I73opnYDV8ck2bhMYJ8vZxu71MKMDDfvOzmpc1C7QQ/wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFFP0getNvJbVeNPkNmBVHSqkd/NfMB8GA1UdIwQY
MBaAFIWdUXcHe5CBjG+Qrk5EMy2MrLt0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFoxUmR3ZDdrSUdNYjVDdVRrUXpMWXlzdTNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9mYWVhNDMtZjMzMy00NTA5LWE2ZGIt
M2FjOTZiZTI4NWUwLzEvVV9TQjYwMjhsdFY0MC1RMllGVWRLcVIzODE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9mYWVhNDMtZjMzMy00NTA5LWE2ZGItM2FjOTZiZTI4NWUw
LzEvaFoxUmR3ZDdrSUdNYjVDdVRrUXpMWXlzdTNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCLh64AwQF
LiGgAwQCua18AwQBw7+sAwQE1HIAMA0GCSqGSIb3DQEBCwUAA4IBAQCPhl3LEnBT
A1nF+zfyX60HoFXgK20ZrKySwyCKSFNKLjWVqmW4y4FvaLg6vl5v+oLcp3opKHVg
hIqBQc9QxTD5cEewzVz/N/tFmzz9WBR1+ANxZ9VlUOLJH+9DsbUFneZzqmZHaSaY
SrROJClT9UnEM8OjD8c1wpCbgw7PSoafMDtm3VkGsWrTbcCCwOS7D63vxKjAaMLz
JAuV74ddR6LO14XuGwX9QHAowIWj8hu+X/l8vMRvWwf2/4jGhgzrGkxJVnrE5Ts3
cl5LQ2egHrpZFqzvl9/cstwbInnfOnqy7ujbW9XXF77jIcfgXAVn5CwKSHe+hIYF
L/xA1SjLJIdr
-----END CERTIFICATE-----
Generated at Tue Nov 26 17:35:35 2024 by rpki-client on console-fra.rpki-client.org