Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/ZjuqeMXqpY9TYFMSZBYR01WUsMM.roa
File: ZjuqeMXqpY9TYFMSZBYR01WUsMM.roa (raw, json)
Hash identifier: eh/DJ4my2sHmuUeV0U2Gw2+0UGUwShXOstQosHPh6cY=
Subject key identifier: 66:3B:AA:78:C5:EA:A5:8F:53:60:53:12:64:16:11:D3:55:94:B0:C3
Certificate issuer: /CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
Certificate serial: 018CC94C9FCB97265AC5734470C34E125896
Authority key identifier: AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/ZjuqeMXqpY9TYFMSZBYR01WUsMM.roa
Signing time: Tue 02 Jan 2024 08:31:31 +0000
ROA not before: Tue 02 Jan 2024 08:31:31 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 13287
IP address blocks: 213.162.192.0/24 maxlen: 24
213.162.193.0/24 maxlen: 24
213.162.195.0/24 maxlen: 24
213.162.197.0/24 maxlen: 24
213.162.196.0/22 maxlen: 24
213.162.206.0/24 maxlen: 24
213.162.205.0/24 maxlen: 24
213.162.204.0/24 maxlen: 24
213.162.200.0/22 maxlen: 22
213.162.208.0/23 maxlen: 23
213.162.207.0/24 maxlen: 24
213.162.212.0/24 maxlen: 24
213.162.211.0/24 maxlen: 24
213.162.210.0/24 maxlen: 24
213.162.219.0/24 maxlen: 24
213.162.216.0/22 maxlen: 22
213.162.218.0/24 maxlen: 24
213.162.217.0/24 maxlen: 24
213.162.215.0/24 maxlen: 24
213.162.214.0/24 maxlen: 24
213.162.220.0/24 maxlen: 24
213.162.221.0/24 maxlen: 24
185.33.67.0/24 maxlen: 24
185.33.66.0/24 maxlen: 24
109.234.84.0/24 maxlen: 24
109.234.85.0/24 maxlen: 24
109.234.81.0/24 maxlen: 24
109.234.80.0/24 maxlen: 24
109.234.82.0/24 maxlen: 24
109.234.82.0/23 maxlen: 23
109.234.87.0/24 maxlen: 24
185.19.68.0/22 maxlen: 22
185.111.185.0/24 maxlen: 24
185.111.184.0/24 maxlen: 24
185.111.184.0/22 maxlen: 22
2a02:23a0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.mft
rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 12:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4c:9f:cb:97:26:5a:c5:73:44:70:c3:4e:12:58:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
Validity
Not Before: Jan 2 08:31:31 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=663baa78c5eaa58f53605312641611d35594b0c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:ac:b9:07:c7:fe:bd:49:5e:cb:eb:c2:0a:e8:
dc:30:b8:25:ca:40:aa:90:1a:91:a8:23:53:ca:e0:
b8:76:ce:8b:13:70:5e:01:d4:5f:c7:2a:91:7b:ee:
be:33:db:bd:a8:3c:57:24:da:fc:da:6f:17:57:7d:
7b:c2:44:b6:8a:c0:16:47:1d:26:30:d3:b6:00:ea:
71:88:2a:0c:97:61:f8:3b:e4:e4:17:30:1f:cc:2f:
df:75:05:c0:58:e5:1d:ed:b0:63:1a:32:f6:f0:a8:
e4:be:31:4a:fd:4b:7b:a1:95:b3:88:cf:91:44:44:
66:59:df:38:e1:76:10:2b:46:83:cd:a5:fc:65:3e:
85:75:b0:92:dd:77:df:b0:e4:27:e6:7c:16:e2:85:
5a:00:1e:2c:19:6d:6e:69:be:48:57:6e:44:59:68:
ea:61:c6:04:11:23:0c:1e:37:7d:67:b9:16:84:a4:
bf:b8:64:61:8d:11:f8:03:8b:2d:5c:30:d9:dd:12:
81:81:1f:95:58:b8:f8:34:ea:9a:11:79:8f:a0:d5:
5e:b3:13:83:21:60:8a:5d:c6:74:81:71:0f:a1:3e:
58:ad:3f:4c:66:a8:23:ea:f0:57:6f:ec:f3:19:a2:
b1:e5:9c:73:a9:9c:1d:6b:69:8c:7e:a4:04:08:2a:
6c:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:3B:AA:78:C5:EA:A5:8F:53:60:53:12:64:16:11:D3:55:94:B0:C3
X509v3 Authority Key Identifier:
keyid:AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/ZjuqeMXqpY9TYFMSZBYR01WUsMM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.234.80.0-109.234.85.255
109.234.87.0/24
185.19.68.0/22
185.33.66.0/23
185.111.184.0/22
213.162.192.0/23
213.162.195.0-213.162.212.255
213.162.214.0-213.162.221.255
IPv6:
2a02:23a0::/32
Signature Algorithm: sha256WithRSAEncryption
a8:77:13:e1:f5:24:13:c9:18:76:49:9c:d0:9a:24:a5:c0:e8:
19:7d:71:09:ab:a9:66:94:b5:10:55:a8:8a:00:43:67:f2:4b:
17:58:78:10:df:18:85:17:e8:02:2a:f9:95:b6:60:fa:cf:c7:
61:d6:8e:d0:07:bb:68:8d:cd:64:c1:b8:83:3f:20:40:f9:b1:
d7:c8:f4:73:aa:87:f5:de:c0:4d:fd:6c:13:16:03:96:e4:8b:
24:e7:74:69:21:d3:3b:88:27:f2:0e:11:6a:d8:5a:c8:48:5b:
2a:83:ec:83:69:0f:1d:6a:ee:3b:bc:23:5d:75:a9:97:fd:3b:
50:c9:e1:ba:a9:6d:1c:a6:95:4d:3d:ed:08:44:fc:0b:9c:25:
00:21:d0:d6:41:45:9d:98:a7:ae:b8:6c:e9:1e:b9:70:44:00:
84:39:f1:89:a3:87:dd:d4:b5:a1:2f:14:60:d8:c8:c6:70:96:
f2:95:a5:5c:59:3f:fe:9e:f5:5c:e2:06:83:a3:f4:29:6f:27:
d5:5e:80:56:b9:3b:a5:4b:48:09:17:fb:64:5d:67:63:7f:e2:
57:d2:78:80:f7:07:10:48:18:89:e0:89:29:2e:61:fe:f4:b5:
1f:25:3e:d9:6d:ba:c4:3a:0c:45:23:3e:18:1d:27:f8:ae:3f:
fe:9b:c8:1f
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYzJTJ/LlyZaxXNEcMNOEliWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTRmZTgzMWI2YTcxOWY0MmU2Yzg0ODZmZDAzYjU1MGJl
NzYxZmIwHhcNMjQwMTAyMDgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjNiYWE3OGM1ZWFhNThmNTM2MDUzMTI2NDE2MTFkMzU1OTRiMGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqy5B8f+vUley+vCCujcMLglykCq
kBqRqCNTyuC4ds6LE3BeAdRfxyqRe+6+M9u9qDxXJNr82m8XV317wkS2isAWRx0m
MNO2AOpxiCoMl2H4O+TkFzAfzC/fdQXAWOUd7bBjGjL28KjkvjFK/Ut7oZWziM+R
RERmWd844XYQK0aDzaX8ZT6FdbCS3XffsOQn5nwW4oVaAB4sGW1uab5IV25EWWjq
YcYEESMMHjd9Z7kWhKS/uGRhjRH4A4stXDDZ3RKBgR+VWLj4NOqaEXmPoNVesxOD
IWCKXcZ0gXEPoT5YrT9MZqgj6vBXb+zzGaKx5ZxzqZwda2mMfqQECCpsAwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFGY7qnjF6qWPU2BTEmQWEdNVlLDDMB8GA1UdIwQY
MBaAFKtU/oMbanGfQubISG/QO1UL52H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYt
NmZkOTc4OTIwNWJhLzEvWmp1cWVNWHFwWTlUWUZNU1pCWVIwMVdVc01NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYtNmZkOTc4OTIwNWJh
LzEvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIMAwDBARt6lAD
BAFt6lQDBABt6lcDBAK5E0QDBAG5IUIDBAK5b7gDBAHVosAwDAMEANWiwwMEANWi
1DAMAwQB1aLWAwQB1aLcMA0EAgACMAcDBQAqAiOgMA0GCSqGSIb3DQEBCwUAA4IB
AQCodxPh9SQTyRh2SZzQmiSlwOgZfXEJq6lmlLUQVaiKAENn8ksXWHgQ3xiFF+gC
KvmVtmD6z8dh1o7QB7tojc1kwbiDPyBA+bHXyPRzqof13sBN/WwTFgOW5Isk53Rp
IdM7iCfyDhFq2FrISFsqg+yDaQ8dau47vCNddamX/TtQyeG6qW0cppVNPe0IRPwL
nCUAIdDWQUWdmKeuuGzpHrlwRACEOfGJo4fd1LWhLxRg2MjGcJbylaVcWT/+nvVc
4gaDo/QpbyfVXoBWuTulS0gJF/tkXWdjf+JX0niA9wcQSBiJ4IkpLmH+9LUfJT7Z
bbrEOgxFIz4YHSf4rj/+m8gf
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:15:25 2024 by rpki-client on console-fra.rpki-client.org