Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/whG6e5eu2gIr21nEwdCmpdOgBW4.roa
File: whG6e5eu2gIr21nEwdCmpdOgBW4.roa (raw, json)
Hash identifier: 5J3yueqYrJL6RT5/mYUGriDwmF4mmWPt5n31Gmy0b48=
Subject key identifier: C2:11:BA:7B:97:AE:DA:02:2B:DB:59:C4:C1:D0:A6:A5:D3:A0:05:6E
Certificate issuer: /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial: 018FF1C717363D6917D9EECDA455C0864A84
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/whG6e5eu2gIr21nEwdCmpdOgBW4.roa
Signing time: Fri 07 Jun 2024 08:18:27 +0000
ROA not before: Fri 07 Jun 2024 08:18:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 13237
IP address blocks: 62.4.64.0/19 maxlen: 24
62.4.64.0/22 maxlen: 24
62.80.96.0/19 maxlen: 24
62.93.192.0/18 maxlen: 24
80.86.160.0/19 maxlen: 24
80.252.32.0/20 maxlen: 20
81.209.128.0/17 maxlen: 24
82.98.200.0/21 maxlen: 24
82.98.208.0/20 maxlen: 24
82.98.224.0/21 maxlen: 24
82.197.128.0/19 maxlen: 24
83.124.0.0/14 maxlen: 24
83.125.45.0/24 maxlen: 24
83.125.71.0/24 maxlen: 24
83.133.0.0/16 maxlen: 24
83.137.80.0/21 maxlen: 21
84.207.0.0/16 maxlen: 24
84.207.205.0/24 maxlen: 24
84.207.210.0/24 maxlen: 24
84.207.225.0/24 maxlen: 24
84.207.226.0/24 maxlen: 24
84.207.228.0/24 maxlen: 24
84.207.229.0/24 maxlen: 24
84.207.231.0/24 maxlen: 24
84.207.240.0/24 maxlen: 24
185.99.80.0/22 maxlen: 22
185.250.87.0/24 maxlen: 24
217.19.32.0/20 maxlen: 20
217.71.96.0/20 maxlen: 24
217.112.144.0/20 maxlen: 24
217.112.144.0/21 maxlen: 24
2001:7f0::/29 maxlen: 48
2001:7f0::/32 maxlen: 48
2001:7f0:4020::/48 maxlen: 48
2001:1618::/29 maxlen: 48
2001:4d40::/29 maxlen: 48
2001:4d40::/32 maxlen: 48
2a00:cc0::/29 maxlen: 48
2a00:cc0::/32 maxlen: 48
2a00:fa0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Sep 2024 05:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:f1:c7:17:36:3d:69:17:d9:ee:cd:a4:55:c0:86:4a:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Validity
Not Before: Jun 7 08:18:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c211ba7b97aeda022bdb59c4c1d0a6a5d3a0056e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:d8:0b:f2:4f:88:62:64:31:f0:52:71:d6:18:
fa:02:94:0f:64:dc:9e:c6:5a:14:75:04:1f:53:e5:
31:e9:9d:ca:f8:61:0d:ae:af:fe:16:55:65:a2:49:
7c:0d:01:73:86:5d:7e:d3:7f:4d:84:a3:29:1e:37:
27:5f:ae:1f:e4:ea:86:04:a5:0e:2e:e4:31:53:d6:
24:02:e6:c0:00:5b:3e:ef:98:cf:f4:bc:5e:ba:1f:
f9:d7:80:c5:ae:2d:42:7f:6b:45:b7:bf:57:67:af:
72:95:6e:5b:1d:f5:f0:38:9d:cf:94:4d:88:74:e9:
83:b2:eb:72:f1:f7:98:58:e9:ff:57:38:50:fa:6d:
0f:e7:61:d0:2c:dd:dc:71:d4:30:16:91:9d:f7:37:
be:f7:24:40:c4:21:de:b3:26:22:72:f4:1a:10:91:
23:b7:96:d6:df:ee:38:24:a1:c6:60:13:df:8f:65:
de:30:41:6b:12:5c:d7:e5:8f:28:e7:21:c8:f5:60:
08:f5:e3:76:8a:57:8b:c2:29:c5:94:83:08:b9:f8:
99:8f:db:5f:3b:66:e1:4f:41:34:7b:15:03:c3:b9:
fb:04:d0:ec:68:06:85:7b:1f:62:d1:b0:89:a6:f0:
d0:bb:a8:8c:5a:ee:1b:d4:38:60:9a:10:b8:61:a0:
bf:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:11:BA:7B:97:AE:DA:02:2B:DB:59:C4:C1:D0:A6:A5:D3:A0:05:6E
X509v3 Authority Key Identifier:
keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/whG6e5eu2gIr21nEwdCmpdOgBW4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.4.64.0/19
62.80.96.0/19
62.93.192.0/18
80.86.160.0/19
80.252.32.0/20
81.209.128.0/17
82.98.200.0-82.98.231.255
82.197.128.0/19
83.124.0.0/14
83.133.0.0/16
83.137.80.0/21
84.207.0.0/16
185.99.80.0/22
185.250.87.0/24
217.19.32.0/20
217.71.96.0/20
217.112.144.0/20
IPv6:
2001:7f0::/29
2001:1618::/29
2001:4d40::/29
2a00:cc0::/29
2a00:fa0::/32
Signature Algorithm: sha256WithRSAEncryption
9a:2a:b6:0e:7f:8f:9e:f4:38:87:5f:9a:a6:ae:72:0d:44:54:
f3:3d:23:6a:93:d5:e5:c6:05:9c:0f:cc:fd:3b:8b:f5:ac:71:
4c:27:d1:eb:db:9c:67:70:67:04:e4:61:ce:0c:e5:92:4b:31:
78:6b:b6:c7:5a:99:67:f4:d5:2f:26:c4:df:65:26:3f:c5:e1:
c3:6c:66:a3:21:e3:5d:50:d7:0d:b3:3c:79:8b:e0:ad:6c:b3:
c2:99:43:7f:65:95:8d:fa:ef:6a:f3:d0:b7:03:7b:23:11:39:
37:c9:32:e0:d0:e7:b2:0f:82:c2:b0:a0:0c:22:f7:55:d2:59:
5b:e2:5d:dd:6c:61:a3:de:c8:f1:52:f4:d1:ac:a7:0e:e2:a7:
7d:14:46:c9:bb:24:b4:59:99:94:cf:c2:f2:01:28:bc:a5:2f:
16:67:a8:6f:72:97:10:91:44:af:d3:7a:01:0e:15:fd:7a:e7:
65:85:91:ad:15:8b:f4:89:b8:70:a6:3d:43:40:be:6c:c1:0f:
11:01:82:ff:95:61:ec:6e:83:56:02:d9:3e:7a:79:bb:fd:f8:
e7:a0:ba:6f:90:37:21:a6:28:18:39:c8:f0:49:98:d3:c5:b7:
61:19:f5:04:c7:49:09:7a:33:f3:81:b0:86:f5:f3:44:51:ed:
a5:01:68:d3
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgISAY/xxxc2PWkX2e7NpFXAhkqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwNjA3MDgxODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjExYmE3Yjk3YWVkYTAyMmJkYjU5YzRjMWQwYTZhNWQzYTAwNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgL8k+IYmQx8FJx1hj6ApQPZNye
xloUdQQfU+Ux6Z3K+GENrq/+FlVlokl8DQFzhl1+039NhKMpHjcnX64f5OqGBKUO
LuQxU9YkAubAAFs+75jP9Lxeuh/514DFri1Cf2tFt79XZ69ylW5bHfXwOJ3PlE2I
dOmDsuty8feYWOn/VzhQ+m0P52HQLN3ccdQwFpGd9ze+9yRAxCHesyYicvQaEJEj
t5bW3+44JKHGYBPfj2XeMEFrElzX5Y8o5yHI9WAI9eN2ileLwinFlIMIufiZj9tf
O2bhT0E0exUDw7n7BNDsaAaFex9i0bCJpvDQu6iMWu4b1DhgmhC4YaC/VQIDAQAB
o4ICnDCCApgwHQYDVR0OBBYEFMIRunuXrtoCK9tZxMHQpqXToAVuMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvd2hHNmU1ZXUyZ0lyMjFuRXdkQ21wZE9nQlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGxBggrBgEFBQcBBwEB/wSBoTCBnjBxBAIAATBrAwQFPgRA
AwQFPlBgAwQGPl3AAwQFUFagAwQEUPwgAwQHUdGAMAwDBANSYsgDBANSYuADBAVS
xYADAwJTfAMDAFOFAwQDU4lQAwMAVM8DBAK5Y1ADBAC5+lcDBATZEyADBATZR2AD
BATZcJAwKQQCAAIwIwMFAyABB/ADBQMgARYYAwUDIAFNQAMFAyoADMADBQAqAA+g
MA0GCSqGSIb3DQEBCwUAA4IBAQCaKrYOf4+e9DiHX5qmrnINRFTzPSNqk9XlxgWc
D8z9O4v1rHFMJ9Hr25xncGcE5GHODOWSSzF4a7bHWpln9NUvJsTfZSY/xeHDbGaj
IeNdUNcNszx5i+CtbLPCmUN/ZZWN+u9q89C3A3sjETk3yTLg0OeyD4LCsKAMIvdV
0llb4l3dbGGj3sjxUvTRrKcO4qd9FEbJuyS0WZmUz8LyASi8pS8WZ6hvcpcQkUSv
03oBDhX9eudlhZGtFYv0ibhwpj1DQL5swQ8RAYL/lWHsboNWAtk+enm7/fjnoLpv
kDchpigYOcjwSZjTxbdhGfUEx0kJejPzgbCG9fNEUe2lAWjT
-----END CERTIFICATE-----
Generated at Sat Sep 28 08:16:47 2024 by rpki-client on console-fra.rpki-client.org