Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/2nGrmrF9w7OkyUba-GAFHpdUktA.roa
File: 2nGrmrF9w7OkyUba-GAFHpdUktA.roa (raw, json)
Hash identifier: Tw5J+zQ5WVwqE0pKsdDu7iAmgMinb1hHaqN8ia9j51A=
Subject key identifier: DA:71:AB:9A:B1:7D:C3:B3:A4:C9:46:DA:F8:60:05:1E:97:54:92:D0
Certificate issuer: /CN=c8acf59abd4abbfbf830a060225a96a2179a2694
Certificate serial: 018FC00856323B34710C3AFDAFA31CA6618E
Authority key identifier: C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/2nGrmrF9w7OkyUba-GAFHpdUktA.roa
Signing time: Tue 28 May 2024 16:28:42 +0000
ROA not before: Tue 28 May 2024 16:28:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35625
IP address blocks: 37.16.78.0/24 maxlen: 24
37.235.88.0/21 maxlen: 24
45.15.204.0/22 maxlen: 24
45.138.192.0/22 maxlen: 24
46.29.120.0/21 maxlen: 24
85.208.216.0/22 maxlen: 24
91.212.236.0/24 maxlen: 24
91.229.136.0/24 maxlen: 24
94.158.180.0/22 maxlen: 24
109.197.240.0/21 maxlen: 24
185.31.148.0/22 maxlen: 24
185.39.168.0/22 maxlen: 24
185.75.140.0/22 maxlen: 24
185.117.18.0/24 maxlen: 24
185.161.44.0/22 maxlen: 24
185.167.76.0/24 maxlen: 24
185.181.4.0/22 maxlen: 24
185.218.212.0/22 maxlen: 24
185.246.26.0/24 maxlen: 24
185.252.156.0/22 maxlen: 24
194.126.178.0/24 maxlen: 24
195.90.116.0/22 maxlen: 24
195.190.27.0/24 maxlen: 24
2a00:ba60::/32 maxlen: 32
2a00:ba61::/32 maxlen: 32
2a00:ba62::/32 maxlen: 32
2a00:ba67::/32 maxlen: 32
2a01:6600:2e00::/40 maxlen: 40
2a02:21c8::/32 maxlen: 32
2a09:8c40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Jun 2024 13:01:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:c0:08:56:32:3b:34:71:0c:3a:fd:af:a3:1c:a6:61:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c8acf59abd4abbfbf830a060225a96a2179a2694
Validity
Not Before: May 28 16:28:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=da71ab9ab17dc3b3a4c946daf860051e975492d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:0c:ec:85:5d:a2:25:a3:a3:84:5b:67:a7:b4:
ac:a0:03:b2:c0:9a:5e:ee:37:d7:de:77:e5:d8:0c:
12:02:44:d8:3c:f4:66:48:b1:eb:f3:d7:03:4d:4c:
39:54:70:25:9a:ff:f0:3e:35:50:65:04:9e:c2:47:
ef:99:d9:99:61:c3:35:ef:07:47:18:a7:6d:d8:a7:
a8:07:dd:dc:9e:5a:7d:00:53:13:b3:39:e4:a8:88:
4c:08:dd:ae:79:63:d8:5b:ac:5f:c0:b3:1a:a3:21:
03:1b:6a:8d:3a:e6:cf:6b:cd:7d:30:4e:e2:76:03:
9c:70:fd:0f:d1:7a:28:39:f8:9d:88:c6:5a:c6:e2:
cc:1d:7a:6d:99:76:0b:32:65:c7:31:07:bf:67:f3:
96:33:a7:2d:0e:91:a1:60:bc:ca:a8:dd:81:d0:d6:
88:a0:a1:23:4b:86:65:e3:13:1e:81:bd:89:a7:40:
64:e6:53:d1:a4:ce:2a:a8:52:f3:f6:b1:24:ee:b2:
3e:ca:6d:da:cd:ab:bd:2d:d4:c8:91:4a:d6:89:d6:
f6:5f:8b:ee:18:72:eb:12:ae:f8:45:bb:6c:b0:27:
49:52:9f:e8:33:c0:4c:ca:69:b8:1b:ca:81:1c:0b:
0d:5b:92:24:95:78:82:32:ee:35:b4:93:b3:19:5e:
22:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:71:AB:9A:B1:7D:C3:B3:A4:C9:46:DA:F8:60:05:1E:97:54:92:D0
X509v3 Authority Key Identifier:
keyid:C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/2nGrmrF9w7OkyUba-GAFHpdUktA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.16.78.0/24
37.235.88.0/21
45.15.204.0/22
45.138.192.0/22
46.29.120.0/21
85.208.216.0/22
91.212.236.0/24
91.229.136.0/24
94.158.180.0/22
109.197.240.0/21
185.31.148.0/22
185.39.168.0/22
185.75.140.0/22
185.117.18.0/24
185.161.44.0/22
185.167.76.0/24
185.181.4.0/22
185.218.212.0/22
185.246.26.0/24
185.252.156.0/22
194.126.178.0/24
195.90.116.0/22
195.190.27.0/24
IPv6:
2a00:ba60::-2a00:ba62:ffff:ffff:ffff:ffff:ffff:ffff
2a00:ba67::/32
2a01:6600:2e00::/40
2a02:21c8::/32
2a09:8c40::/29
Signature Algorithm: sha256WithRSAEncryption
7f:c5:79:d4:e9:44:21:c5:cb:af:6f:89:f3:58:7d:5f:e6:f4:
3a:ae:f6:66:76:60:d8:11:25:bd:fe:0f:44:e9:1f:20:34:2c:
30:bd:66:9e:2a:45:80:26:9f:65:58:19:b0:1a:9a:27:fd:c4:
95:d9:a7:c1:42:0a:d3:93:14:b0:f1:7f:50:4b:c0:09:49:91:
4b:f8:aa:12:bc:95:6c:2e:ca:b1:e9:85:36:a1:34:1f:36:0f:
61:16:d1:35:92:6e:df:e0:84:45:c5:b5:08:1e:ba:8a:7b:c4:
26:c6:77:a7:45:e0:86:c2:c9:73:15:bb:9e:97:ee:c4:44:3a:
d3:ae:f7:cc:bf:63:e1:15:67:8c:ba:a8:a5:c0:bc:81:be:d0:
d5:b3:70:d6:9e:40:2c:2d:32:91:00:08:23:bb:2a:fe:66:75:
b9:5a:02:95:54:c0:87:56:2f:ea:75:17:0a:a6:3e:3d:23:22:
fe:b4:97:53:e8:fa:04:06:05:02:75:a9:db:48:63:6c:9d:48:
c4:0c:e3:51:08:c1:d7:26:3e:49:bd:77:99:09:1c:97:ea:20:
5d:80:cf:41:74:1d:2e:7a:f9:65:97:09:1a:c8:65:4c:59:64:
92:ce:47:ed:fa:4b:8e:4d:a7:00:4c:c3:48:08:ea:26:72:63:
db:b9:ba:b2
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgISAY/ACFYyOzRxDDr9r6McpmGOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YWNmNTlhYmQ0YWJiZmJmODMwYTA2MDIyNWE5NmEyMTc5
YTI2OTQwHhcNMjQwNTI4MTYyODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTcxYWI5YWIxN2RjM2IzYTRjOTQ2ZGFmODYwMDUxZTk3NTQ5MmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQzshV2iJaOjhFtnp7SsoAOywJpe
7jfX3nfl2AwSAkTYPPRmSLHr89cDTUw5VHAlmv/wPjVQZQSewkfvmdmZYcM17wdH
GKdt2KeoB93cnlp9AFMTsznkqIhMCN2ueWPYW6xfwLMaoyEDG2qNOubPa819ME7i
dgOccP0P0XooOfidiMZaxuLMHXptmXYLMmXHMQe/Z/OWM6ctDpGhYLzKqN2B0NaI
oKEjS4Zl4xMegb2Jp0Bk5lPRpM4qqFLz9rEk7rI+ym3azau9LdTIkUrWidb2X4vu
GHLrEq74RbtssCdJUp/oM8BMymm4G8qBHAsNW5IklXiCMu41tJOzGV4iLwIDAQAB
o4ICxzCCAsMwHQYDVR0OBBYEFNpxq5qxfcOzpMlG2vhgBR6XVJLQMB8GA1UdIwQY
MBaAFMis9Zq9Srv7+DCgYCJalqIXmiaUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQt
ODM4ZWJmNDEyYTYxLzEvMm5Hcm1yRjl3N09reVViYS1HQUZIcGRVa3RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQtODM4ZWJmNDEyYTYx
LzEveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHcBggrBgEFBQcBBwEB/wSBzDCByTCBkQQCAAEwgYoDBAAl
EE4DBAMl61gDBAItD8wDBAItisADBAMuHXgDBAJV0NgDBABb1OwDBABb5YgDBAJe
nrQDBANtxfADBAK5H5QDBAK5J6gDBAK5S4wDBAC5dRIDBAK5oSwDBAC5p0wDBAK5
tQQDBAK52tQDBAC59hoDBAK5/JwDBADCfrIDBALDWnQDBADDvhswMwQCAAIwLTAO
AwUFKgC6YAMFACoAumIDBQAqALpnAwYAKgFmAC4DBQAqAiHIAwUDKgmMQDANBgkq
hkiG9w0BAQsFAAOCAQEAf8V51OlEIcXLr2+J81h9X+b0Oq72ZnZg2BElvf4PROkf
IDQsML1mnipFgCafZVgZsBqaJ/3EldmnwUIK05MUsPF/UEvACUmRS/iqEryVbC7K
semFNqE0HzYPYRbRNZJu3+CERcW1CB66invEJsZ3p0XghsLJcxW7npfuxEQ60673
zL9j4RVnjLqopcC8gb7Q1bNw1p5ALC0ykQAII7sq/mZ1uVoClVTAh1Yv6nUXCqY+
PSMi/rSXU+j6BAYFAnWp20hjbJ1IxAzjUQjB1yY+Sb13mQkcl+ogXYDPQXQdLnr5
ZZcJGshlTFlkks5H7fpLjk2nAEzDSAjqJnJj27m6sg==
-----END CERTIFICATE-----
Generated at Mon Jun 17 16:36:06 2024 by rpki-client on console-ams.rpki-client.org