Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/zEx8iQuUh00Az3ebyqIxCAQcZ-Q.roa
File: zEx8iQuUh00Az3ebyqIxCAQcZ-Q.roa (raw, json)
Hash identifier: aE1eRgeYd34mM3KVcSPmN+NdQTBHWO9qMGwfo34vPoY=
Subject key identifier: CC:4C:7C:89:0B:94:87:4D:00:CF:77:9B:CA:A2:31:08:04:1C:67:E4
Certificate issuer: /CN=9d066cb8488dae7e4234aa7c892430dad11fe5b1
Certificate serial: 018D841BDEB2EB9547E1BE8120FD83EB9236
Authority key identifier: 9D:06:6C:B8:48:8D:AE:7E:42:34:AA:7C:89:24:30:DA:D1:1F:E5:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nQZsuEiNrn5CNKp8iSQw2tEf5bE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/zEx8iQuUh00Az3ebyqIxCAQcZ-Q.roa
Signing time: Wed 07 Feb 2024 15:07:15 +0000
ROA not before: Wed 07 Feb 2024 15:07:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20676
IP address blocks: 62.8.128.0/17 maxlen: 17
62.8.168.0/21 maxlen: 21
62.8.176.0/20 maxlen: 20
62.145.0.0/19 maxlen: 19
62.206.0.0/16 maxlen: 16
62.206.164.0/24 maxlen: 24
62.206.165.0/24 maxlen: 24
62.206.166.0/24 maxlen: 24
83.236.0.0/16 maxlen: 16
83.236.0.0/20 maxlen: 20
83.236.16.0/20 maxlen: 20
83.236.32.0/21 maxlen: 21
84.245.128.0/18 maxlen: 18
85.8.132.0/22 maxlen: 22
87.193.0.0/16 maxlen: 16
87.234.0.0/16 maxlen: 16
92.192.0.0/13 maxlen: 13
92.192.0.0/17 maxlen: 17
92.192.128.0/17 maxlen: 17
92.193.0.0/17 maxlen: 17
92.193.128.0/17 maxlen: 17
92.194.0.0/17 maxlen: 17
92.194.128.0/17 maxlen: 17
92.195.0.0/17 maxlen: 17
92.195.128.0/17 maxlen: 17
92.196.0.0/17 maxlen: 17
92.196.128.0/17 maxlen: 17
92.197.130.0/24 maxlen: 24
92.198.192.0/18 maxlen: 18
92.200.0.0/16 maxlen: 16
92.200.0.0/17 maxlen: 17
92.200.128.0/17 maxlen: 17
185.144.188.0/22 maxlen: 22
194.9.127.0/24 maxlen: 24
194.140.96.0/20 maxlen: 20
195.32.128.0/17 maxlen: 17
195.80.192.0/19 maxlen: 19
195.90.0.0/19 maxlen: 19
195.90.8.0/21 maxlen: 21
195.158.160.0/19 maxlen: 19
212.4.160.0/19 maxlen: 19
212.4.176.0/20 maxlen: 20
212.5.0.0/19 maxlen: 19
212.5.8.0/21 maxlen: 21
212.5.16.0/20 maxlen: 20
212.60.192.0/18 maxlen: 18
212.63.32.0/19 maxlen: 19
212.84.208.0/20 maxlen: 20
212.84.224.0/19 maxlen: 19
212.105.192.0/19 maxlen: 19
212.110.192.0/19 maxlen: 19
212.202.0.0/16 maxlen: 16
212.202.0.0/19 maxlen: 19
212.202.40.0/21 maxlen: 21
212.202.48.0/20 maxlen: 20
212.202.168.0/21 maxlen: 21
212.202.176.0/20 maxlen: 20
213.148.128.0/19 maxlen: 19
213.148.128.0/24 maxlen: 24
213.148.129.0/24 maxlen: 24
213.148.130.0/24 maxlen: 24
213.148.133.0/24 maxlen: 24
213.160.0.0/19 maxlen: 19
213.160.0.0/24 maxlen: 24
213.217.64.0/18 maxlen: 18
217.146.128.0/19 maxlen: 19
2001:658::/29 maxlen: 29
2001:1a80::/29 maxlen: 29
2001:1a80:800::/48 maxlen: 48
2001:1a80:801::/48 maxlen: 48
2001:1a80:802::/48 maxlen: 48
2001:1a81:1000::/36 maxlen: 40
2001:1a81:1000::/40 maxlen: 48
2001:1a81:2000::/36 maxlen: 40
2001:1a81:2000::/40 maxlen: 48
2001:1a81:3000::/36 maxlen: 40
2001:1a81:3000::/40 maxlen: 48
2001:1a81:4000::/36 maxlen: 40
2001:1a81:4000::/40 maxlen: 48
2001:1a81:5000::/36 maxlen: 40
2001:1a81:5000::/40 maxlen: 48
2001:1a81:6000::/36 maxlen: 40
2001:1a81:6000::/40 maxlen: 48
2001:1a81:7000::/36 maxlen: 40
2001:1a81:7000::/40 maxlen: 48
2a09:7100::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/nQZsuEiNrn5CNKp8iSQw2tEf5bE.crl
rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/nQZsuEiNrn5CNKp8iSQw2tEf5bE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nQZsuEiNrn5CNKp8iSQw2tEf5bE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 12:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:84:1b:de:b2:eb:95:47:e1:be:81:20:fd:83:eb:92:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d066cb8488dae7e4234aa7c892430dad11fe5b1
Validity
Not Before: Feb 7 15:07:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cc4c7c890b94874d00cf779bcaa23108041c67e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:b1:25:35:b5:7d:ec:97:19:87:d8:4f:21:06:
93:19:a3:49:cc:33:80:a0:72:af:6f:f8:ca:f6:57:
0b:92:74:bd:96:9b:9b:0f:71:11:5c:fa:46:ad:54:
9a:ae:26:0d:95:d9:f4:29:8e:88:b0:67:aa:59:45:
57:08:92:04:85:d0:2e:a8:f1:bd:69:6d:9a:c1:d4:
d4:12:47:3e:32:0f:60:df:a1:0c:ac:fe:ec:c4:78:
0f:75:08:82:a7:7e:84:60:b9:ff:32:27:56:fa:e6:
ac:20:81:86:83:e1:e4:65:b8:c1:43:3b:7c:77:9a:
74:3d:b3:1c:b1:b5:5f:11:2d:2a:0a:ce:4e:ca:b3:
bc:46:38:f8:8d:3a:78:26:4a:d9:7b:a3:b8:7b:08:
40:95:d6:b0:fc:de:ef:42:71:91:b3:01:62:cd:28:
b9:aa:72:6f:d4:67:7f:a9:98:f3:cd:72:56:d4:06:
df:fa:ba:c0:d1:8c:b8:a3:2c:08:5d:76:a7:88:7c:
28:1d:e5:6e:4a:95:9c:f1:a2:e6:cc:1f:ab:8c:00:
5d:e7:76:e3:e7:05:32:d3:44:8b:40:8f:14:d5:62:
64:e9:c2:a4:9d:ba:40:a1:52:1f:41:f3:de:6c:75:
26:4b:af:66:c7:f3:d3:b3:59:64:01:62:36:43:55:
bf:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:4C:7C:89:0B:94:87:4D:00:CF:77:9B:CA:A2:31:08:04:1C:67:E4
X509v3 Authority Key Identifier:
keyid:9D:06:6C:B8:48:8D:AE:7E:42:34:AA:7C:89:24:30:DA:D1:1F:E5:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nQZsuEiNrn5CNKp8iSQw2tEf5bE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/zEx8iQuUh00Az3ebyqIxCAQcZ-Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0d2fd-aa90-4207-9104-3ef02d5140b7/1/nQZsuEiNrn5CNKp8iSQw2tEf5bE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.8.128.0/17
62.145.0.0/19
62.206.0.0/16
83.236.0.0/16
84.245.128.0/18
85.8.132.0/22
87.193.0.0/16
87.234.0.0/16
92.192.0.0-92.200.255.255
185.144.188.0/22
194.9.127.0/24
194.140.96.0/20
195.32.128.0/17
195.80.192.0/19
195.90.0.0/19
195.158.160.0/19
212.4.160.0/19
212.5.0.0/19
212.60.192.0/18
212.63.32.0/19
212.84.208.0-212.84.255.255
212.105.192.0/19
212.110.192.0/19
212.202.0.0/16
213.148.128.0/19
213.160.0.0/19
213.217.64.0/18
217.146.128.0/19
IPv6:
2001:658::/29
2001:1a80::/29
2a09:7100::/29
Signature Algorithm: sha256WithRSAEncryption
88:9d:bf:b4:e7:d0:98:ee:10:eb:e3:9b:27:96:4d:20:5b:94:
65:a9:d6:9c:92:7a:57:16:0e:f1:7f:76:2b:90:0e:5b:01:9a:
29:56:c3:38:03:d3:14:6a:eb:5c:d4:3b:56:7c:35:a2:a8:de:
87:9d:43:79:4b:33:7e:a5:7e:17:6b:1c:cb:79:75:a7:74:95:
4b:9a:10:cf:81:2c:2f:dd:31:19:d9:5e:7a:8f:5d:23:8f:19:
77:7c:c1:cc:74:65:b2:c9:70:c8:13:27:eb:ef:a3:cf:f7:a9:
a8:20:fd:5a:f4:42:86:bb:86:fe:9c:7a:2a:dc:a6:61:08:21:
ad:ba:d0:b4:3c:6b:33:6b:a1:36:49:58:e7:41:77:7a:11:0a:
32:ff:88:6a:16:4e:bf:88:6d:f5:bf:cc:62:84:64:e6:73:05:
ea:3e:89:6b:53:0b:22:06:f5:bc:c2:76:ec:c0:54:97:4b:8a:
e9:e0:d3:6a:d4:39:3f:46:59:b5:db:68:e5:34:53:a6:0a:4a:
93:3a:d5:1c:65:a3:a1:b3:6c:3e:71:27:5a:ab:48:fa:8a:6c:
94:14:f2:5d:c8:14:e6:d4:a0:d4:05:0d:3f:c7:5f:33:13:9c:
ff:bc:87:5e:d9:c1:c0:f9:df:95:48:2c:f6:74:25:9d:ad:e4:
82:f9:67:ea
-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgISAY2EG96y65VH4b6BIP2D65I2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMDY2Y2I4NDg4ZGFlN2U0MjM0YWE3Yzg5MjQzMGRhZDEx
ZmU1YjEwHhcNMjQwMjA3MTUwNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzRjN2M4OTBiOTQ4NzRkMDBjZjc3OWJjYWEyMzEwODA0MWM2N2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorElNbV97JcZh9hPIQaTGaNJzDOA
oHKvb/jK9lcLknS9lpubD3ERXPpGrVSariYNldn0KY6IsGeqWUVXCJIEhdAuqPG9
aW2awdTUEkc+Mg9g36EMrP7sxHgPdQiCp36EYLn/MidW+uasIIGGg+HkZbjBQzt8
d5p0PbMcsbVfES0qCs5OyrO8Rjj4jTp4JkrZe6O4ewhAldaw/N7vQnGRswFizSi5
qnJv1Gd/qZjzzXJW1Abf+rrA0Yy4oywIXXaniHwoHeVuSpWc8aLmzB+rjABd53bj
5wUy00SLQI8U1WJk6cKknbpAoVIfQfPebHUmS69mx/PTs1lkAWI2Q1W//wIDAQAB
o4IC1TCCAtEwHQYDVR0OBBYEFMxMfIkLlIdNAM93m8qiMQgEHGfkMB8GA1UdIwQY
MBaAFJ0GbLhIja5+QjSqfIkkMNrRH+WxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblFac3VFaU5ybjVDTktwOGlTUXcydEVmNWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGQyZmQtYWE5MC00MjA3LTkxMDQt
M2VmMDJkNTE0MGI3LzEvekV4OGlRdVVoMDBBejNlYnlxSXhDQVFjWi1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGQyZmQtYWE5MC00MjA3LTkxMDQtM2VmMDJkNTE0MGI3
LzEvblFac3VFaU5ybjVDTktwOGlTUXcydEVmNWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHqBggrBgEFBQcBBwEB/wSB2jCB1zCBtwQCAAEwgbADBAc+
CIADBAU+kQADAwA+zgMDAFPsAwQGVPWAAwQCVQiEAwMAV8EDAwBX6jAKAwMGXMAD
AwBcyAMEArmQvAMEAMIJfwMEBMKMYAMEB8MggAMEBcNQwAMEBcNaAAMEBcOeoAME
BdQEoAMEBdQFAAMEBtQ8wAMEBdQ/IDALAwQE1FTQAwMA1FQDBAXUacADBAXUbsAD
AwDUygMEBdWUgAMEBdWgAAMEBtXZQAMEBdmSgDAbBAIAAjAVAwUDIAEGWAMFAyAB
GoADBQMqCXEAMA0GCSqGSIb3DQEBCwUAA4IBAQCInb+059CY7hDr45snlk0gW5Rl
qdacknpXFg7xf3YrkA5bAZopVsM4A9MUautc1DtWfDWiqN6HnUN5SzN+pX4XaxzL
eXWndJVLmhDPgSwv3TEZ2V56j10jjxl3fMHMdGWyyXDIEyfr76PP96moIP1a9EKG
u4b+nHoq3KZhCCGtutC0PGsza6E2SVjnQXd6EQoy/4hqFk6/iG31v8xihGTmcwXq
PolrUwsiBvW8wnbswFSXS4rp4NNq1Dk/Rlm122jlNFOmCkqTOtUcZaOhs2w+cSda
q0j6imyUFPJdyBTm1KDUBQ0/x18zE5z/vIde2cHA+d+VSCz2dCWdreSC+Wfq
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:50:48 2024 by rpki-client on console-fra.rpki-client.org