Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/SN67b2Zk-ngSUPsWZ6OiZd-2rAQ.roa
File: SN67b2Zk-ngSUPsWZ6OiZd-2rAQ.roa (raw, json)
Hash identifier: oYAAu5FITJtr6j4lEc2FxlCl3/ZkFW/U5HK0W4dyc5E=
Subject key identifier: 48:DE:BB:6F:66:64:FA:78:12:50:FB:16:67:A3:A2:65:DF:B6:AC:04
Certificate issuer: /CN=a9061f2f49a6d7af9ea676bad03df1ce2f50260d
Certificate serial: 018CC4935BE918D1028539CA1AB8B6D1C5E8
Authority key identifier: A9:06:1F:2F:49:A6:D7:AF:9E:A6:76:BA:D0:3D:F1:CE:2F:50:26:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qQYfL0mm16-epna60D3xzi9QJg0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/SN67b2Zk-ngSUPsWZ6OiZd-2rAQ.roa
Signing time: Mon 01 Jan 2024 10:30:40 +0000
ROA not before: Mon 01 Jan 2024 10:30:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29056
IP address blocks: 91.143.96.0/20 maxlen: 24
185.228.128.0/22 maxlen: 24
109.73.144.0/20 maxlen: 24
185.233.144.0/22 maxlen: 24
185.220.252.0/22 maxlen: 24
85.237.0.0/19 maxlen: 24
217.29.144.0/20 maxlen: 24
185.222.128.0/22 maxlen: 24
193.46.248.0/24 maxlen: 24
185.225.144.0/22 maxlen: 24
185.15.236.0/22 maxlen: 24
185.236.72.0/22 maxlen: 24
37.143.176.0/20 maxlen: 24
2a02:758::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/qQYfL0mm16-epna60D3xzi9QJg0.crl
rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/qQYfL0mm16-epna60D3xzi9QJg0.mft
rsync://rpki.ripe.net/repository/DEFAULT/qQYfL0mm16-epna60D3xzi9QJg0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 01:01:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:5b:e9:18:d1:02:85:39:ca:1a:b8:b6:d1:c5:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9061f2f49a6d7af9ea676bad03df1ce2f50260d
Validity
Not Before: Jan 1 10:30:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=48debb6f6664fa781250fb1667a3a265dfb6ac04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:c6:65:17:c9:ca:40:6f:78:74:65:b9:73:95:
3b:8a:a7:14:b3:80:32:d4:39:6d:ba:8b:76:a7:98:
43:3e:85:45:0f:19:cf:a5:05:a8:9d:2e:ff:a6:ea:
9c:63:9b:f1:18:69:5c:14:bc:01:22:2e:84:84:7b:
33:3b:c4:84:68:c3:20:d2:1e:1d:7a:7b:6e:b4:71:
35:8c:d5:dc:83:0c:0f:3f:18:2d:8a:e1:cc:00:39:
30:d6:39:37:b3:c4:56:25:06:a6:89:a4:d2:28:b6:
47:2f:a6:62:0c:cb:03:54:72:9c:dc:78:01:9f:49:
d5:33:90:80:24:ae:b3:b6:0e:92:96:8b:26:81:f3:
ef:f2:36:57:bc:74:f4:45:d6:2c:6b:6a:ee:26:9b:
c4:07:a7:53:52:9d:a0:36:4d:ef:2b:a2:56:e1:63:
ef:38:55:46:a2:31:23:fd:dc:77:c2:57:9e:8f:88:
c5:e5:5c:ee:f3:d2:9e:11:a0:d4:9c:70:ba:6d:86:
83:20:04:7a:82:3d:90:b1:2e:67:60:00:dd:cb:22:
d5:b6:6c:a0:56:54:bd:62:48:1a:83:df:56:fe:b5:
12:96:b6:94:1d:78:90:fb:5c:76:68:05:44:98:49:
eb:d7:fd:1f:ee:e3:11:9c:4a:77:09:60:4a:44:bb:
2e:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:DE:BB:6F:66:64:FA:78:12:50:FB:16:67:A3:A2:65:DF:B6:AC:04
X509v3 Authority Key Identifier:
keyid:A9:06:1F:2F:49:A6:D7:AF:9E:A6:76:BA:D0:3D:F1:CE:2F:50:26:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qQYfL0mm16-epna60D3xzi9QJg0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/SN67b2Zk-ngSUPsWZ6OiZd-2rAQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba9be1-1fa2-4253-bf01-f6c268612fc7/1/qQYfL0mm16-epna60D3xzi9QJg0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.176.0/20
85.237.0.0/19
91.143.96.0/20
109.73.144.0/20
185.15.236.0/22
185.220.252.0/22
185.222.128.0/22
185.225.144.0/22
185.228.128.0/22
185.233.144.0/22
185.236.72.0/22
193.46.248.0/24
217.29.144.0/20
IPv6:
2a02:758::/32
Signature Algorithm: sha256WithRSAEncryption
86:50:c8:3b:55:d9:ac:76:03:2d:5b:ef:0e:71:2c:93:ca:fb:
03:87:29:56:ae:b2:f9:c5:14:93:1a:a5:1a:e7:31:22:47:ca:
68:a6:75:b1:cb:db:6c:12:fa:9d:33:43:f8:5e:42:20:a2:75:
93:4c:a5:74:b8:6d:d3:c6:ea:3c:db:c0:99:43:98:93:68:5f:
bb:1f:4b:dd:f9:b9:3f:1f:69:75:b3:53:9b:95:3f:c5:c4:c2:
eb:f3:f9:09:40:d4:06:53:54:bc:b7:fb:b3:5a:83:fc:ef:18:
eb:09:ea:4d:ed:cc:6f:1e:a1:97:c5:d8:f1:3c:84:97:a8:88:
8e:0d:e2:ed:32:bc:1f:cd:a2:37:11:3e:87:6a:45:8d:7f:66:
38:f0:e7:03:f3:51:31:b4:0f:16:57:e8:61:bb:83:4b:15:08:
cf:e6:7b:aa:c0:58:d0:32:d4:b0:9e:1f:cf:e8:b5:69:e8:3c:
5e:01:b8:29:a5:c2:35:d3:ea:c1:c6:49:a9:46:0b:22:af:a3:
42:89:87:a2:72:8c:9f:5c:25:46:28:cd:33:86:ea:31:a4:a9:
94:60:b9:a4:96:b0:08:7f:fc:49:63:f7:80:6d:1c:9d:f0:b4:
1f:7b:07:89:49:57:84:7d:0f:df:0c:cd:6f:8b:87:e4:c6:e4:
d6:11:9b:65
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYzEk1vpGNEChTnKGri20cXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MDYxZjJmNDlhNmQ3YWY5ZWE2NzZiYWQwM2RmMWNlMmY1
MDI2MGQwHhcNMjQwMTAxMTAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGRlYmI2ZjY2NjRmYTc4MTI1MGZiMTY2N2EzYTI2NWRmYjZhYzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMZlF8nKQG94dGW5c5U7iqcUs4Ay
1Dltuot2p5hDPoVFDxnPpQWonS7/puqcY5vxGGlcFLwBIi6EhHszO8SEaMMg0h4d
entutHE1jNXcgwwPPxgtiuHMADkw1jk3s8RWJQamiaTSKLZHL6ZiDMsDVHKc3HgB
n0nVM5CAJK6ztg6SlosmgfPv8jZXvHT0RdYsa2ruJpvEB6dTUp2gNk3vK6JW4WPv
OFVGojEj/dx3wleej4jF5Vzu89KeEaDUnHC6bYaDIAR6gj2QsS5nYADdyyLVtmyg
VlS9Ykgag99W/rUSlraUHXiQ+1x2aAVEmEnr1/0f7uMRnEp3CWBKRLsuVQIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFEjeu29mZPp4ElD7FmejomXftqwEMB8GA1UdIwQY
MBaAFKkGHy9JptevnqZ2utA98c4vUCYNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVFZZkwwbW0xNi1lcG5hNjBEM3h6aTlRSmcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTliZTEtMWZhMi00MjUzLWJmMDEt
ZjZjMjY4NjEyZmM3LzEvU042N2IyWmstbmdTVVBzV1o2T2laZC0yckFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTliZTEtMWZhMi00MjUzLWJmMDEtZjZjMjY4NjEyZmM3
LzEvcVFZZkwwbW0xNi1lcG5hNjBEM3h6aTlRSmcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQEJY+wAwQF
Ve0AAwQEW49gAwQEbUmQAwQCuQ/sAwQCudz8AwQCud6AAwQCueGQAwQCueSAAwQC
uemQAwQCuexIAwQAwS74AwQE2R2QMA0EAgACMAcDBQAqAgdYMA0GCSqGSIb3DQEB
CwUAA4IBAQCGUMg7VdmsdgMtW+8OcSyTyvsDhylWrrL5xRSTGqUa5zEiR8popnWx
y9tsEvqdM0P4XkIgonWTTKV0uG3Txuo828CZQ5iTaF+7H0vd+bk/H2l1s1OblT/F
xMLr8/kJQNQGU1S8t/uzWoP87xjrCepN7cxvHqGXxdjxPISXqIiODeLtMrwfzaI3
ET6HakWNf2Y48OcD81ExtA8WV+hhu4NLFQjP5nuqwFjQMtSwnh/P6LVp6DxeAbgp
pcI10+rBxkmpRgsir6NCiYeicoyfXCVGKM0zhuoxpKmUYLmklrAIf/xJY/eAbRyd
8LQfeweJSVeEfQ/fDM1vi4fkxuTWEZtl
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:35:31 2024 by rpki-client on console-ams.rpki-client.org