Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/CkyPrfn7PHC6llhoe6CqFekOeEg.roa
File: CkyPrfn7PHC6llhoe6CqFekOeEg.roa (raw, json)
Hash identifier: uCCiEDfmNnWdDnMTfgeGpxl3BvWyz4jeJGETW9pT+yg=
Subject key identifier: 0A:4C:8F:AD:F9:FB:3C:70:BA:96:58:68:7B:A0:AA:15:E9:0E:78:48
Certificate issuer: /CN=24cacceee35ff87cd678ef6a92262cefce8492df
Certificate serial: 01933DDFFE5E94C2FC362C4E0B24D6ADA88A
Authority key identifier: 24:CA:CC:EE:E3:5F:F8:7C:D6:78:EF:6A:92:26:2C:EF:CE:84:92:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JMrM7uNf-HzWeO9qkiYs786Ekt8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/CkyPrfn7PHC6llhoe6CqFekOeEg.roa
Signing time: Mon 18 Nov 2024 06:05:10 +0000
ROA not before: Mon 18 Nov 2024 06:05:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48944
IP address blocks: 5.23.112.0/21 maxlen: 21
95.130.56.0/21 maxlen: 21
95.130.56.0/24 maxlen: 24
95.130.57.0/24 maxlen: 24
95.130.58.0/24 maxlen: 24
95.130.59.0/24 maxlen: 24
95.130.60.0/24 maxlen: 24
95.130.61.0/24 maxlen: 24
95.130.62.0/24 maxlen: 24
95.130.63.0/24 maxlen: 24
109.72.192.0/20 maxlen: 20
109.72.192.0/21 maxlen: 21
109.72.192.0/24 maxlen: 24
109.72.193.0/24 maxlen: 24
109.72.194.0/24 maxlen: 24
109.72.195.0/24 maxlen: 24
109.72.196.0/24 maxlen: 24
109.72.197.0/24 maxlen: 24
109.72.198.0/24 maxlen: 24
109.72.199.0/24 maxlen: 24
109.72.200.0/21 maxlen: 21
109.72.200.0/24 maxlen: 24
109.72.201.0/24 maxlen: 24
109.72.202.0/24 maxlen: 24
109.72.203.0/24 maxlen: 24
109.72.204.0/24 maxlen: 24
109.72.205.0/24 maxlen: 24
109.72.206.0/24 maxlen: 24
109.72.207.0/24 maxlen: 24
109.238.176.0/20 maxlen: 20
109.238.176.0/21 maxlen: 21
109.238.184.0/21 maxlen: 21
109.238.184.0/24 maxlen: 24
176.67.64.0/20 maxlen: 20
185.11.176.0/22 maxlen: 22
185.246.4.0/22 maxlen: 22
185.246.4.0/24 maxlen: 24
185.246.5.0/24 maxlen: 24
185.246.6.0/24 maxlen: 24
185.246.7.0/24 maxlen: 24
2a02:d2c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/JMrM7uNf-HzWeO9qkiYs786Ekt8.crl
rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/JMrM7uNf-HzWeO9qkiYs786Ekt8.mft
rsync://rpki.ripe.net/repository/DEFAULT/JMrM7uNf-HzWeO9qkiYs786Ekt8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:3d:df:fe:5e:94:c2:fc:36:2c:4e:0b:24:d6:ad:a8:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=24cacceee35ff87cd678ef6a92262cefce8492df
Validity
Not Before: Nov 18 06:05:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0a4c8fadf9fb3c70ba9658687ba0aa15e90e7848
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:36:4a:78:31:72:62:15:0c:27:c7:36:70:bc:
ff:46:89:c4:88:47:54:6a:42:fc:21:35:b1:46:09:
22:d8:ec:35:bc:42:34:9f:18:bd:04:11:cc:c1:73:
db:b8:a1:5d:6b:1b:d7:3c:4e:83:80:07:03:ad:19:
16:c5:3a:c2:18:dc:e7:ed:ae:67:43:bf:f1:59:57:
b8:48:cc:5e:ff:fb:90:d9:19:49:7e:42:9f:7d:64:
34:0c:be:51:79:24:7c:4b:0c:61:83:c4:c5:c9:73:
16:10:a8:1c:b5:81:ea:60:9b:64:0a:40:0a:95:ec:
73:fa:1a:20:f0:e5:c5:38:b9:4e:79:fe:89:be:78:
73:0f:e1:21:10:77:49:53:38:64:d4:78:85:0f:e3:
eb:36:c2:85:3f:d2:a5:d8:15:1c:e4:35:21:db:0f:
41:1d:5d:12:45:7d:c9:84:2c:95:fa:43:8a:af:a8:
33:2e:3d:5e:83:d2:5a:fb:47:aa:3f:4e:f2:c2:e9:
6e:bc:63:8e:76:b3:19:65:a1:0e:6b:58:6e:4d:fd:
5b:e7:34:69:4f:d5:9b:1d:79:fa:25:f3:f5:f4:f0:
20:03:2f:c8:ab:f1:e6:ec:91:ad:35:42:9c:2c:bf:
16:78:32:cd:99:c0:47:b5:e9:04:4e:b6:c3:db:c2:
13:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:4C:8F:AD:F9:FB:3C:70:BA:96:58:68:7B:A0:AA:15:E9:0E:78:48
X509v3 Authority Key Identifier:
keyid:24:CA:CC:EE:E3:5F:F8:7C:D6:78:EF:6A:92:26:2C:EF:CE:84:92:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JMrM7uNf-HzWeO9qkiYs786Ekt8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/CkyPrfn7PHC6llhoe6CqFekOeEg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/6670f9-418e-4275-8000-a29eb139e79d/1/JMrM7uNf-HzWeO9qkiYs786Ekt8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.23.112.0/21
95.130.56.0/21
109.72.192.0/20
109.238.176.0/20
176.67.64.0/20
185.11.176.0/22
185.246.4.0/22
IPv6:
2a02:d2c0::/29
Signature Algorithm: sha256WithRSAEncryption
12:7f:c0:5e:86:38:db:ad:36:bf:67:d3:d2:81:7b:a1:e5:0f:
10:ed:a9:05:ec:65:27:44:23:db:91:25:c2:47:4f:8b:c0:da:
7f:1c:3f:e3:22:a6:59:c2:2b:84:fc:21:e2:85:5a:26:91:19:
02:0a:2e:4c:0f:8b:a4:aa:4c:a9:4e:a8:39:76:c6:37:ed:5a:
81:23:c5:d5:d3:ab:80:ee:9b:bd:e9:87:83:93:fa:41:40:ee:
e5:30:ab:f1:6e:3c:4f:51:a2:5c:5a:1a:0b:44:45:19:2f:39:
8d:1b:c4:15:87:9d:15:e3:4e:ec:2b:ed:2f:8b:e0:30:0f:5f:
d8:18:42:34:be:29:e3:38:72:91:77:7a:9f:0d:4b:d9:5b:c4:
d9:45:9c:95:d1:69:f6:25:9f:16:d7:0c:d0:3e:f5:16:53:d1:
8c:b4:a0:9d:61:68:20:b5:d0:7b:f9:28:6b:a9:1b:92:80:9c:
2e:f1:d7:62:f6:40:d4:5f:73:39:a4:19:a4:2e:16:99:77:02:
90:22:0c:ca:b3:a3:a5:7b:a8:56:26:bf:06:b1:1b:76:bc:3f:
2b:de:98:ed:60:7d:44:35:71:a2:98:a0:05:30:37:19:18:0f:
d1:2e:a1:1b:ed:eb:56:f4:f0:97:69:91:41:de:e5:b7:cb:6f:
7c:02:af:80
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZM93/5elML8NixOCyTWraiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0Y2FjY2VlZTM1ZmY4N2NkNjc4ZWY2YTkyMjYyY2VmY2U4
NDkyZGYwHhcNMjQxMTE4MDYwNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTRjOGZhZGY5ZmIzYzcwYmE5NjU4Njg3YmEwYWExNWU5MGU3ODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTZKeDFyYhUMJ8c2cLz/RonEiEdU
akL8ITWxRgki2Ow1vEI0nxi9BBHMwXPbuKFdaxvXPE6DgAcDrRkWxTrCGNzn7a5n
Q7/xWVe4SMxe//uQ2RlJfkKffWQ0DL5ReSR8Swxhg8TFyXMWEKgctYHqYJtkCkAK
lexz+hog8OXFOLlOef6JvnhzD+EhEHdJUzhk1HiFD+PrNsKFP9Kl2BUc5DUh2w9B
HV0SRX3JhCyV+kOKr6gzLj1eg9Ja+0eqP07ywuluvGOOdrMZZaEOa1huTf1b5zRp
T9WbHXn6JfP19PAgAy/Iq/Hm7JGtNUKcLL8WeDLNmcBHtekETrbD28ITFwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFApMj635+zxwupZYaHugqhXpDnhIMB8GA1UdIwQY
MBaAFCTKzO7jX/h81njvapImLO/OhJLfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk1yTTd1TmYtSHpXZU85cWtpWXM3ODZFa3Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy82NjcwZjktNDE4ZS00Mjc1LTgwMDAt
YTI5ZWIxMzllNzlkLzEvQ2t5UHJmbjdQSEM2bGxob2U2Q3FGZWtPZUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy82NjcwZjktNDE4ZS00Mjc1LTgwMDAtYTI5ZWIxMzllNzlk
LzEvSk1yTTd1TmYtSHpXZU85cWtpWXM3ODZFa3Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDBRdwAwQD
X4I4AwQEbUjAAwQEbe6wAwQEsENAAwQCuQuwAwQCufYEMA0EAgACMAcDBQMqAtLA
MA0GCSqGSIb3DQEBCwUAA4IBAQASf8BehjjbrTa/Z9PSgXuh5Q8Q7akF7GUnRCPb
kSXCR0+LwNp/HD/jIqZZwiuE/CHihVomkRkCCi5MD4ukqkypTqg5dsY37VqBI8XV
06uA7pu96YeDk/pBQO7lMKvxbjxPUaJcWhoLREUZLzmNG8QVh50V407sK+0vi+Aw
D1/YGEI0vinjOHKRd3qfDUvZW8TZRZyV0Wn2JZ8W1wzQPvUWU9GMtKCdYWggtdB7
+ShrqRuSgJwu8ddi9kDUX3M5pBmkLhaZdwKQIgzKs6Ole6hWJr8GsRt2vD8r3pjt
YH1ENXGimKAFMDcZGA/RLqEb7etW9PCXaZFB3uW3y298Aq+A
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:40:04 2024 by rpki-client on console-ams.rpki-client.org