Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/HFgx3Od64Q3tjLHQ_xEFGphlFFQ.roa
File: HFgx3Od64Q3tjLHQ_xEFGphlFFQ.roa (raw, json)
Hash identifier: 9MlA1vRyYeBqIFb2xdG5n9AqmEq6CXjjOLR0lETupaY=
Subject key identifier: 1C:58:31:DC:E7:7A:E1:0D:ED:8C:B1:D0:FF:11:05:1A:98:65:14:54
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 018EE0CC9397FB47F936E54B1EEC6059909A
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/HFgx3Od64Q3tjLHQ_xEFGphlFFQ.roa
Signing time: Mon 15 Apr 2024 08:08:07 +0000
ROA not before: Mon 15 Apr 2024 08:08:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3356
IP address blocks: 5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
92.42.120.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
2a04:e9c0::/29 maxlen: 29
2a0a:f480::/29 maxlen: 29
2a0d:7680::/29 maxlen: 29
2a0d:bf80::/29 maxlen: 29
2a0e:a1c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 03 May 2024 08:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:e0:cc:93:97:fb:47:f9:36:e5:4b:1e:ec:60:59:90:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Apr 15 08:08:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1c5831dce77ae10ded8cb1d0ff11051a98651454
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:09:f5:ae:72:ac:75:b4:ac:a4:c4:da:34:7c:
e6:1f:ed:e6:7a:23:8f:b7:8b:7b:3c:ab:e9:0a:ab:
f7:60:84:f8:39:2e:ed:ae:5c:f2:1c:7e:f9:0b:23:
4b:2f:b6:68:24:2c:df:ff:8e:49:4a:c1:9d:01:dd:
51:93:77:e5:2f:a8:e1:e5:97:52:6d:8d:00:6c:fd:
46:c4:ef:5f:cd:e6:86:b3:90:03:0b:81:8f:7e:63:
93:3d:ca:80:ce:f9:9c:66:8e:01:9a:99:6f:af:c0:
6c:ff:e0:88:c4:95:96:7d:a7:a1:2a:98:f1:9b:62:
7e:f8:11:6b:db:fb:68:3f:69:7a:1a:14:ea:46:ad:
9d:50:69:33:9b:c3:eb:54:11:e2:95:33:71:ae:90:
29:19:7a:f4:e2:72:8d:a9:ed:42:a0:85:b3:b0:48:
40:4e:82:a2:5b:88:56:0d:c0:39:ac:37:d6:65:06:
e2:b6:21:3f:bf:1c:2b:9a:f7:b0:3f:e4:f9:28:5b:
33:75:ab:fa:6b:99:97:38:b1:1f:6c:27:2e:82:a0:
31:f2:c5:7a:a1:d5:85:86:d3:1f:c8:d0:c6:6d:05:
07:f7:98:b0:85:ba:5b:5a:f8:f3:57:42:18:2c:02:
08:26:73:2f:f1:f6:ad:22:64:7b:58:3a:bb:dd:4f:
8e:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:58:31:DC:E7:7A:E1:0D:ED:8C:B1:D0:FF:11:05:1A:98:65:14:54
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/HFgx3Od64Q3tjLHQ_xEFGphlFFQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
83.150.252.0/22
85.95.96.0/19
92.42.120.0/21
95.129.64.0/21
176.58.0.0/21
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.200.0/23
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/24
185.248.254.0/24
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
2a04:e9c0::/29
2a0a:f480::/29
2a0d:7680::/29
2a0d:bf80::/29
2a0e:a1c0::/29
Signature Algorithm: sha256WithRSAEncryption
2c:12:e8:c3:dd:c5:3e:61:4d:b6:ab:71:c9:41:4d:de:be:8b:
44:39:e5:f5:8b:e7:1f:92:c4:91:d7:35:d4:ae:12:2a:3c:5d:
72:24:0f:c3:38:8a:88:40:a7:f2:03:6c:96:96:a4:a6:86:04:
37:99:98:d9:8e:36:35:55:96:d4:03:69:80:2f:98:5f:57:82:
35:c9:fe:65:6e:89:34:e1:61:a3:27:3f:55:24:76:46:66:ef:
91:c1:ed:1b:b2:f6:ee:f8:70:84:06:2a:d8:de:f1:1c:1f:fc:
f0:d8:a9:c4:fe:24:f2:00:95:32:ea:c9:d6:8e:55:df:02:d9:
67:35:84:2a:35:aa:a5:ab:85:82:37:f2:c5:11:8d:e3:a1:d4:
2e:f4:69:9f:1a:50:b3:b5:88:41:bd:e8:7c:e3:e7:63:0d:08:
ee:8c:7e:3c:b5:7d:67:ef:5d:19:a4:3c:3e:93:8a:df:af:44:
6a:1d:8c:d7:d8:a0:6d:1c:f6:dc:ae:2f:dd:cd:58:bf:b6:e5:
ca:ab:b4:b2:ba:44:fe:1d:88:b3:a1:c7:6d:ed:69:74:75:31:
1d:f1:4d:39:ff:9d:52:bb:a8:82:c4:10:91:09:24:58:7c:d1:
d5:02:58:76:2e:7a:d7:4a:b9:dc:79:1c:b3:ba:2c:53:60:f0:
fa:02:75:2a
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgISAY7gzJOX+0f5NuVLHuxgWZCaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjQwNDE1MDgwODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzU4MzFkY2U3N2FlMTBkZWQ4Y2IxZDBmZjExMDUxYTk4NjUxNDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wn1rnKsdbSspMTaNHzmH+3meiOP
t4t7PKvpCqv3YIT4OS7trlzyHH75CyNLL7ZoJCzf/45JSsGdAd1Rk3flL6jh5ZdS
bY0AbP1GxO9fzeaGs5ADC4GPfmOTPcqAzvmcZo4Bmplvr8Bs/+CIxJWWfaehKpjx
m2J++BFr2/toP2l6GhTqRq2dUGkzm8PrVBHilTNxrpApGXr04nKNqe1CoIWzsEhA
ToKiW4hWDcA5rDfWZQbitiE/vxwrmvewP+T5KFszdav6a5mXOLEfbCcugqAx8sV6
odWFhtMfyNDGbQUH95iwhbpbWvjzV0IYLAIIJnMv8fatImR7WDq73U+OKwIDAQAB
o4IDETCCAw0wHQYDVR0OBBYEFBxYMdzneuEN7Yyx0P8RBRqYZRRUMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvSEZneDNPZDY0UTN0akxIUV94RUZHcGhsRkZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJQYIKwYBBQUHAQcBAf8EggEUMIIBEDCB2wQCAAEwgdQD
BAMFn9ADBAIFtUgDBAMfwGADBAItCGQDBAIthGwDBAItiSwDBARQSvADBAJTlvwD
BAVVX2ADBANcKngDBANfgUADBAOwOgADBAK5T7gDBAK5WgADBAK5XswDBAK5Y0wD
BAK5kVgDBAK5stgDBAG5tsgDBAK5zNQDBAK55QQDBAK59oQDBAK598gDBAC5+PwD
BAC5+P4DBAO8XhADBADBGAMDBADBGAYDBADBGA0DBADBGB8DBAXDGiADBAHDWAgw
DAMEAtQLRAMEAtQLSAMEBNmRgDAwBAIAAjAqAwUAKgDxwAMFAyoE6cADBQMqCvSA
AwUDKg12gAMFAyoNv4ADBQMqDqHAMA0GCSqGSIb3DQEBCwUAA4IBAQAsEujD3cU+
YU22q3HJQU3evotEOeX1i+cfksSR1zXUrhIqPF1yJA/DOIqIQKfyA2yWlqSmhgQ3
mZjZjjY1VZbUA2mAL5hfV4I1yf5lbok04WGjJz9VJHZGZu+Rwe0bsvbu+HCEBirY
3vEcH/zw2KnE/iTyAJUy6snWjlXfAtlnNYQqNaqlq4WCN/LFEY3jodQu9GmfGlCz
tYhBveh84+djDQjujH48tX1n710ZpDw+k4rfr0RqHYzX2KBtHPbcri/dzVi/tuXK
q7SyukT+HYizocdt7Wl0dTEd8U05/51Su6iCxBCRCSRYfNHVAlh2LnrXSrnceRyz
uixTYPD6AnUq
-----END CERTIFICATE-----
Generated at Thu May 2 17:41:46 2024 by rpki-client on console-ams.rpki-client.org