Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/_ZXETUqsyUDtFM-jq4c-EF-2iEA.roa
File: _ZXETUqsyUDtFM-jq4c-EF-2iEA.roa (raw, json)
Hash identifier: AqnIn4kKk24wqrs6/YsdWXoI4yuDLCgAoy8VxbGYqDM=
Subject key identifier: FD:95:C4:4D:4A:AC:C9:40:ED:14:CF:A3:AB:87:3E:10:5F:B6:88:40
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 019199DB2A34BBE7EE2D044C782F0329C7E2
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/_ZXETUqsyUDtFM-jq4c-EF-2iEA.roa
Signing time: Wed 28 Aug 2024 16:39:22 +0000
ROA not before: Wed 28 Aug 2024 16:39:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203
IP address blocks: 5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
92.42.120.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
2a04:e9c0::/29 maxlen: 29
2a0a:f480::/29 maxlen: 29
2a0d:7680::/29 maxlen: 29
2a0d:bf80::/29 maxlen: 29
2a0e:a1c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 21 Sep 2024 16:00:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:99:db:2a:34:bb:e7:ee:2d:04:4c:78:2f:03:29:c7:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Aug 28 16:39:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fd95c44d4aacc940ed14cfa3ab873e105fb68840
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:78:6a:21:c9:3c:e2:6e:a5:c2:1a:81:b3:d8:
33:b9:84:87:35:39:de:73:03:ca:35:fa:6d:e1:d5:
93:18:a6:13:39:d9:7f:60:2c:21:e1:a1:43:73:7e:
38:5d:4d:be:1f:ee:3b:ab:35:7e:15:e4:d6:fc:b3:
f1:22:71:5c:1f:d7:ff:7a:dc:2d:9a:a3:3f:c3:5f:
93:16:15:53:3c:bd:d9:c0:3e:88:79:99:36:17:db:
1d:8a:55:c3:f3:7d:85:66:b1:75:c9:29:36:31:db:
43:b3:20:4a:3a:5e:a9:6b:2a:ba:85:f4:86:15:a2:
46:6c:5e:bc:db:01:b8:09:70:81:71:24:d9:89:66:
b3:52:e2:5d:87:0e:5b:8b:25:d8:fa:56:86:bf:30:
9a:56:62:0b:d9:64:43:36:22:ec:1f:37:3e:3a:4d:
d4:5b:78:b9:17:bb:a2:0b:60:85:41:f6:45:7a:7c:
99:b1:31:52:2c:f5:b0:c3:3a:85:73:65:4a:1b:1d:
f2:96:6d:8f:90:0c:fa:a5:55:dd:e1:ee:66:14:e6:
41:48:8a:1c:43:5e:d8:4b:14:ac:a2:5e:e8:c3:9b:
07:d9:fe:05:7c:a1:ee:ce:44:64:23:02:aa:2c:22:
4d:a1:e3:9d:6b:6d:24:87:ad:9b:8b:10:31:3b:9c:
53:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:95:C4:4D:4A:AC:C9:40:ED:14:CF:A3:AB:87:3E:10:5F:B6:88:40
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/_ZXETUqsyUDtFM-jq4c-EF-2iEA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
83.150.252.0/22
85.95.96.0/19
92.42.120.0/21
95.129.64.0/21
176.58.0.0/21
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.200.0/23
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
2a04:e9c0::/29
2a0a:f480::/29
2a0d:7680::/29
2a0d:bf80::/29
2a0e:a1c0::/29
Signature Algorithm: sha256WithRSAEncryption
8b:0f:03:6c:06:06:81:7c:38:a4:6b:6c:9a:d4:19:52:9d:79:
51:0a:de:32:4f:95:51:9e:10:2f:ac:9c:f8:92:a4:ef:be:06:
9b:29:01:ca:87:e4:f1:3c:29:1b:37:32:13:a3:6f:16:a7:90:
12:18:e8:7d:c2:12:71:54:b7:d6:39:c2:59:2c:f9:52:33:6d:
e6:4d:07:95:aa:61:7f:75:89:0d:64:22:f9:36:58:eb:fd:d3:
09:91:78:5f:df:11:0e:08:8b:5b:fb:12:ab:98:82:7f:bb:07:
dd:88:f1:6e:0f:65:ce:fb:61:31:31:18:da:ea:b5:a9:e8:24:
54:14:0a:f8:54:24:cc:15:8f:0f:e6:80:fb:84:b7:56:d5:2c:
47:71:6e:07:b6:f3:68:db:8a:4e:40:03:7b:68:2b:a8:7a:e7:
56:b9:5e:0e:41:75:00:15:13:01:71:a8:49:f4:eb:47:cf:99:
66:c2:42:21:fd:43:e8:60:6c:ef:c2:89:77:e1:92:84:df:8e:
a5:a2:7a:68:2e:21:27:d2:d3:59:9c:11:8e:e5:b3:df:14:8f:
71:1e:58:fe:99:2d:1d:e2:bd:bc:35:4f:dc:bd:36:b2:ef:84:
90:59:2e:c1:bb:22:7f:bd:46:c5:7f:1e:23:e1:66:f4:71:f1:
a9:60:bd:37
-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgISAZGZ2yo0u+fuLQRMeC8DKcfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjQwODI4MTYzOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDk1YzQ0ZDRhYWNjOTQwZWQxNGNmYTNhYjg3M2UxMDVmYjY4ODQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXhqIck84m6lwhqBs9gzuYSHNTne
cwPKNfpt4dWTGKYTOdl/YCwh4aFDc344XU2+H+47qzV+FeTW/LPxInFcH9f/etwt
mqM/w1+TFhVTPL3ZwD6IeZk2F9sdilXD832FZrF1ySk2MdtDsyBKOl6payq6hfSG
FaJGbF682wG4CXCBcSTZiWazUuJdhw5biyXY+laGvzCaVmIL2WRDNiLsHzc+Ok3U
W3i5F7uiC2CFQfZFenyZsTFSLPWwwzqFc2VKGx3ylm2PkAz6pVXd4e5mFOZBSIoc
Q17YSxSsol7ow5sH2f4FfKHuzkRkIwKqLCJNoeOda20kh62bixAxO5xT+QIDAQAB
o4IDCzCCAwcwHQYDVR0OBBYEFP2VxE1KrMlA7RTPo6uHPhBftohAMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvX1pYRVRVcXN5VUR0Rk0tanE0Yy1FRi0yaUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHwYIKwYBBQUHAQcBAf8EggEOMIIBCjCB1QQCAAEwgc4D
BAMFn9ADBAIFtUgDBAMfwGADBAItCGQDBAIthGwDBAItiSwDBARQSvADBAJTlvwD
BAVVX2ADBANcKngDBANfgUADBAOwOgADBAK5T7gDBAK5WgADBAK5XswDBAK5Y0wD
BAK5kVgDBAK5stgDBAG5tsgDBAK5zNQDBAK55QQDBAK59oQDBAK598gDBAK5+PwD
BAO8XhADBADBGAMDBADBGAYDBADBGA0DBADBGB8DBAXDGiADBAHDWAgwDAMEAtQL
RAMEAtQLSAMEBNmRgDAwBAIAAjAqAwUAKgDxwAMFAyoE6cADBQMqCvSAAwUDKg12
gAMFAyoNv4ADBQMqDqHAMA0GCSqGSIb3DQEBCwUAA4IBAQCLDwNsBgaBfDika2ya
1BlSnXlRCt4yT5VRnhAvrJz4kqTvvgabKQHKh+TxPCkbNzITo28Wp5ASGOh9whJx
VLfWOcJZLPlSM23mTQeVqmF/dYkNZCL5Nljr/dMJkXhf3xEOCItb+xKrmIJ/uwfd
iPFuD2XO+2ExMRja6rWp6CRUFAr4VCTMFY8P5oD7hLdW1SxHcW4HtvNo24pOQAN7
aCuoeudWuV4OQXUAFRMBcahJ9OtHz5lmwkIh/UPoYGzvwol34ZKE346lonpoLiEn
0tNZnBGO5bPfFI9xHlj+mS0d4r28NU/cvTay74SQWS7BuyJ/vUbFfx4j4Wb0cfGp
YL03
-----END CERTIFICATE-----
Generated at Sat Sep 21 00:41:31 2024 by rpki-client on console-ams.rpki-client.org