Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/SOFxisvi5KoRnZZg3mjmQBeLCsA.roa
File: SOFxisvi5KoRnZZg3mjmQBeLCsA.roa (raw, json)
Hash identifier: LhWJpBJqF+eyr1OuDNYGXBvxlKrVg0bDtA2aWcuJVXE=
Subject key identifier: 48:E1:71:8A:CB:E2:E4:AA:11:9D:96:60:DE:68:E6:40:17:8B:0A:C0
Certificate issuer: /CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
Certificate serial: 0191AB119854B86843F751893C6CBD378F10
Authority key identifier: 97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/SOFxisvi5KoRnZZg3mjmQBeLCsA.roa
Signing time: Sun 01 Sep 2024 00:52:22 +0000
ROA not before: Sun 01 Sep 2024 00:52:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6424
IP address blocks: 103.243.124.0/22 maxlen: 24
146.19.95.0/24 maxlen: 24
146.19.249.0/24 maxlen: 24
185.112.251.0/24 maxlen: 24
185.166.144.0/24 maxlen: 24
188.93.192.0/21 maxlen: 24
188.93.196.0/24 maxlen: 24
188.93.198.0/24 maxlen: 24
188.93.199.0/24 maxlen: 24
193.107.13.0/24 maxlen: 24
193.109.184.0/21 maxlen: 24
193.109.184.0/24 maxlen: 24
193.163.151.0/24 maxlen: 24
212.52.23.0/24 maxlen: 24
2001:b18::/32 maxlen: 48
2001:b18:a::/48 maxlen: 48
2001:b18:b::/48 maxlen: 48
2001:b18:1000::/48 maxlen: 48
2001:b18:1001::/48 maxlen: 48
2001:b18:1002::/48 maxlen: 48
2001:b18:1008::/48 maxlen: 48
2001:b18:1012::/48 maxlen: 48
2001:b18:1016::/48 maxlen: 48
2001:b18:1018::/48 maxlen: 48
2001:b18:1020::/48 maxlen: 48
2001:b18:1031::/48 maxlen: 48
2a0b:e740::/29 maxlen: 29
2a0d:82c0::/29 maxlen: 48
2a0d:82c0::/32 maxlen: 32
2a0d:82c7:d::/48 maxlen: 48
2a0e:5f00::/29 maxlen: 48
2a0e:5f00::/32 maxlen: 32
2a0f:7700::/29 maxlen: 29
2a0f:8900::/29 maxlen: 29
2a0f:d300::/29 maxlen: 29
2a10:ee40::/29 maxlen: 29
2a11:c00::/29 maxlen: 29
2a12:c1c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl
rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.mft
rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:ab:11:98:54:b8:68:43:f7:51:89:3c:6c:bd:37:8f:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
Validity
Not Before: Sep 1 00:52:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=48e1718acbe2e4aa119d9660de68e640178b0ac0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:f1:b9:f2:2a:d7:21:50:dd:bb:a4:e5:20:be:
ae:0a:3b:27:71:a9:c7:e0:9b:06:e1:c4:bf:88:4b:
86:33:b3:a4:54:99:0c:ff:e9:7a:b6:f5:c7:3a:fd:
96:4f:e6:86:e5:e0:62:1d:90:ff:a5:42:26:e3:d6:
34:98:cb:83:5a:76:b5:14:8e:31:06:77:c2:ed:3d:
82:db:54:94:bb:1f:11:e9:aa:cc:13:6f:7c:69:a7:
92:ee:f2:ed:30:c5:20:7e:1c:c1:f6:f0:7f:67:b6:
36:20:81:82:48:82:75:bc:4d:9d:e2:4a:a4:04:c0:
7c:4b:c1:64:b6:cd:c2:03:22:c8:f3:7b:e8:a5:e5:
53:23:09:12:bc:20:10:8f:22:8f:7b:6e:b5:f4:5d:
3a:e8:77:a6:a8:02:98:df:9c:29:68:72:70:ca:82:
ff:ff:09:87:99:d7:98:22:53:9b:e2:89:34:7b:1f:
3c:29:d3:d0:bc:56:a5:fc:62:31:8b:d3:15:4a:88:
4a:7e:54:45:1c:21:f7:cd:36:28:e7:b1:ae:95:4c:
16:b2:88:67:28:d2:ee:27:01:00:2f:66:5f:7c:58:
d1:b3:a5:db:fd:1a:5e:dc:ce:1c:bb:3f:0e:0d:ff:
af:60:19:d6:47:98:f2:01:71:53:c6:e8:0f:ee:f4:
b2:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:E1:71:8A:CB:E2:E4:AA:11:9D:96:60:DE:68:E6:40:17:8B:0A:C0
X509v3 Authority Key Identifier:
keyid:97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/SOFxisvi5KoRnZZg3mjmQBeLCsA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.243.124.0/22
146.19.95.0/24
146.19.249.0/24
185.112.251.0/24
185.166.144.0/24
188.93.192.0/21
193.107.13.0/24
193.109.184.0/21
193.163.151.0/24
212.52.23.0/24
IPv6:
2001:b18::/32
2a0b:e740::/29
2a0d:82c0::/29
2a0e:5f00::/29
2a0f:7700::/29
2a0f:8900::/29
2a0f:d300::/29
2a10:ee40::/29
2a11:c00::/29
2a12:c1c0::/29
Signature Algorithm: sha256WithRSAEncryption
4d:16:0e:3f:b5:96:d2:b7:93:9e:0e:a4:66:8f:3d:fd:fc:b4:
5d:06:75:c4:57:a7:2b:a8:d1:9f:5a:15:d2:56:5a:82:9d:3c:
73:bf:01:81:d7:f2:1c:06:ba:6b:ad:0f:22:f4:25:d8:89:31:
94:cd:92:cd:cb:4a:b6:e1:fc:34:fd:16:67:68:2d:e8:b2:0c:
cc:be:79:38:73:b3:c6:a1:84:a9:94:b9:58:64:61:62:94:f6:
1c:af:44:60:ad:64:58:b7:f8:16:7c:ca:e7:cd:ff:f7:60:8e:
a9:5f:aa:f5:e7:e5:ff:fd:ee:ae:a3:75:2e:51:05:2d:f1:59:
8b:9a:cd:43:95:d7:57:de:77:92:fa:d4:80:9e:85:b3:3d:dd:
7d:02:57:83:9c:5e:37:bc:3b:02:8f:68:8b:1f:06:ab:42:53:
d8:01:d9:da:7b:88:bf:df:03:ae:d2:bf:e9:bc:65:2f:4a:ee:
94:2a:4e:6d:ab:b8:aa:a0:b3:6e:2e:90:52:02:f9:42:d9:4b:
8b:1e:1a:10:6c:bf:d3:6c:05:2d:cf:82:00:7f:b7:2b:82:8e:
5a:2d:c2:3c:af:56:90:5e:da:2b:23:53:ca:d3:ba:fb:d7:05:
86:d2:c8:c7:fe:59:3c:49:63:1d:7c:89:6f:5b:c0:af:51:ca:
75:0e:ba:1e
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAZGrEZhUuGhD91GJPGy9N48QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OWY1Y2E4YzMzZjEzNGMzYzE1N2Q0OGI5YzJhZTRlOTFi
NjMwYmYwHhcNMjQwOTAxMDA1MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGUxNzE4YWNiZTJlNGFhMTE5ZDk2NjBkZTY4ZTY0MDE3OGIwYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7PG58irXIVDdu6TlIL6uCjsncanH
4JsG4cS/iEuGM7OkVJkM/+l6tvXHOv2WT+aG5eBiHZD/pUIm49Y0mMuDWna1FI4x
BnfC7T2C21SUux8R6arME298aaeS7vLtMMUgfhzB9vB/Z7Y2IIGCSIJ1vE2d4kqk
BMB8S8Fkts3CAyLI83vopeVTIwkSvCAQjyKPe2619F066HemqAKY35wpaHJwyoL/
/wmHmdeYIlOb4ok0ex88KdPQvFal/GIxi9MVSohKflRFHCH3zTYo57GulUwWsohn
KNLuJwEAL2ZffFjRs6Xb/Rpe3M4cuz8ODf+vYBnWR5jyAXFTxugP7vSyLQIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFEjhcYrL4uSqEZ2WYN5o5kAXiwrAMB8GA1UdIwQY
MBaAFJefXKjDPxNMPBV9SLnCrk6RtjC/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgt
MTQ3MGFjMzY0ZGQyLzEvU09GeGlzdmk1S29SblpaZzNtam1RQmVMQ3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgtMTQ3MGFjMzY0ZGQy
LzEvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjBCBAIAATA8AwQCZ/N8
AwQAkhNfAwQAkhP5AwQAuXD7AwQAuaaQAwQDvF3AAwQAwWsNAwQDwW24AwQAwaOX
AwQA1DQXMEwEAgACMEYDBQAgAQsYAwUDKgvnQAMFAyoNgsADBQMqDl8AAwUDKg93
AAMFAyoPiQADBQMqD9MAAwUDKhDuQAMFAyoRDAADBQMqEsHAMA0GCSqGSIb3DQEB
CwUAA4IBAQBNFg4/tZbSt5OeDqRmjz39/LRdBnXEV6crqNGfWhXSVlqCnTxzvwGB
1/IcBrprrQ8i9CXYiTGUzZLNy0q24fw0/RZnaC3osgzMvnk4c7PGoYSplLlYZGFi
lPYcr0RgrWRYt/gWfMrnzf/3YI6pX6r15+X//e6uo3UuUQUt8VmLms1DlddX3neS
+tSAnoWzPd19AleDnF43vDsCj2iLHwarQlPYAdnae4i/3wOu0r/pvGUvSu6UKk5t
q7iqoLNuLpBSAvlC2UuLHhoQbL/TbAUtz4IAf7crgo5aLcI8r1aQXtorI1PK07r7
1wWG0sjH/lk8SWMdfIlvW8CvUcp1Droe
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:00:46 2024 by rpki-client on console-ams.rpki-client.org