Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/oIcU__VI6R9AhzPk0nfdwBK_M4s.roa
File: oIcU__VI6R9AhzPk0nfdwBK_M4s.roa (raw, json)
Hash identifier: 1KafdYUR939CGzxzKH9LjqfaGB10NeO9tNSScNmAq+I=
Subject key identifier: A0:87:14:FF:F5:48:E9:1F:40:87:33:E4:D2:77:DD:C0:12:BF:33:8B
Certificate issuer: /CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Certificate serial: 018CC56EFF5A496A76026ED4514B370239F4
Authority key identifier: A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/oIcU__VI6R9AhzPk0nfdwBK_M4s.roa
Signing time: Mon 01 Jan 2024 14:30:34 +0000
ROA not before: Mon 01 Jan 2024 14:30:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201011
IP address blocks: 83.142.80.0/21 maxlen: 21
82.199.147.0/24 maxlen: 24
82.199.148.0/24 maxlen: 24
82.199.149.0/24 maxlen: 24
82.199.153.0/24 maxlen: 24
195.138.249.0/24 maxlen: 24
195.138.250.0/24 maxlen: 24
82.199.157.0/24 maxlen: 24
82.199.158.0/24 maxlen: 24
82.199.159.0/24 maxlen: 24
195.138.248.0/21 maxlen: 21
31.7.177.0/24 maxlen: 24
31.7.176.0/20 maxlen: 24
185.89.36.0/22 maxlen: 22
92.43.104.0/21 maxlen: 24
2.59.28.0/22 maxlen: 22
80.255.0.0/20 maxlen: 20
81.95.0.0/20 maxlen: 24
82.199.128.0/24 maxlen: 24
82.199.128.0/19 maxlen: 24
82.199.130.0/24 maxlen: 24
82.199.131.0/24 maxlen: 24
82.199.138.0/24 maxlen: 24
82.199.141.0/24 maxlen: 24
5.56.16.0/21 maxlen: 21
193.104.251.0/24 maxlen: 24
2a01:4a0:47::/48 maxlen: 48
2a01:4a0:42::/48 maxlen: 48
2a0b:76c0::/29 maxlen: 29
2a01:4a0:38::/48 maxlen: 48
2a09:ee40::/29 maxlen: 29
2a01:4a0:56::/48 maxlen: 48
2a01:4a0:30::/48 maxlen: 48
2a01:4a0:50::/48 maxlen: 48
2a01:4a0:e::/48 maxlen: 48
2a01:4a0::/29 maxlen: 48
2a01:4a0:17::/48 maxlen: 48
2a05:d4c0::/29 maxlen: 29
2a01:4a0:48::/48 maxlen: 48
2a01:4a0:b::/48 maxlen: 48
2a01:4a0:46::/48 maxlen: 48
2a01:4a0:45::/48 maxlen: 48
2a06:7ec0::/29 maxlen: 29
2a01:4a0:43::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl
rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.mft
rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 11:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:ff:5a:49:6a:76:02:6e:d4:51:4b:37:02:39:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Validity
Not Before: Jan 1 14:30:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a08714fff548e91f408733e4d277ddc012bf338b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:5b:3a:3f:71:95:1f:79:8b:4d:fa:fc:d2:8c:
fe:96:c9:de:5a:db:e0:c5:14:f5:b0:c6:dd:39:b8:
61:9e:b4:87:d5:20:cc:b9:e3:5f:57:df:0b:0c:d8:
86:3e:f5:a3:5b:ce:3e:4a:85:61:bd:6e:8d:13:f5:
3e:5d:83:a0:04:85:fb:59:46:d7:12:9b:2f:b9:fe:
d6:f4:66:36:63:4b:93:15:47:27:72:20:a1:91:d1:
a2:44:3e:fb:09:8b:3f:c4:98:1a:a2:48:e6:84:96:
2c:5f:67:62:ba:66:4e:fe:08:22:6c:2c:6b:f3:64:
18:94:16:53:d7:f1:3a:d4:b9:5a:34:36:0f:c0:42:
67:ff:f6:c5:dc:6b:15:a1:01:0b:0a:77:ef:a8:71:
08:32:1c:c2:42:21:11:97:a8:c4:74:61:9e:c6:9e:
c5:03:6b:01:69:2a:d7:28:90:a4:51:73:00:e4:da:
85:da:af:3a:92:d0:53:07:3b:69:5d:78:cd:1e:f4:
d6:19:4d:04:cd:d0:53:c9:ef:70:55:4f:09:19:9a:
21:5c:10:42:20:f0:cd:27:c7:c9:59:74:7d:a1:1f:
bb:0f:a6:83:82:94:d4:18:5f:bc:14:18:e8:4e:d0:
fa:d2:74:63:b0:da:a4:c8:13:91:f6:c7:55:f3:c9:
2c:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:87:14:FF:F5:48:E9:1F:40:87:33:E4:D2:77:DD:C0:12:BF:33:8B
X509v3 Authority Key Identifier:
keyid:A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/oIcU__VI6R9AhzPk0nfdwBK_M4s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.28.0/22
5.56.16.0/21
31.7.176.0/20
80.255.0.0/20
81.95.0.0/20
82.199.128.0/19
83.142.80.0/21
92.43.104.0/21
185.89.36.0/22
193.104.251.0/24
195.138.248.0/21
IPv6:
2a01:4a0::/29
2a05:d4c0::/29
2a06:7ec0::/29
2a09:ee40::/29
2a0b:76c0::/29
Signature Algorithm: sha256WithRSAEncryption
93:73:f6:40:ae:d5:ac:5e:43:6b:38:3e:98:e3:55:bd:a3:ef:
41:7b:32:fa:80:00:5c:e0:60:b5:0e:ed:28:84:d7:60:e6:32:
1d:d3:a7:be:7c:d2:76:7e:b5:39:bf:ab:c9:46:83:37:84:f6:
ea:11:e2:2a:2e:7d:46:ce:a4:7f:c3:83:c9:bc:b6:4a:fe:a4:
ab:d6:55:3e:82:0b:25:c2:a3:fd:7c:ea:1c:ba:6e:b4:82:b1:
12:df:76:73:6f:0c:c7:7b:ad:d5:6d:6e:fb:6d:bd:2a:cb:bf:
de:00:9b:2f:0d:0d:7f:e7:e0:5f:98:d6:37:f6:85:11:03:34:
22:99:fb:72:ad:bb:2f:1e:3d:32:f0:aa:c5:a0:d0:dc:29:1b:
84:e7:8e:92:db:bc:06:ea:89:e5:50:2c:e3:46:3d:48:0c:ce:
70:0e:01:bd:95:1f:f0:6b:ad:12:36:d2:c3:09:84:4e:9b:ea:
86:8f:0e:ee:8a:72:0f:5f:3d:36:5e:64:f1:fe:51:5f:e8:30:
f7:eb:71:a3:50:f8:81:bc:bd:98:54:39:10:ff:79:11:f9:c7:
57:a1:3b:84:20:18:f3:67:73:29:07:49:1d:cf:f3:d4:18:ef:
b0:31:d4:70:78:84:81:c3:d1:cb:3f:2c:ab:f6:2a:47:4b:10:
d5:a6:5f:86
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAYzFbv9aSWp2Am7UUUs3Ajn0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Yjc1YjY0ZDVkYTE3ZDcwYmJhYmQ4MTFhMzlhNjAyZGRh
Zjk2M2EwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDg3MTRmZmY1NDhlOTFmNDA4NzMzZTRkMjc3ZGRjMDEyYmYzMzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01s6P3GVH3mLTfr80oz+lsneWtvg
xRT1sMbdObhhnrSH1SDMueNfV98LDNiGPvWjW84+SoVhvW6NE/U+XYOgBIX7WUbX
Epsvuf7W9GY2Y0uTFUcnciChkdGiRD77CYs/xJgaokjmhJYsX2diumZO/ggibCxr
82QYlBZT1/E61LlaNDYPwEJn//bF3GsVoQELCnfvqHEIMhzCQiERl6jEdGGexp7F
A2sBaSrXKJCkUXMA5NqF2q86ktBTBztpXXjNHvTWGU0EzdBTye9wVU8JGZohXBBC
IPDNJ8fJWXR9oR+7D6aDgpTUGF+8FBjoTtD60nRjsNqkyBOR9sdV88ksVQIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFKCHFP/1SOkfQIcz5NJ33cASvzOLMB8GA1UdIwQY
MBaAFKm3W2TV2hfXC7q9gRo5pgLdr5Y6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUt
OWIxMTgwNGVjZDM5LzEvb0ljVV9fVkk2UjlBaHpQazBuZmR3QktfTTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUtOWIxMTgwNGVjZDM5
LzEvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwSAQCAAEwQgMEAgI7HAME
AwU4EAMEBB8HsAMEBFD/AAMEBFFfAAMEBVLHgAMEA1OOUAMEA1wraAMEArlZJAME
AMFo+wMEA8OK+DApBAIAAjAjAwUDKgEEoAMFAyoF1MADBQMqBn7AAwUDKgnuQAMF
AyoLdsAwDQYJKoZIhvcNAQELBQADggEBAJNz9kCu1axeQ2s4PpjjVb2j70F7MvqA
AFzgYLUO7SiE12DmMh3Tp7580nZ+tTm/q8lGgzeE9uoR4ioufUbOpH/Dg8m8tkr+
pKvWVT6CCyXCo/186hy6brSCsRLfdnNvDMd7rdVtbvttvSrLv94Amy8NDX/n4F+Y
1jf2hREDNCKZ+3Ktuy8ePTLwqsWg0NwpG4TnjpLbvAbqieVQLONGPUgMznAOAb2V
H/BrrRI20sMJhE6b6oaPDu6Kcg9fPTZeZPH+UV/oMPfrcaNQ+IG8vZhUORD/eRH5
x1ehO4QgGPNncykHSR3P89QY77Ax1HB4hIHD0cs/LKv2KkdLENWmX4Y=
-----END CERTIFICATE-----
Generated at Fri Jun 7 15:48:37 2024 by rpki-client on console-fra.rpki-client.org