Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6DVKvGUht94WdXUbHewABcg66qc.roa
File: 6DVKvGUht94WdXUbHewABcg66qc.roa (raw, json)
Hash identifier: lk+UT/r9FrfwSdOzz8y57PGhi/9yKOr2KqzVWQqWF8Y=
Subject key identifier: E8:35:4A:BC:65:21:B7:DE:16:75:75:1B:1D:EC:00:05:C8:3A:EA:A7
Certificate issuer: /CN=e9aab1446100a8fce03df19d755e06329ee24713
Certificate serial: 018CC56E00E392E5A9FC64852010C07F61BD
Authority key identifier: E9:AA:B1:44:61:00:A8:FC:E0:3D:F1:9D:75:5E:06:32:9E:E2:47:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6DVKvGUht94WdXUbHewABcg66qc.roa
Signing time: Mon 01 Jan 2024 14:29:29 +0000
ROA not before: Mon 01 Jan 2024 14:29:29 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42708
IP address blocks: 185.21.88.0/22 maxlen: 22
46.21.96.0/20 maxlen: 24
46.21.100.0/24 maxlen: 24
195.149.101.0/24 maxlen: 24
185.157.220.0/22 maxlen: 24
212.112.0.0/19 maxlen: 24
31.192.224.0/21 maxlen: 24
31.192.228.0/24 maxlen: 24
193.108.196.0/24 maxlen: 24
91.223.232.0/24 maxlen: 24
109.74.0.0/20 maxlen: 24
188.126.64.0/19 maxlen: 24
185.11.96.0/22 maxlen: 22
80.67.0.0/20 maxlen: 24
79.99.0.0/21 maxlen: 24
178.73.192.0/18 maxlen: 24
91.228.194.0/23 maxlen: 24
91.228.193.0/24 maxlen: 24
178.73.224.0/19 maxlen: 19
5.178.72.0/21 maxlen: 21
185.118.36.0/22 maxlen: 22
91.213.246.0/24 maxlen: 24
94.247.168.0/21 maxlen: 24
46.246.0.0/17 maxlen: 24
37.152.56.0/21 maxlen: 24
194.54.164.0/22 maxlen: 24
195.238.76.0/23 maxlen: 24
185.39.144.0/22 maxlen: 24
159.253.24.0/21 maxlen: 24
91.217.189.0/24 maxlen: 24
159.253.28.0/24 maxlen: 24
159.253.29.0/24 maxlen: 24
195.246.120.0/23 maxlen: 24
195.20.206.0/23 maxlen: 24
2a03:5e00::/32 maxlen: 32
2a02:e400::/29 maxlen: 29
2a00:1a28::/32 maxlen: 48
2a02:750::/29 maxlen: 48
2a02:750:10::/48 maxlen: 48
2a02:750:14::/48 maxlen: 48
2a02:750:8::/48 maxlen: 48
2a04:1a00::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.crl
rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.mft
rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 May 2024 02:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:00:e3:92:e5:a9:fc:64:85:20:10:c0:7f:61:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9aab1446100a8fce03df19d755e06329ee24713
Validity
Not Before: Jan 1 14:29:29 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e8354abc6521b7de1675751b1dec0005c83aeaa7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:3c:12:a8:1f:82:6f:78:d8:2a:12:64:34:85:
64:e8:3f:07:8e:69:89:09:fb:13:a6:da:f6:f1:40:
9a:cd:91:c3:ce:2d:0c:a2:3d:ae:e4:5c:e8:a1:c7:
34:07:ff:0b:0d:23:06:46:ac:66:a9:a8:44:27:c0:
d5:df:5d:a9:c1:79:3a:ed:94:9c:43:a1:05:e6:a7:
10:aa:cd:ff:39:6c:07:57:be:d2:ed:49:23:cb:57:
65:c0:45:66:8e:11:2d:66:32:23:c2:0a:38:43:da:
16:1b:36:10:29:dc:37:cb:a2:4d:db:f5:45:b7:eb:
28:49:9b:4b:d0:38:5c:10:3f:e9:57:1b:0a:e2:3e:
31:a8:0f:a2:31:3f:d7:e2:71:65:d0:dd:82:4f:18:
dd:05:a6:0c:2e:e1:e7:40:3b:3b:64:44:1a:ae:9c:
06:66:e0:2e:95:13:f6:cb:82:17:bd:44:99:24:44:
39:21:98:a4:76:9e:41:a1:6e:b0:c9:6f:bf:52:a6:
0c:13:e2:fd:1f:11:79:c6:30:a4:53:7a:60:74:2b:
81:8e:0d:5c:c5:e8:83:f1:3e:b6:8f:9c:3f:33:c0:
82:9c:57:34:16:c8:12:90:9f:62:e7:37:e2:f1:7f:
ce:14:b2:c4:6a:dd:bf:e0:72:ba:e2:42:25:09:bb:
db:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:35:4A:BC:65:21:B7:DE:16:75:75:1B:1D:EC:00:05:C8:3A:EA:A7
X509v3 Authority Key Identifier:
keyid:E9:AA:B1:44:61:00:A8:FC:E0:3D:F1:9D:75:5E:06:32:9E:E2:47:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6DVKvGUht94WdXUbHewABcg66qc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.178.72.0/21
31.192.224.0/21
37.152.56.0/21
46.21.96.0/20
46.246.0.0/17
79.99.0.0/21
80.67.0.0/20
91.213.246.0/24
91.217.189.0/24
91.223.232.0/24
91.228.193.0-91.228.195.255
94.247.168.0/21
109.74.0.0/20
159.253.24.0/21
178.73.192.0/18
185.11.96.0/22
185.21.88.0/22
185.39.144.0/22
185.118.36.0/22
185.157.220.0/22
188.126.64.0/19
193.108.196.0/24
194.54.164.0/22
195.20.206.0/23
195.149.101.0/24
195.238.76.0/23
195.246.120.0/23
212.112.0.0/19
IPv6:
2a00:1a28::/32
2a02:750::/29
2a02:e400::/29
2a03:5e00::/32
2a04:1a00::/29
Signature Algorithm: sha256WithRSAEncryption
2b:32:96:d8:29:f7:6f:fb:84:a8:e3:0e:b7:ff:0c:aa:b8:2d:
b9:2a:31:7c:b3:1c:26:f2:5d:8c:0b:e5:b1:07:16:86:45:c2:
00:c2:e2:0e:d9:6a:7d:b5:09:dd:b0:5f:ec:f8:f2:c3:e8:4c:
24:09:1a:87:e3:3a:aa:9a:c5:b4:50:40:37:a3:a6:27:8b:29:
32:fc:25:95:6a:96:c1:e7:18:65:54:3f:39:87:f9:00:bc:6f:
3a:d5:bb:7b:57:71:48:0a:f6:72:db:73:60:a8:d3:a0:95:69:
1c:4f:2b:48:ed:d2:a8:e0:9b:e1:b7:f4:3d:58:30:7a:62:ad:
98:41:cb:b9:ad:44:ea:85:f6:18:fb:a9:df:67:00:03:4e:1b:
f4:0f:34:76:9e:43:d0:3c:aa:4c:43:50:87:eb:65:d7:ea:4b:
ac:9f:d8:2b:9e:0a:de:ce:6b:6f:c1:b0:d9:99:32:48:6d:6e:
2e:f7:9b:a3:25:c4:35:05:e2:8e:9f:4a:24:ba:6e:57:59:ec:
27:ae:71:59:2b:d8:fd:98:0e:9d:64:81:78:1c:eb:d8:1e:61:
aa:e3:02:17:b8:7f:83:c9:d0:2d:1b:6b:53:bd:81:78:dc:f8:
3d:3f:29:3f:f8:06:86:73:9e:a2:d9:68:6f:d3:a9:19:63:1a:
c1:58:5a:58
-----BEGIN CERTIFICATE-----
MIIF1zCCBL+gAwIBAgISAYzFbgDjkuWp/GSFIBDAf2G9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YWFiMTQ0NjEwMGE4ZmNlMDNkZjE5ZDc1NWUwNjMyOWVl
MjQ3MTMwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODM1NGFiYzY1MjFiN2RlMTY3NTc1MWIxZGVjMDAwNWM4M2FlYWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTwSqB+Cb3jYKhJkNIVk6D8HjmmJ
CfsTptr28UCazZHDzi0Moj2u5Fzoocc0B/8LDSMGRqxmqahEJ8DV312pwXk67ZSc
Q6EF5qcQqs3/OWwHV77S7Ukjy1dlwEVmjhEtZjIjwgo4Q9oWGzYQKdw3y6JN2/VF
t+soSZtL0DhcED/pVxsK4j4xqA+iMT/X4nFl0N2CTxjdBaYMLuHnQDs7ZEQarpwG
ZuAulRP2y4IXvUSZJEQ5IZikdp5BoW6wyW+/UqYME+L9HxF5xjCkU3pgdCuBjg1c
xeiD8T62j5w/M8CCnFc0FsgSkJ9i5zfi8X/OFLLEat2/4HK64kIlCbvbQQIDAQAB
o4IC4zCCAt8wHQYDVR0OBBYEFOg1SrxlIbfeFnV1Gx3sAAXIOuqnMB8GA1UdIwQY
MBaAFOmqsURhAKj84D3xnXVeBjKe4kcTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmFxeFJHRUFxUHpnUGZHZGRWNEdNcDdpUnhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83MWUwOWMtMjhmMy00ODI1LTgwNmYt
YTBkYzM1NGY0Y2EzLzEvNkRWS3ZHVWh0OTRXZFhVYkhld0FCY2c2NnFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83MWUwOWMtMjhmMy00ODI1LTgwNmYtYTBkYzM1NGY0Y2Ez
LzEvNmFxeFJHRUFxUHpnUGZHZGRWNEdNcDdpUnhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH4BggrBgEFBQcBBwEB/wSB6DCB5TCBtwQCAAEwgbADBAMF
skgDBAMfwOADBAMlmDgDBAQuFWADBAcu9gADBANPYwADBARQQwADBABb1fYDBABb
2b0DBABb3+gwDAMEAFvkwQMEAlvkwAMEA173qAMEBG1KAAMEA5/9GAMEBrJJwAME
ArkLYAMEArkVWAMEArknkAMEArl2JAMEArmd3AMEBbx+QAMEAMFsxAMEAsI2pAME
AcMUzgMEAMOVZQMEAcPuTAMEAcP2eAMEBdRwADApBAIAAjAjAwUAKgAaKAMFAyoC
B1ADBQMqAuQAAwUAKgNeAAMFAyoEGgAwDQYJKoZIhvcNAQELBQADggEBACsyltgp
92/7hKjjDrf/DKq4LbkqMXyzHCbyXYwL5bEHFoZFwgDC4g7Zan21Cd2wX+z48sPo
TCQJGofjOqqaxbRQQDejpieLKTL8JZVqlsHnGGVUPzmH+QC8bzrVu3tXcUgK9nLb
c2Co06CVaRxPK0jt0qjgm+G39D1YMHpirZhBy7mtROqF9hj7qd9nAANOG/QPNHae
Q9A8qkxDUIfrZdfqS6yf2CueCt7Oa2/BsNmZMkhtbi73m6MlxDUF4o6fSiS6bldZ
7CeucVkr2P2YDp1kgXgc69geYarjAhe4f4PJ0C0ba1O9gXjc+D0/KT/4BoZznqLZ
aG/TqRljGsFYWlg=
-----END CERTIFICATE-----
Generated at Mon May 20 10:00:14 2024 by rpki-client on console-ams.rpki-client.org