Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/SfqBOgC-OVC9cbLO6FjoYrdgY1A.roa
File: SfqBOgC-OVC9cbLO6FjoYrdgY1A.roa (raw, json)
Hash identifier: z08elAL6YlqpBLz9Uz6KyxiYxxogqP33uJJM4Rzv4a4=
Subject key identifier: 49:FA:81:3A:00:BE:39:50:BD:71:B2:CE:E8:58:E8:62:B7:60:63:50
Certificate issuer: /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial: 018F2DA02B23FA5FF5DF60F8BE04B7EF9F54
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/SfqBOgC-OVC9cbLO6FjoYrdgY1A.roa
Signing time: Tue 30 Apr 2024 06:10:22 +0000
ROA not before: Tue 30 Apr 2024 06:10:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8220
IP address blocks: 46.248.128.0/19 maxlen: 19
57.133.0.0/16 maxlen: 16
62.23.0.0/16 maxlen: 16
62.23.14.0/24 maxlen: 24
62.23.23.0/24 maxlen: 24
62.23.43.0/24 maxlen: 24
62.23.61.0/24 maxlen: 24
62.23.70.0/24 maxlen: 24
62.23.254.0/24 maxlen: 24
62.23.255.0/24 maxlen: 24
62.72.96.0/19 maxlen: 19
62.84.192.0/19 maxlen: 19
62.96.0.0/16 maxlen: 16
62.97.64.0/18 maxlen: 18
62.152.96.0/19 maxlen: 19
62.192.0.0/19 maxlen: 19
78.143.0.0/18 maxlen: 18
78.156.64.0/19 maxlen: 19
78.156.64.0/20 maxlen: 20
78.156.80.0/21 maxlen: 21
80.80.0.0/19 maxlen: 19
80.169.0.0/16 maxlen: 16
80.251.160.0/19 maxlen: 19
82.112.192.0/19 maxlen: 19
84.14.0.0/16 maxlen: 16
84.14.63.0/24 maxlen: 24
84.14.217.0/24 maxlen: 24
84.16.160.0/19 maxlen: 19
85.88.128.0/19 maxlen: 19
87.241.0.0/18 maxlen: 18
118.67.224.0/19 maxlen: 19
136.225.0.0/16 maxlen: 16
157.120.224.0/21 maxlen: 21
157.120.236.0/22 maxlen: 22
157.120.240.0/20 maxlen: 20
193.82.32.0/19 maxlen: 19
193.93.80.0/22 maxlen: 22
193.114.160.0/19 maxlen: 19
193.118.224.0/19 maxlen: 19
193.188.132.0/23 maxlen: 23
194.223.128.0/21 maxlen: 21
194.223.136.0/22 maxlen: 22
195.68.0.0/17 maxlen: 17
195.68.74.0/24 maxlen: 24
195.110.64.0/19 maxlen: 19
212.0.96.0/19 maxlen: 19
212.23.224.0/19 maxlen: 19
212.31.224.0/19 maxlen: 19
212.35.96.0/19 maxlen: 19
212.36.128.0/18 maxlen: 18
212.36.144.0/20 maxlen: 20
212.36.160.0/20 maxlen: 20
212.36.184.0/21 maxlen: 21
212.74.64.0/19 maxlen: 19
212.74.64.0/24 maxlen: 24
212.74.77.0/24 maxlen: 24
212.74.78.0/24 maxlen: 24
212.74.79.0/24 maxlen: 24
212.78.160.0/19 maxlen: 19
212.121.128.0/19 maxlen: 19
212.123.192.0/18 maxlen: 18
212.161.0.0/17 maxlen: 17
212.203.64.0/18 maxlen: 18
213.27.128.0/17 maxlen: 17
213.41.0.0/17 maxlen: 17
213.61.0.0/16 maxlen: 16
213.86.0.0/16 maxlen: 16
213.164.0.0/19 maxlen: 19
213.173.160.0/19 maxlen: 19
213.185.160.0/19 maxlen: 19
213.208.192.0/18 maxlen: 18
213.215.128.0/17 maxlen: 17
213.229.128.0/18 maxlen: 18
213.246.192.0/18 maxlen: 18
217.110.0.0/15 maxlen: 15
217.173.96.0/20 maxlen: 20
2001:920::/29 maxlen: 29
2001:920::/32 maxlen: 32
2001:921::/32 maxlen: 32
2001:924::/32 maxlen: 32
2001:925::/32 maxlen: 32
2001:926::/32 maxlen: 32
2001:926:40::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 23 May 2024 14:15:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:2d:a0:2b:23:fa:5f:f5:df:60:f8:be:04:b7:ef:9f:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Validity
Not Before: Apr 30 06:10:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=49fa813a00be3950bd71b2cee858e862b7606350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:99:8b:46:66:6a:e4:58:ca:46:a2:ed:ca:16:
ec:d0:e6:4b:3f:78:f1:51:ed:65:e8:81:95:82:b5:
cc:fa:88:cd:04:ab:6e:79:3c:75:7c:e5:32:52:b9:
9d:4b:e6:03:6e:75:50:9b:2d:b4:e5:98:88:0d:d8:
1e:be:d5:51:1f:3f:0f:19:db:44:20:70:9c:12:04:
3a:f2:78:ba:6a:72:a4:0b:0f:a8:27:fb:93:a8:b0:
2f:17:dd:45:9c:22:d2:7f:ac:12:33:41:ab:13:93:
af:b3:5a:32:5f:f4:e3:61:34:21:a3:81:d7:23:88:
51:13:29:4f:62:30:38:92:80:b5:58:98:ab:a6:47:
f2:40:b9:2b:13:f4:e5:fe:e7:58:e3:89:2a:5b:42:
1c:19:f6:6a:75:18:27:8a:e4:90:6c:96:ae:3d:d2:
69:7a:c7:36:25:d4:72:9b:96:57:b0:10:1e:e2:38:
d4:a6:60:23:e3:06:c0:02:94:3a:f5:e4:97:e4:83:
69:e4:1d:57:3a:a1:fe:ec:7a:55:66:36:86:76:94:
5f:9e:7e:2e:c9:c5:e6:d4:75:0d:44:d5:c0:28:83:
6b:b2:99:27:26:68:56:b3:9e:ee:7f:1f:94:cb:d1:
77:1b:0a:61:ac:a4:83:47:30:de:41:f1:58:91:a8:
b9:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:FA:81:3A:00:BE:39:50:BD:71:B2:CE:E8:58:E8:62:B7:60:63:50
X509v3 Authority Key Identifier:
keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/SfqBOgC-OVC9cbLO6FjoYrdgY1A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.248.128.0/19
57.133.0.0/16
62.23.0.0/16
62.72.96.0/19
62.84.192.0/19
62.96.0.0/16
62.97.64.0/18
62.152.96.0/19
62.192.0.0/19
78.143.0.0/18
78.156.64.0/19
80.80.0.0/19
80.169.0.0/16
80.251.160.0/19
82.112.192.0/19
84.14.0.0/16
84.16.160.0/19
85.88.128.0/19
87.241.0.0/18
118.67.224.0/19
136.225.0.0/16
157.120.224.0/21
157.120.236.0-157.120.255.255
193.82.32.0/19
193.93.80.0/22
193.114.160.0/19
193.118.224.0/19
193.188.132.0/23
194.223.128.0-194.223.139.255
195.68.0.0/17
195.110.64.0/19
212.0.96.0/19
212.23.224.0/19
212.31.224.0/19
212.35.96.0/19
212.36.128.0/18
212.74.64.0/19
212.78.160.0/19
212.121.128.0/19
212.123.192.0/18
212.161.0.0/17
212.203.64.0/18
213.27.128.0/17
213.41.0.0/17
213.61.0.0/16
213.86.0.0/16
213.164.0.0/19
213.173.160.0/19
213.185.160.0/19
213.208.192.0/18
213.215.128.0/17
213.229.128.0/18
213.246.192.0/18
217.110.0.0/15
217.173.96.0/20
IPv6:
2001:920::/29
Signature Algorithm: sha256WithRSAEncryption
85:9c:00:ca:b6:e0:15:3c:b8:a9:1a:53:31:62:c0:ed:55:59:
a2:8f:76:72:ae:25:08:32:37:f2:8b:89:e0:ee:f9:e3:e9:b3:
52:77:b0:5e:3d:9d:e3:b7:f0:f7:22:2c:63:08:85:6f:97:aa:
50:31:f7:fe:dc:bb:88:6e:ef:a5:29:7c:d4:44:7b:74:c5:76:
26:cd:51:bd:1f:51:3d:d3:f7:12:80:7c:29:24:e6:99:50:35:
09:f4:8d:56:97:bd:fe:68:45:ec:0d:bf:79:75:71:68:8b:74:
af:c4:11:e8:db:1d:84:5b:53:93:e1:8d:88:ca:c5:3e:6f:74:
66:51:55:68:d2:92:6b:8b:72:de:94:fc:59:a7:eb:05:42:0f:
fd:31:21:dc:95:2b:80:f4:b7:03:71:6a:73:a7:40:9c:0c:17:
de:22:cc:54:00:14:f1:09:ec:87:96:ae:32:6e:ff:ce:f7:46:
8e:2b:1c:ae:2b:4b:e2:e9:f2:ff:2a:fe:c4:41:c6:ff:cc:da:
c6:e7:62:56:4e:b2:64:34:9a:ac:26:27:8e:f0:5e:47:1d:8b:
d0:b6:52:1c:11:b0:b4:b9:65:f9:8a:06:59:4a:5c:bc:bb:bc:
14:1a:95:1b:4e:e0:a1:86:fa:fd:aa:70:75:a2:6b:2c:00:6f:
1f:d6:35:43
-----BEGIN CERTIFICATE-----
MIIGYDCCBUigAwIBAgISAY8toCsj+l/132D4vgS3759UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwNDMwMDYxMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWZhODEzYTAwYmUzOTUwYmQ3MWIyY2VlODU4ZTg2MmI3NjA2MzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJmLRmZq5FjKRqLtyhbs0OZLP3jx
Ue1l6IGVgrXM+ojNBKtueTx1fOUyUrmdS+YDbnVQmy205ZiIDdgevtVRHz8PGdtE
IHCcEgQ68ni6anKkCw+oJ/uTqLAvF91FnCLSf6wSM0GrE5Ovs1oyX/TjYTQho4HX
I4hREylPYjA4koC1WJirpkfyQLkrE/Tl/udY44kqW0IcGfZqdRgniuSQbJauPdJp
esc2JdRym5ZXsBAe4jjUpmAj4wbAApQ69eSX5INp5B1XOqH+7HpVZjaGdpRfnn4u
ycXm1HUNRNXAKINrspknJmhWs57ufx+Uy9F3GwphrKSDRzDeQfFYkai5cQIDAQAB
o4IDbDCCA2gwHQYDVR0OBBYEFEn6gToAvjlQvXGyzuhY6GK3YGNQMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvU2ZxQk9nQy1PVkM5Y2JMTzZGam9ZcmRnWTFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBgAYIKwYBBQUHAQcBAf8EggFvMIIBazCCAVgEAgABMIIB
UAMEBS74gAMDADmFAwMAPhcDBAU+SGADBAU+VMADAwA+YAMEBj5hQAMEBT6YYAME
BT7AAAMEBk6PAAMEBU6cQAMEBVBQAAMDAFCpAwQFUPugAwQFUnDAAwMAVA4DBAVU
EKADBAVVWIADBAZX8QADBAV2Q+ADAwCI4QMEA5144DALAwQCnXjsAwMAnXgDBAXB
UiADBALBXVADBAXBcqADBAXBduADBAHBvIQwDAMEB8LfgAMEAsLfiAMEB8NEAAME
BcNuQAMEBdQAYAMEBdQX4AMEBdQf4AMEBdQjYAMEBtQkgAMEBdRKQAMEBdROoAME
BdR5gAMEBtR7wAMEB9ShAAMEBtTLQAMEB9UbgAMEB9UpAAMDANU9AwMA1VYDBAXV
pAADBAXVraADBAXVuaADBAbV0MADBAfV14ADBAbV5YADBAbV9sADAwHZbgMEBNmt
YDANBAIAAjAHAwUDIAEJIDANBgkqhkiG9w0BAQsFAAOCAQEAhZwAyrbgFTy4qRpT
MWLA7VVZoo92cq4lCDI38ouJ4O754+mzUnewXj2d47fw9yIsYwiFb5eqUDH3/ty7
iG7vpSl81ER7dMV2Js1RvR9RPdP3EoB8KSTmmVA1CfSNVpe9/mhF7A2/eXVxaIt0
r8QR6NsdhFtTk+GNiMrFPm90ZlFVaNKSa4ty3pT8WafrBUIP/TEh3JUrgPS3A3Fq
c6dAnAwX3iLMVAAU8Qnsh5auMm7/zvdGjiscritL4uny/yr+xEHG/8zaxudiVk6y
ZDSarCYnjvBeRx2L0LZSHBGwtLll+YoGWUpcvLu8FBqVG07goYb6/apwdaJrLABv
H9Y1Qw==
-----END CERTIFICATE-----
Generated at Wed May 22 23:39:27 2024 by rpki-client on console-ams.rpki-client.org