Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/sn0wWeziFvARuhx5VpRQcjq2g50.roa
File: sn0wWeziFvARuhx5VpRQcjq2g50.roa (raw, json)
Hash identifier: 8qlPXYq6+IIc6DVWE7Ibcxcf9XMvPbq3Sxk5aS50skk=
Subject key identifier: B2:7D:30:59:EC:E2:16:F0:11:BA:1C:79:56:94:50:72:3A:B6:83:9D
Certificate issuer: /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial: 0192E2FF65DC06DE2511A90FBA6EF23DD04D
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/sn0wWeziFvARuhx5VpRQcjq2g50.roa
Signing time: Thu 31 Oct 2024 14:34:01 +0000
ROA not before: Thu 31 Oct 2024 14:34:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8220
IP address blocks: 46.248.128.0/19 maxlen: 19
57.133.0.0/16 maxlen: 16
62.23.0.0/16 maxlen: 16
62.23.14.0/24 maxlen: 24
62.23.23.0/24 maxlen: 24
62.23.43.0/24 maxlen: 24
62.23.61.0/24 maxlen: 24
62.23.70.0/24 maxlen: 24
62.23.254.0/24 maxlen: 24
62.23.255.0/24 maxlen: 24
62.72.96.0/19 maxlen: 19
62.84.192.0/19 maxlen: 19
62.96.0.0/16 maxlen: 16
62.97.64.0/18 maxlen: 18
62.152.96.0/19 maxlen: 19
62.192.0.0/19 maxlen: 19
78.143.0.0/18 maxlen: 18
78.156.64.0/19 maxlen: 19
78.156.64.0/20 maxlen: 20
78.156.80.0/21 maxlen: 21
80.80.0.0/19 maxlen: 19
80.169.0.0/16 maxlen: 16
80.251.160.0/19 maxlen: 19
82.112.192.0/19 maxlen: 19
84.14.0.0/16 maxlen: 16
84.14.63.0/24 maxlen: 24
84.14.217.0/24 maxlen: 24
84.16.160.0/19 maxlen: 19
85.88.128.0/19 maxlen: 19
87.241.0.0/18 maxlen: 18
118.67.224.0/19 maxlen: 19
136.225.0.0/16 maxlen: 16
157.120.224.0/21 maxlen: 21
157.120.236.0/22 maxlen: 22
157.120.240.0/20 maxlen: 20
193.82.32.0/19 maxlen: 19
193.93.80.0/22 maxlen: 22
193.114.160.0/19 maxlen: 19
193.118.160.0/19 maxlen: 19
193.118.224.0/19 maxlen: 19
193.188.132.0/23 maxlen: 23
194.223.128.0/21 maxlen: 21
194.223.136.0/22 maxlen: 22
195.68.0.0/17 maxlen: 17
195.68.74.0/24 maxlen: 24
195.110.64.0/19 maxlen: 19
212.0.96.0/19 maxlen: 19
212.23.224.0/19 maxlen: 19
212.31.224.0/19 maxlen: 19
212.35.96.0/19 maxlen: 19
212.36.128.0/18 maxlen: 18
212.36.144.0/20 maxlen: 20
212.36.160.0/20 maxlen: 20
212.36.184.0/21 maxlen: 21
212.74.64.0/19 maxlen: 19
212.74.64.0/24 maxlen: 24
212.74.77.0/24 maxlen: 24
212.74.78.0/24 maxlen: 24
212.74.79.0/24 maxlen: 24
212.78.160.0/19 maxlen: 19
212.121.128.0/19 maxlen: 19
212.123.192.0/18 maxlen: 18
212.161.0.0/17 maxlen: 17
212.203.64.0/18 maxlen: 18
213.27.128.0/17 maxlen: 17
213.41.0.0/17 maxlen: 17
213.61.0.0/16 maxlen: 16
213.86.0.0/16 maxlen: 16
213.164.0.0/19 maxlen: 19
213.173.160.0/19 maxlen: 19
213.185.160.0/19 maxlen: 19
213.208.192.0/18 maxlen: 18
213.215.128.0/17 maxlen: 17
213.229.128.0/18 maxlen: 18
213.246.192.0/18 maxlen: 18
217.110.0.0/15 maxlen: 15
217.173.96.0/20 maxlen: 20
2001:920::/29 maxlen: 29
2001:920::/32 maxlen: 32
2001:921::/32 maxlen: 32
2001:924::/32 maxlen: 32
2001:925::/32 maxlen: 32
2001:926::/32 maxlen: 32
2001:926:40::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 03:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:e2:ff:65:dc:06:de:25:11:a9:0f:ba:6e:f2:3d:d0:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Validity
Not Before: Oct 31 14:34:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b27d3059ece216f011ba1c79569450723ab6839d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:1d:3c:57:47:5d:0a:0d:a8:d2:a0:90:84:5c:
92:4f:6a:cd:b0:9d:8c:66:05:17:3c:d3:76:f0:0b:
77:0e:33:a1:9a:a1:1c:09:d4:e4:ca:be:ec:83:17:
ca:78:0f:d7:c5:f1:92:8b:c0:68:91:55:64:09:61:
ad:1f:94:2a:b9:3d:7e:12:c1:df:fa:ff:a9:35:3d:
91:3d:a5:0d:85:ff:0f:9d:43:4d:46:2e:9f:78:cb:
ee:bb:95:45:da:0f:a3:f7:0b:0d:44:96:a1:2b:b2:
59:39:65:f0:4e:ae:b3:ba:85:c3:d1:e8:f6:d1:64:
52:a8:3c:a0:af:f4:b9:a7:1e:06:4a:d3:5d:41:43:
37:1c:94:88:e1:7f:20:1d:c0:b3:6e:a6:e9:40:41:
59:f2:6e:4c:fe:11:b0:21:28:43:52:7a:f9:5b:9d:
d2:02:f7:f2:a3:ef:cf:ca:63:a5:3e:50:95:77:ad:
77:45:33:a3:be:a5:59:07:ef:58:1b:8e:48:90:d3:
85:9e:62:eb:ae:87:d1:39:d7:42:f9:fa:da:8c:08:
f6:b6:19:f1:41:7e:ec:e4:11:65:fc:d7:0a:ae:61:
25:bd:9c:23:6f:8a:bc:5b:de:9c:10:4b:b5:d6:e0:
02:47:ab:31:83:33:25:0a:33:10:36:be:cf:ce:bc:
5d:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:7D:30:59:EC:E2:16:F0:11:BA:1C:79:56:94:50:72:3A:B6:83:9D
X509v3 Authority Key Identifier:
keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/sn0wWeziFvARuhx5VpRQcjq2g50.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.248.128.0/19
57.133.0.0/16
62.23.0.0/16
62.72.96.0/19
62.84.192.0/19
62.96.0.0/16
62.97.64.0/18
62.152.96.0/19
62.192.0.0/19
78.143.0.0/18
78.156.64.0/19
80.80.0.0/19
80.169.0.0/16
80.251.160.0/19
82.112.192.0/19
84.14.0.0/16
84.16.160.0/19
85.88.128.0/19
87.241.0.0/18
118.67.224.0/19
136.225.0.0/16
157.120.224.0/21
157.120.236.0-157.120.255.255
193.82.32.0/19
193.93.80.0/22
193.114.160.0/19
193.118.160.0/19
193.118.224.0/19
193.188.132.0/23
194.223.128.0-194.223.139.255
195.68.0.0/17
195.110.64.0/19
212.0.96.0/19
212.23.224.0/19
212.31.224.0/19
212.35.96.0/19
212.36.128.0/18
212.74.64.0/19
212.78.160.0/19
212.121.128.0/19
212.123.192.0/18
212.161.0.0/17
212.203.64.0/18
213.27.128.0/17
213.41.0.0/17
213.61.0.0/16
213.86.0.0/16
213.164.0.0/19
213.173.160.0/19
213.185.160.0/19
213.208.192.0/18
213.215.128.0/17
213.229.128.0/18
213.246.192.0/18
217.110.0.0/15
217.173.96.0/20
IPv6:
2001:920::/29
Signature Algorithm: sha256WithRSAEncryption
4f:39:6e:5d:9e:1c:ca:8b:c1:64:ea:aa:65:2a:b1:7c:da:71:
0c:64:82:af:9a:fa:c6:c8:b5:a9:8c:f5:5e:99:0a:13:29:72:
e2:27:12:b2:5a:31:8a:bf:65:73:10:4d:96:80:88:0d:a4:4f:
39:fd:c8:95:52:d7:1d:3b:3a:86:38:7d:81:0a:41:3a:89:10:
75:af:10:de:39:76:56:09:88:d6:0a:c1:ec:c5:76:93:11:1d:
71:43:f5:ca:0d:27:e9:14:0e:7a:d6:89:9b:4d:a8:c7:d7:b2:
ac:75:a1:ca:b6:c9:7e:c2:6c:23:89:1b:23:4b:b7:03:fa:6b:
4a:b7:df:e1:5a:66:be:8b:b1:3d:fd:e8:04:fd:8d:38:65:c7:
9c:77:38:44:fd:14:a8:d2:6e:d0:57:8b:6c:4c:89:a0:7e:c7:
3d:9c:8b:64:a9:bc:96:6f:e1:a8:5f:61:de:30:2b:19:2e:61:
50:55:6a:b9:4e:8a:b9:d2:f6:71:e7:ef:7d:7e:ae:86:23:4c:
d4:82:3e:c7:9a:42:09:cb:3f:f1:1e:9a:bc:dc:ac:10:ba:96:
df:12:83:35:55:e7:04:64:c1:b7:69:e0:48:fb:ba:49:c7:e1:
cb:1c:f1:18:a1:cf:98:d5:17:52:91:fa:8f:2f:bf:aa:f8:a2:
78:3c:d9:8b
-----BEGIN CERTIFICATE-----
MIIGZjCCBU6gAwIBAgISAZLi/2XcBt4lEakPum7yPdBNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQxMDMxMTQzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjdkMzA1OWVjZTIxNmYwMTFiYTFjNzk1Njk0NTA3MjNhYjY4MzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph08V0ddCg2o0qCQhFyST2rNsJ2M
ZgUXPNN28At3DjOhmqEcCdTkyr7sgxfKeA/XxfGSi8BokVVkCWGtH5QquT1+EsHf
+v+pNT2RPaUNhf8PnUNNRi6feMvuu5VF2g+j9wsNRJahK7JZOWXwTq6zuoXD0ej2
0WRSqDygr/S5px4GStNdQUM3HJSI4X8gHcCzbqbpQEFZ8m5M/hGwIShDUnr5W53S
Avfyo+/PymOlPlCVd613RTOjvqVZB+9YG45IkNOFnmLrrofROddC+frajAj2thnx
QX7s5BFl/NcKrmElvZwjb4q8W96cEEu11uACR6sxgzMlCjMQNr7PzrxdFQIDAQAB
o4IDcjCCA24wHQYDVR0OBBYEFLJ9MFns4hbwEboceVaUUHI6toOdMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvc24wd1dlemlGdkFSdWh4NVZwUlFjanEyZzUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBhgYIKwYBBQUHAQcBAf8EggF1MIIBcTCCAV4EAgABMIIB
VgMEBS74gAMDADmFAwMAPhcDBAU+SGADBAU+VMADAwA+YAMEBj5hQAMEBT6YYAME
BT7AAAMEBk6PAAMEBU6cQAMEBVBQAAMDAFCpAwQFUPugAwQFUnDAAwMAVA4DBAVU
EKADBAVVWIADBAZX8QADBAV2Q+ADAwCI4QMEA5144DALAwQCnXjsAwMAnXgDBAXB
UiADBALBXVADBAXBcqADBAXBdqADBAXBduADBAHBvIQwDAMEB8LfgAMEAsLfiAME
B8NEAAMEBcNuQAMEBdQAYAMEBdQX4AMEBdQf4AMEBdQjYAMEBtQkgAMEBdRKQAME
BdROoAMEBdR5gAMEBtR7wAMEB9ShAAMEBtTLQAMEB9UbgAMEB9UpAAMDANU9AwMA
1VYDBAXVpAADBAXVraADBAXVuaADBAbV0MADBAfV14ADBAbV5YADBAbV9sADAwHZ
bgMEBNmtYDANBAIAAjAHAwUDIAEJIDANBgkqhkiG9w0BAQsFAAOCAQEATzluXZ4c
yovBZOqqZSqxfNpxDGSCr5r6xsi1qYz1XpkKEyly4icSsloxir9lcxBNloCIDaRP
Of3IlVLXHTs6hjh9gQpBOokQda8Q3jl2VgmI1grB7MV2kxEdcUP1yg0n6RQOetaJ
m02ox9eyrHWhyrbJfsJsI4kbI0u3A/prSrff4VpmvouxPf3oBP2NOGXHnHc4RP0U
qNJu0FeLbEyJoH7HPZyLZKm8lm/hqF9h3jArGS5hUFVquU6KudL2cefvfX6uhiNM
1II+x5pCCcs/8R6avNysELqW3xKDNVXnBGTBt2ngSPu6ScfhyxzxGKHPmNUXUpH6
jy+/qviieDzZiw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:21:13 2024 by rpki-client on console-ams.rpki-client.org