Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/KNBkNlaJuSqaJjuMECrJGYVdBIQ.roa
File: KNBkNlaJuSqaJjuMECrJGYVdBIQ.roa (raw, json)
Hash identifier: 0W7H31aHUh1Vr9pbSrp4wtg6VlrLcLXVKWnwxkx5zKc=
Subject key identifier: 28:D0:64:36:56:89:B9:2A:9A:26:3B:8C:10:2A:C9:19:85:5D:04:84
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 018EF67F5DA67B252C40DB656E559D3E904A
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/KNBkNlaJuSqaJjuMECrJGYVdBIQ.roa
Signing time: Fri 19 Apr 2024 13:15:25 +0000
ROA not before: Fri 19 Apr 2024 13:15:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9009
IP address blocks: 31.131.12.0/22 maxlen: 22
31.133.192.0/24 maxlen: 24
31.133.193.0/24 maxlen: 24
31.133.194.0/24 maxlen: 24
31.133.195.0/24 maxlen: 24
31.133.196.0/23 maxlen: 23
31.133.198.0/24 maxlen: 24
31.133.199.0/24 maxlen: 24
31.135.1.0/24 maxlen: 24
31.135.7.0/24 maxlen: 24
37.97.122.0/23 maxlen: 23
64.43.66.0/23 maxlen: 23
64.43.68.0/22 maxlen: 22
64.43.80.0/21 maxlen: 21
64.43.88.0/22 maxlen: 22
77.36.8.0/21 maxlen: 21
77.36.28.0/23 maxlen: 23
77.36.30.0/24 maxlen: 24
77.36.32.0/22 maxlen: 22
77.36.36.0/23 maxlen: 23
77.36.38.0/23 maxlen: 23
77.36.40.0/21 maxlen: 21
77.36.48.0/22 maxlen: 22
77.36.52.0/23 maxlen: 23
77.36.80.0/21 maxlen: 21
77.36.88.0/24 maxlen: 24
77.36.89.0/24 maxlen: 24
77.36.90.0/23 maxlen: 23
77.36.92.0/22 maxlen: 22
77.36.96.0/20 maxlen: 20
77.232.192.0/23 maxlen: 24
77.232.194.0/23 maxlen: 23
77.232.196.0/22 maxlen: 22
77.232.200.0/22 maxlen: 22
77.232.204.0/22 maxlen: 22
77.232.208.0/21 maxlen: 21
77.232.220.0/22 maxlen: 22
81.161.12.0/22 maxlen: 22
85.204.196.0/23 maxlen: 24
86.104.132.0/23 maxlen: 24
89.34.74.0/23 maxlen: 24
89.42.232.0/23 maxlen: 24
89.44.100.0/23 maxlen: 24
89.45.92.0/23 maxlen: 24
89.46.112.0/23 maxlen: 24
91.225.34.0/24 maxlen: 24
91.225.35.0/24 maxlen: 24
91.229.16.0/23 maxlen: 23
91.229.31.0/24 maxlen: 24
91.229.156.0/23 maxlen: 23
91.229.158.0/24 maxlen: 24
91.229.159.0/24 maxlen: 24
91.231.223.0/24 maxlen: 24
91.231.224.0/23 maxlen: 23
91.231.226.0/24 maxlen: 24
91.232.16.0/23 maxlen: 23
91.233.2.0/23 maxlen: 23
91.233.202.0/23 maxlen: 23
91.234.150.0/23 maxlen: 23
91.234.220.0/23 maxlen: 23
91.234.222.0/23 maxlen: 23
91.235.166.0/24 maxlen: 24
91.235.167.0/24 maxlen: 24
91.237.194.0/23 maxlen: 23
91.239.0.0/22 maxlen: 22
91.239.178.0/24 maxlen: 24
91.240.156.0/22 maxlen: 22
91.245.176.0/21 maxlen: 21
91.246.188.0/22 maxlen: 22
91.246.196.0/22 maxlen: 22
93.120.27.0/24 maxlen: 24
93.120.28.0/23 maxlen: 23
93.120.30.0/24 maxlen: 24
93.120.33.0/24 maxlen: 24
93.120.48.0/20 maxlen: 20
93.120.64.0/21 maxlen: 21
93.120.72.0/23 maxlen: 23
93.120.75.0/24 maxlen: 24
93.120.76.0/22 maxlen: 22
93.120.80.0/22 maxlen: 22
93.120.85.0/24 maxlen: 24
93.120.86.0/23 maxlen: 23
93.120.88.0/23 maxlen: 23
93.120.90.0/24 maxlen: 24
93.120.92.0/23 maxlen: 23
93.120.94.0/23 maxlen: 23
93.120.112.0/21 maxlen: 21
93.120.124.0/22 maxlen: 22
171.25.223.0/24 maxlen: 24
176.96.56.0/21 maxlen: 21
176.96.176.0/22 maxlen: 22
176.96.180.0/22 maxlen: 22
176.97.144.0/22 maxlen: 22
176.97.148.0/22 maxlen: 22
176.98.56.0/22 maxlen: 22
176.98.60.0/22 maxlen: 22
176.107.64.0/20 maxlen: 24
176.110.106.0/24 maxlen: 24
176.110.114.0/23 maxlen: 23
176.111.0.0/22 maxlen: 22
176.111.4.0/22 maxlen: 22
176.112.84.0/22 maxlen: 22
176.116.40.0/21 maxlen: 21
176.118.88.0/22 maxlen: 22
176.118.92.0/22 maxlen: 22
176.121.96.0/21 maxlen: 21
176.124.176.0/22 maxlen: 22
176.124.180.0/22 maxlen: 22
178.159.148.0/22 maxlen: 22
178.159.152.0/21 maxlen: 21
185.9.236.0/22 maxlen: 22
185.9.240.0/22 maxlen: 22
185.104.196.0/22 maxlen: 24
188.191.248.0/22 maxlen: 22
188.213.233.0/24 maxlen: 24
193.0.190.0/24 maxlen: 24
193.36.192.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 07 May 2024 11:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:f6:7f:5d:a6:7b:25:2c:40:db:65:6e:55:9d:3e:90:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Apr 19 13:15:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=28d064365689b92a9a263b8c102ac919855d0484
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:6b:82:a7:3e:fd:b4:4e:69:78:52:df:76:7f:
99:07:90:43:71:1b:a2:ed:17:33:73:1a:bc:ce:a5:
38:46:ca:a8:27:10:1c:dd:54:14:5c:59:fb:10:03:
32:43:b5:25:a4:1d:76:f6:ed:28:26:25:01:4a:08:
fa:93:bf:e7:c4:f6:88:b6:a3:ce:56:0b:fb:85:23:
42:7d:87:88:99:e6:21:d4:e8:23:7e:30:2d:58:fd:
b3:22:a9:52:30:05:0f:ef:3c:c9:5f:fa:a0:4b:e5:
f8:7e:b4:52:06:b8:85:2f:18:18:5e:36:60:44:7e:
a9:c8:0a:bd:4a:e9:91:93:4d:86:b2:4c:ec:32:ee:
23:fb:b2:6c:f4:5d:9f:4d:8b:63:f3:07:3c:f0:80:
c0:bb:07:ca:55:f1:8c:4e:c1:f2:36:07:3b:31:59:
89:97:84:be:bd:f3:3d:da:17:08:52:15:27:e1:46:
2c:98:fc:04:f0:f5:df:5b:a8:0c:1d:c0:82:c1:16:
52:c2:1c:ea:ab:9b:5a:2c:43:94:f4:e9:b5:16:7b:
75:77:07:23:fb:a2:0e:0e:54:21:b5:12:10:9a:1a:
af:ce:32:77:06:88:a1:5b:c2:eb:b6:92:90:c9:e7:
d1:79:87:d0:8c:6f:f6:87:b3:c6:d9:11:47:c0:80:
28:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:D0:64:36:56:89:B9:2A:9A:26:3B:8C:10:2A:C9:19:85:5D:04:84
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/KNBkNlaJuSqaJjuMECrJGYVdBIQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.131.12.0/22
31.133.192.0/21
31.135.1.0/24
31.135.7.0/24
37.97.122.0/23
64.43.66.0-64.43.71.255
64.43.80.0-64.43.91.255
77.36.8.0/21
77.36.28.0-77.36.30.255
77.36.32.0-77.36.53.255
77.36.80.0-77.36.111.255
77.232.192.0-77.232.215.255
77.232.220.0/22
81.161.12.0/22
85.204.196.0/23
86.104.132.0/23
89.34.74.0/23
89.42.232.0/23
89.44.100.0/23
89.45.92.0/23
89.46.112.0/23
91.225.34.0/23
91.229.16.0/23
91.229.31.0/24
91.229.156.0/22
91.231.223.0-91.231.226.255
91.232.16.0/23
91.233.2.0/23
91.233.202.0/23
91.234.150.0/23
91.234.220.0/22
91.235.166.0/23
91.237.194.0/23
91.239.0.0/22
91.239.178.0/24
91.240.156.0/22
91.245.176.0/21
91.246.188.0/22
91.246.196.0/22
93.120.27.0-93.120.30.255
93.120.33.0/24
93.120.48.0-93.120.73.255
93.120.75.0-93.120.83.255
93.120.85.0-93.120.90.255
93.120.92.0/22
93.120.112.0/21
93.120.124.0/22
171.25.223.0/24
176.96.56.0/21
176.96.176.0/21
176.97.144.0/21
176.98.56.0/21
176.107.64.0/20
176.110.106.0/24
176.110.114.0/23
176.111.0.0/21
176.112.84.0/22
176.116.40.0/21
176.118.88.0/21
176.121.96.0/21
176.124.176.0/21
178.159.148.0-178.159.159.255
185.9.236.0-185.9.243.255
185.104.196.0/22
188.191.248.0/22
188.213.233.0/24
193.0.190.0/24
193.36.192.0/21
Signature Algorithm: sha256WithRSAEncryption
23:68:c0:14:e9:02:a4:fb:bc:62:f6:54:01:10:71:7c:2f:ed:
62:26:ae:a9:bd:4c:97:05:b2:2b:39:06:2f:81:30:51:2c:64:
de:34:bf:87:8d:57:f6:c1:e8:87:fe:d4:d1:c5:0b:a3:1b:f3:
71:59:48:09:fc:ae:a0:6c:26:0f:53:93:00:ab:97:d5:05:08:
c2:a2:33:c1:45:f6:ec:40:ea:3c:4f:7d:39:a4:99:7e:e0:81:
7e:f9:e2:ff:52:db:2f:f6:b5:c3:c9:eb:75:ec:47:e9:b7:1b:
b2:55:e5:77:69:6a:3c:a5:d4:a4:2e:78:60:78:28:94:c8:2d:
a0:38:22:1b:d2:0f:07:b8:02:86:82:e7:0e:2b:cc:ec:45:1d:
d6:10:0e:5c:eb:14:92:1b:33:ac:18:df:f3:78:ab:b5:0e:2e:
f4:fc:60:51:85:f3:16:84:e1:e5:d5:3d:e4:aa:68:89:b2:15:
e6:9f:7f:d4:4b:31:fe:86:9f:20:08:78:da:96:71:5a:b5:ab:
0e:27:1a:5a:5f:4d:de:c6:6c:66:2a:f5:23:3b:29:a1:cb:5d:
5c:c2:d4:22:76:cb:47:bf:7b:05:31:d7:f8:d6:07:24:5b:37:
47:73:62:00:fd:57:1e:f1:c0:1a:ad:a5:ad:7e:aa:76:4b:cb:
8f:66:f6:77
-----BEGIN CERTIFICATE-----
MIIHATCCBemgAwIBAgISAY72f12meyUsQNtlblWdPpBKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwNDE5MTMxNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQwNjQzNjU2ODliOTJhOWEyNjNiOGMxMDJhYzkxOTg1NWQwNDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWuCpz79tE5peFLfdn+ZB5BDcRui
7Rczcxq8zqU4RsqoJxAc3VQUXFn7EAMyQ7UlpB129u0oJiUBSgj6k7/nxPaItqPO
Vgv7hSNCfYeImeYh1OgjfjAtWP2zIqlSMAUP7zzJX/qgS+X4frRSBriFLxgYXjZg
RH6pyAq9SumRk02GskzsMu4j+7Js9F2fTYtj8wc88IDAuwfKVfGMTsHyNgc7MVmJ
l4S+vfM92hcIUhUn4UYsmPwE8PXfW6gMHcCCwRZSwhzqq5taLEOU9Om1Fnt1dwcj
+6IODlQhtRIQmhqvzjJ3BoihW8LrtpKQyefReYfQjG/2h7PG2RFHwIAoUQIDAQAB
o4IEDTCCBAkwHQYDVR0OBBYEFCjQZDZWibkqmiY7jBAqyRmFXQSEMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvS05Ca05sYUp1U3FhSmp1TUVDckpHWVZkQklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIICIQYIKwYBBQUHAQcBAf8EggIQMIICDDCCAggEAgABMIIC
AAMEAh+DDAMEAx+FwAMEAB+HAQMEAB+HBwMEASVhejAMAwQBQCtCAwQDQCtAMAwD
BARAK1ADBAJAK1gDBANNJAgwDAMEAk0kHAMEAE0kHjAMAwQFTSQgAwQBTSQ0MAwD
BARNJFADBARNJGAwDAMEBk3owAMEA03o0AMEAk3o3AMEAlGhDAMEAVXMxAMEAVZo
hAMEAVkiSgMEAVkq6AMEAVksZAMEAVktXAMEAVkucAMEAVvhIgMEAVvlEAMEAFvl
HwMEAlvlnDAMAwQAW+ffAwQAW+fiAwQBW+gQAwQBW+kCAwQBW+nKAwQBW+qWAwQC
W+rcAwQBW+umAwQBW+3CAwQCW+8AAwQAW++yAwQCW/CcAwQDW/WwAwQCW/a8AwQC
W/bEMAwDBABdeBsDBABdeB4DBABdeCEwDAMEBF14MAMEAV14SDAMAwQAXXhLAwQC
XXhQMAwDBABdeFUDBABdeFoDBAJdeFwDBANdeHADBAJdeHwDBACrGd8DBAOwYDgD
BAOwYLADBAOwYZADBAOwYjgDBASwa0ADBACwbmoDBAGwbnIDBAOwbwADBAKwcFQD
BAOwdCgDBAOwdlgDBAOweWADBAOwfLAwDAMEArKflAMEBbKfgDAMAwQCuQnsAwQC
uQnwAwQCuWjEAwQCvL/4AwQAvNXpAwQAwQC+AwQDwSTAMA0GCSqGSIb3DQEBCwUA
A4IBAQAjaMAU6QKk+7xi9lQBEHF8L+1iJq6pvUyXBbIrOQYvgTBRLGTeNL+HjVf2
weiH/tTRxQujG/NxWUgJ/K6gbCYPU5MAq5fVBQjCojPBRfbsQOo8T305pJl+4IF+
+eL/Utsv9rXDyet17EfptxuyVeV3aWo8pdSkLnhgeCiUyC2gOCIb0g8HuAKGgucO
K8zsRR3WEA5c6xSSGzOsGN/zeKu1Di70/GBRhfMWhOHl1T3kqmiJshXmn3/USzH+
hp8gCHjalnFatasOJxpaX03exmxmKvUjOymhy11cwtQidstHv3sFMdf41gckWzdH
c2IA/Vce8cAaraWtfqp2S8uPZvZ3
-----END CERTIFICATE-----
Generated at Mon May 6 15:10:26 2024 by rpki-client on console-fra.rpki-client.org