Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/Onm-XergWSW00C-3gcCEZNsDweA.roa
File: Onm-XergWSW00C-3gcCEZNsDweA.roa (raw, json)
Hash identifier: zfnNVuFJmsOj0sIE39GaMqd7IIZbfMhy//DZUAsyjJs=
Subject key identifier: 3A:79:BE:5D:EA:E0:59:25:B4:D0:2F:B7:81:C0:84:64:DB:03:C1:E0
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 0192344C9CDCE7D49D16EA78B4C11100966A
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/Onm-XergWSW00C-3gcCEZNsDweA.roa
Signing time: Fri 27 Sep 2024 16:24:49 +0000
ROA not before: Fri 27 Sep 2024 16:24:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29632
IP address blocks: 62.205.128.0/19 maxlen: 20
62.205.128.0/20 maxlen: 20
62.205.132.0/24 maxlen: 24
62.205.134.0/24 maxlen: 24
62.205.144.0/20 maxlen: 20
62.205.152.0/24 maxlen: 24
62.205.159.0/24 maxlen: 24
94.131.0.0/23 maxlen: 23
94.131.4.0/24 maxlen: 24
94.131.6.0/24 maxlen: 24
94.131.7.0/24 maxlen: 24
95.164.20.0/24 maxlen: 24
95.164.40.0/22 maxlen: 22
95.164.49.0/24 maxlen: 24
95.164.50.0/24 maxlen: 24
95.164.52.0/22 maxlen: 22
95.164.56.0/22 maxlen: 22
95.164.72.0/22 maxlen: 22
95.164.76.0/24 maxlen: 24
95.164.80.0/22 maxlen: 22
95.164.170.0/23 maxlen: 23
95.164.172.0/22 maxlen: 22
195.214.208.0/21 maxlen: 21
195.214.208.0/22 maxlen: 22
195.214.210.0/24 maxlen: 24
195.214.212.0/22 maxlen: 22
2a01:d0::/32 maxlen: 32
2a01:d0:4::/48 maxlen: 48
2a01:d0:a::/48 maxlen: 48
2a01:d0:28::/48 maxlen: 48
2a01:d0:43::/48 maxlen: 48
2a01:d0:105::/48 maxlen: 48
2a01:d0:303::/48 maxlen: 48
2a01:d0:305::/48 maxlen: 48
2a01:d0:308::/48 maxlen: 48
2a01:d0:317::/48 maxlen: 48
2a01:d0:31d::/48 maxlen: 48
2a01:d0:333::/48 maxlen: 48
2a01:d0:962::/48 maxlen: 48
2a01:d0:1657::/48 maxlen: 48
2a01:d0:7fff::/48 maxlen: 48
2a01:d0:8000::/33 maxlen: 33
2a01:d0:ffff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 03:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:34:4c:9c:dc:e7:d4:9d:16:ea:78:b4:c1:11:00:96:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Sep 27 16:24:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3a79be5deae05925b4d02fb781c08464db03c1e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:56:ce:a4:5c:0b:ad:ba:3d:55:69:f8:8a:7e:
18:fb:e9:25:c7:16:46:92:72:40:e7:19:12:15:58:
65:19:cc:a2:b3:bc:c7:70:79:21:48:c5:d5:b1:af:
18:b3:96:ae:1e:5b:4a:75:ef:40:a3:77:6e:1d:8b:
a2:b2:c6:0a:c4:d2:56:00:c4:9a:5e:d1:f2:a5:d5:
5c:38:53:c0:9c:38:26:88:20:df:91:b6:83:3d:4a:
27:75:6b:3d:9e:d5:d2:ac:f8:60:d8:c3:a3:45:d1:
4a:17:04:af:7e:77:20:de:51:a5:7e:00:9c:8e:08:
9a:18:25:70:68:32:ff:fc:12:ec:b2:e2:9e:ea:fa:
37:79:ed:86:3a:15:c9:10:2d:d9:69:b2:6b:71:b8:
27:17:c9:e7:9a:7f:ec:24:35:04:fb:97:a7:4a:ff:
72:b5:1f:31:2d:c7:d8:d1:8c:ab:f8:1d:38:7a:8d:
6e:9a:ef:b2:2e:91:55:67:db:fe:a0:b4:02:7c:b3:
c0:93:99:19:b3:dd:b0:29:9b:53:20:8f:1c:f7:a8:
46:2f:6d:f6:aa:b0:46:e4:97:74:b1:cf:f5:2b:2c:
d9:3d:51:b4:4a:74:3f:d6:68:fe:21:20:5a:94:fe:
63:92:00:35:71:c0:48:2f:ca:8c:d1:e8:16:69:74:
a5:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:79:BE:5D:EA:E0:59:25:B4:D0:2F:B7:81:C0:84:64:DB:03:C1:E0
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/Onm-XergWSW00C-3gcCEZNsDweA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.205.128.0/19
94.131.0.0/23
94.131.4.0/24
94.131.6.0/23
95.164.20.0/24
95.164.40.0/22
95.164.49.0-95.164.50.255
95.164.52.0-95.164.59.255
95.164.72.0-95.164.76.255
95.164.80.0/22
95.164.170.0-95.164.175.255
195.214.208.0/21
IPv6:
2a01:d0::/32
Signature Algorithm: sha256WithRSAEncryption
25:ce:49:5c:1c:08:98:4d:c8:55:d3:8f:47:b5:db:00:15:e9:
e7:7e:3c:4e:db:fc:c1:85:dd:24:09:69:00:2a:73:44:b4:9f:
69:e1:c1:d6:32:ab:5e:b2:a0:3d:14:6d:6f:c8:00:0d:ba:fa:
3e:66:dc:76:66:80:2f:61:75:0b:28:f5:22:db:95:b6:24:fc:
48:af:a5:81:af:23:db:de:08:c7:67:53:b9:3f:4b:fa:4b:f7:
f9:f3:29:07:b0:13:18:5e:3f:75:ee:e8:4e:50:dc:d9:50:f0:
b9:5b:75:ff:9c:16:30:2e:5a:2a:4f:ec:be:ee:40:aa:6e:58:
1e:fc:69:04:ff:44:a1:6c:c2:12:14:1c:7d:8f:e2:18:6b:1e:
05:f6:2d:e1:f9:42:ad:1b:09:77:f3:1a:6c:d3:10:d1:e3:7f:
3f:3d:cf:ff:32:bb:86:33:42:18:93:26:58:43:09:a5:d1:22:
eb:fb:cd:f1:0f:a3:a9:f7:de:cd:9b:b8:fe:2d:74:74:e8:62:
1b:fc:fd:4c:7d:66:96:c2:04:8b:ae:9d:07:39:6e:2d:c3:b1:
63:48:44:e5:7e:5f:ff:64:8f:92:58:ae:0e:29:bd:9f:c1:f3:
d7:64:36:da:1e:b5:4f:fd:98:94:e5:97:53:08:74:d2:f9:48:
18:79:86:d1
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISAZI0TJzc59SdFup4tMERAJZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwOTI3MTYyNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTc5YmU1ZGVhZTA1OTI1YjRkMDJmYjc4MWMwODQ2NGRiMDNjMWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1bOpFwLrbo9VWn4in4Y++klxxZG
knJA5xkSFVhlGcyis7zHcHkhSMXVsa8Ys5auHltKde9Ao3duHYuissYKxNJWAMSa
XtHypdVcOFPAnDgmiCDfkbaDPUondWs9ntXSrPhg2MOjRdFKFwSvfncg3lGlfgCc
jgiaGCVwaDL//BLssuKe6vo3ee2GOhXJEC3ZabJrcbgnF8nnmn/sJDUE+5enSv9y
tR8xLcfY0Yyr+B04eo1umu+yLpFVZ9v+oLQCfLPAk5kZs92wKZtTII8c96hGL232
qrBG5Jd0sc/1KyzZPVG0SnQ/1mj+ISBalP5jkgA1ccBIL8qM0egWaXSl0QIDAQAB
o4ICfDCCAngwHQYDVR0OBBYEFDp5vl3q4FkltNAvt4HAhGTbA8HgMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvT25tLVhlcmdXU1cwMEMtM2djQ0VaTnNEd2VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGRBggrBgEFBQcBBwEB/wSBgTB/MG4EAgABMGgDBAU+zYAD
BAFegwADBABegwQDBAFegwYDBABfpBQDBAJfpCgwDAMEAF+kMQMEAF+kMjAMAwQC
X6Q0AwQCX6Q4MAwDBANfpEgDBABfpEwDBAJfpFAwDAMEAV+kqgMEBF+koAMEA8PW
0DANBAIAAjAHAwUAKgEA0DANBgkqhkiG9w0BAQsFAAOCAQEAJc5JXBwImE3IVdOP
R7XbABXp5348Ttv8wYXdJAlpACpzRLSfaeHB1jKrXrKgPRRtb8gADbr6PmbcdmaA
L2F1Cyj1ItuVtiT8SK+lga8j294Ix2dTuT9L+kv3+fMpB7ATGF4/de7oTlDc2VDw
uVt1/5wWMC5aKk/svu5Aqm5YHvxpBP9EoWzCEhQcfY/iGGseBfYt4flCrRsJd/Ma
bNMQ0eN/Pz3P/zK7hjNCGJMmWEMJpdEi6/vN8Q+jqffezZu4/i10dOhiG/z9TH1m
lsIEi66dBzluLcOxY0hE5X5f/2SPkliuDim9n8Hz12Q22h61T/2YlOWXUwh00vlI
GHmG0Q==
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:21:25 2024 by rpki-client on console-ams.rpki-client.org