Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/cA9mJsPVRNkqyg1LO25OAPbzoOg.roa
File: cA9mJsPVRNkqyg1LO25OAPbzoOg.roa (raw, json)
Hash identifier: /pqwLCQuS9dt0IFys/lIx5/l5sl8A5mq1xp0BL6pBd4=
Subject key identifier: 70:0F:66:26:C3:D5:44:D9:2A:CA:0D:4B:3B:6E:4E:00:F6:F3:A0:E8
Certificate issuer: /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial: 018D2F4696BD2601D58E51890853BC047191
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/cA9mJsPVRNkqyg1LO25OAPbzoOg.roa
Signing time: Mon 22 Jan 2024 03:46:11 +0000
ROA not before: Mon 22 Jan 2024 03:46:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200532
IP address blocks: 31.14.27.0/24 maxlen: 24
89.33.41.0/24 maxlen: 24
89.35.124.0/24 maxlen: 24
89.35.125.0/24 maxlen: 24
89.46.33.0/24 maxlen: 24
185.98.4.0/24 maxlen: 24
185.98.5.0/24 maxlen: 24
185.98.6.0/24 maxlen: 24
185.98.7.0/24 maxlen: 24
185.100.64.0/24 maxlen: 24
185.100.65.0/24 maxlen: 24
185.100.66.0/24 maxlen: 24
185.100.67.0/24 maxlen: 24
185.111.104.0/22 maxlen: 22
185.111.104.0/24 maxlen: 24
185.111.105.0/24 maxlen: 24
185.111.106.0/24 maxlen: 24
185.111.107.0/24 maxlen: 24
185.113.132.0/22 maxlen: 22
185.113.132.0/24 maxlen: 24
185.113.133.0/24 maxlen: 24
185.113.134.0/24 maxlen: 24
185.113.135.0/24 maxlen: 24
185.116.192.0/22 maxlen: 22
185.116.192.0/24 maxlen: 24
185.116.193.0/24 maxlen: 24
185.116.194.0/24 maxlen: 24
185.116.195.0/24 maxlen: 24
185.121.80.0/22 maxlen: 22
185.121.80.0/24 maxlen: 24
185.121.81.0/24 maxlen: 24
185.121.82.0/24 maxlen: 24
185.121.83.0/24 maxlen: 24
185.125.88.0/24 maxlen: 24
185.125.89.0/24 maxlen: 24
185.125.90.0/24 maxlen: 24
185.125.91.0/24 maxlen: 24
185.129.48.0/24 maxlen: 24
185.129.49.0/24 maxlen: 24
185.129.50.0/24 maxlen: 24
185.129.51.0/24 maxlen: 24
188.241.216.0/24 maxlen: 24
188.241.217.0/24 maxlen: 24
2a06:940::/56 maxlen: 56
2a06:942::/48 maxlen: 48
2a06:942:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl
rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.mft
rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 09:00:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:2f:46:96:bd:26:01:d5:8e:51:89:08:53:bc:04:71:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Validity
Not Before: Jan 22 03:46:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=700f6626c3d544d92aca0d4b3b6e4e00f6f3a0e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:67:52:7a:13:63:7e:e1:00:99:a1:5a:bb:2d:
0b:68:68:20:9f:6c:ca:cb:9a:af:6b:6e:60:7a:ad:
c0:5b:71:6b:89:3a:a2:f3:db:15:bc:0c:92:6f:d5:
05:7f:a9:a5:c7:6b:8b:c8:9c:aa:b7:75:8d:bd:82:
c2:45:1c:52:22:ee:ae:94:59:e1:99:63:b4:ca:da:
b5:2d:a4:53:cb:af:e6:c5:48:a4:df:40:57:06:0d:
4f:6f:9b:eb:b7:93:ee:98:07:13:ad:d4:50:dd:e4:
4b:bf:23:af:e8:2f:59:cc:84:4e:16:9d:35:10:5a:
44:cc:f8:a8:a1:87:72:71:37:d0:ed:a6:7c:7a:4a:
4e:cf:58:40:92:fe:da:73:5d:f6:82:65:89:00:b3:
e6:7a:9b:b8:94:13:92:c9:26:dd:48:30:a6:c7:da:
ff:33:6c:33:78:10:ae:b9:0a:81:bd:15:a2:12:bc:
58:e7:b7:5f:4a:ad:65:f9:8f:7b:ee:3b:dd:d8:7d:
c5:69:00:03:23:bb:e8:87:8e:5e:5f:e4:66:29:56:
57:ab:1c:b2:4d:a5:6e:b1:0b:33:82:13:38:4a:33:
03:61:aa:e4:a4:9b:ed:18:6d:0e:77:64:c1:96:89:
45:92:ff:70:f6:5f:02:40:3f:fe:4e:f9:52:d2:41:
42:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:0F:66:26:C3:D5:44:D9:2A:CA:0D:4B:3B:6E:4E:00:F6:F3:A0:E8
X509v3 Authority Key Identifier:
keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/cA9mJsPVRNkqyg1LO25OAPbzoOg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.27.0/24
89.33.41.0/24
89.35.124.0/23
89.46.33.0/24
185.98.4.0/22
185.100.64.0/22
185.111.104.0/22
185.113.132.0/22
185.116.192.0/22
185.121.80.0/22
185.125.88.0/22
185.129.48.0/22
188.241.216.0/23
IPv6:
2a06:940::/56
2a06:942::/48
2a06:942:2::/48
Signature Algorithm: sha256WithRSAEncryption
80:1b:6f:38:95:0c:67:89:e4:10:1a:d7:c9:e6:2a:54:6f:72:
e9:04:dd:62:86:e4:50:e9:03:2f:7b:14:c0:8e:6a:18:b1:88:
48:0a:55:80:36:1d:ca:2f:a6:9e:15:db:14:43:3b:09:02:b0:
22:e1:b4:89:50:ce:3f:a4:2c:9f:5c:65:99:b0:03:ce:fd:16:
15:d0:07:61:6a:a3:47:c4:de:d2:4a:58:fa:b6:62:72:06:4d:
5d:79:20:e9:c0:e1:f5:10:df:ea:81:f0:14:22:4d:2c:d0:bf:
2e:59:1c:b9:ad:03:c2:47:6c:39:fd:a5:e4:c7:af:36:aa:fc:
3e:e5:6c:99:9b:3e:f4:e6:a7:a8:d3:cf:25:7d:8e:09:59:fe:
bf:7f:3d:be:e8:2d:b5:c5:5b:7f:94:98:73:7d:2f:21:dd:e8:
14:2e:2d:a9:e9:15:b5:15:96:5a:58:ec:30:63:3f:e1:fc:f6:
2d:95:9c:f8:a8:d3:1f:b9:4b:7e:d8:b2:d4:7b:83:94:26:87:
9b:86:27:8e:0e:87:17:c9:e9:75:09:92:64:fd:26:9e:90:ed:
14:82:14:ce:c3:07:cc:94:35:d2:c8:77:a4:b7:1e:0c:2f:06:
5e:fc:a2:d4:f8:9d:f1:06:db:02:a5:70:cf:ab:8e:11:6a:63:
64:da:de:b0
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAY0vRpa9JgHVjlGJCFO8BHGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjQwMTIyMDM0NjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDBmNjYyNmMzZDU0NGQ5MmFjYTBkNGIzYjZlNGUwMGY2ZjNhMGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWdSehNjfuEAmaFauy0LaGggn2zK
y5qva25geq3AW3FriTqi89sVvAySb9UFf6mlx2uLyJyqt3WNvYLCRRxSIu6ulFnh
mWO0ytq1LaRTy6/mxUik30BXBg1Pb5vrt5PumAcTrdRQ3eRLvyOv6C9ZzIROFp01
EFpEzPiooYdycTfQ7aZ8ekpOz1hAkv7ac132gmWJALPmepu4lBOSySbdSDCmx9r/
M2wzeBCuuQqBvRWiErxY57dfSq1l+Y977jvd2H3FaQADI7voh45eX+RmKVZXqxyy
TaVusQszghM4SjMDYarkpJvtGG0Od2TBlolFkv9w9l8CQD/+TvlS0kFCjQIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFHAPZibD1UTZKsoNSztuTgD286DoMB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvY0E5bUpzUFZSTmtxeWcxTE8yNU9BUGJ6b09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHowVAQCAAEwTgMEAB8OGwME
AFkhKQMEAVkjfAMEAFkuIQMEArliBAMEArlkQAMEArlvaAMEArlxhAMEArl0wAME
Arl5UAMEArl9WAMEArmBMAMEAbzx2DAiBAIAAjAcAwgAKgYJQAAAAAMHACoGCUIA
AAMHACoGCUIAAjANBgkqhkiG9w0BAQsFAAOCAQEAgBtvOJUMZ4nkEBrXyeYqVG9y
6QTdYobkUOkDL3sUwI5qGLGISApVgDYdyi+mnhXbFEM7CQKwIuG0iVDOP6Qsn1xl
mbADzv0WFdAHYWqjR8Te0kpY+rZicgZNXXkg6cDh9RDf6oHwFCJNLNC/Llkcua0D
wkdsOf2l5MevNqr8PuVsmZs+9OanqNPPJX2OCVn+v389vugttcVbf5SYc30vId3o
FC4tqekVtRWWWljsMGM/4fz2LZWc+KjTH7lLftiy1HuDlCaHm4Ynjg6HF8npdQmS
ZP0mnpDtFIIUzsMHzJQ10sh3pLceDC8GXvyi1Pid8QbbAqVwz6uOEWpjZNresA==
-----END CERTIFICATE-----
Generated at Sat Jun 1 12:40:02 2024 by rpki-client on console-ams.rpki-client.org