Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/3O-QZJi0THRKIQ3jLHRABo4DZus.roa
File: 3O-QZJi0THRKIQ3jLHRABo4DZus.roa (raw, json)
Hash identifier: mUvpfbNrdq4qXYtLo/ZcpGL5HSsk2JlNkdXHaiiPxKI=
Subject key identifier: DC:EF:90:64:98:B4:4C:74:4A:21:0D:E3:2C:74:40:06:8E:03:66:EB
Certificate issuer: /CN=1074db96402ff5cf187564560ea8f13eeeb5ffeb
Certificate serial: 018CD8ADA63C2F699A183D981746628B396A
Authority key identifier: 10:74:DB:96:40:2F:F5:CF:18:75:64:56:0E:A8:F1:3E:EE:B5:FF:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/3O-QZJi0THRKIQ3jLHRABo4DZus.roa
Signing time: Fri 05 Jan 2024 08:11:48 +0000
ROA not before: Fri 05 Jan 2024 08:11:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8685
IP address blocks: 212.2.192.0/19 maxlen: 24
212.2.192.0/21 maxlen: 21
212.2.192.0/24 maxlen: 24
212.2.194.0/24 maxlen: 24
212.2.193.0/24 maxlen: 24
212.2.199.0/24 maxlen: 24
212.2.198.0/24 maxlen: 24
212.2.197.0/24 maxlen: 24
212.2.196.0/24 maxlen: 24
212.2.195.0/24 maxlen: 24
212.2.206.0/24 maxlen: 24
212.2.204.0/22 maxlen: 22
212.2.205.0/24 maxlen: 24
212.2.204.0/23 maxlen: 23
212.2.204.0/24 maxlen: 24
212.2.213.0/24 maxlen: 24
212.2.212.0/24 maxlen: 24
212.2.212.0/23 maxlen: 23
212.2.211.0/24 maxlen: 24
212.2.210.0/24 maxlen: 24
212.2.209.0/24 maxlen: 24
212.2.208.0/24 maxlen: 24
212.2.216.0/21 maxlen: 21
212.2.217.0/24 maxlen: 24
212.2.216.0/24 maxlen: 24
212.2.215.0/24 maxlen: 24
212.2.222.0/24 maxlen: 24
82.151.131.0/24 maxlen: 24
82.151.128.0/19 maxlen: 24
82.151.128.0/20 maxlen: 20
82.151.132.0/24 maxlen: 24
82.151.138.0/24 maxlen: 24
82.151.134.0/24 maxlen: 24
82.151.133.0/24 maxlen: 24
82.151.144.0/20 maxlen: 20
82.151.144.0/24 maxlen: 24
82.151.143.0/24 maxlen: 24
82.151.142.0/24 maxlen: 24
82.151.140.0/24 maxlen: 24
185.58.244.0/22 maxlen: 24
94.102.64.0/20 maxlen: 24
94.102.64.0/21 maxlen: 21
94.102.70.0/23 maxlen: 24
94.102.72.0/21 maxlen: 24
94.102.76.0/24 maxlen: 24
212.58.31.0/24 maxlen: 24
212.58.28.0/24 maxlen: 24
81.21.174.0/24 maxlen: 24
81.21.166.0/24 maxlen: 24
81.21.164.0/22 maxlen: 22
81.21.161.0/24 maxlen: 24
81.21.160.0/20 maxlen: 24
81.21.160.0/21 maxlen: 21
81.21.170.0/23 maxlen: 23
81.21.170.0/24 maxlen: 24
81.21.169.0/24 maxlen: 24
81.21.168.0/21 maxlen: 24
81.21.167.0/24 maxlen: 24
82.151.154.0/23 maxlen: 24
212.58.0.0/19 maxlen: 24
212.58.0.0/24 maxlen: 24
212.58.0.0/21 maxlen: 21
212.58.8.0/21 maxlen: 24
212.58.16.0/24 maxlen: 24
212.58.16.0/21 maxlen: 24
212.58.13.0/24 maxlen: 24
212.58.24.0/21 maxlen: 24
212.58.18.0/24 maxlen: 24
213.155.96.0/19 maxlen: 19
213.155.96.0/21 maxlen: 21
213.155.104.0/21 maxlen: 24
213.155.103.0/24 maxlen: 24
213.155.99.0/24 maxlen: 24
213.155.112.0/21 maxlen: 24
213.155.124.0/22 maxlen: 24
213.155.122.0/23 maxlen: 24
213.155.121.0/24 maxlen: 24
213.155.120.0/23 maxlen: 24
2a02:480::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.mft
rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Jun 2024 04:00:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:d8:ad:a6:3c:2f:69:9a:18:3d:98:17:46:62:8b:39:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1074db96402ff5cf187564560ea8f13eeeb5ffeb
Validity
Not Before: Jan 5 08:11:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dcef906498b44c744a210de32c7440068e0366eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:3e:bc:cd:a9:e7:50:5f:36:71:dd:38:a6:61:
91:a6:fe:c4:22:f2:b8:c4:12:16:2a:c4:df:3b:17:
c7:58:16:bf:78:04:8a:f5:5e:8a:4a:40:7b:34:0d:
be:68:c2:33:ba:5b:50:cf:d7:a4:91:ac:29:e0:ff:
2b:56:24:e9:57:bf:6f:36:47:d0:9e:c3:05:f8:08:
8d:43:94:bc:fa:a2:e1:c5:3b:25:78:cd:5e:81:0e:
8c:18:d5:06:86:d2:c3:0b:f1:ab:b0:93:f0:b6:ed:
d4:11:fd:5b:f2:ee:1b:bd:79:15:24:f8:3d:7e:72:
d2:4c:fc:8a:3f:e2:20:d7:5d:92:5a:17:36:b1:90:
2d:67:1c:46:83:66:a6:a5:c4:eb:52:a7:50:3c:18:
d3:6c:80:e4:9f:67:18:34:b6:f4:ac:fa:0f:b3:47:
35:e9:4b:51:52:3a:1e:25:98:6c:5e:71:03:b7:64:
88:41:57:d2:5e:de:48:d3:20:11:5d:b8:8a:9f:8d:
bd:0a:da:bd:5c:60:de:5c:12:f9:3a:c0:13:6b:94:
23:7b:54:b7:a3:dc:f8:22:33:53:75:6f:ed:18:61:
ac:78:7b:cc:b1:77:47:85:9d:a5:85:65:f6:1b:15:
14:79:68:e4:59:9e:cb:f6:0c:1a:0c:4b:71:80:8a:
b4:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:EF:90:64:98:B4:4C:74:4A:21:0D:E3:2C:74:40:06:8E:03:66:EB
X509v3 Authority Key Identifier:
keyid:10:74:DB:96:40:2F:F5:CF:18:75:64:56:0E:A8:F1:3E:EE:B5:FF:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHTblkAv9c8YdWRWDqjxPu61_-s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/3O-QZJi0THRKIQ3jLHRABo4DZus.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/1e1d69-0bfd-40af-88b1-ab40b58a2892/1/EHTblkAv9c8YdWRWDqjxPu61_-s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.160.0/20
82.151.128.0/19
94.102.64.0/20
185.58.244.0/22
212.2.192.0/19
212.58.0.0/19
213.155.96.0/19
IPv6:
2a02:480::/32
Signature Algorithm: sha256WithRSAEncryption
65:da:1e:d5:84:20:52:f6:ac:c7:41:9d:a3:c1:c6:61:c6:a8:
52:24:8a:4e:05:21:c5:85:f1:bb:d7:ad:19:24:b2:c7:ce:65:
02:ee:68:ab:e6:fe:c4:fd:76:7a:31:d3:6e:b3:bb:70:44:aa:
42:a1:00:61:88:bc:29:86:9b:9a:87:8d:96:de:6c:1e:9e:4e:
ff:1e:2a:3c:a8:b3:f4:5f:56:e1:b7:1f:da:3b:97:d5:41:4a:
2e:50:ea:64:79:04:93:c4:86:1a:66:2a:aa:4c:53:e1:93:50:
30:af:73:6b:50:65:16:12:85:9f:3d:74:23:67:ee:db:c9:fc:
55:2a:91:b6:0a:85:b9:5d:68:fb:0b:a5:b4:76:c1:94:3a:78:
11:dd:2e:4b:ec:e3:81:74:5e:a4:c9:9b:3c:51:0f:ec:06:98:
90:48:97:cc:d7:f2:50:a3:6e:1e:fc:4e:ff:f7:22:7f:6b:9b:
d2:c6:ef:42:2f:22:a8:05:da:06:c1:d0:1c:3b:3d:7f:82:d5:
ed:49:22:e7:20:3f:4f:13:cd:99:9c:cf:b6:6f:1d:b3:37:66:
43:2a:18:1d:4c:9d:06:50:7d:ff:b0:81:3f:20:fb:b7:1f:12:
77:ed:7d:bf:ba:da:80:f8:a8:9f:8d:72:60:57:61:0a:d6:31:
5f:a5:16:4c
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzYraY8L2maGD2YF0ZiizlqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzRkYjk2NDAyZmY1Y2YxODc1NjQ1NjBlYThmMTNlZWVi
NWZmZWIwHhcNMjQwMTA1MDgxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2VmOTA2NDk4YjQ0Yzc0NGEyMTBkZTMyYzc0NDAwNjhlMDM2NmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnz68zannUF82cd04pmGRpv7EIvK4
xBIWKsTfOxfHWBa/eASK9V6KSkB7NA2+aMIzultQz9ekkawp4P8rViTpV79vNkfQ
nsMF+AiNQ5S8+qLhxTsleM1egQ6MGNUGhtLDC/GrsJPwtu3UEf1b8u4bvXkVJPg9
fnLSTPyKP+Ig112SWhc2sZAtZxxGg2ampcTrUqdQPBjTbIDkn2cYNLb0rPoPs0c1
6UtRUjoeJZhsXnEDt2SIQVfSXt5I0yARXbiKn429Ctq9XGDeXBL5OsATa5Qje1S3
o9z4IjNTdW/tGGGseHvMsXdHhZ2lhWX2GxUUeWjkWZ7L9gwaDEtxgIq0GwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFNzvkGSYtEx0SiEN4yx0QAaOA2brMB8GA1UdIwQY
MBaAFBB025ZAL/XPGHVkVg6o8T7utf/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhUYmxrQXY5YzhZZFdSV0RxanhQdTYxXy1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8xZTFkNjktMGJmZC00MGFmLTg4YjEt
YWI0MGI1OGEyODkyLzEvM08tUVpKaTBUSFJLSVEzakxIUkFCbzREWnVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8xZTFkNjktMGJmZC00MGFmLTg4YjEtYWI0MGI1OGEyODky
LzEvRUhUYmxrQXY5YzhZZFdSV0RxanhQdTYxXy1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEURWgAwQF
UpeAAwQEXmZAAwQCuTr0AwQF1ALAAwQF1DoAAwQF1ZtgMA0EAgACMAcDBQAqAgSA
MA0GCSqGSIb3DQEBCwUAA4IBAQBl2h7VhCBS9qzHQZ2jwcZhxqhSJIpOBSHFhfG7
160ZJLLHzmUC7mir5v7E/XZ6MdNus7twRKpCoQBhiLwphpuah42W3mwenk7/Hio8
qLP0X1bhtx/aO5fVQUouUOpkeQSTxIYaZiqqTFPhk1Awr3NrUGUWEoWfPXQjZ+7b
yfxVKpG2CoW5XWj7C6W0dsGUOngR3S5L7OOBdF6kyZs8UQ/sBpiQSJfM1/JQo24e
/E7/9yJ/a5vSxu9CLyKoBdoGwdAcOz1/gtXtSSLnID9PE82ZnM+2bx2zN2ZDKhgd
TJ0GUH3/sIE/IPu3HxJ37X2/utqA+KifjXJgV2EK1jFfpRZM
-----END CERTIFICATE-----
Generated at Sun Jun 2 06:22:51 2024 by rpki-client on console-ams.rpki-client.org