Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/1-alPqIy6ujVZpPU7jbJYC_SPrvw.roa
File: 1-alPqIy6ujVZpPU7jbJYC_SPrvw.roa (raw, json)
Hash identifier: b6qe6diVUQFn2esS1ic+d6I3U9dCYKGl8FnuJOkTSN4=
Subject key identifier: F9:A9:4F:A8:8C:BA:BA:35:59:A4:F5:3B:8D:B2:58:0B:F4:8F:AE:FC
Certificate issuer: /CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Certificate serial: 018D7DD2607819EB024896FAC11F89CD96EB
Authority key identifier: 8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/1-alPqIy6ujVZpPU7jbJYC_SPrvw.roa
Signing time: Tue 06 Feb 2024 09:49:15 +0000
ROA not before: Tue 06 Feb 2024 09:49:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209372
IP address blocks: 158.46.148.0/24 maxlen: 24
158.46.149.0/24 maxlen: 24
158.46.160.0/23 maxlen: 23
158.46.162.0/23 maxlen: 23
158.46.176.0/24 maxlen: 24
158.46.177.0/24 maxlen: 24
158.46.188.0/22 maxlen: 24
158.46.192.0/22 maxlen: 22
158.46.196.0/22 maxlen: 24
158.46.200.0/21 maxlen: 24
158.46.205.0/24 maxlen: 24
158.46.207.0/24 maxlen: 24
158.46.250.0/24 maxlen: 24
158.46.251.0/24 maxlen: 24
178.171.0.0/20 maxlen: 24
178.171.20.0/22 maxlen: 24
178.171.32.0/22 maxlen: 22
178.171.36.0/24 maxlen: 24
178.171.37.0/24 maxlen: 24
178.171.48.0/23 maxlen: 24
178.171.50.0/23 maxlen: 24
178.171.60.0/23 maxlen: 24
178.171.62.0/23 maxlen: 24
178.171.69.0/24 maxlen: 24
178.171.70.0/24 maxlen: 24
178.171.84.0/22 maxlen: 24
178.171.86.0/24 maxlen: 24
178.171.88.0/23 maxlen: 23
178.171.94.0/24 maxlen: 24
178.171.100.0/24 maxlen: 24
178.171.101.0/24 maxlen: 24
178.171.102.0/24 maxlen: 24
178.171.104.0/24 maxlen: 24
178.171.106.0/23 maxlen: 23
178.171.110.0/23 maxlen: 24
178.171.119.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl
rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.mft
rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 11 May 2024 05:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:7d:d2:60:78:19:eb:02:48:96:fa:c1:1f:89:cd:96:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Validity
Not Before: Feb 6 09:49:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f9a94fa88cbaba3559a4f53b8db2580bf48faefc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:a5:11:7a:1d:be:7f:a9:c4:1b:bb:86:2b:2d:
64:06:0c:c2:43:63:3f:32:b7:b9:11:39:c8:aa:5f:
25:3d:dc:ba:a3:41:5d:b1:56:86:5a:e5:52:0e:65:
91:1d:38:83:49:f9:64:73:99:9d:d8:20:1b:97:a9:
4a:55:09:8b:fb:c8:09:c5:ad:7a:53:06:8d:e5:9e:
f8:84:51:58:69:56:5b:58:b5:c9:41:ff:34:48:31:
41:5f:fd:e4:c9:50:4f:c9:ee:a5:1d:47:0b:0d:04:
28:bf:a9:78:1e:5b:4b:4f:81:82:5e:ea:c1:a2:ee:
54:bd:fb:b7:4f:b5:57:fc:82:7e:5b:c5:1c:0b:45:
3c:ec:02:de:5b:59:24:d0:10:2e:ad:81:3f:1a:5b:
44:50:0b:0a:68:83:48:a7:8e:41:39:12:2e:70:5b:
dd:03:ce:e5:1a:21:9b:2b:6c:11:27:72:74:3a:dc:
59:77:f1:e8:5d:b9:97:42:0f:4a:9e:42:99:c8:2f:
3f:62:8d:d4:e0:49:7c:6d:71:07:c4:05:6a:69:d2:
4d:20:6e:4d:56:6d:76:94:b6:14:e0:75:fe:85:08:
27:10:d7:2a:6a:58:1e:55:9b:a9:d4:14:a8:15:6d:
3c:76:21:2f:56:c4:70:1b:60:87:7b:14:da:37:a6:
94:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:A9:4F:A8:8C:BA:BA:35:59:A4:F5:3B:8D:B2:58:0B:F4:8F:AE:FC
X509v3 Authority Key Identifier:
keyid:8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/1-alPqIy6ujVZpPU7jbJYC_SPrvw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.46.148.0/23
158.46.160.0/22
158.46.176.0/23
158.46.188.0-158.46.207.255
158.46.250.0/23
178.171.0.0/20
178.171.20.0/22
178.171.32.0-178.171.37.255
178.171.48.0/22
178.171.60.0/22
178.171.69.0-178.171.70.255
178.171.84.0-178.171.89.255
178.171.94.0/24
178.171.100.0-178.171.102.255
178.171.104.0/24
178.171.106.0/23
178.171.110.0/23
178.171.119.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:00:ba:fa:c1:c4:b1:9f:b6:a8:4b:a6:03:98:4a:bd:f0:0f:
7c:ed:8f:b9:f1:ba:34:08:4d:e2:d5:34:c1:eb:e5:33:ec:25:
f2:65:cc:87:1a:fd:bd:68:79:fa:c4:d3:8a:f8:35:b0:ea:0e:
9e:1d:ec:1d:90:7b:c3:17:6b:b8:d4:cb:8b:75:cd:e6:44:4d:
c5:f7:97:92:50:b4:95:89:dc:47:06:ff:ed:13:92:5b:c6:dc:
f9:74:ad:ed:2b:8a:75:76:0c:42:6e:39:ed:43:ef:48:c4:b7:
22:29:28:e0:af:48:bc:4f:ad:2f:3c:75:9d:0e:36:0e:c1:16:
fe:4e:06:cc:82:7b:f4:2c:6a:86:70:55:5f:b1:4b:e5:63:1c:
08:83:2f:67:d3:52:b2:cd:94:67:bb:3b:8e:b8:45:f1:59:4c:
3a:de:29:90:58:02:87:3f:94:af:85:c7:f5:57:a9:92:58:6e:
39:42:41:64:5a:9c:e4:77:e9:6f:1c:4a:37:96:c4:f4:0c:0f:
26:6c:07:ba:af:7d:83:cc:ac:df:da:d8:72:ce:7c:4c:79:4f:
37:80:82:77:b8:63:b8:bc:bd:cf:eb:fb:62:7d:76:4b:68:e4:
a8:6e:e7:d0:8b:37:c0:38:91:de:95:a1:27:d6:ff:ce:22:d4:
df:06:cd:7d
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgISAY190mB4GesCSJb6wR+JzZbrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMTFjYjAxNWRmOWJhYWI2MTIyOGRiYmNlMTdkZDRlMDBl
NjNjMTMwHhcNMjQwMjA2MDk0OTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWE5NGZhODhjYmFiYTM1NTlhNGY1M2I4ZGIyNTgwYmY0OGZhZWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9KUReh2+f6nEG7uGKy1kBgzCQ2M/
Mre5ETnIql8lPdy6o0FdsVaGWuVSDmWRHTiDSflkc5md2CAbl6lKVQmL+8gJxa16
UwaN5Z74hFFYaVZbWLXJQf80SDFBX/3kyVBPye6lHUcLDQQov6l4HltLT4GCXurB
ou5Uvfu3T7VX/IJ+W8UcC0U87ALeW1kk0BAurYE/GltEUAsKaINIp45BORIucFvd
A87lGiGbK2wRJ3J0OtxZd/HoXbmXQg9KnkKZyC8/Yo3U4El8bXEHxAVqadJNIG5N
Vm12lLYU4HX+hQgnENcqalgeVZup1BSoFW08diEvVsRwG2CHexTaN6aU3QIDAQAB
o4ICnTCCApkwHQYDVR0OBBYEFPmpT6iMuro1WaT1O42yWAv0j678MB8GA1UdIwQY
MBaAFI0RywFd+bqrYSKNu84X3U4A5jwTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEt
YmE3NzFmZmQyNjljLzEvMS1hbFBxSXk2dWpWWnBQVTdqYkpZQ19TUHJ2dy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDYvNWQ4OTE1LWM0NDgtNDBlNy04Y2FhLWJhNzcxZmZkMjY5
Yy8xL2pSSExBVjM1dXF0aElvMjd6aGZkVGdEbVBCTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBsQYIKwYBBQUHAQcBAf8EgaEwgZ4wgZsEAgABMIGUAwQB
ni6UAwQCni6gAwQBni6wMAwDBAKeLrwDBASeLsADBAGeLvoDBASyqwADBAKyqxQw
DAMEBbKrIAMEAbKrJAMEArKrMAMEArKrPDAMAwQAsqtFAwQAsqtGMAwDBAKyq1QD
BAGyq1gDBACyq14wDAMEArKrZAMEALKrZgMEALKraAMEAbKragMEAbKrbgMEALKr
dzANBgkqhkiG9w0BAQsFAAOCAQEAGwC6+sHEsZ+2qEumA5hKvfAPfO2PufG6NAhN
4tU0wevlM+wl8mXMhxr9vWh5+sTTivg1sOoOnh3sHZB7wxdruNTLi3XN5kRNxfeX
klC0lYncRwb/7ROSW8bc+XSt7SuKdXYMQm457UPvSMS3Iiko4K9IvE+tLzx1nQ42
DsEW/k4GzIJ79CxqhnBVX7FL5WMcCIMvZ9NSss2UZ7s7jrhF8VlMOt4pkFgChz+U
r4XH9VepklhuOUJBZFqc5HfpbxxKN5bE9AwPJmwHuq99g8ys39rYcs58THlPN4CC
d7hjuLy9z+v7Yn12S2jkqG7n0Is3wDiR3pWhJ9b/ziLU3wbNfQ==
-----END CERTIFICATE-----
Generated at Fri May 10 14:51:45 2024 by rpki-client on console-fra.rpki-client.org