Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/F08BbF9tWDGz0ANvp2hVWIkFgko.roa
File: F08BbF9tWDGz0ANvp2hVWIkFgko.roa (raw, json)
Hash identifier: aPRx2OIkVktOj0OJEsjx3m7G5u6Z3d8PPg5+RWaLUIE=
Subject key identifier: 17:4F:01:6C:5F:6D:58:31:B3:D0:03:6F:A7:68:55:58:89:05:82:4A
Certificate issuer: /CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Certificate serial: 0192AF0F6E2FDEE1E21F8FEF640A8B0E28ED
Authority key identifier: 8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/F08BbF9tWDGz0ANvp2hVWIkFgko.roa
Signing time: Mon 21 Oct 2024 12:31:16 +0000
ROA not before: Mon 21 Oct 2024 12:31:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209372
IP address blocks: 158.46.148.0/24 maxlen: 24
158.46.149.0/24 maxlen: 24
158.46.160.0/23 maxlen: 23
158.46.162.0/23 maxlen: 23
158.46.162.0/24 maxlen: 24
158.46.176.0/24 maxlen: 24
158.46.177.0/24 maxlen: 24
158.46.181.0/24 maxlen: 24
158.46.188.0/22 maxlen: 24
158.46.192.0/22 maxlen: 22
158.46.196.0/22 maxlen: 24
158.46.200.0/21 maxlen: 24
158.46.205.0/24 maxlen: 24
158.46.207.0/24 maxlen: 24
158.46.250.0/24 maxlen: 24
158.46.251.0/24 maxlen: 24
178.171.0.0/20 maxlen: 24
178.171.20.0/22 maxlen: 24
178.171.32.0/22 maxlen: 22
178.171.36.0/24 maxlen: 24
178.171.37.0/24 maxlen: 24
178.171.48.0/23 maxlen: 24
178.171.50.0/23 maxlen: 24
178.171.60.0/23 maxlen: 24
178.171.62.0/23 maxlen: 24
178.171.69.0/24 maxlen: 24
178.171.70.0/24 maxlen: 24
178.171.84.0/22 maxlen: 24
178.171.86.0/24 maxlen: 24
178.171.88.0/23 maxlen: 23
178.171.94.0/24 maxlen: 24
178.171.100.0/24 maxlen: 24
178.171.101.0/24 maxlen: 24
178.171.102.0/24 maxlen: 24
178.171.104.0/24 maxlen: 24
178.171.106.0/23 maxlen: 23
178.171.110.0/23 maxlen: 24
178.171.119.0/24 maxlen: 24
178.171.123.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl
rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.mft
rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 09:00:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:af:0f:6e:2f:de:e1:e2:1f:8f:ef:64:0a:8b:0e:28:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Validity
Not Before: Oct 21 12:31:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=174f016c5f6d5831b3d0036fa76855588905824a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:98:58:99:b7:3b:f0:65:10:3e:aa:f7:ab:c0:
49:b3:d3:a2:f3:b4:fe:86:0c:d9:f5:cb:ac:91:22:
16:0d:9c:4e:fd:fe:f2:7e:7d:ee:7b:59:97:bb:5d:
76:f1:e9:f8:1f:2c:4f:c1:ef:5b:c8:90:30:d6:23:
f1:c1:23:b5:0d:19:a4:76:82:04:81:b9:12:20:22:
77:91:f7:a1:5f:63:08:0f:75:f7:c3:ec:60:02:bd:
40:e5:73:f4:f0:b2:4d:2b:03:25:d1:a2:11:30:56:
b7:01:23:bd:3c:a2:f5:10:2f:d7:7d:a7:3e:f6:8b:
71:3e:da:1d:c7:11:6e:0f:1d:57:78:8a:cf:87:77:
97:d6:33:c2:f5:82:bc:e8:0e:f2:a8:80:a2:63:27:
0e:18:d8:51:82:5f:9a:7d:1e:3e:4d:d6:a3:05:eb:
a2:6e:28:ab:37:97:d9:1e:6a:b3:d2:79:58:01:73:
5f:be:54:a8:c7:5c:f7:94:99:87:e0:d5:6b:cd:93:
58:76:78:76:2e:54:ae:d5:44:52:35:3e:cb:c9:d5:
35:a9:d9:d5:5b:ef:c1:3c:81:0e:78:5b:76:9a:45:
d3:ee:1b:ca:07:7d:a0:ad:ac:1b:6b:64:90:8b:d3:
6f:b6:fc:36:c8:39:b1:80:27:17:3d:7e:37:54:e1:
e0:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:4F:01:6C:5F:6D:58:31:B3:D0:03:6F:A7:68:55:58:89:05:82:4A
X509v3 Authority Key Identifier:
keyid:8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/F08BbF9tWDGz0ANvp2hVWIkFgko.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.46.148.0/23
158.46.160.0/22
158.46.176.0/23
158.46.181.0/24
158.46.188.0-158.46.207.255
158.46.250.0/23
178.171.0.0/20
178.171.20.0/22
178.171.32.0-178.171.37.255
178.171.48.0/22
178.171.60.0/22
178.171.69.0-178.171.70.255
178.171.84.0-178.171.89.255
178.171.94.0/24
178.171.100.0-178.171.102.255
178.171.104.0/24
178.171.106.0/23
178.171.110.0/23
178.171.119.0/24
178.171.123.0/24
Signature Algorithm: sha256WithRSAEncryption
70:b9:a0:3d:79:63:b2:fd:df:3d:3f:69:02:1b:f4:0c:e0:a0:
5d:cb:2d:70:f7:88:d7:92:9b:43:f9:15:06:ac:70:2e:c9:f2:
ec:45:14:99:d0:80:18:8c:8f:59:ab:8e:c2:0a:e4:61:96:ba:
48:85:d8:89:33:fd:03:c8:94:26:28:6e:31:21:dd:3d:97:f9:
bc:e0:01:42:0a:6a:2d:eb:f8:78:b9:62:49:95:0a:13:4f:a5:
e6:c3:ca:10:85:08:86:6d:52:12:87:2e:3f:91:51:ec:61:95:
77:62:26:b4:f0:21:c7:73:01:7e:32:3d:11:02:ac:07:30:2e:
1e:7a:5d:4d:42:84:0f:4d:a1:85:e6:98:d1:11:1c:0d:46:d1:
36:ff:9b:60:e6:2c:d8:75:65:63:de:9c:17:f7:d0:01:f5:9d:
70:31:dd:e8:90:5a:18:7c:76:cf:52:c9:86:bc:b4:23:84:95:
af:d8:fc:51:56:a3:24:a9:fa:42:ba:cf:8f:3b:f1:7a:35:17:
71:90:9e:08:29:c5:78:5f:50:b2:45:f7:7b:af:e0:fc:cf:80:
2b:00:20:1b:2e:69:c2:ff:b5:8c:a8:db:4c:8b:03:a7:22:05:
3c:a7:57:b1:7a:4d:68:64:0a:42:5a:67:e7:82:95:d2:85:63:
54:0e:31:48
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAZKvD24v3uHiH4/vZAqLDijtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMTFjYjAxNWRmOWJhYWI2MTIyOGRiYmNlMTdkZDRlMDBl
NjNjMTMwHhcNMjQxMDIxMTIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzRmMDE2YzVmNmQ1ODMxYjNkMDAzNmZhNzY4NTU1ODg5MDU4MjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2phYmbc78GUQPqr3q8BJs9Oi87T+
hgzZ9cuskSIWDZxO/f7yfn3ue1mXu1128en4HyxPwe9byJAw1iPxwSO1DRmkdoIE
gbkSICJ3kfehX2MID3X3w+xgAr1A5XP08LJNKwMl0aIRMFa3ASO9PKL1EC/Xfac+
9otxPtodxxFuDx1XeIrPh3eX1jPC9YK86A7yqICiYycOGNhRgl+afR4+TdajBeui
biirN5fZHmqz0nlYAXNfvlSox1z3lJmH4NVrzZNYdnh2LlSu1URSNT7LydU1qdnV
W+/BPIEOeFt2mkXT7hvKB32grawba2SQi9Nvtvw2yDmxgCcXPX43VOHgywIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFBdPAWxfbVgxs9ADb6doVViJBYJKMB8GA1UdIwQY
MBaAFI0RywFd+bqrYSKNu84X3U4A5jwTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEt
YmE3NzFmZmQyNjljLzEvRjA4QmJGOXRXREd6MEFOdnAyaFZXSWtGZ2tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEtYmE3NzFmZmQyNjlj
LzEvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBpwQCAAEwgaADBAGe
LpQDBAKeLqADBAGeLrADBACeLrUwDAMEAp4uvAMEBJ4uwAMEAZ4u+gMEBLKrAAME
ArKrFDAMAwQFsqsgAwQBsqskAwQCsqswAwQCsqs8MAwDBACyq0UDBACyq0YwDAME
ArKrVAMEAbKrWAMEALKrXjAMAwQCsqtkAwQAsqtmAwQAsqtoAwQBsqtqAwQBsqtu
AwQAsqt3AwQAsqt7MA0GCSqGSIb3DQEBCwUAA4IBAQBwuaA9eWOy/d89P2kCG/QM
4KBdyy1w94jXkptD+RUGrHAuyfLsRRSZ0IAYjI9Zq47CCuRhlrpIhdiJM/0DyJQm
KG4xId09l/m84AFCCmot6/h4uWJJlQoTT6Xmw8oQhQiGbVIShy4/kVHsYZV3Yia0
8CHHcwF+Mj0RAqwHMC4eel1NQoQPTaGF5pjRERwNRtE2/5tg5izYdWVj3pwX99AB
9Z1wMd3okFoYfHbPUsmGvLQjhJWv2PxRVqMkqfpCus+PO/F6NRdxkJ4IKcV4X1Cy
Rfd7r+D8z4ArACAbLmnC/7WMqNtMiwOnIgU8p1exek1oZApCWmfngpXShWNUDjFI
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:08:08 2024 by rpki-client on console-fra.rpki-client.org