Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/b1475d-fcc2-48bb-ae01-c2ba24653f7b/1/OKnU55UnevVxqC3IDgVmYJERU2I.roa
File: OKnU55UnevVxqC3IDgVmYJERU2I.roa (raw, json)
Hash identifier: d04oVzCBkYkPvabKmPezsxnangGJTEVVWZ2DlPtcadg=
Subject key identifier: 38:A9:D4:E7:95:27:7A:F5:71:A8:2D:C8:0E:05:66:60:91:11:53:62
Certificate issuer: /CN=2037512e5355e815acf064603f8ae3f5528a5e3b
Certificate serial: 018CC86F6F862EABA5492CD72ECBDFCBAEA0
Authority key identifier: 20:37:51:2E:53:55:E8:15:AC:F0:64:60:3F:8A:E3:F5:52:8A:5E:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IDdRLlNV6BWs8GRgP4rj9VKKXjs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/46/b1475d-fcc2-48bb-ae01-c2ba24653f7b/1/OKnU55UnevVxqC3IDgVmYJERU2I.roa
Signing time: Tue 02 Jan 2024 04:29:55 +0000
ROA not before: Tue 02 Jan 2024 04:29:55 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60404
IP address blocks: 5.255.96.0/19 maxlen: 19
192.76.163.0/24 maxlen: 24
192.76.160.0/24 maxlen: 24
150.129.8.0/22 maxlen: 22
150.129.8.0/24 maxlen: 24
103.251.164.0/22 maxlen: 22
192.76.150.0/24 maxlen: 24
192.76.153.0/24 maxlen: 24
185.31.172.0/22 maxlen: 22
5.2.64.0/20 maxlen: 20
5.2.67.0/24 maxlen: 24
5.2.70.0/24 maxlen: 24
2a01:6340::/29 maxlen: 29
2a0f:6bc0::/29 maxlen: 29
2a04:52c0:5001::/48 maxlen: 64
2a04:52c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/46/b1475d-fcc2-48bb-ae01-c2ba24653f7b/1/IDdRLlNV6BWs8GRgP4rj9VKKXjs.crl
rsync://rpki.ripe.net/repository/DEFAULT/46/b1475d-fcc2-48bb-ae01-c2ba24653f7b/1/IDdRLlNV6BWs8GRgP4rj9VKKXjs.mft
rsync://rpki.ripe.net/repository/DEFAULT/IDdRLlNV6BWs8GRgP4rj9VKKXjs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 May 2024 04:02:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6f:6f:86:2e:ab:a5:49:2c:d7:2e:cb:df:cb:ae:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2037512e5355e815acf064603f8ae3f5528a5e3b
Validity
Not Before: Jan 2 04:29:55 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=38a9d4e795277af571a82dc80e05666091115362
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:bf:85:35:83:7d:e8:f3:f1:40:66:11:55:90:
83:c2:a8:b5:9d:80:6d:5e:1c:fa:5b:25:61:4d:fd:
ea:aa:c1:bf:39:e9:4c:77:b6:5d:32:10:79:9e:79:
05:00:63:f4:1b:a2:66:86:46:b7:c0:8f:6f:4f:a6:
45:e8:50:29:c2:88:e2:6b:91:fb:e4:5e:63:1e:84:
cb:d0:ea:ba:91:8f:68:68:6e:66:68:17:5e:eb:9f:
d0:90:f2:83:99:b8:7f:a1:53:02:6b:d2:b4:13:c8:
c7:ca:05:59:c5:7f:eb:fd:c0:82:55:97:e3:a2:2a:
12:1b:c4:2b:10:a9:a3:96:e2:ba:56:cf:d7:7e:85:
22:74:95:f9:9b:29:b1:45:2f:f3:55:d3:a0:10:36:
23:ac:78:8d:23:cf:a3:0d:3f:d9:a2:f0:73:18:20:
49:fa:fb:6f:84:2c:c1:93:6a:a3:4c:51:0c:61:9e:
14:45:c8:79:aa:e7:75:69:82:fe:94:ac:83:60:4c:
1e:35:82:d6:cc:69:30:3d:d2:36:89:81:dd:eb:e7:
d9:cb:27:75:8a:9f:11:18:7c:ff:c4:c0:ea:b8:02:
29:03:d4:2c:0e:f0:c7:68:f4:52:71:3d:02:38:6e:
59:2a:13:70:b9:48:e7:50:04:2e:38:89:3e:2b:35:
4a:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:A9:D4:E7:95:27:7A:F5:71:A8:2D:C8:0E:05:66:60:91:11:53:62
X509v3 Authority Key Identifier:
keyid:20:37:51:2E:53:55:E8:15:AC:F0:64:60:3F:8A:E3:F5:52:8A:5E:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IDdRLlNV6BWs8GRgP4rj9VKKXjs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/b1475d-fcc2-48bb-ae01-c2ba24653f7b/1/OKnU55UnevVxqC3IDgVmYJERU2I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/46/b1475d-fcc2-48bb-ae01-c2ba24653f7b/1/IDdRLlNV6BWs8GRgP4rj9VKKXjs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.2.64.0/20
5.255.96.0/19
103.251.164.0/22
150.129.8.0/22
185.31.172.0/22
192.76.150.0/24
192.76.153.0/24
192.76.160.0/24
192.76.163.0/24
IPv6:
2a01:6340::/29
2a04:52c0::/32
2a0f:6bc0::/29
Signature Algorithm: sha256WithRSAEncryption
57:94:40:18:fe:3f:3b:6d:c4:45:b7:ab:bf:ae:4b:60:48:d3:
8f:6b:e6:bf:0f:73:78:22:d7:0e:62:54:16:8e:3c:c8:87:7e:
44:75:4e:77:1c:8b:83:28:a6:f9:9e:10:80:62:59:64:07:cf:
6d:c0:00:2b:cb:5e:5a:a9:3a:5c:a0:85:4a:a8:52:7b:41:bd:
39:50:9e:9f:fc:23:37:6a:46:db:3d:27:1d:9f:44:ba:66:90:
44:c9:c0:7c:2a:b1:bd:15:32:65:84:38:ba:17:9a:f7:20:fa:
ff:9f:66:9c:53:84:4a:ba:73:d0:92:c1:fa:37:cb:25:06:69:
ed:e7:c4:b9:0e:db:c7:bc:56:8d:d5:8c:2d:4e:b8:97:be:17:
71:a2:9a:62:e7:30:5b:cf:85:b6:4c:41:74:76:37:01:05:90:
68:22:38:d2:d1:48:20:2e:70:f1:31:c5:b1:9e:84:02:2f:c8:
cc:93:d0:62:44:e4:a3:42:e9:62:d4:ac:cc:d6:d4:01:5c:46:
d1:95:74:81:c5:26:f0:a6:07:72:9b:fe:2c:9f:4c:e0:3e:8c:
84:57:ff:58:49:5c:e8:b8:e4:29:bb:fe:34:1b:48:95:bf:6e:
85:55:7b:63:36:5c:df:68:ce:61:d4:24:bc:0c:bb:7a:3b:aa:
a6:fc:52:95
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYzIb2+GLqulSSzXLsvfy66gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMzc1MTJlNTM1NWU4MTVhY2YwNjQ2MDNmOGFlM2Y1NTI4
YTVlM2IwHhcNMjQwMTAyMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGE5ZDRlNzk1Mjc3YWY1NzFhODJkYzgwZTA1NjY2MDkxMTE1MzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhb+FNYN96PPxQGYRVZCDwqi1nYBt
Xhz6WyVhTf3qqsG/OelMd7ZdMhB5nnkFAGP0G6Jmhka3wI9vT6ZF6FApwojia5H7
5F5jHoTL0Oq6kY9oaG5maBde65/QkPKDmbh/oVMCa9K0E8jHygVZxX/r/cCCVZfj
oioSG8QrEKmjluK6Vs/XfoUidJX5mymxRS/zVdOgEDYjrHiNI8+jDT/ZovBzGCBJ
+vtvhCzBk2qjTFEMYZ4URch5qud1aYL+lKyDYEweNYLWzGkwPdI2iYHd6+fZyyd1
ip8RGHz/xMDquAIpA9QsDvDHaPRScT0COG5ZKhNwuUjnUAQuOIk+KzVKcwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFDip1OeVJ3r1cagtyA4FZmCREVNiMB8GA1UdIwQY
MBaAFCA3US5TVegVrPBkYD+K4/VSil47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSURkUkxsTlY2QldzOEdSZ1A0cmo5VktLWGpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9iMTQ3NWQtZmNjMi00OGJiLWFlMDEt
YzJiYTI0NjUzZjdiLzEvT0tuVTU1VW5ldlZ4cUMzSURnVm1ZSkVSVTJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9iMTQ3NWQtZmNjMi00OGJiLWFlMDEtYzJiYTI0NjUzZjdi
LzEvSURkUkxsTlY2QldzOEdSZ1A0cmo5VktLWGpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzA8BAIAATA2AwQEBQJAAwQF
Bf9gAwQCZ/ukAwQCloEIAwQCuR+sAwQAwEyWAwQAwEyZAwQAwEygAwQAwEyjMBsE
AgACMBUDBQMqAWNAAwUAKgRSwAMFAyoPa8AwDQYJKoZIhvcNAQELBQADggEBAFeU
QBj+PzttxEW3q7+uS2BI049r5r8Pc3gi1w5iVBaOPMiHfkR1Tncci4MopvmeEIBi
WWQHz23AACvLXlqpOlyghUqoUntBvTlQnp/8IzdqRts9Jx2fRLpmkETJwHwqsb0V
MmWEOLoXmvcg+v+fZpxThEq6c9CSwfo3yyUGae3nxLkO28e8Vo3VjC1OuJe+F3Gi
mmLnMFvPhbZMQXR2NwEFkGgiONLRSCAucPExxbGehAIvyMyT0GJE5KNC6WLUrMzW
1AFcRtGVdIHFJvCmB3Kb/iyfTOA+jIRX/1hJXOi45Cm7/jQbSJW/boVVe2M2XN9o
zmHUJLwMu3o7qqb8UpU=
-----END CERTIFICATE-----
Generated at Sun May 19 06:02:43 2024 by rpki-client on console-fra.rpki-client.org