Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/OW5LmdY3DTFpRxN92ge0NvbGoXA.roa
File: OW5LmdY3DTFpRxN92ge0NvbGoXA.roa (raw, json)
Hash identifier: Z1uZbCT++7C8WA0PaKz2PNPTq/J9T+AGaXkIKmSlUBA=
Subject key identifier: 39:6E:4B:99:D6:37:0D:31:69:47:13:7D:DA:07:B4:36:F6:C6:A1:70
Certificate issuer: /CN=5f1fa06d5dbada43de44f4e4b1dc9492bb287c9d
Certificate serial: 018D7E6A59F9970A4EB5BA267790F158CD8E
Authority key identifier: 5F:1F:A0:6D:5D:BA:DA:43:DE:44:F4:E4:B1:DC:94:92:BB:28:7C:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/OW5LmdY3DTFpRxN92ge0NvbGoXA.roa
Signing time: Tue 06 Feb 2024 12:35:15 +0000
ROA not before: Tue 06 Feb 2024 12:35:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34244
IP address blocks: 5.180.0.0/22 maxlen: 22
31.170.24.0/21 maxlen: 21
31.170.26.0/23 maxlen: 23
31.170.28.0/22 maxlen: 22
37.221.104.0/22 maxlen: 22
45.8.152.0/22 maxlen: 22
45.14.4.0/22 maxlen: 22
45.93.232.0/22 maxlen: 22
45.131.188.0/22 maxlen: 22
45.152.172.0/22 maxlen: 22
81.92.196.0/22 maxlen: 22
81.92.220.0/22 maxlen: 22
85.30.128.0/18 maxlen: 18
92.39.32.0/20 maxlen: 20
94.46.136.0/22 maxlen: 22
94.46.240.0/22 maxlen: 22
128.127.184.0/21 maxlen: 21
141.98.236.0/22 maxlen: 22
155.137.24.0/21 maxlen: 21
178.236.64.0/20 maxlen: 24
178.236.65.48/29 maxlen: 29
178.236.72.28/30 maxlen: 30
178.236.72.48/28 maxlen: 28
178.236.72.88/29 maxlen: 29
178.236.73.80/29 maxlen: 29
178.236.73.112/29 maxlen: 29
178.236.73.128/29 maxlen: 29
178.236.73.160/29 maxlen: 29
178.236.73.176/29 maxlen: 29
178.236.73.200/29 maxlen: 29
178.236.73.224/29 maxlen: 29
178.236.74.88/29 maxlen: 29
178.255.112.0/22 maxlen: 22
185.4.8.0/22 maxlen: 22
185.27.96.0/22 maxlen: 22
185.121.44.0/22 maxlen: 22
185.176.28.0/22 maxlen: 22
185.186.32.0/22 maxlen: 22
185.197.224.0/22 maxlen: 22
185.216.152.0/22 maxlen: 22
185.223.236.0/22 maxlen: 22
185.240.208.0/22 maxlen: 22
185.247.236.0/22 maxlen: 22
188.66.48.0/22 maxlen: 22
193.34.202.0/24 maxlen: 24
193.221.93.0/24 maxlen: 24
193.221.120.0/24 maxlen: 24
193.221.123.0/24 maxlen: 24
193.221.219.0/24 maxlen: 24
195.210.52.0/23 maxlen: 23
2a02:80::/29 maxlen: 29
2a02:80::/32 maxlen: 32
2a02:1610::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/Xx-gbV262kPeRPTksdyUkrsofJ0.crl
rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/Xx-gbV262kPeRPTksdyUkrsofJ0.mft
rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 00:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:7e:6a:59:f9:97:0a:4e:b5:ba:26:77:90:f1:58:cd:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f1fa06d5dbada43de44f4e4b1dc9492bb287c9d
Validity
Not Before: Feb 6 12:35:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=396e4b99d6370d316947137dda07b436f6c6a170
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:3f:4b:ce:93:75:26:9b:82:10:64:62:c2:61:
2c:60:63:8d:9e:03:b2:03:b6:50:f7:17:b0:46:f6:
0e:37:f4:1f:3a:4a:53:b0:84:fa:4e:60:1d:10:84:
89:b2:ef:5f:96:06:6e:fc:b9:d2:2a:3f:d0:7b:95:
d5:64:21:ff:82:54:c4:c8:4d:dc:96:eb:91:61:32:
b8:ea:df:58:6c:c7:53:04:56:c9:31:33:25:83:6b:
cb:08:53:38:b1:f6:3c:03:17:26:d0:e1:56:a7:83:
46:0e:a1:6b:55:61:e9:b0:7a:aa:e2:83:72:89:d5:
4c:78:5b:49:a1:68:e2:03:e4:3a:a6:4f:07:df:ab:
a4:b6:9f:d0:7c:51:63:fe:52:c7:56:02:00:1a:0f:
5c:4b:55:7f:60:e4:10:02:91:06:51:43:ed:22:40:
2c:38:3f:4d:ce:d9:1e:a8:26:f5:e6:19:0a:f2:7d:
26:a3:0f:57:66:b9:f4:ff:bb:5f:13:78:7e:88:d6:
10:18:a2:ce:f4:8d:fa:03:23:09:57:dd:a5:19:ee:
5f:3a:86:8c:f1:41:fc:96:b7:ee:f6:ed:de:ea:fc:
d1:76:75:29:2e:12:0d:14:43:7c:cf:ed:74:9d:32:
e0:2a:62:cd:c1:10:36:d0:ad:3d:63:e0:81:e3:60:
39:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:6E:4B:99:D6:37:0D:31:69:47:13:7D:DA:07:B4:36:F6:C6:A1:70
X509v3 Authority Key Identifier:
keyid:5F:1F:A0:6D:5D:BA:DA:43:DE:44:F4:E4:B1:DC:94:92:BB:28:7C:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/OW5LmdY3DTFpRxN92ge0NvbGoXA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/Xx-gbV262kPeRPTksdyUkrsofJ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.0.0/22
31.170.24.0/21
37.221.104.0/22
45.8.152.0/22
45.14.4.0/22
45.93.232.0/22
45.131.188.0/22
45.152.172.0/22
81.92.196.0/22
81.92.220.0/22
85.30.128.0/18
92.39.32.0/20
94.46.136.0/22
94.46.240.0/22
128.127.184.0/21
141.98.236.0/22
155.137.24.0/21
178.236.64.0/20
178.255.112.0/22
185.4.8.0/22
185.27.96.0/22
185.121.44.0/22
185.176.28.0/22
185.186.32.0/22
185.197.224.0/22
185.216.152.0/22
185.223.236.0/22
185.240.208.0/22
185.247.236.0/22
188.66.48.0/22
193.34.202.0/24
193.221.93.0/24
193.221.120.0/24
193.221.123.0/24
193.221.219.0/24
195.210.52.0/23
IPv6:
2a02:80::/29
2a02:1610::/32
Signature Algorithm: sha256WithRSAEncryption
4f:23:36:3c:6e:4b:bf:ac:89:f5:db:0c:29:68:91:97:f8:45:
64:30:b8:6c:58:ba:06:48:d5:c6:b7:e7:12:de:be:71:67:a6:
60:0e:4f:36:f2:07:e6:aa:2b:63:ec:37:37:de:8b:fa:6e:79:
10:98:42:55:75:83:a8:b9:b1:28:37:d7:5f:8f:a4:ef:74:fb:
b5:f7:14:0b:fd:0f:67:1f:ae:d6:91:ff:18:9a:29:30:71:b6:
c2:3f:ba:94:84:8d:8d:70:04:01:e1:11:4f:5a:65:bb:52:3b:
0e:23:13:2b:ac:a7:c8:1b:bc:a7:58:12:6b:a1:33:12:3e:ad:
31:58:94:40:93:7d:d9:f2:13:40:99:38:2e:7a:1f:11:7d:f5:
8a:c3:88:a8:83:e3:bc:7e:e3:61:1a:65:eb:6d:3a:0b:45:bd:
58:2d:fb:93:67:1f:11:e8:51:f4:8f:4f:a4:a4:e2:7a:8c:c9:
87:73:6e:3d:fd:ec:00:04:e0:a2:bd:eb:6a:ea:ca:06:24:30:
23:14:00:b0:db:99:7e:bf:2a:62:cc:d1:d7:b6:e7:3b:cd:52:
2c:55:99:7b:07:01:97:2c:7a:54:4a:43:94:5f:f8:c2:82:d9:
07:6f:7e:75:29:08:93:10:f7:23:db:c8:f2:e5:61:f2:65:5f:
16:4f:82:2a
-----BEGIN CERTIFICATE-----
MIIF6zCCBNOgAwIBAgISAY1+aln5lwpOtbomd5DxWM2OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWZhMDZkNWRiYWRhNDNkZTQ0ZjRlNGIxZGM5NDkyYmIy
ODdjOWQwHhcNMjQwMjA2MTIzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTZlNGI5OWQ2MzcwZDMxNjk0NzEzN2RkYTA3YjQzNmY2YzZhMTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj9LzpN1JpuCEGRiwmEsYGONngOy
A7ZQ9xewRvYON/QfOkpTsIT6TmAdEISJsu9flgZu/LnSKj/Qe5XVZCH/glTEyE3c
luuRYTK46t9YbMdTBFbJMTMlg2vLCFM4sfY8Axcm0OFWp4NGDqFrVWHpsHqq4oNy
idVMeFtJoWjiA+Q6pk8H36uktp/QfFFj/lLHVgIAGg9cS1V/YOQQApEGUUPtIkAs
OD9NztkeqCb15hkK8n0mow9XZrn0/7tfE3h+iNYQGKLO9I36AyMJV92lGe5fOoaM
8UH8lrfu9u3e6vzRdnUpLhINFEN8z+10nTLgKmLNwRA20K09Y+CB42A56QIDAQAB
o4IC9zCCAvMwHQYDVR0OBBYEFDluS5nWNw0xaUcTfdoHtDb2xqFwMB8GA1UdIwQY
MBaAFF8foG1dutpD3kT05LHclJK7KHydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHgtZ2JWMjYya1BlUlBUa3NkeVVrcnNvZkowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84NDdkMTctYmE3Yy00ZWFlLTlkNTUt
MjU4NDZkNTlmZDYwLzEvT1c1TG1kWTNEVEZwUnhOOTJnZTBOdmJHb1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84NDdkMTctYmE3Yy00ZWFlLTlkNTUtMjU4NDZkNTlmZDYw
LzEvWHgtZ2JWMjYya1BlUlBUa3NkeVVrcnNvZkowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCwYIKwYBBQUHAQcBAf8Egfswgfgwgd8EAgABMIHYAwQC
BbQAAwQDH6oYAwQCJd1oAwQCLQiYAwQCLQ4EAwQCLV3oAwQCLYO8AwQCLZisAwQC
UVzEAwQCUVzcAwQGVR6AAwQEXCcgAwQCXi6IAwQCXi7wAwQDgH+4AwQCjWLsAwQD
m4kYAwQEsuxAAwQCsv9wAwQCuQQIAwQCuRtgAwQCuXksAwQCubAcAwQCubogAwQC
ucXgAwQCudiYAwQCud/sAwQCufDQAwQCuffsAwQCvEIwAwQAwSLKAwQAwd1dAwQA
wd14AwQAwd17AwQAwd3bAwQBw9I0MBQEAgACMA4DBQMqAgCAAwUAKgIWEDANBgkq
hkiG9w0BAQsFAAOCAQEATyM2PG5Lv6yJ9dsMKWiRl/hFZDC4bFi6BkjVxrfnEt6+
cWemYA5PNvIH5qorY+w3N96L+m55EJhCVXWDqLmxKDfXX4+k73T7tfcUC/0PZx+u
1pH/GJopMHG2wj+6lISNjXAEAeERT1plu1I7DiMTK6ynyBu8p1gSa6EzEj6tMViU
QJN92fITQJk4LnofEX31isOIqIPjvH7jYRpl6206C0W9WC37k2cfEehR9I9PpKTi
eozJh3NuPf3sAATgor3raurKBiQwIxQAsNuZfr8qYszR17bnO81SLFWZewcBlyx6
VEpDlF/4woLZB29+dSkIkxD3I9vI8uVh8mVfFk+CKg==
-----END CERTIFICATE-----
Generated at Sat Jun 1 08:42:42 2024 by rpki-client on console-ams.rpki-client.org