Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/WQuVoewDqry9NtsEbEZfiTxUzVE.roa
File: WQuVoewDqry9NtsEbEZfiTxUzVE.roa (raw, json)
Hash identifier: lC0Ft8zDlfIb6kfdfNUizzAxCsjWdzL0BjsYHVwJWGE=
Subject key identifier: 59:0B:95:A1:EC:03:AA:BC:BD:36:DB:04:6C:46:5F:89:3C:54:CD:51
Certificate issuer: /CN=5d3bb84891651f2039cd81b0b60912f7c0e5cf96
Certificate serial: 018ECC8DC6F09C044ACBBB0CB17D78D2559D
Authority key identifier: 5D:3B:B8:48:91:65:1F:20:39:CD:81:B0:B6:09:12:F7:C0:E5:CF:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/WQuVoewDqry9NtsEbEZfiTxUzVE.roa
Signing time: Thu 11 Apr 2024 09:47:07 +0000
ROA not before: Thu 11 Apr 2024 09:47:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 47377
IP address blocks: 62.88.0.0/17 maxlen: 21
62.88.0.0/19 maxlen: 19
62.88.32.0/19 maxlen: 19
62.88.80.0/21 maxlen: 21
85.10.64.0/18 maxlen: 24
91.86.0.0/15 maxlen: 20
91.86.0.0/16 maxlen: 16
91.87.0.0/19 maxlen: 19
91.87.32.0/19 maxlen: 19
91.87.64.0/19 maxlen: 19
91.87.96.0/19 maxlen: 19
91.87.128.0/19 maxlen: 19
91.87.160.0/19 maxlen: 19
94.104.0.0/13 maxlen: 23
94.104.0.0/24 maxlen: 24
94.104.17.0/24 maxlen: 24
94.104.24.0/21 maxlen: 21
94.104.32.0/19 maxlen: 19
94.104.64.0/19 maxlen: 19
94.104.96.0/19 maxlen: 19
94.104.128.0/21 maxlen: 21
94.104.160.0/19 maxlen: 19
94.104.192.0/19 maxlen: 19
94.104.240.0/21 maxlen: 21
94.104.248.0/22 maxlen: 22
94.104.252.0/22 maxlen: 22
94.105.48.0/20 maxlen: 20
94.105.64.0/19 maxlen: 19
94.106.128.0/17 maxlen: 17
94.107.0.0/17 maxlen: 17
94.107.128.0/18 maxlen: 18
94.107.192.0/18 maxlen: 18
94.107.246.0/24 maxlen: 24
94.110.0.0/19 maxlen: 19
94.110.32.0/19 maxlen: 19
94.110.64.0/19 maxlen: 19
94.110.96.0/19 maxlen: 19
94.110.128.0/19 maxlen: 19
94.110.160.0/19 maxlen: 19
94.110.192.0/19 maxlen: 19
94.110.224.0/19 maxlen: 19
94.111.0.0/19 maxlen: 19
94.111.32.0/19 maxlen: 19
94.111.64.0/19 maxlen: 19
94.111.96.0/19 maxlen: 19
94.111.128.0/19 maxlen: 19
94.111.160.0/19 maxlen: 19
94.111.192.0/19 maxlen: 19
94.111.224.0/19 maxlen: 19
178.50.0.0/15 maxlen: 19
185.65.72.0/22 maxlen: 24
212.53.0.0/20 maxlen: 24
212.65.32.0/19 maxlen: 19
212.87.96.0/19 maxlen: 24
212.224.128.0/17 maxlen: 19
2a00:1868::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.mft
rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 01:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:cc:8d:c6:f0:9c:04:4a:cb:bb:0c:b1:7d:78:d2:55:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5d3bb84891651f2039cd81b0b60912f7c0e5cf96
Validity
Not Before: Apr 11 09:47:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=590b95a1ec03aabcbd36db046c465f893c54cd51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:b0:d3:92:e6:25:67:8b:b8:82:5a:54:ab:8d:
75:ee:4b:d8:40:0d:01:89:37:f6:85:f5:db:2c:0b:
6c:49:c8:30:09:d4:99:47:f5:74:40:57:be:1d:64:
cf:9c:a2:20:1c:38:08:ac:73:6e:9b:3c:5c:8b:51:
9f:37:1a:20:d5:fc:e6:9d:12:6e:90:d4:eb:c6:0e:
81:f5:4f:cb:ac:0d:9a:3b:7a:4d:e5:f8:c3:5a:dd:
27:4c:5c:1e:c0:e1:a2:9b:a2:c4:21:67:ff:f4:99:
5c:1d:5a:61:ae:7e:fa:be:d2:c0:0c:ad:b9:d3:1a:
b5:a6:a4:c6:a2:1c:54:73:cd:dc:55:44:81:31:53:
d0:47:07:91:5f:91:f4:ea:ba:1d:49:c4:96:df:5a:
59:a9:cc:ae:fc:53:70:ce:3d:06:c4:59:c1:b6:3b:
ad:a4:c5:92:71:b2:81:31:f1:c0:cc:9a:97:d8:37:
74:5e:eb:c5:e1:97:60:ee:a8:08:97:86:c0:c8:00:
53:0a:a0:98:2f:09:c6:5e:cc:0a:a7:a4:6a:85:02:
4d:44:34:81:ae:63:8d:53:fc:30:2b:01:4c:18:6f:
f7:78:e8:68:7b:58:2d:18:83:f9:43:ed:0b:e7:61:
b4:b6:98:b5:cc:43:ff:37:18:f9:d1:b7:c3:30:38:
29:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:0B:95:A1:EC:03:AA:BC:BD:36:DB:04:6C:46:5F:89:3C:54:CD:51
X509v3 Authority Key Identifier:
keyid:5D:3B:B8:48:91:65:1F:20:39:CD:81:B0:B6:09:12:F7:C0:E5:CF:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/WQuVoewDqry9NtsEbEZfiTxUzVE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.88.0.0/17
85.10.64.0/18
91.86.0.0/15
94.104.0.0/13
178.50.0.0/15
185.65.72.0/22
212.53.0.0/20
212.65.32.0/19
212.87.96.0/19
212.224.128.0/17
IPv6:
2a00:1868::/32
Signature Algorithm: sha256WithRSAEncryption
42:e8:f2:da:7f:b5:4f:cf:9f:a4:60:72:8d:f0:85:4d:a4:38:
f9:34:22:d6:f7:c4:a0:5f:f5:5c:b8:a5:65:b0:6f:e9:b7:db:
e2:12:a9:7e:81:42:6d:12:4e:e0:ad:72:76:b0:b7:96:6b:8a:
56:c9:25:7a:6c:d5:42:e5:62:f5:3c:8f:65:bb:5e:93:d2:35:
ce:07:7a:e3:2f:e6:74:33:d6:63:ef:da:21:7d:e9:5c:21:d8:
2a:d8:46:a0:89:f3:b8:90:7d:4f:75:5a:d6:4e:ef:01:76:2e:
22:f3:58:6a:fc:1f:54:c6:43:7e:80:71:50:a8:be:ca:f2:90:
2f:e8:a9:5c:85:70:0c:70:b8:c7:0b:b9:b0:76:0e:e0:00:a9:
ad:a2:19:ee:76:43:d4:0f:26:bc:e4:71:7a:7c:d0:c7:31:86:
3d:72:b8:b8:da:05:0d:a1:19:8b:b0:dd:56:4c:d2:c5:4c:55:
19:00:85:65:80:1c:95:1d:52:5d:dd:8b:6f:10:d5:6c:19:20:
78:50:43:f6:63:54:42:7c:bc:2a:4d:8b:d8:bb:3a:3c:d6:90:
92:c2:64:85:6d:e5:0a:e9:0a:55:18:40:53:1f:38:da:94:83:
ac:ad:80:96:0e:9d:a4:64:1e:0b:fc:77:68:8c:03:19:3e:8f:
6b:49:f6:ec
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY7MjcbwnARKy7sMsX140lWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkM2JiODQ4OTE2NTFmMjAzOWNkODFiMGI2MDkxMmY3YzBl
NWNmOTYwHhcNMjQwNDExMDk0NzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTBiOTVhMWVjMDNhYWJjYmQzNmRiMDQ2YzQ2NWY4OTNjNTRjZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7DTkuYlZ4u4glpUq4117kvYQA0B
iTf2hfXbLAtsScgwCdSZR/V0QFe+HWTPnKIgHDgIrHNumzxci1GfNxog1fzmnRJu
kNTrxg6B9U/LrA2aO3pN5fjDWt0nTFwewOGim6LEIWf/9JlcHVphrn76vtLADK25
0xq1pqTGohxUc83cVUSBMVPQRweRX5H06rodScSW31pZqcyu/FNwzj0GxFnBtjut
pMWScbKBMfHAzJqX2Dd0XuvF4Zdg7qgIl4bAyABTCqCYLwnGXswKp6RqhQJNRDSB
rmONU/wwKwFMGG/3eOhoe1gtGIP5Q+0L52G0tpi1zEP/Nxj50bfDMDgpkQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFFkLlaHsA6q8vTbbBGxGX4k8VM1RMB8GA1UdIwQY
MBaAFF07uEiRZR8gOc2BsLYJEvfA5c+WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFR1NFNKRmxIeUE1ellHd3Rna1M5OERsejVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS81ODdmN2UtNjBjYy00MWEwLTg4Njkt
NGY4YzYzOGE3MmUxLzEvV1F1Vm9ld0Rxcnk5TnRzRWJFWmZpVHhVelZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS81ODdmN2UtNjBjYy00MWEwLTg4NjktNGY4YzYzOGE3MmUx
LzEvWFR1NFNKRmxIeUE1ellHd3Rna1M5OERsejVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA/BAIAATA5AwQHPlgAAwQG
VQpAAwMBW1YDAwNeaAMDAbIyAwQCuUFIAwQE1DUAAwQF1EEgAwQF1FdgAwQH1OCA
MA0EAgACMAcDBQAqABhoMA0GCSqGSIb3DQEBCwUAA4IBAQBC6PLaf7VPz5+kYHKN
8IVNpDj5NCLW98SgX/VcuKVlsG/pt9viEql+gUJtEk7grXJ2sLeWa4pWySV6bNVC
5WL1PI9lu16T0jXOB3rjL+Z0M9Zj79ohfelcIdgq2EagifO4kH1PdVrWTu8Bdi4i
81hq/B9UxkN+gHFQqL7K8pAv6KlchXAMcLjHC7mwdg7gAKmtohnudkPUDya85HF6
fNDHMYY9cri42gUNoRmLsN1WTNLFTFUZAIVlgByVHVJd3YtvENVsGSB4UEP2Y1RC
fLwqTYvYuzo81pCSwmSFbeUK6QpVGEBTHzjalIOsrYCWDp2kZB4L/HdojAMZPo9r
Sfbs
-----END CERTIFICATE-----
Generated at Sat Jun 1 08:47:37 2024 by rpki-client on console-ams.rpki-client.org