Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/wQ3AhKckw4INZOSlnD6NwaM-rkw.roa
File: wQ3AhKckw4INZOSlnD6NwaM-rkw.roa (raw, json)
Hash identifier: 1s0eDNdNiPHbn4Qp6I+fjr87i/soedQYBAc3s4/mYWM=
Subject key identifier: C1:0D:C0:84:A7:24:C3:82:0D:64:E4:A5:9C:3E:8D:C1:A3:3E:AE:4C
Certificate issuer: /CN=510b419f0c17b4c8be217f64388d268d14dc261e
Certificate serial: 018CC9BC3F1F312B4AC2ECA7903C4B1BAF7E
Authority key identifier: 51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/wQ3AhKckw4INZOSlnD6NwaM-rkw.roa
Signing time: Tue 02 Jan 2024 10:33:26 +0000
ROA not before: Tue 02 Jan 2024 10:33:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203020
IP address blocks: 109.198.32.0/20 maxlen: 32
109.198.48.0/20 maxlen: 32
43.252.28.0/22 maxlen: 32
89.184.192.0/19 maxlen: 32
203.78.168.0/21 maxlen: 32
103.211.184.0/23 maxlen: 32
37.61.226.0/24 maxlen: 32
92.255.86.0/23 maxlen: 32
103.225.128.0/22 maxlen: 32
185.10.7.0/24 maxlen: 32
37.200.104.0/21 maxlen: 32
37.61.227.0/24 maxlen: 32
193.151.52.0/22 maxlen: 32
213.188.80.0/20 maxlen: 32
103.30.12.0/22 maxlen: 32
85.208.148.0/22 maxlen: 32
206.204.0.0/18 maxlen: 32
194.32.88.0/22 maxlen: 32
89.104.110.0/23 maxlen: 32
78.156.160.0/20 maxlen: 32
78.156.176.0/20 maxlen: 32
216.194.80.0/20 maxlen: 32
94.46.32.0/21 maxlen: 32
89.223.14.0/23 maxlen: 32
89.223.18.0/23 maxlen: 32
46.182.168.0/22 maxlen: 32
45.130.120.0/22 maxlen: 32
92.255.32.0/21 maxlen: 32
45.12.56.0/22 maxlen: 32
116.212.188.0/22 maxlen: 32
180.94.216.0/22 maxlen: 32
94.46.2.0/23 maxlen: 32
94.46.0.0/21 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl
rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.mft
rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 May 2024 08:00:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:3f:1f:31:2b:4a:c2:ec:a7:90:3c:4b:1b:af:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=510b419f0c17b4c8be217f64388d268d14dc261e
Validity
Not Before: Jan 2 10:33:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c10dc084a724c3820d64e4a59c3e8dc1a33eae4c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:32:70:3e:dc:b4:17:8a:87:4d:87:1f:60:06:
94:df:95:52:3f:25:4c:e4:01:4a:39:1c:31:a6:41:
4d:46:8d:7a:57:02:d0:14:56:1c:a4:8f:6f:c7:17:
ae:3f:be:e8:67:73:b9:d0:47:44:7b:40:e3:49:b1:
dc:fd:40:cd:9f:b6:b6:49:19:26:aa:b6:7c:b8:9f:
57:fd:00:25:f3:e4:f5:b0:91:4c:1e:db:48:3c:b6:
7b:48:a4:a9:82:4c:6b:67:36:bf:fa:0a:de:ac:ea:
cd:a6:71:be:68:af:b8:13:f6:c6:79:34:9a:29:d2:
a6:84:0c:59:c1:31:1d:57:d0:a7:1f:28:3c:93:77:
6b:42:05:80:99:aa:19:01:52:bc:b5:dc:cd:f3:3d:
5e:65:81:14:81:83:21:29:11:46:5b:d8:ec:e6:9d:
0b:ce:67:4c:ef:aa:7b:69:ac:f9:7d:25:6e:21:76:
4b:2a:1c:e2:0c:27:6f:cc:be:6d:d5:50:a3:b0:47:
44:7d:c0:9d:82:7d:14:23:6b:a0:15:19:82:fe:79:
24:93:e0:a6:9f:2b:4b:50:40:0e:20:9d:98:bc:5e:
d6:5b:c4:4c:52:9f:58:11:fc:41:f8:16:79:13:d8:
2d:3a:3a:bc:0b:5f:d3:34:1e:ab:9e:2d:45:ed:77:
6f:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:0D:C0:84:A7:24:C3:82:0D:64:E4:A5:9C:3E:8D:C1:A3:3E:AE:4C
X509v3 Authority Key Identifier:
keyid:51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/wQ3AhKckw4INZOSlnD6NwaM-rkw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.61.226.0/23
37.200.104.0/21
43.252.28.0/22
45.12.56.0/22
45.130.120.0/22
46.182.168.0/22
78.156.160.0/19
85.208.148.0/22
89.104.110.0/23
89.184.192.0/19
89.223.14.0/23
89.223.18.0/23
92.255.32.0/21
92.255.86.0/23
94.46.0.0/21
94.46.32.0/21
103.30.12.0/22
103.211.184.0/23
103.225.128.0/22
109.198.32.0/19
116.212.188.0/22
180.94.216.0/22
185.10.7.0/24
193.151.52.0/22
194.32.88.0/22
203.78.168.0/21
206.204.0.0/18
213.188.80.0/20
216.194.80.0/20
Signature Algorithm: sha256WithRSAEncryption
31:5c:e4:88:b6:b7:eb:d5:80:62:43:7d:77:8f:dd:ff:70:64:
8e:50:9e:63:d1:04:98:f7:53:f9:1f:96:72:1d:b2:d6:ad:ec:
e3:1c:d9:16:4b:81:26:b8:f9:16:a5:f0:83:bb:0e:9c:52:b0:
00:8a:1f:bf:d7:10:c4:41:d3:4a:5d:ab:42:cc:42:12:b4:4d:
a8:52:ff:aa:fc:29:e5:32:73:32:1e:ee:fb:31:11:31:27:0a:
8c:df:c0:69:8d:09:6a:eb:10:1e:ca:b6:ec:96:ac:7e:5a:7b:
e4:47:83:7c:53:64:fc:ca:80:fd:f0:ff:d4:0c:31:ca:9a:4a:
b8:c7:07:e6:fc:93:9b:6d:23:e6:76:d8:0d:b5:7c:34:2e:ef:
25:a7:df:23:d9:cc:a9:d6:69:31:67:8c:fc:96:c9:28:68:83:
8b:44:9a:72:32:cf:d7:6b:78:e8:05:2b:01:14:1e:38:d3:2e:
4b:5b:53:cf:98:46:d4:c7:7c:41:7c:91:97:91:f1:0a:21:2d:
8b:66:22:9f:91:db:33:9d:f9:af:a7:38:e9:d5:02:36:48:4e:
b7:de:0b:02:59:00:b9:d4:46:e2:c4:84:7e:d8:3c:fb:30:b0:
73:72:77:fb:e9:d2:12:38:8d:1d:56:c1:80:b3:08:21:d7:f5:
03:50:fc:fa
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgISAYzJvD8fMStKwuynkDxLG69+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMGI0MTlmMGMxN2I0YzhiZTIxN2Y2NDM4OGQyNjhkMTRk
YzI2MWUwHhcNMjQwMTAyMTAzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTBkYzA4NGE3MjRjMzgyMGQ2NGU0YTU5YzNlOGRjMWEzM2VhZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzJwPty0F4qHTYcfYAaU35VSPyVM
5AFKORwxpkFNRo16VwLQFFYcpI9vxxeuP77oZ3O50EdEe0DjSbHc/UDNn7a2SRkm
qrZ8uJ9X/QAl8+T1sJFMHttIPLZ7SKSpgkxrZza/+grerOrNpnG+aK+4E/bGeTSa
KdKmhAxZwTEdV9CnHyg8k3drQgWAmaoZAVK8tdzN8z1eZYEUgYMhKRFGW9js5p0L
zmdM76p7aaz5fSVuIXZLKhziDCdvzL5t1VCjsEdEfcCdgn0UI2ugFRmC/nkkk+Cm
nytLUEAOIJ2YvF7WW8RMUp9YEfxB+BZ5E9gtOjq8C1/TNB6rni1F7XdvjQIDAQAB
o4ICtjCCArIwHQYDVR0OBBYEFMENwISnJMOCDWTkpZw+jcGjPq5MMB8GA1UdIwQY
MBaAFFELQZ8MF7TIviF/ZDiNJo0U3CYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYt
MTRhMDk5OTNkNjcxLzEvd1EzQWhLY2t3NElOWk9TbG5ENk53YU0tcmt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYtMTRhMDk5OTNkNjcx
LzEvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHLBggrBgEFBQcBBwEB/wSBuzCBuDCBtQQCAAEwga4DBAEl
PeIDBAMlyGgDBAIr/BwDBAItDDgDBAItgngDBAIutqgDBAVOnKADBAJV0JQDBAFZ
aG4DBAVZuMADBAFZ3w4DBAFZ3xIDBANc/yADBAFc/1YDBANeLgADBANeLiADBAJn
HgwDBAFn07gDBAJn4YADBAVtxiADBAJ01LwDBAK0XtgDBAC5CgcDBALBlzQDBALC
IFgDBAPLTqgDBAbOzAADBATVvFADBATYwlAwDQYJKoZIhvcNAQELBQADggEBADFc
5Ii2t+vVgGJDfXeP3f9wZI5QnmPRBJj3U/kflnIdstat7OMc2RZLgSa4+Ral8IO7
DpxSsACKH7/XEMRB00pdq0LMQhK0TahS/6r8KeUyczIe7vsxETEnCozfwGmNCWrr
EB7KtuyWrH5ae+RHg3xTZPzKgP3w/9QMMcqaSrjHB+b8k5ttI+Z22A21fDQu7yWn
3yPZzKnWaTFnjPyWyShog4tEmnIyz9dreOgFKwEUHjjTLktbU8+YRtTHfEF8kZeR
8QohLYtmIp+R2zOd+a+nOOnVAjZITrfeCwJZALnURuLEhH7YPPswsHNyd/vp0hI4
jR1WwYCzCCHX9QNQ/Po=
-----END CERTIFICATE-----
Generated at Mon May 20 17:44:49 2024 by rpki-client on console-fra.rpki-client.org