Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/XfPDHXpT-8J3oqXxQsXgBL0pgQw.roa
File: XfPDHXpT-8J3oqXxQsXgBL0pgQw.roa (raw, json)
Hash identifier: kZiAvAvhnu9UKyJoCph22oSQ4sFw8kbQ2nUUnkUhapk=
Subject key identifier: 5D:F3:C3:1D:7A:53:FB:C2:77:A2:A5:F1:42:C5:E0:04:BD:29:81:0C
Certificate issuer: /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial: 018CC2DADC270E5AC3E6C1836946BCE6AE4F
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/XfPDHXpT-8J3oqXxQsXgBL0pgQw.roa
Signing time: Mon 01 Jan 2024 02:29:32 +0000
ROA not before: Mon 01 Jan 2024 02:29:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 199715
IP address blocks: 82.177.240.0/23 maxlen: 23
82.177.209.0/24 maxlen: 24
88.220.108.0/22 maxlen: 22
88.220.136.0/23 maxlen: 23
88.220.56.0/24 maxlen: 24
82.177.25.0/24 maxlen: 24
82.177.28.0/23 maxlen: 23
82.177.26.0/24 maxlen: 24
82.177.38.0/23 maxlen: 23
82.177.40.0/24 maxlen: 24
81.15.131.0/24 maxlen: 24
81.15.134.0/24 maxlen: 24
82.177.62.0/23 maxlen: 23
82.177.60.0/23 maxlen: 23
195.136.208.0/21 maxlen: 21
88.220.162.0/23 maxlen: 23
81.15.220.0/23 maxlen: 23
82.177.143.0/24 maxlen: 24
81.15.231.0/24 maxlen: 24
81.15.228.0/23 maxlen: 23
81.15.247.0/24 maxlen: 24
81.15.253.0/24 maxlen: 24
81.15.252.0/24 maxlen: 24
195.136.216.0/21 maxlen: 21
81.15.166.0/24 maxlen: 24
81.15.162.0/24 maxlen: 24
81.15.162.0/23 maxlen: 23
81.15.163.0/24 maxlen: 24
81.15.165.0/24 maxlen: 24
82.177.26.74/32 maxlen: 32
81.15.176.0/24 maxlen: 24
81.15.177.0/24 maxlen: 24
81.15.179.0/24 maxlen: 24
82.177.104.0/22 maxlen: 22
82.177.108.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 01:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:da:dc:27:0e:5a:c3:e6:c1:83:69:46:bc:e6:ae:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Validity
Not Before: Jan 1 02:29:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5df3c31d7a53fbc277a2a5f142c5e004bd29810c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:06:f8:89:68:d5:8f:72:d0:87:54:89:6e:e3:
a0:ac:c6:6d:e2:de:ad:3f:e1:04:f3:32:df:58:19:
96:15:73:00:8d:a8:64:6d:fc:e7:81:28:46:a1:f3:
96:81:cf:63:fb:5b:f8:e9:14:e1:b9:5c:b0:0a:bf:
e9:6a:67:64:34:e3:b0:eb:60:40:b5:83:77:61:42:
9a:a8:8c:63:bd:16:f2:48:14:ff:d5:64:e0:07:73:
c0:cd:60:ef:17:c3:dc:10:bd:2b:a4:20:5f:16:df:
76:89:05:d8:7e:21:7f:3b:cd:f1:bd:b5:98:20:e6:
28:1c:4c:4d:f7:50:59:e9:57:de:09:5a:48:44:1e:
ae:99:35:2c:b8:a6:ff:9d:d8:3a:96:de:7f:fe:ce:
8a:d5:28:38:40:df:f7:d4:3c:48:a3:4a:88:2c:e2:
c0:53:60:88:64:18:f1:1c:99:e5:95:4f:d7:fb:80:
c0:9b:e0:bc:e6:4b:91:bf:11:70:d2:be:99:d9:e7:
92:ca:78:44:f7:90:42:2f:aa:b4:5a:2d:82:ff:e0:
cc:9a:92:20:4f:70:76:07:17:2d:1c:1e:23:ee:24:
fd:1e:74:b8:82:1c:81:9a:9e:d3:13:eb:51:58:97:
f9:b5:82:d1:b0:47:44:41:2f:dd:4d:74:31:2e:9c:
d5:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:F3:C3:1D:7A:53:FB:C2:77:A2:A5:F1:42:C5:E0:04:BD:29:81:0C
X509v3 Authority Key Identifier:
keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/XfPDHXpT-8J3oqXxQsXgBL0pgQw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.15.131.0/24
81.15.134.0/24
81.15.162.0/23
81.15.165.0-81.15.166.255
81.15.176.0/23
81.15.179.0/24
81.15.220.0/23
81.15.228.0/23
81.15.231.0/24
81.15.247.0/24
81.15.252.0/23
82.177.25.0-82.177.26.255
82.177.28.0/23
82.177.38.0-82.177.40.255
82.177.60.0/22
82.177.104.0-82.177.109.255
82.177.143.0/24
82.177.209.0/24
82.177.240.0/23
88.220.56.0/24
88.220.108.0/22
88.220.136.0/23
88.220.162.0/23
195.136.208.0/20
Signature Algorithm: sha256WithRSAEncryption
a3:33:c3:43:ce:6f:8c:70:d9:15:0f:60:ae:ee:0a:e4:e7:71:
2e:4c:0a:4a:34:94:44:09:69:ba:71:e4:d0:f5:0d:3c:2c:c9:
ec:01:cf:76:0c:d9:bb:a0:d7:e5:25:f7:65:11:90:56:f6:7c:
ab:90:d9:53:1a:22:9b:99:43:28:10:f9:77:d3:be:35:79:57:
03:31:d4:f0:cf:71:59:7b:b2:bc:60:d8:a0:4d:bc:f7:5c:01:
d0:ff:3a:66:37:6e:1b:af:12:f3:45:4d:22:4b:07:30:b3:60:
ad:d2:16:63:b4:b9:de:b2:c1:e3:b6:74:38:a5:cb:e0:b1:e8:
dc:4e:ba:b6:03:7d:8a:0e:02:fd:2a:18:12:2a:29:1a:f6:d8:
80:62:fb:a6:f1:2b:ec:a8:e7:2d:9d:2d:76:bd:d2:63:62:86:
fb:f6:45:62:0a:3f:23:33:0c:c4:25:23:fc:dc:c5:de:7b:46:
09:a9:fb:ce:a6:48:e0:ae:45:46:a9:b7:42:bc:4a:12:7a:e8:
e3:e0:50:b4:3a:aa:ac:9d:8d:4e:ee:3c:7d:3a:51:c8:24:dd:
7c:6d:d8:86:8f:5a:98:96:23:fa:52:e3:13:5e:35:00:5c:82:
ab:aa:b7:c2:2d:f9:41:f1:a9:17:80:68:f5:dc:70:34:1f:72:
46:68:ab:03
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAYzC2twnDlrD5sGDaUa85q5PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGYzYzMxZDdhNTNmYmMyNzdhMmE1ZjE0MmM1ZTAwNGJkMjk4MTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Qb4iWjVj3LQh1SJbuOgrMZt4t6t
P+EE8zLfWBmWFXMAjahkbfzngShGofOWgc9j+1v46RThuVywCr/pamdkNOOw62BA
tYN3YUKaqIxjvRbySBT/1WTgB3PAzWDvF8PcEL0rpCBfFt92iQXYfiF/O83xvbWY
IOYoHExN91BZ6VfeCVpIRB6umTUsuKb/ndg6lt5//s6K1Sg4QN/31DxIo0qILOLA
U2CIZBjxHJnllU/X+4DAm+C85kuRvxFw0r6Z2eeSynhE95BCL6q0Wi2C/+DMmpIg
T3B2BxctHB4j7iT9HnS4ghyBmp7TE+tRWJf5tYLRsEdEQS/dTXQxLpzVpQIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFF3zwx16U/vCd6Kl8ULF4AS9KYEMMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvWGZQREhYcFQtOEozb3FYeFFzWGdCTDBwZ1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbADBABR
D4MDBABRD4YDBAFRD6IwDAMEAFEPpQMEAFEPpgMEAVEPsAMEAFEPswMEAVEP3AME
AVEP5AMEAFEP5wMEAFEP9wMEAVEP/DAMAwQAUrEZAwQAUrEaAwQBUrEcMAwDBAFS
sSYDBABSsSgDBAJSsTwwDAMEA1KxaAMEAVKxbAMEAFKxjwMEAFKx0QMEAVKx8AME
AFjcOAMEAljcbAMEAVjciAMEAVjcogMEBMOI0DANBgkqhkiG9w0BAQsFAAOCAQEA
ozPDQ85vjHDZFQ9gru4K5OdxLkwKSjSURAlpunHk0PUNPCzJ7AHPdgzZu6DX5SX3
ZRGQVvZ8q5DZUxoim5lDKBD5d9O+NXlXAzHU8M9xWXuyvGDYoE2891wB0P86Zjdu
G68S80VNIksHMLNgrdIWY7S53rLB47Z0OKXL4LHo3E66tgN9ig4C/SoYEiopGvbY
gGL7pvEr7KjnLZ0tdr3SY2KG+/ZFYgo/IzMMxCUj/NzF3ntGCan7zqZI4K5FRqm3
QrxKEnro4+BQtDqqrJ2NTu48fTpRyCTdfG3Yho9amJYj+lLjE141AFyCq6q3wi35
QfGpF4Bo9dxwNB9yRmirAw==
-----END CERTIFICATE-----
Generated at Sat Jun 1 04:44:17 2024 by rpki-client on console-ams.rpki-client.org