Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/r34i9MogSBxeDWHyGIhH_hkNvH0.roa
File: r34i9MogSBxeDWHyGIhH_hkNvH0.roa (raw, json)
Hash identifier: /LsOtQwuG5S1pPv/GDxv95WqbubjE7D9iX5jL74tvxg=
Subject key identifier: AF:7E:22:F4:CA:20:48:1C:5E:0D:61:F2:18:88:47:FE:19:0D:BC:7D
Certificate issuer: /CN=4e15df688c3aeae3f685ed44b396c2198395861d
Certificate serial: 01945FA2C9D0A3D0C70688F9D2FF260BA74C
Authority key identifier: 4E:15:DF:68:8C:3A:EA:E3:F6:85:ED:44:B3:96:C2:19:83:95:86:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ThXfaIw66uP2he1Es5bCGYOVhh0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/r34i9MogSBxeDWHyGIhH_hkNvH0.roa
Signing time: Mon 13 Jan 2025 12:28:11 +0000
ROA not before: Mon 13 Jan 2025 12:28:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21021
IP address blocks: 31.6.128.0/18 maxlen: 18
31.6.192.0/19 maxlen: 19
31.42.16.0/20 maxlen: 20
37.131.128.0/19 maxlen: 19
37.190.128.0/17 maxlen: 17
46.186.0.0/17 maxlen: 17
46.231.56.0/21 maxlen: 21
62.61.32.0/19 maxlen: 19
62.141.192.0/18 maxlen: 18
80.244.128.0/19 maxlen: 19
80.245.176.0/20 maxlen: 20
81.190.0.0/16 maxlen: 16
82.115.64.0/19 maxlen: 19
83.68.64.0/19 maxlen: 19
84.38.80.0/20 maxlen: 20
85.117.0.0/19 maxlen: 19
87.116.192.0/18 maxlen: 18
89.17.224.0/19 maxlen: 19
89.228.0.0/16 maxlen: 16
89.229.0.0/16 maxlen: 16
89.229.64.0/19 maxlen: 19
89.230.0.0/16 maxlen: 16
89.231.0.0/16 maxlen: 16
92.42.112.0/21 maxlen: 21
93.94.184.0/21 maxlen: 21
94.78.128.0/18 maxlen: 18
94.251.128.0/17 maxlen: 17
95.129.224.0/21 maxlen: 21
95.174.32.0/19 maxlen: 19
176.107.112.0/21 maxlen: 21
176.221.96.0/19 maxlen: 19
185.31.184.0/22 maxlen: 22
193.43.240.0/22 maxlen: 22
193.43.242.0/24 maxlen: 24
193.43.243.0/24 maxlen: 24
193.106.76.0/22 maxlen: 22
193.200.118.0/23 maxlen: 23
194.116.132.0/23 maxlen: 23
194.149.240.0/24 maxlen: 24
195.93.134.0/23 maxlen: 23
195.93.222.0/23 maxlen: 23
213.136.224.0/19 maxlen: 19
217.70.48.0/20 maxlen: 20
217.75.48.0/20 maxlen: 20
217.144.192.0/19 maxlen: 19
217.172.224.0/19 maxlen: 19
2a00:1c00::/32 maxlen: 32
2a02:2a40::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/ThXfaIw66uP2he1Es5bCGYOVhh0.crl
rsync://rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/ThXfaIw66uP2he1Es5bCGYOVhh0.mft
rsync://rpki.ripe.net/repository/DEFAULT/ThXfaIw66uP2he1Es5bCGYOVhh0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 22 Feb 2025 03:00:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:5f:a2:c9:d0:a3:d0:c7:06:88:f9:d2:ff:26:0b:a7:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e15df688c3aeae3f685ed44b396c2198395861d
Validity
Not Before: Jan 13 12:28:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=af7e22f4ca20481c5e0d61f2188847fe190dbc7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:f7:2c:49:16:be:b9:b6:9a:4e:36:13:56:a3:
dd:74:28:7f:4c:69:f8:0c:77:78:7a:10:c2:44:18:
87:8b:75:83:9f:10:62:54:6b:70:b8:24:64:a3:3e:
06:5d:56:31:57:69:72:68:c6:36:87:c7:17:8f:80:
a2:5e:6c:a1:9a:cf:14:63:b4:11:a9:87:d6:29:92:
26:11:10:90:a7:71:54:6b:23:5d:e9:22:ed:5f:b3:
96:9e:e0:cd:5a:75:22:fe:ab:5e:98:de:61:c1:11:
37:94:6f:ef:08:82:f1:88:1d:7f:3f:85:51:4d:6b:
0f:bb:34:43:d1:60:5d:e0:62:9a:1b:51:a3:9f:2b:
a9:fc:c2:32:dc:27:25:ff:c4:da:cc:5e:4c:f9:43:
00:91:8c:c0:8f:3b:2b:75:49:c1:29:b7:90:d6:34:
3a:49:5f:b3:96:8e:a9:03:13:18:bd:1b:1f:e8:2b:
00:97:9e:40:10:ea:34:b1:64:09:b0:de:f3:0b:50:
80:a4:7b:ad:f8:79:89:07:20:4d:ba:20:f4:e8:6f:
3a:61:04:ad:a8:e4:2b:e3:84:e9:47:da:a5:e1:78:
88:b9:73:4f:c4:57:68:e9:d2:c7:05:da:9d:5f:5f:
98:a7:ce:2f:06:bc:7a:33:f9:6d:50:d5:b9:bd:1e:
52:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:7E:22:F4:CA:20:48:1C:5E:0D:61:F2:18:88:47:FE:19:0D:BC:7D
X509v3 Authority Key Identifier:
keyid:4E:15:DF:68:8C:3A:EA:E3:F6:85:ED:44:B3:96:C2:19:83:95:86:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ThXfaIw66uP2he1Es5bCGYOVhh0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/r34i9MogSBxeDWHyGIhH_hkNvH0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0bf7ab-5aab-4337-a02a-8a6e554196bb/1/ThXfaIw66uP2he1Es5bCGYOVhh0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.6.128.0-31.6.223.255
31.42.16.0/20
37.131.128.0/19
37.190.128.0/17
46.186.0.0/17
46.231.56.0/21
62.61.32.0/19
62.141.192.0/18
80.244.128.0/19
80.245.176.0/20
81.190.0.0/16
82.115.64.0/19
83.68.64.0/19
84.38.80.0/20
85.117.0.0/19
87.116.192.0/18
89.17.224.0/19
89.228.0.0/14
92.42.112.0/21
93.94.184.0/21
94.78.128.0/18
94.251.128.0/17
95.129.224.0/21
95.174.32.0/19
176.107.112.0/21
176.221.96.0/19
185.31.184.0/22
193.43.240.0/22
193.106.76.0/22
193.200.118.0/23
194.116.132.0/23
194.149.240.0/24
195.93.134.0/23
195.93.222.0/23
213.136.224.0/19
217.70.48.0/20
217.75.48.0/20
217.144.192.0/19
217.172.224.0/19
IPv6:
2a00:1c00::/32
2a02:2a40::/32
Signature Algorithm: sha256WithRSAEncryption
2d:55:eb:c1:9b:18:68:ed:6b:7f:d3:b0:6c:0d:21:21:36:58:
31:ad:64:e8:b7:6c:ba:61:12:36:4f:65:0d:65:ca:91:3a:67:
e9:b1:42:6e:76:a5:59:23:94:04:d2:c5:38:36:38:51:40:be:
74:25:c0:b3:32:6b:d3:6c:ca:60:60:71:55:c4:fb:93:e0:21:
ce:02:70:50:95:f2:9a:c9:b6:12:80:d1:45:02:7a:2d:3f:05:
03:aa:4f:3c:73:f4:9b:28:b1:ca:fb:dc:ee:64:80:ea:95:1e:
d8:1e:c7:05:14:b0:b4:31:82:84:73:57:72:cf:41:fd:50:13:
c5:ac:7a:c3:b1:48:e0:97:f9:b3:33:81:97:98:ae:08:45:3c:
fa:36:a5:70:22:bc:0a:48:b0:74:b1:96:19:26:83:c9:ce:e8:
9d:6c:1a:58:e5:93:d4:fc:2a:43:e0:0f:79:11:82:84:ca:1b:
23:24:a7:b1:c1:b6:0f:52:ce:06:ba:a9:75:d6:e1:2b:b8:80:
22:1c:4b:c6:8d:b8:84:b3:3e:5f:3f:ba:3b:fc:0b:ec:bb:ce:
21:c5:ce:82:5e:0f:3b:f9:a1:2a:c8:17:48:59:6a:4f:e7:e0:
97:5b:8e:9c:2d:00:7c:bc:ff:53:32:ac:96:12:6b:00:42:7e:
b1:51:db:d2
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgISAZRfosnQo9DHBoj50v8mC6dMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMTVkZjY4OGMzYWVhZTNmNjg1ZWQ0NGIzOTZjMjE5ODM5
NTg2MWQwHhcNMjUwMTEzMTIyODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjdlMjJmNGNhMjA0ODFjNWUwZDYxZjIxODg4NDdmZTE5MGRiYzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPcsSRa+ubaaTjYTVqPddCh/TGn4
DHd4ehDCRBiHi3WDnxBiVGtwuCRkoz4GXVYxV2lyaMY2h8cXj4CiXmyhms8UY7QR
qYfWKZImERCQp3FUayNd6SLtX7OWnuDNWnUi/qtemN5hwRE3lG/vCILxiB1/P4VR
TWsPuzRD0WBd4GKaG1Gjnyup/MIy3Ccl/8TazF5M+UMAkYzAjzsrdUnBKbeQ1jQ6
SV+zlo6pAxMYvRsf6CsAl55AEOo0sWQJsN7zC1CApHut+HmJByBNuiD06G86YQSt
qOQr44TpR9ql4XiIuXNPxFdo6dLHBdqdX1+Yp84vBrx6M/ltUNW5vR5S9QIDAQAB
o4IDETCCAw0wHQYDVR0OBBYEFK9+IvTKIEgcXg1h8hiIR/4ZDbx9MB8GA1UdIwQY
MBaAFE4V32iMOurj9oXtRLOWwhmDlYYdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGhYZmFJdzY2dVAyaGUxRXM1YkNHWU9WaGgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wYmY3YWItNWFhYi00MzM3LWEwMmEt
OGE2ZTU1NDE5NmJiLzEvcjM0aTlNb2dTQnhlRFdIeUdJaEhfaGtOdkgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wYmY3YWItNWFhYi00MzM3LWEwMmEtOGE2ZTU1NDE5NmJi
LzEvVGhYZmFJdzY2dVAyaGUxRXM1YkNHWU9WaGgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJQYIKwYBBQUHAQcBAf8EggEUMIIBEDCB9wQCAAEwgfAw
DAMEBx8GgAMEBR8GwAMEBB8qEAMEBSWDgAMEByW+gAMEBy66AAMEAy7nOAMEBT49
IAMEBj6NwAMEBVD0gAMEBFD1sAMDAFG+AwQFUnNAAwQFU0RAAwQEVCZQAwQFVXUA
AwQGV3TAAwQFWRHgAwMCWeQDBANcKnADBANdXrgDBAZeToADBAde+4ADBANfgeAD
BAVfriADBAOwa3ADBAWw3WADBAK5H7gDBALBK/ADBALBakwDBAHByHYDBAHCdIQD
BADClfADBAHDXYYDBAHDXd4DBAXViOADBATZRjADBATZSzADBAXZkMADBAXZrOAw
FAQCAAIwDgMFACoAHAADBQAqAipAMA0GCSqGSIb3DQEBCwUAA4IBAQAtVevBmxho
7Wt/07BsDSEhNlgxrWTot2y6YRI2T2UNZcqROmfpsUJudqVZI5QE0sU4NjhRQL50
JcCzMmvTbMpgYHFVxPuT4CHOAnBQlfKaybYSgNFFAnotPwUDqk88c/SbKLHK+9zu
ZIDqlR7YHscFFLC0MYKEc1dyz0H9UBPFrHrDsUjgl/mzM4GXmK4IRTz6NqVwIrwK
SLB0sZYZJoPJzuidbBpY5ZPU/CpD4A95EYKEyhsjJKexwbYPUs4Guql11uEruIAi
HEvGjbiEsz5fP7o7/Avsu84hxc6CXg87+aEqyBdIWWpP5+CXW46cLQB8vP9TMqyW
EmsAQn6xUdvS
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:55:45 2025 by rpki-client