Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/90606e-9316-4ea3-bc74-a35c27d95186/1/ICU2vqSpX7-2JaI9wyFzCWWdyT4.roa
File: ICU2vqSpX7-2JaI9wyFzCWWdyT4.roa (raw, json)
Hash identifier: sPzvng5iGWHWLPl5YMahHANQm0YyHlBq+J6ONVnGqnM=
Subject key identifier: 20:25:36:BE:A4:A9:5F:BF:B6:25:A2:3D:C3:21:73:09:65:9D:C9:3E
Certificate issuer: /CN=46935081c77a8745e7b62b93b82da2962379b2e2
Certificate serial: 018CC26D4F85C21AFA1B7DE175B4CEFD31A0
Authority key identifier: 46:93:50:81:C7:7A:87:45:E7:B6:2B:93:B8:2D:A2:96:23:79:B2:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RpNQgcd6h0XntiuTuC2iliN5suI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6e/90606e-9316-4ea3-bc74-a35c27d95186/1/ICU2vqSpX7-2JaI9wyFzCWWdyT4.roa
Signing time: Mon 01 Jan 2024 00:29:52 +0000
ROA not before: Mon 01 Jan 2024 00:29:52 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 33983
IP address blocks: 37.35.64.0/21 maxlen: 21
37.35.64.0/24 maxlen: 24
37.35.70.0/24 maxlen: 24
37.35.69.0/24 maxlen: 24
37.35.68.0/24 maxlen: 24
37.35.67.0/24 maxlen: 24
37.35.71.0/24 maxlen: 24
37.35.66.0/24 maxlen: 24
37.35.65.0/24 maxlen: 24
84.22.32.0/24 maxlen: 24
84.22.36.0/24 maxlen: 24
84.22.35.0/24 maxlen: 24
84.22.34.0/24 maxlen: 24
84.22.32.0/19 maxlen: 19
84.22.33.0/24 maxlen: 24
84.22.38.0/24 maxlen: 24
84.22.37.0/24 maxlen: 24
84.22.44.0/24 maxlen: 24
84.22.39.0/24 maxlen: 24
84.22.43.0/24 maxlen: 24
84.22.42.0/24 maxlen: 24
84.22.41.0/24 maxlen: 24
84.22.40.0/24 maxlen: 24
84.22.46.0/24 maxlen: 24
84.22.45.0/24 maxlen: 24
84.22.50.0/24 maxlen: 24
84.22.49.0/24 maxlen: 24
84.22.48.0/24 maxlen: 24
84.22.47.0/24 maxlen: 24
84.22.51.0/24 maxlen: 24
84.22.53.0/24 maxlen: 24
84.22.58.0/24 maxlen: 24
185.173.206.0/24 maxlen: 24
84.22.54.0/24 maxlen: 24
84.22.57.0/24 maxlen: 24
84.22.52.0/24 maxlen: 24
185.173.205.0/24 maxlen: 24
185.173.204.0/24 maxlen: 24
84.22.56.0/24 maxlen: 24
84.22.55.0/24 maxlen: 24
185.173.204.0/22 maxlen: 22
84.22.60.0/24 maxlen: 24
185.173.207.0/24 maxlen: 24
84.22.59.0/24 maxlen: 24
84.22.63.0/24 maxlen: 24
84.22.62.0/24 maxlen: 24
84.22.61.0/24 maxlen: 24
2a0b:6300::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6e/90606e-9316-4ea3-bc74-a35c27d95186/1/RpNQgcd6h0XntiuTuC2iliN5suI.crl
rsync://rpki.ripe.net/repository/DEFAULT/6e/90606e-9316-4ea3-bc74-a35c27d95186/1/RpNQgcd6h0XntiuTuC2iliN5suI.mft
rsync://rpki.ripe.net/repository/DEFAULT/RpNQgcd6h0XntiuTuC2iliN5suI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 23 May 2024 22:01:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:4f:85:c2:1a:fa:1b:7d:e1:75:b4:ce:fd:31:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=46935081c77a8745e7b62b93b82da2962379b2e2
Validity
Not Before: Jan 1 00:29:52 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=202536bea4a95fbfb625a23dc3217309659dc93e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:44:56:57:49:03:b1:84:88:f5:ac:f8:04:84:
29:1e:57:49:6d:83:62:2e:6b:46:23:fd:5b:77:e8:
7f:74:36:5f:41:0d:5a:d0:f5:9d:76:e8:3c:73:c2:
bd:b4:df:56:23:ee:7a:14:ce:25:9b:3a:47:9a:fd:
f7:e2:62:ab:2c:69:79:4a:d3:c4:7b:c3:b0:d4:30:
7f:58:0b:f4:bf:b4:b2:0a:2d:9a:f5:a9:98:b3:78:
9b:1b:76:3b:ca:22:2c:66:ee:de:c8:6a:cf:bd:ff:
2c:3d:27:24:e7:25:4c:e0:39:57:2a:7a:1b:64:54:
59:d5:1b:09:19:52:9e:b2:9c:56:3d:c2:6d:25:6d:
a3:78:45:d6:db:31:a0:b0:1e:9b:37:52:f3:24:3f:
4e:d1:37:88:1b:31:81:4d:5e:4b:25:a6:3e:38:58:
aa:db:97:33:e1:25:41:fc:0d:07:f9:77:99:d4:9f:
ae:3e:ca:59:0c:a5:3c:26:00:09:3a:1d:dd:6a:a2:
eb:be:90:39:4d:59:07:06:55:8b:e8:ca:27:99:69:
56:68:df:af:74:87:b3:0f:e9:44:8a:3e:e4:a0:d5:
a9:cd:c4:38:f2:f5:50:41:61:e6:88:61:e3:66:ae:
2a:3f:0d:5d:6e:7a:62:4f:32:46:48:0f:01:90:25:
c7:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:25:36:BE:A4:A9:5F:BF:B6:25:A2:3D:C3:21:73:09:65:9D:C9:3E
X509v3 Authority Key Identifier:
keyid:46:93:50:81:C7:7A:87:45:E7:B6:2B:93:B8:2D:A2:96:23:79:B2:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RpNQgcd6h0XntiuTuC2iliN5suI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/90606e-9316-4ea3-bc74-a35c27d95186/1/ICU2vqSpX7-2JaI9wyFzCWWdyT4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/90606e-9316-4ea3-bc74-a35c27d95186/1/RpNQgcd6h0XntiuTuC2iliN5suI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.35.64.0/21
84.22.32.0/19
185.173.204.0/22
IPv6:
2a0b:6300::/29
Signature Algorithm: sha256WithRSAEncryption
67:b7:03:d9:9b:40:16:9d:53:15:66:57:52:a1:dc:79:4b:ef:
34:48:24:bf:92:dd:39:56:42:10:b0:76:d9:6a:b1:56:43:3c:
12:33:15:62:8f:21:ba:f0:02:1a:a2:c4:c2:2c:cb:b0:2e:d5:
bf:2b:da:10:82:2f:0e:84:15:61:36:aa:28:e3:0e:06:cf:3f:
60:5c:51:71:61:06:d8:8a:b4:6d:f8:18:9e:c0:4e:b2:28:fe:
d0:01:52:45:6a:e1:c7:16:ef:27:85:39:6e:76:b5:11:8a:00:
bb:c7:fb:df:1e:41:d9:20:c3:ae:d1:41:d5:85:fc:2a:40:3a:
30:9a:74:be:ed:95:31:df:75:e5:f5:f6:74:a7:8e:fc:a9:ac:
c1:d1:07:b6:21:50:0e:81:ed:ad:89:3f:e6:6c:5b:28:dd:79:
dc:fa:39:d0:b4:0d:32:88:41:c3:b7:1e:6f:f2:38:ed:b7:fc:
29:c7:e7:fd:b2:52:a3:76:da:dd:aa:6f:54:aa:4f:dd:02:20:
b8:32:68:25:c0:ac:62:13:ed:e3:11:c2:e4:bc:ae:37:c5:b1:
41:e8:08:1e:72:6f:1c:5c:a3:55:e4:c2:38:b6:f5:85:87:59:
e4:1b:30:bc:66:5e:ef:3f:03:1c:a1:55:e1:c8:8c:42:ac:8e:
6e:fc:c1:da
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzCbU+Fwhr6G33hdbTO/TGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OTM1MDgxYzc3YTg3NDVlN2I2MmI5M2I4MmRhMjk2MjM3
OWIyZTIwHhcNMjQwMTAxMDAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDI1MzZiZWE0YTk1ZmJmYjYyNWEyM2RjMzIxNzMwOTY1OWRjOTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhERWV0kDsYSI9az4BIQpHldJbYNi
LmtGI/1bd+h/dDZfQQ1a0PWddug8c8K9tN9WI+56FM4lmzpHmv334mKrLGl5StPE
e8Ow1DB/WAv0v7SyCi2a9amYs3ibG3Y7yiIsZu7eyGrPvf8sPSck5yVM4DlXKnob
ZFRZ1RsJGVKespxWPcJtJW2jeEXW2zGgsB6bN1LzJD9O0TeIGzGBTV5LJaY+OFiq
25cz4SVB/A0H+XeZ1J+uPspZDKU8JgAJOh3daqLrvpA5TVkHBlWL6MonmWlWaN+v
dIezD+lEij7koNWpzcQ48vVQQWHmiGHjZq4qPw1dbnpiTzJGSA8BkCXHowIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCAlNr6kqV+/tiWiPcMhcwllnck+MB8GA1UdIwQY
MBaAFEaTUIHHeodF57Yrk7gtopYjebLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnBOUWdjZDZoMFhudGl1VHVDMmlsaU41c3VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85MDYwNmUtOTMxNi00ZWEzLWJjNzQt
YTM1YzI3ZDk1MTg2LzEvSUNVMnZxU3BYNy0ySmFJOXd5RnpDV1dkeVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85MDYwNmUtOTMxNi00ZWEzLWJjNzQtYTM1YzI3ZDk1MTg2
LzEvUnBOUWdjZDZoMFhudGl1VHVDMmlsaU41c3VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDJSNAAwQF
VBYgAwQCua3MMA0EAgACMAcDBQMqC2MAMA0GCSqGSIb3DQEBCwUAA4IBAQBntwPZ
m0AWnVMVZldSodx5S+80SCS/kt05VkIQsHbZarFWQzwSMxVijyG68AIaosTCLMuw
LtW/K9oQgi8OhBVhNqoo4w4Gzz9gXFFxYQbYirRt+BiewE6yKP7QAVJFauHHFu8n
hTludrURigC7x/vfHkHZIMOu0UHVhfwqQDowmnS+7ZUx33Xl9fZ0p478qazB0Qe2
IVAOge2tiT/mbFso3Xnc+jnQtA0yiEHDtx5v8jjtt/wpx+f9slKjdtrdqm9Uqk/d
AiC4MmglwKxiE+3jEcLkvK43xbFB6Agecm8cXKNV5MI4tvWFh1nkGzC8Zl7vPwMc
oVXhyIxCrI5u/MHa
-----END CERTIFICATE-----
Generated at Thu May 23 08:00:18 2024 by rpki-client on console-ams.rpki-client.org