Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/XbIQ9wnFDnrTuJ5RnDypt3OoOPM.roa
File: XbIQ9wnFDnrTuJ5RnDypt3OoOPM.roa (raw, json)
Hash identifier: hsEO3APGi3G6iLSoz2Xezq2M+O55skz4qrc2mKFIFVE=
Subject key identifier: 5D:B2:10:F7:09:C5:0E:7A:D3:B8:9E:51:9C:3C:A9:B7:73:A8:38:F3
Certificate issuer: /CN=1ada225cb7f29416e7534695fbfb21762fee93c8
Certificate serial: 018CC5DC31DB958F2E94C106A01482E23E92
Authority key identifier: 1A:DA:22:5C:B7:F2:94:16:E7:53:46:95:FB:FB:21:76:2F:EE:93:C8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GtoiXLfylBbnU0aV-_shdi_uk8g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/XbIQ9wnFDnrTuJ5RnDypt3OoOPM.roa
Signing time: Mon 01 Jan 2024 16:29:51 +0000
ROA not before: Mon 01 Jan 2024 16:29:51 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1273
IP address blocks: 194.70.32.0/22 maxlen: 22
194.70.37.0/24 maxlen: 24
194.70.38.0/23 maxlen: 23
194.70.40.0/21 maxlen: 21
194.70.48.0/20 maxlen: 20
194.70.64.0/20 maxlen: 20
212.248.192.0/18 maxlen: 18
195.173.0.0/16 maxlen: 16
212.240.0.0/16 maxlen: 16
195.11.0.0/16 maxlen: 16
194.70.4.0/22 maxlen: 22
194.70.2.0/24 maxlen: 24
194.70.0.0/23 maxlen: 23
194.70.8.0/21 maxlen: 21
194.70.16.0/20 maxlen: 20
194.70.80.0/21 maxlen: 21
194.70.88.0/22 maxlen: 22
193.195.0.0/17 maxlen: 17
194.70.92.0/23 maxlen: 23
194.70.95.0/24 maxlen: 24
194.70.96.0/19 maxlen: 19
194.217.0.0/16 maxlen: 16
194.70.128.0/18 maxlen: 18
194.70.240.0/20 maxlen: 20
193.195.160.0/19 maxlen: 19
193.195.192.0/18 maxlen: 18
194.70.192.0/19 maxlen: 19
194.70.224.0/21 maxlen: 21
193.195.128.0/21 maxlen: 21
194.70.232.0/23 maxlen: 23
193.195.136.0/23 maxlen: 23
193.195.139.0/24 maxlen: 24
194.70.235.0/24 maxlen: 24
194.70.236.0/22 maxlen: 22
193.195.144.0/20 maxlen: 20
193.195.140.0/24 maxlen: 24
193.195.142.0/23 maxlen: 23
194.159.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/GtoiXLfylBbnU0aV-_shdi_uk8g.crl
rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/GtoiXLfylBbnU0aV-_shdi_uk8g.mft
rsync://rpki.ripe.net/repository/DEFAULT/GtoiXLfylBbnU0aV-_shdi_uk8g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 May 2024 14:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:31:db:95:8f:2e:94:c1:06:a0:14:82:e2:3e:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1ada225cb7f29416e7534695fbfb21762fee93c8
Validity
Not Before: Jan 1 16:29:51 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5db210f709c50e7ad3b89e519c3ca9b773a838f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:37:3a:96:98:44:26:e5:d0:af:a1:80:31:4c:
c1:2f:a7:e0:f7:c5:dd:31:b2:0f:63:48:4f:cf:f5:
09:06:5b:a1:ff:09:0f:c8:6d:e1:cb:63:a5:12:b3:
2c:14:0e:26:1f:6b:53:18:7b:48:13:2b:08:8f:cb:
dd:1a:52:01:29:e0:1d:19:b0:49:0c:3f:f8:f9:a9:
5c:e7:b5:0d:c5:e3:64:a1:ab:b6:c9:ae:d1:6c:6e:
87:e0:37:13:26:64:57:49:e6:39:c6:86:e0:7a:e1:
da:28:75:2b:fa:0e:2c:d9:d7:7a:db:a7:a4:15:4b:
86:16:6b:cf:67:e5:9c:32:af:37:f6:5a:64:26:e5:
0f:cf:de:87:5d:5d:f0:a8:8c:f8:db:b8:90:65:1e:
cc:60:85:87:25:18:28:3c:4b:ce:8a:49:ce:50:40:
c4:9a:bb:ec:aa:54:dc:b2:38:3f:81:21:2b:15:15:
da:07:53:bf:ec:35:61:23:48:d4:78:b7:3e:90:90:
a1:d5:be:f5:1d:b9:61:a6:49:5e:70:77:ec:9e:56:
68:cb:0e:45:f4:63:84:9c:71:82:98:02:c4:4f:c3:
ed:eb:b1:dd:bf:21:83:1b:31:53:7e:ee:e3:9e:33:
d3:df:b0:3a:71:ad:ff:8c:f7:f6:4a:ba:91:b9:7b:
19:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:B2:10:F7:09:C5:0E:7A:D3:B8:9E:51:9C:3C:A9:B7:73:A8:38:F3
X509v3 Authority Key Identifier:
keyid:1A:DA:22:5C:B7:F2:94:16:E7:53:46:95:FB:FB:21:76:2F:EE:93:C8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GtoiXLfylBbnU0aV-_shdi_uk8g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/XbIQ9wnFDnrTuJ5RnDypt3OoOPM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/GtoiXLfylBbnU0aV-_shdi_uk8g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.195.0.0-193.195.137.255
193.195.139.0-193.195.140.255
193.195.142.0-193.195.255.255
194.70.0.0-194.70.2.255
194.70.4.0-194.70.35.255
194.70.37.0-194.70.93.255
194.70.95.0-194.70.233.255
194.70.235.0-194.70.255.255
194.159.0.0/16
194.217.0.0/16
195.11.0.0/16
195.173.0.0/16
212.240.0.0/16
212.248.192.0/18
Signature Algorithm: sha256WithRSAEncryption
79:92:6d:88:f7:c8:18:5a:ab:dc:02:55:75:c5:a1:2f:ae:c7:
85:08:ed:98:91:3d:92:ca:bf:50:c5:c6:87:35:38:6b:c6:14:
1c:30:6b:4f:2e:8f:97:b7:2c:d8:2f:75:21:02:1a:11:54:af:
f8:85:36:4b:06:e8:f5:84:ab:aa:cb:fb:ce:1f:b1:db:51:a1:
fb:30:f0:5b:80:f6:06:24:53:ce:e9:a3:a1:31:94:db:0a:9a:
c9:4a:f9:18:d4:29:74:10:f6:8e:b7:ff:ff:85:c1:15:05:c1:
33:82:ef:5e:54:34:8e:75:20:fe:f3:37:36:19:f3:f0:41:ff:
df:7a:a2:e4:26:83:56:b1:b1:d6:4b:e6:58:44:00:01:95:c4:
ce:18:cb:cb:6d:8d:54:30:ea:3b:40:da:16:9a:e0:27:c6:67:
23:ae:35:13:ae:2f:74:b4:ad:50:d8:a6:37:25:02:1b:d5:87:
0a:45:8c:67:ce:60:98:76:c5:06:f2:f3:ea:73:c6:98:3a:42:
92:3e:53:45:e8:02:fe:27:04:c5:c7:9d:38:fd:c1:22:27:b7:
84:fb:c6:4f:ac:9c:2b:36:0d:62:4b:9e:2b:f7:d8:e4:74:16:
ac:19:7a:60:fc:1c:b3:b2:8e:e1:e1:95:eb:28:14:5d:0a:71:
d8:d1:82:76
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzF3DHblY8ulMEGoBSC4j6SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZGEyMjVjYjdmMjk0MTZlNzUzNDY5NWZiZmIyMTc2MmZl
ZTkzYzgwHhcNMjQwMTAxMTYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGIyMTBmNzA5YzUwZTdhZDNiODllNTE5YzNjYTliNzczYTgzOGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Tc6lphEJuXQr6GAMUzBL6fg98Xd
MbIPY0hPz/UJBluh/wkPyG3hy2OlErMsFA4mH2tTGHtIEysIj8vdGlIBKeAdGbBJ
DD/4+alc57UNxeNkoau2ya7RbG6H4DcTJmRXSeY5xobgeuHaKHUr+g4s2dd626ek
FUuGFmvPZ+WcMq839lpkJuUPz96HXV3wqIz427iQZR7MYIWHJRgoPEvOiknOUEDE
mrvsqlTcsjg/gSErFRXaB1O/7DVhI0jUeLc+kJCh1b71HblhpklecHfsnlZoyw5F
9GOEnHGCmALET8Pt67HdvyGDGzFTfu7jnjPT37A6ca3/jPf2SrqRuXsZtwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFF2yEPcJxQ5607ieUZw8qbdzqDjzMB8GA1UdIwQY
MBaAFBraIly38pQW51NGlfv7IXYv7pPIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3RvaVhMZnlsQmJuVTBhVi1fc2hkaV91azhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9lOWQ5Y2MtMjY2OC00MmZjLTgzMTUt
NzUyNWQ0ZDQwOGI1LzEvWGJJUTl3bkZEbnJUdUo1Um5EeXB0M09vT1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9lOWQ5Y2MtMjY2OC00MmZjLTgzMTUtNzUyNWQ0ZDQwOGI1
LzEvR3RvaVhMZnlsQmJuVTBhVi1fc2hkaV91azhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGoBggrBgEFBQcBBwEB/wSBmDCBlTCBkgQCAAEwgYswCwMD
AMHDAwQBwcOIMAwDBADBw4sDBADBw4wwCwMEAcHDjgMDAsHAMAsDAwHCRgMEAMJG
AjAMAwQCwkYEAwQCwkYgMAwDBADCRiUDBAHCRlwwDAMEAMJGXwMEAcJG6DALAwQA
wkbrAwMAwkYDAwDCnwMDAMLZAwMAwwsDAwDDrQMDANTwAwQG1PjAMA0GCSqGSIb3
DQEBCwUAA4IBAQB5km2I98gYWqvcAlV1xaEvrseFCO2YkT2Syr9QxcaHNThrxhQc
MGtPLo+XtyzYL3UhAhoRVK/4hTZLBuj1hKuqy/vOH7HbUaH7MPBbgPYGJFPO6aOh
MZTbCprJSvkY1Cl0EPaOt///hcEVBcEzgu9eVDSOdSD+8zc2GfPwQf/feqLkJoNW
sbHWS+ZYRAABlcTOGMvLbY1UMOo7QNoWmuAnxmcjrjUTri90tK1Q2KY3JQIb1YcK
RYxnzmCYdsUG8vPqc8aYOkKSPlNF6AL+JwTFx504/cEiJ7eE+8ZPrJwrNg1iS54r
99jkdBasGXpg/Byzso7h4ZXrKBRdCnHY0YJ2
-----END CERTIFICATE-----
Generated at Tue May 28 23:37:55 2024 by rpki-client on console-ams.rpki-client.org