Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/cf9c10-c85c-4bbf-a25d-8060c503d86e/1/Qy1mAFk2koV_gwznUnJBO3GZrPo.roa
File: Qy1mAFk2koV_gwznUnJBO3GZrPo.roa (raw, json)
Hash identifier: lsasd1HhjKHtUjwRvtA1QXWrf7aLgbS0ots8GH3GU8o=
Subject key identifier: 43:2D:66:00:59:36:92:85:7F:83:0C:E7:52:72:41:3B:71:99:AC:FA
Certificate issuer: /CN=fe2e22cc15859ed4a0784bfd08584b3c8fb29f9a
Certificate serial: 018CC5DCD7B52BE6127D538215ABFF8FE0FC
Authority key identifier: FE:2E:22:CC:15:85:9E:D4:A0:78:4B:FD:08:58:4B:3C:8F:B2:9F:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_i4izBWFntSgeEv9CFhLPI-yn5o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/cf9c10-c85c-4bbf-a25d-8060c503d86e/1/Qy1mAFk2koV_gwznUnJBO3GZrPo.roa
Signing time: Mon 01 Jan 2024 16:30:33 +0000
ROA not before: Mon 01 Jan 2024 16:30:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1547
IP address blocks: 37.26.128.0/20 maxlen: 20
185.10.20.0/22 maxlen: 22
77.235.96.0/19 maxlen: 19
77.235.96.0/20 maxlen: 20
217.19.211.0/24 maxlen: 24
217.19.212.0/24 maxlen: 24
217.19.209.0/24 maxlen: 24
217.19.210.0/24 maxlen: 24
217.19.208.0/24 maxlen: 24
217.19.208.0/20 maxlen: 20
217.19.213.0/24 maxlen: 24
217.19.218.0/24 maxlen: 24
217.19.216.0/24 maxlen: 24
217.19.217.0/24 maxlen: 24
217.19.214.0/24 maxlen: 24
217.19.215.0/24 maxlen: 24
217.19.219.0/24 maxlen: 24
217.19.223.0/24 maxlen: 24
217.19.221.0/24 maxlen: 24
77.235.112.0/20 maxlen: 20
217.19.222.0/24 maxlen: 24
217.19.220.0/24 maxlen: 24
95.153.64.0/18 maxlen: 18
95.153.96.0/19 maxlen: 19
62.221.64.0/18 maxlen: 18
62.221.96.0/19 maxlen: 19
62.221.64.0/19 maxlen: 19
95.153.64.0/19 maxlen: 19
80.94.246.0/24 maxlen: 24
80.94.244.0/24 maxlen: 24
80.94.245.0/24 maxlen: 24
80.94.240.0/20 maxlen: 20
80.94.243.0/24 maxlen: 24
80.94.241.0/24 maxlen: 24
80.94.242.0/24 maxlen: 24
80.94.247.0/24 maxlen: 24
80.94.253.0/24 maxlen: 24
80.94.251.0/24 maxlen: 24
80.94.252.0/24 maxlen: 24
80.94.249.0/24 maxlen: 24
80.94.250.0/24 maxlen: 24
80.94.248.0/24 maxlen: 24
80.94.255.0/24 maxlen: 24
31.31.0.0/19 maxlen: 19
31.31.0.0/20 maxlen: 20
80.94.254.0/24 maxlen: 24
31.31.16.0/20 maxlen: 20
80.94.240.0/24 maxlen: 24
2a03:f680::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/78/cf9c10-c85c-4bbf-a25d-8060c503d86e/1/_i4izBWFntSgeEv9CFhLPI-yn5o.crl
rsync://rpki.ripe.net/repository/DEFAULT/78/cf9c10-c85c-4bbf-a25d-8060c503d86e/1/_i4izBWFntSgeEv9CFhLPI-yn5o.mft
rsync://rpki.ripe.net/repository/DEFAULT/_i4izBWFntSgeEv9CFhLPI-yn5o.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 19:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:d7:b5:2b:e6:12:7d:53:82:15:ab:ff:8f:e0:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe2e22cc15859ed4a0784bfd08584b3c8fb29f9a
Validity
Not Before: Jan 1 16:30:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=432d6600593692857f830ce75272413b7199acfa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:cc:64:e1:3e:8e:89:b9:05:61:d9:20:c0:28:
c0:11:65:5d:41:62:89:c9:9e:d4:aa:09:87:e3:4c:
88:13:65:de:87:f8:50:38:08:46:15:0c:61:79:bb:
fe:98:0b:f4:30:1f:bd:43:b8:a1:97:1b:5b:f9:2d:
d0:08:3f:ee:36:c7:3c:f8:ca:af:f0:9e:f9:3e:a5:
f0:58:db:52:1b:82:86:3f:1b:b9:fa:51:ed:e6:60:
66:6b:43:74:6a:14:1b:5b:9e:8a:40:96:ce:3f:0d:
85:99:88:b0:7e:d6:b0:1e:35:8e:c6:fc:60:22:d6:
22:35:9f:c5:1d:56:e4:da:3e:93:56:1f:8e:0e:9c:
7f:17:d3:3f:45:9b:6d:f9:bd:87:1c:1e:ab:fd:e3:
d6:9e:b3:96:b6:5d:1d:17:6b:1a:b6:c8:37:32:85:
90:42:35:c6:99:52:f2:fa:e2:66:eb:03:f3:fe:82:
90:07:4e:21:74:fa:4d:8b:98:4b:b8:4b:47:33:74:
22:96:95:80:67:d9:50:6e:1e:cf:35:06:ef:89:12:
7d:05:80:25:de:d5:55:8b:ce:e5:46:d4:f2:a9:c5:
ff:60:ed:4d:f3:7c:70:71:26:f3:ed:33:f5:e0:d4:
37:84:5d:f7:10:81:9f:e1:b9:16:1f:3b:fc:f9:67:
1d:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:2D:66:00:59:36:92:85:7F:83:0C:E7:52:72:41:3B:71:99:AC:FA
X509v3 Authority Key Identifier:
keyid:FE:2E:22:CC:15:85:9E:D4:A0:78:4B:FD:08:58:4B:3C:8F:B2:9F:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_i4izBWFntSgeEv9CFhLPI-yn5o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/cf9c10-c85c-4bbf-a25d-8060c503d86e/1/Qy1mAFk2koV_gwznUnJBO3GZrPo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/cf9c10-c85c-4bbf-a25d-8060c503d86e/1/_i4izBWFntSgeEv9CFhLPI-yn5o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.31.0.0/19
37.26.128.0/20
62.221.64.0/18
77.235.96.0/19
80.94.240.0/20
95.153.64.0/18
185.10.20.0/22
217.19.208.0/20
IPv6:
2a03:f680::/32
Signature Algorithm: sha256WithRSAEncryption
24:5e:a6:81:b1:aa:d3:81:94:0f:c2:0b:0f:23:29:7e:a4:88:
92:96:8c:05:08:11:ca:1b:f6:fb:99:e6:2c:2a:a3:6b:31:42:
b8:12:1f:ea:d6:e8:91:8e:31:b0:c2:92:01:d2:05:95:02:ec:
c0:c7:f9:8f:af:90:d0:a9:8c:3d:6b:49:33:73:64:6b:1d:8c:
60:21:30:38:6a:13:5d:25:0c:b9:a4:cc:bc:4d:e9:32:4b:55:
7f:35:69:8a:01:df:a6:2c:18:9f:4a:d9:6d:51:ec:47:d1:46:
73:4b:4a:52:ff:51:a6:24:64:0e:48:97:cf:45:60:62:a6:71:
a5:d8:9d:1c:bf:fe:e4:b7:72:70:2e:64:a0:fb:af:e0:2c:db:
cc:25:f3:c3:2d:e6:8f:e8:2c:45:69:15:ca:57:49:63:15:a4:
8b:d4:fb:dc:19:a6:67:0e:75:b9:96:72:ab:c7:22:56:f6:8a:
c3:f0:28:fb:e2:56:1c:dc:47:14:b0:25:af:24:89:62:7a:1c:
dc:9a:9c:a5:07:a6:43:a4:e9:d7:dd:11:ca:dc:48:fb:17:e5:
44:75:5d:d6:97:cb:e8:34:d4:cf:b1:c3:e0:45:8a:cc:8a:02:
a4:b9:cb:2f:0f:f5:26:c6:32:53:69:04:78:d6:35:a8:26:cd:
70:f5:d8:21
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzF3Ne1K+YSfVOCFav/j+D8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMmUyMmNjMTU4NTllZDRhMDc4NGJmZDA4NTg0YjNjOGZi
MjlmOWEwHhcNMjQwMTAxMTYzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzJkNjYwMDU5MzY5Mjg1N2Y4MzBjZTc1MjcyNDEzYjcxOTlhY2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcxk4T6OibkFYdkgwCjAEWVdQWKJ
yZ7UqgmH40yIE2Xeh/hQOAhGFQxhebv+mAv0MB+9Q7ihlxtb+S3QCD/uNsc8+Mqv
8J75PqXwWNtSG4KGPxu5+lHt5mBma0N0ahQbW56KQJbOPw2FmYiwftawHjWOxvxg
ItYiNZ/FHVbk2j6TVh+ODpx/F9M/RZtt+b2HHB6r/ePWnrOWtl0dF2satsg3MoWQ
QjXGmVLy+uJm6wPz/oKQB04hdPpNi5hLuEtHM3QilpWAZ9lQbh7PNQbviRJ9BYAl
3tVVi87lRtTyqcX/YO1N83xwcSbz7TP14NQ3hF33EIGf4bkWHzv8+WcduwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFEMtZgBZNpKFf4MM51JyQTtxmaz6MB8GA1UdIwQY
MBaAFP4uIswVhZ7UoHhL/QhYSzyPsp+aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2k0aXpCV0ZudFNnZUV2OUNGaExQSS15bjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9jZjljMTAtYzg1Yy00YmJmLWEyNWQt
ODA2MGM1MDNkODZlLzEvUXkxbUFGazJrb1ZfZ3d6blVuSkJPM0daclBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9jZjljMTAtYzg1Yy00YmJmLWEyNWQtODA2MGM1MDNkODZl
LzEvX2k0aXpCV0ZudFNnZUV2OUNGaExQSS15bjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQFHx8AAwQE
JRqAAwQGPt1AAwQFTetgAwQEUF7wAwQGX5lAAwQCuQoUAwQE2RPQMA0EAgACMAcD
BQAqA/aAMA0GCSqGSIb3DQEBCwUAA4IBAQAkXqaBsarTgZQPwgsPIyl+pIiSlowF
CBHKG/b7meYsKqNrMUK4Eh/q1uiRjjGwwpIB0gWVAuzAx/mPr5DQqYw9a0kzc2Rr
HYxgITA4ahNdJQy5pMy8TekyS1V/NWmKAd+mLBifStltUexH0UZzS0pS/1GmJGQO
SJfPRWBipnGl2J0cv/7kt3JwLmSg+6/gLNvMJfPDLeaP6CxFaRXKV0ljFaSL1Pvc
GaZnDnW5lnKrxyJW9orD8Cj74lYc3EcUsCWvJIliehzcmpylB6ZDpOnX3RHK3Ej7
F+VEdV3Wl8voNNTPscPgRYrMigKkucsvD/UmxjJTaQR41jWoJs1w9dgh
-----END CERTIFICATE-----
Generated at Sat Jun 1 23:15:31 2024 by rpki-client on console-ams.rpki-client.org