Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/NIWRjRw_azzWwi7j-eTC7bMPq24.roa
File: NIWRjRw_azzWwi7j-eTC7bMPq24.roa (raw, json)
Hash identifier: 1bi20YfM5qPGX0JXzgpx0diIDrcA9q5yJu3YTEzy7/k=
Subject key identifier: 34:85:91:8D:1C:3F:6B:3C:D6:C2:2E:E3:F9:E4:C2:ED:B3:0F:AB:6E
Certificate issuer: /CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
Certificate serial: 018F3B7C5B758A55DBC45CBE65FC0A098FA1
Authority key identifier: C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/NIWRjRw_azzWwi7j-eTC7bMPq24.roa
Signing time: Thu 02 May 2024 22:45:56 +0000
ROA not before: Thu 02 May 2024 22:45:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60032
IP address blocks: 2.59.68.0/22 maxlen: 22
2.59.72.0/22 maxlen: 22
5.252.60.0/22 maxlen: 22
5.252.88.0/22 maxlen: 22
45.11.148.0/22 maxlen: 22
45.65.104.0/21 maxlen: 21
45.85.176.0/22 maxlen: 22
45.90.224.0/22 maxlen: 22
45.129.48.0/22 maxlen: 22
45.152.184.0/22 maxlen: 22
80.240.176.0/21 maxlen: 21
80.240.184.0/21 maxlen: 21
80.240.184.0/22 maxlen: 22
80.240.188.0/22 maxlen: 22
91.92.18.0/23 maxlen: 23
95.214.44.0/22 maxlen: 22
109.70.16.0/21 maxlen: 22
128.127.16.0/21 maxlen: 22
185.13.180.0/22 maxlen: 22
185.61.144.0/22 maxlen: 22
185.107.84.0/22 maxlen: 24
185.128.140.0/22 maxlen: 23
185.163.60.0/22 maxlen: 22
185.189.20.0/22 maxlen: 24
185.203.180.0/22 maxlen: 22
185.229.176.0/22 maxlen: 22
185.253.36.0/22 maxlen: 22
188.92.64.0/21 maxlen: 22
193.8.116.0/22 maxlen: 22
193.56.168.0/22 maxlen: 22
194.36.137.0/24 maxlen: 24
194.36.167.0/24 maxlen: 24
194.36.169.0/24 maxlen: 24
194.36.221.0/24 maxlen: 24
194.182.112.0/20 maxlen: 22
212.104.240.0/20 maxlen: 20
2a02:79e0::/32 maxlen: 32
2a02:cfc0::/29 maxlen: 32
2a06:4280::/29 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/yGjKghR-0id7S8xppShbrnNfLkQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/yGjKghR-0id7S8xppShbrnNfLkQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 04:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:3b:7c:5b:75:8a:55:db:c4:5c:be:65:fc:0a:09:8f:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
Validity
Not Before: May 2 22:45:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3485918d1c3f6b3cd6c22ee3f9e4c2edb30fab6e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:26:e8:59:47:36:ee:04:65:30:24:ed:8f:bd:
37:53:79:83:96:73:89:f8:79:f2:38:a9:d4:78:c7:
ae:5e:cf:b5:3d:36:3f:ec:9b:a5:f4:4b:bb:ff:d2:
43:40:2f:a9:5f:05:2a:4e:30:16:62:bd:30:e3:28:
73:ec:14:6c:51:6c:9a:5e:92:1b:c3:fe:a4:37:6c:
00:a8:94:39:a1:ef:a1:b0:d7:43:11:4a:ab:04:a5:
46:21:9b:23:dc:66:ab:93:30:9b:08:b9:4e:1c:67:
10:1a:a3:8e:bc:c7:ee:43:03:72:ea:d7:b0:b3:49:
13:fc:0c:02:ae:bb:5e:12:0c:6a:0f:59:b6:bd:ab:
84:29:d0:37:02:11:41:e9:0a:43:da:b1:db:9f:98:
f1:f3:1c:47:74:9c:f9:42:b3:98:09:c0:b9:f4:5f:
e9:f6:31:2a:83:a9:75:a4:7f:04:7c:ce:ef:b8:d0:
c4:40:89:10:c2:8d:41:05:71:ac:22:28:68:74:6a:
c8:e3:bf:6a:38:1b:5e:ef:16:f3:0c:6f:f2:ab:f9:
a3:bf:05:51:dd:91:7d:c1:bf:ee:a3:a9:fd:b7:6e:
80:c9:9a:ab:81:90:b9:c2:87:cd:0f:fe:6f:f1:eb:
2f:7a:80:c7:6a:c9:0e:4a:71:df:cb:64:ef:21:0f:
f3:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:85:91:8D:1C:3F:6B:3C:D6:C2:2E:E3:F9:E4:C2:ED:B3:0F:AB:6E
X509v3 Authority Key Identifier:
keyid:C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/NIWRjRw_azzWwi7j-eTC7bMPq24.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/yGjKghR-0id7S8xppShbrnNfLkQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.68.0-2.59.75.255
5.252.60.0/22
5.252.88.0/22
45.11.148.0/22
45.65.104.0/21
45.85.176.0/22
45.90.224.0/22
45.129.48.0/22
45.152.184.0/22
80.240.176.0/20
91.92.18.0/23
95.214.44.0/22
109.70.16.0/21
128.127.16.0/21
185.13.180.0/22
185.61.144.0/22
185.107.84.0/22
185.128.140.0/22
185.163.60.0/22
185.189.20.0/22
185.203.180.0/22
185.229.176.0/22
185.253.36.0/22
188.92.64.0/21
193.8.116.0/22
193.56.168.0/22
194.36.137.0/24
194.36.167.0/24
194.36.169.0/24
194.36.221.0/24
194.182.112.0/20
212.104.240.0/20
IPv6:
2a02:79e0::/32
2a02:cfc0::/29
2a06:4280::/29
Signature Algorithm: sha256WithRSAEncryption
a7:4b:eb:ae:79:bc:cc:49:26:22:87:4b:bd:36:96:fd:6b:97:
96:98:d7:9e:f5:6c:ca:b0:01:73:7d:30:d5:79:73:6f:4b:a7:
18:36:be:cb:27:e4:ce:0d:c4:41:3e:3f:e4:a5:c8:59:5b:b5:
06:2b:a7:0a:a4:ba:cb:10:72:7d:1c:c8:52:5e:1d:97:82:9c:
52:12:6f:e4:92:46:ef:15:3c:5e:d5:ce:93:be:71:dc:62:f4:
97:02:88:67:c0:74:f5:95:0f:0f:6c:71:34:5f:c2:7e:ad:ef:
ea:21:c6:35:05:27:49:ca:2e:8e:36:57:3c:35:cb:ff:ff:9d:
80:dc:83:44:5c:b0:5f:c3:b1:21:96:d7:ed:91:3b:d5:75:e8:
d2:04:3a:82:e9:a4:e7:49:0d:a0:4e:25:c2:95:73:5d:33:e3:
14:22:d9:5b:34:29:09:6b:8f:e3:66:7f:0c:3d:05:8a:d8:65:
fa:d4:d7:e3:f0:6f:79:7e:fa:d6:13:4f:f1:f8:52:d9:7f:2a:
7c:fd:5d:b1:68:95:07:6b:57:64:41:38:ea:8f:6e:e9:84:a7:
fb:63:3e:fb:d1:10:11:22:5c:66:86:d8:b1:ec:40:4c:59:a8:
ee:3c:49:72:a3:07:94:a6:fd:97:aa:5e:fc:a1:3c:2f:7a:09:
d7:7b:64:fd
-----BEGIN CERTIFICATE-----
MIIF4jCCBMqgAwIBAgISAY87fFt1ilXbxFy+ZfwKCY+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NjhjYTgyMTQ3ZWQyMjc3YjRiY2M2OWE1Mjg1YmFlNzM1
ZjJlNDQwHhcNMjQwNTAyMjI0NTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDg1OTE4ZDFjM2Y2YjNjZDZjMjJlZTNmOWU0YzJlZGIzMGZhYjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziboWUc27gRlMCTtj703U3mDlnOJ
+HnyOKnUeMeuXs+1PTY/7Jul9Eu7/9JDQC+pXwUqTjAWYr0w4yhz7BRsUWyaXpIb
w/6kN2wAqJQ5oe+hsNdDEUqrBKVGIZsj3GarkzCbCLlOHGcQGqOOvMfuQwNy6tew
s0kT/AwCrrteEgxqD1m2vauEKdA3AhFB6QpD2rHbn5jx8xxHdJz5QrOYCcC59F/p
9jEqg6l1pH8EfM7vuNDEQIkQwo1BBXGsIihodGrI479qOBte7xbzDG/yq/mjvwVR
3ZF9wb/uo6n9t26AyZqrgZC5wofND/5v8esveoDHaskOSnHfy2TvIQ/z2QIDAQAB
o4IC7jCCAuowHQYDVR0OBBYEFDSFkY0cP2s81sIu4/nkwu2zD6tuMB8GA1UdIwQY
MBaAFMhoyoIUftIne0vMaaUoW65zXy5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUdqS2doUi0waWQ3Uzh4cHBTaGJybk5mTGtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wNDJjMzMtYWI2Yi00OGJlLWE0OTIt
NjY4NDkwMTk2MjdlLzEvTklXUmpSd19henpXd2k3ai1lVEM3Yk1QcTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wNDJjMzMtYWI2Yi00OGJlLWE0OTItNjY4NDkwMTk2Mjdl
LzEveUdqS2doUi0waWQ3Uzh4cHBTaGJybk5mTGtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAgYIKwYBBQUHAQcBAf8EgfIwge8wgc8EAgABMIHIMAwD
BAICO0QDBAICO0gDBAIF/DwDBAIF/FgDBAItC5QDBAMtQWgDBAItVbADBAItWuAD
BAItgTADBAItmLgDBARQ8LADBAFbXBIDBAJf1iwDBANtRhADBAOAfxADBAK5DbQD
BAK5PZADBAK5a1QDBAK5gIwDBAK5ozwDBAK5vRQDBAK5y7QDBAK55bADBAK5/SQD
BAO8XEADBALBCHQDBALBOKgDBADCJIkDBADCJKcDBADCJKkDBADCJN0DBATCtnAD
BATUaPAwGwQCAAIwFQMFACoCeeADBQMqAs/AAwUDKgZCgDANBgkqhkiG9w0BAQsF
AAOCAQEAp0vrrnm8zEkmIodLvTaW/WuXlpjXnvVsyrABc30w1Xlzb0unGDa+yyfk
zg3EQT4/5KXIWVu1BiunCqS6yxByfRzIUl4dl4KcUhJv5JJG7xU8XtXOk75x3GL0
lwKIZ8B09ZUPD2xxNF/Cfq3v6iHGNQUnScoujjZXPDXL//+dgNyDRFywX8OxIZbX
7ZE71XXo0gQ6gumk50kNoE4lwpVzXTPjFCLZWzQpCWuP42Z/DD0Fithl+tTX4/Bv
eX761hNP8fhS2X8qfP1dsWiVB2tXZEE46o9u6YSn+2M++9EQESJcZobYsexATFmo
7jxJcqMHlKb9l6pe/KE8L3oJ13tk/Q==
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:49:14 2024 by rpki-client on console-fra.rpki-client.org