Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/Yt3qNyUt06SrZT5AApDBitGbHGU.roa
File: Yt3qNyUt06SrZT5AApDBitGbHGU.roa (raw, json)
Hash identifier: Km20h2W4I4tgIcq/F3vLRcoaeePSpTMlIN8YOSOAX2Y=
Subject key identifier: 62:DD:EA:37:25:2D:D3:A4:AB:65:3E:40:02:90:C1:8A:D1:9B:1C:65
Certificate issuer: /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial: 019466E638EFD9CACDC6415F08172CF6B12C
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/Yt3qNyUt06SrZT5AApDBitGbHGU.roa
Signing time: Tue 14 Jan 2025 22:19:11 +0000
ROA not before: Tue 14 Jan 2025 22:19:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5503
IP address blocks: 62.171.192.0/19 maxlen: 24
62.171.224.0/22 maxlen: 24
62.171.252.0/22 maxlen: 24
185.192.228.0/22 maxlen: 24
194.154.0.0/20 maxlen: 24
194.154.16.0/21 maxlen: 24
194.238.32.0/21 maxlen: 24
194.238.48.0/21 maxlen: 24
194.238.60.0/22 maxlen: 24
194.238.64.0/21 maxlen: 24
213.18.248.0/21 maxlen: 24
217.177.16.0/20 maxlen: 24
217.177.36.0/22 maxlen: 24
217.177.56.0/21 maxlen: 24
217.177.64.0/21 maxlen: 24
217.177.76.0/22 maxlen: 24
217.177.88.0/21 maxlen: 24
217.179.0.0/22 maxlen: 24
217.179.8.0/21 maxlen: 24
217.179.16.0/20 maxlen: 24
217.179.32.0/20 maxlen: 24
217.179.52.0/22 maxlen: 24
217.179.60.0/22 maxlen: 24
217.179.64.0/21 maxlen: 24
217.179.76.0/22 maxlen: 24
217.179.84.0/22 maxlen: 24
217.179.92.0/22 maxlen: 24
217.179.96.0/20 maxlen: 24
217.179.112.0/21 maxlen: 24
217.179.120.0/22 maxlen: 24
217.179.192.0/20 maxlen: 24
217.179.208.0/21 maxlen: 24
217.179.216.0/22 maxlen: 24
217.179.224.0/22 maxlen: 24
217.179.232.0/21 maxlen: 24
217.179.240.0/20 maxlen: 24
217.180.0.0/21 maxlen: 24
217.180.8.0/22 maxlen: 24
217.180.24.0/21 maxlen: 24
217.180.32.0/22 maxlen: 24
217.180.48.0/22 maxlen: 24
217.181.0.0/18 maxlen: 24
2a02:fb0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Feb 2025 09:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:66:e6:38:ef:d9:ca:cd:c6:41:5f:08:17:2c:f6:b1:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Validity
Not Before: Jan 14 22:19:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=62ddea37252dd3a4ab653e400290c18ad19b1c65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:ee:24:23:00:35:15:c9:7b:a2:64:ed:99:a0:
67:8e:ec:2c:da:b2:0e:8f:07:46:78:77:8e:57:7d:
b8:ba:b8:c9:05:31:cc:d9:99:b6:ef:ef:8c:c2:ea:
00:2c:0a:55:c7:e6:b1:01:b6:d0:54:82:04:70:bc:
ac:f2:84:e1:cc:4d:cf:86:51:b7:0f:f1:59:e8:cb:
5e:0b:31:77:0e:d1:42:ac:2a:af:91:a9:0d:66:7b:
15:b2:38:36:04:00:b1:fb:fe:cc:79:a9:14:0f:88:
15:83:cf:34:6e:93:e5:6b:eb:aa:1d:72:b6:60:83:
bd:35:11:2a:42:ed:5a:8c:78:a9:0a:be:b4:e8:9b:
21:8d:98:10:a1:be:7a:e0:b4:bf:2e:25:e8:5b:90:
9a:60:63:12:6f:9a:45:3b:92:e6:21:8c:ff:0f:70:
40:f7:0d:c7:59:1c:dc:0d:3c:93:0c:10:b2:59:35:
b7:c9:48:d6:18:7e:45:76:4e:de:b9:25:8d:24:9f:
69:41:9e:07:39:d1:ef:02:02:1c:35:db:80:38:28:
60:b7:0a:2d:a7:ce:11:63:fb:8f:6c:ae:24:e1:fd:
64:63:48:b3:49:d3:57:64:56:e3:ae:9c:2a:0d:4b:
2f:2b:2f:42:96:11:ab:f2:71:1c:92:09:60:c0:aa:
20:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:DD:EA:37:25:2D:D3:A4:AB:65:3E:40:02:90:C1:8A:D1:9B:1C:65
X509v3 Authority Key Identifier:
keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/Yt3qNyUt06SrZT5AApDBitGbHGU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.171.192.0-62.171.227.255
62.171.252.0/22
185.192.228.0/22
194.154.0.0-194.154.23.255
194.238.32.0/21
194.238.48.0/21
194.238.60.0-194.238.71.255
213.18.248.0/21
217.177.16.0/20
217.177.36.0/22
217.177.56.0-217.177.71.255
217.177.76.0/22
217.177.88.0/21
217.179.0.0/22
217.179.8.0-217.179.47.255
217.179.52.0/22
217.179.60.0-217.179.71.255
217.179.76.0/22
217.179.84.0/22
217.179.92.0-217.179.123.255
217.179.192.0-217.179.219.255
217.179.224.0/22
217.179.232.0-217.180.11.255
217.180.24.0-217.180.35.255
217.180.48.0/22
217.181.0.0/18
IPv6:
2a02:fb0::/32
Signature Algorithm: sha256WithRSAEncryption
74:09:a3:18:e8:cd:c2:b9:b3:53:ad:7a:96:0c:63:a1:50:fe:
1a:65:5a:e7:05:55:d1:cd:f0:16:a1:22:84:ba:9c:68:53:e1:
ea:b7:83:14:20:43:a9:ba:6f:0f:f4:97:92:96:be:45:e4:39:
c5:89:78:d8:82:68:36:ab:a6:ab:ed:62:5e:b4:d6:27:81:cf:
44:0d:29:e6:64:d0:35:ff:06:cf:77:26:9b:ef:d0:fc:60:9b:
75:07:77:d1:ea:2d:a1:73:7d:9f:12:ec:0c:82:ad:6b:6a:55:
12:99:fc:09:92:58:7c:34:2b:83:d2:8c:fe:2e:c3:d0:07:fb:
e3:ee:5e:f6:c8:7d:fd:e5:d3:50:b2:90:ac:32:df:47:c4:4a:
5f:b9:87:60:f1:98:11:f6:32:70:5b:24:be:63:25:66:92:32:
ec:89:9a:37:f7:5e:75:0a:98:70:a5:8a:6c:d6:ad:82:61:27:
7f:dc:93:72:d7:b2:ca:90:ce:d2:28:27:ad:18:cd:45:4a:e9:
75:d6:c4:b3:da:d4:f1:c5:ad:e5:3a:54:02:00:24:bd:fa:62:
76:c6:f7:85:b6:5e:28:ba:bc:c3:4b:7d:2a:da:01:c2:f0:ab:
41:f4:de:2f:f4:7e:20:0b:0a:34:32:16:13:e9:74:fb:d1:52:
60:d8:4a:b0
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgISAZRm5jjv2crNxkFfCBcs9rEsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMTE0MjIxOTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmRkZWEzNzI1MmRkM2E0YWI2NTNlNDAwMjkwYzE4YWQxOWIxYzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+4kIwA1Fcl7omTtmaBnjuws2rIO
jwdGeHeOV324urjJBTHM2Zm27++MwuoALApVx+axAbbQVIIEcLys8oThzE3PhlG3
D/FZ6MteCzF3DtFCrCqvkakNZnsVsjg2BACx+/7MeakUD4gVg880bpPla+uqHXK2
YIO9NREqQu1ajHipCr606JshjZgQob564LS/LiXoW5CaYGMSb5pFO5LmIYz/D3BA
9w3HWRzcDTyTDBCyWTW3yUjWGH5Fdk7euSWNJJ9pQZ4HOdHvAgIcNduAOChgtwot
p84RY/uPbK4k4f1kY0izSdNXZFbjrpwqDUsvKy9ClhGr8nEckglgwKoglwIDAQAB
o4IDBTCCAwEwHQYDVR0OBBYEFGLd6jclLdOkq2U+QAKQwYrRmxxlMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvWXQzcU55VXQwNlNyWlQ1QUFwREJpdEdiSEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBGQYIKwYBBQUHAQcBAf8EggEIMIIBBDCB8gQCAAEwgesw
DAMEBj6rwAMEAj6r4AMEAj6r/AMEArnA5DALAwMBwpoDBAPCmhADBAPC7iADBAPC
7jAwDAMEAsLuPAMEA8LuQAMEA9US+AMEBNmxEAMEAtmxJDAMAwQD2bE4AwQD2bFA
AwQC2bFMAwQD2bFYAwQC2bMAMAwDBAPZswgDBATZsyADBALZszQwDAMEAtmzPAME
A9mzQAMEAtmzTAMEAtmzVDAMAwQC2bNcAwQC2bN4MAwDBAbZs8ADBALZs9gDBALZ
s+AwDAMEA9mz6AMEAtm0CDAMAwQD2bQYAwQC2bQgAwQC2bQwAwQG2bUAMA0EAgAC
MAcDBQAqAg+wMA0GCSqGSIb3DQEBCwUAA4IBAQB0CaMY6M3CubNTrXqWDGOhUP4a
ZVrnBVXRzfAWoSKEupxoU+Hqt4MUIEOpum8P9JeSlr5F5DnFiXjYgmg2q6ar7WJe
tNYngc9EDSnmZNA1/wbPdyab79D8YJt1B3fR6i2hc32fEuwMgq1ralUSmfwJklh8
NCuD0oz+LsPQB/vj7l72yH395dNQspCsMt9HxEpfuYdg8ZgR9jJwWyS+YyVmkjLs
iZo39151CphwpYps1q2CYSd/3JNy17LKkM7SKCetGM1FSul11sSz2tTxxa3lOlQC
ACS9+mJ2xveFtl4ourzDS30q2gHC8KtB9N4v9H4gCwo0MhYT6XT70VJg2Eqw
-----END CERTIFICATE-----
Generated at Wed Feb 5 14:54:27 2025 by rpki-client