Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/J2KVaAC8-Ih2zH8gS7TGr9o7N-0.roa
File: J2KVaAC8-Ih2zH8gS7TGr9o7N-0.roa (raw, json)
Hash identifier: 3OxuHqbj885+L0ozx/vZS5VboRpq8jKrsXRNqUysq30=
Subject key identifier: 27:62:95:68:00:BC:F8:88:76:CC:7F:20:4B:B4:C6:AF:DA:3B:37:ED
Certificate issuer: /CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
Certificate serial: 0192B751C3AE1BF9CA8DCF07561C9217BF02
Authority key identifier: 4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/J2KVaAC8-Ih2zH8gS7TGr9o7N-0.roa
Signing time: Wed 23 Oct 2024 03:00:41 +0000
ROA not before: Wed 23 Oct 2024 03:00:41 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31200
IP address blocks: 5.128.0.0/16 maxlen: 16
5.128.119.0/24 maxlen: 24
5.129.0.0/17 maxlen: 17
5.129.128.0/19 maxlen: 19
5.129.181.0/24 maxlen: 24
5.129.184.0/23 maxlen: 23
5.129.186.0/24 maxlen: 24
5.130.0.0/16 maxlen: 16
5.130.162.0/24 maxlen: 24
5.130.163.0/24 maxlen: 24
5.130.164.0/24 maxlen: 24
5.130.165.0/24 maxlen: 24
5.130.166.0/24 maxlen: 24
5.131.0.0/16 maxlen: 16
5.131.0.0/17 maxlen: 17
5.131.128.0/18 maxlen: 18
5.131.192.0/19 maxlen: 19
5.131.224.0/20 maxlen: 20
5.131.224.0/24 maxlen: 24
5.131.240.0/20 maxlen: 20
5.131.251.0/24 maxlen: 24
5.131.253.0/24 maxlen: 24
37.192.0.0/14 maxlen: 14
37.192.0.0/16 maxlen: 16
37.193.0.0/16 maxlen: 16
37.194.0.0/16 maxlen: 16
37.195.0.0/16 maxlen: 16
178.49.0.0/16 maxlen: 24
178.49.0.0/17 maxlen: 17
178.49.12.0/22 maxlen: 22
178.49.56.0/22 maxlen: 22
178.49.128.0/17 maxlen: 24
178.49.132.0/24 maxlen: 24
178.49.133.0/24 maxlen: 24
178.49.141.0/24 maxlen: 24
178.49.142.0/24 maxlen: 24
178.49.144.0/24 maxlen: 24
178.49.145.0/24 maxlen: 24
178.49.146.0/24 maxlen: 24
178.49.147.0/24 maxlen: 24
178.49.148.0/24 maxlen: 24
178.49.150.0/23 maxlen: 23
178.49.152.0/22 maxlen: 22
178.49.152.0/23 maxlen: 23
178.49.152.0/24 maxlen: 24
178.49.154.0/23 maxlen: 23
178.49.154.0/24 maxlen: 24
178.49.156.0/23 maxlen: 23
178.49.158.0/24 maxlen: 24
178.49.159.0/24 maxlen: 24
178.49.200.0/22 maxlen: 22
178.49.248.0/22 maxlen: 22
2a00:7700::/32 maxlen: 32
2a00:7700:8a02::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl
rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.mft
rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 15:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:b7:51:c3:ae:1b:f9:ca:8d:cf:07:56:1c:92:17:bf:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
Validity
Not Before: Oct 23 03:00:41 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2762956800bcf88876cc7f204bb4c6afda3b37ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:02:3d:23:83:4f:ba:87:6d:ce:e6:62:97:94:
70:0a:5c:39:0b:b3:0a:80:2c:f9:ce:46:18:91:fd:
2a:e7:4f:92:e2:77:ce:c0:2c:b2:2d:53:e3:d5:f6:
63:fb:6a:be:a2:be:fc:df:43:55:4c:01:7b:3e:3e:
8d:31:be:e0:3c:0f:7c:de:12:d1:b5:36:d5:7c:a0:
2f:40:d4:f6:4c:0d:80:97:d2:8c:4a:0d:3d:69:38:
0d:88:17:53:ac:e2:cd:a5:87:5a:5b:da:25:94:c0:
c3:79:c3:36:1f:b4:35:d6:77:86:23:74:aa:60:88:
2a:d6:77:c1:ba:14:98:9e:53:69:2d:7f:ec:c2:ab:
67:05:d3:ce:b3:25:92:82:53:9e:3e:f0:4d:56:7d:
da:1e:e1:44:74:09:49:0b:0b:b1:75:b2:2d:b2:e3:
30:8d:39:d9:80:79:80:85:e4:dd:48:af:2c:a2:77:
59:f0:fa:02:c6:2b:90:20:b2:0f:33:57:91:39:93:
24:5f:8e:5e:83:3c:26:9d:ea:f1:2f:fd:ce:f1:f3:
23:4c:7f:96:32:da:80:06:2c:b9:1b:f3:6c:21:ad:
83:ba:4c:dd:96:48:f3:aa:9c:54:91:35:52:2b:75:
98:20:f2:c9:a1:73:e1:1e:a8:81:aa:16:0a:65:7d:
9e:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:62:95:68:00:BC:F8:88:76:CC:7F:20:4B:B4:C6:AF:DA:3B:37:ED
X509v3 Authority Key Identifier:
keyid:4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/J2KVaAC8-Ih2zH8gS7TGr9o7N-0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.128.0.0-5.129.159.255
5.129.181.0/24
5.129.184.0-5.129.186.255
5.130.0.0/15
37.192.0.0/14
178.49.0.0/16
IPv6:
2a00:7700::/32
Signature Algorithm: sha256WithRSAEncryption
ad:ed:f5:ff:72:05:5a:e4:bb:33:92:bd:c7:83:7c:64:9b:e9:
75:91:7c:0c:68:99:c9:12:19:49:3e:66:f9:15:74:f5:33:d3:
08:eb:27:21:16:a7:04:63:fb:12:56:ad:ec:eb:94:14:ca:26:
13:4a:9b:c0:6e:7f:fb:d8:9e:bd:bb:e0:ad:74:d2:6f:f5:f8:
2b:6d:4f:04:8d:c6:9c:ac:41:cf:f7:ff:99:c4:e0:b6:ee:6f:
1f:12:17:01:b3:ee:96:4a:69:82:79:c6:65:48:6a:9d:33:ca:
aa:e1:da:2d:08:93:4e:b9:38:c9:7e:f8:6d:c5:74:17:3b:29:
a4:f7:16:f3:62:5c:bf:29:d2:65:58:d7:4d:97:f4:6f:60:0e:
c6:4a:9f:06:4a:1d:51:b8:46:cd:ea:38:53:b1:d6:bf:cc:fc:
03:6a:ad:a9:bf:ad:8b:58:e8:f7:a9:6e:f2:46:04:36:22:97:
86:9d:f4:4e:ca:d2:3a:98:bf:bc:4d:e3:80:4e:3b:b4:46:fa:
b0:bf:63:84:df:87:27:88:e1:a2:c4:c4:6f:71:a6:71:11:54:
48:dc:43:0b:da:4e:6f:ed:2b:dc:20:2f:61:2d:af:53:f1:7c:
17:37:56:73:39:fd:fa:7a:02:50:9f:72:15:66:24:96:97:1f:
7e:f7:b3:dd
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZK3UcOuG/nKjc8HVhySF78CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZGIzZGNkZjVlNmJlZTA5ODI1YzM3YmYzYjhiZGYyOGI2
ZmI1OTMwHhcNMjQxMDIzMDMwMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzYyOTU2ODAwYmNmODg4NzZjYzdmMjA0YmI0YzZhZmRhM2IzN2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQI9I4NPuodtzuZil5RwClw5C7MK
gCz5zkYYkf0q50+S4nfOwCyyLVPj1fZj+2q+or7830NVTAF7Pj6NMb7gPA983hLR
tTbVfKAvQNT2TA2Al9KMSg09aTgNiBdTrOLNpYdaW9ollMDDecM2H7Q11neGI3Sq
YIgq1nfBuhSYnlNpLX/swqtnBdPOsyWSglOePvBNVn3aHuFEdAlJCwuxdbItsuMw
jTnZgHmAheTdSK8sondZ8PoCxiuQILIPM1eROZMkX45egzwmnerxL/3O8fMjTH+W
MtqABiy5G/NsIa2DukzdlkjzqpxUkTVSK3WYIPLJoXPhHqiBqhYKZX2exwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFCdilWgAvPiIdsx/IEu0xq/aOzftMB8GA1UdIwQY
MBaAFE3bPc315r7gmCXDe/O4vfKLb7WTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEt
MjE3MGM1YzFkM2VkLzEvSjJLVmFBQzgtSWgyekg4Z1M3VEdyOW83Ti0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEtMjE3MGM1YzFkM2Vk
LzEvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwMAsDAwcFgAME
BQWBgAMEAAWBtTAMAwQDBYG4AwQABYG6AwMBBYIDAwIlwAMDALIxMA0EAgACMAcD
BQAqAHcAMA0GCSqGSIb3DQEBCwUAA4IBAQCt7fX/cgVa5Lszkr3Hg3xkm+l1kXwM
aJnJEhlJPmb5FXT1M9MI6ychFqcEY/sSVq3s65QUyiYTSpvAbn/72J69u+CtdNJv
9fgrbU8EjcacrEHP9/+ZxOC27m8fEhcBs+6WSmmCecZlSGqdM8qq4dotCJNOuTjJ
fvhtxXQXOymk9xbzYly/KdJlWNdNl/RvYA7GSp8GSh1RuEbN6jhTsda/zPwDaq2p
v62LWOj3qW7yRgQ2IpeGnfROytI6mL+8TeOATju0Rvqwv2OE34cniOGixMRvcaZx
EVRI3EML2k5v7SvcIC9hLa9T8XwXN1ZzOf36egJQn3IVZiSWlx9+97Pd
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:38:35 2024 by rpki-client on console-ams.rpki-client.org