Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/VzAgVpfVm5xyhvg07hw_GRm5zbc.roa
File: VzAgVpfVm5xyhvg07hw_GRm5zbc.roa (raw, json)
Hash identifier: qsPWberXnnC6T6a6+r9y+ctfcGdZGZIaN4W8+cAD7tY=
Subject key identifier: 57:30:20:56:97:D5:9B:9C:72:86:F8:34:EE:1C:3F:19:19:B9:CD:B7
Certificate issuer: /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial: 018CC7946BD21D6537B733BBB739E704A356
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/VzAgVpfVm5xyhvg07hw_GRm5zbc.roa
Signing time: Tue 02 Jan 2024 00:30:42 +0000
ROA not before: Tue 02 Jan 2024 00:30:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 398373
IP address blocks: 85.153.12.0/22 maxlen: 22
85.153.24.0/22 maxlen: 22
85.153.29.0/24 maxlen: 24
85.153.32.0/24 maxlen: 24
85.153.34.0/24 maxlen: 24
85.153.35.0/24 maxlen: 24
85.153.36.0/22 maxlen: 22
85.153.41.0/24 maxlen: 24
85.153.42.0/24 maxlen: 24
85.153.40.0/24 maxlen: 24
85.153.52.0/22 maxlen: 22
85.153.59.0/24 maxlen: 24
85.153.60.0/22 maxlen: 22
85.115.204.0/24 maxlen: 24
85.115.207.0/24 maxlen: 24
85.153.4.0/24 maxlen: 24
85.153.125.0/24 maxlen: 24
85.153.124.0/24 maxlen: 24
85.153.121.0/24 maxlen: 24
85.153.123.0/24 maxlen: 24
85.153.122.0/24 maxlen: 24
85.153.120.0/24 maxlen: 24
85.153.119.0/24 maxlen: 24
85.153.68.0/22 maxlen: 22
85.153.66.0/24 maxlen: 24
85.153.65.0/24 maxlen: 24
85.153.67.0/24 maxlen: 24
85.153.73.0/24 maxlen: 24
85.153.72.0/24 maxlen: 24
85.153.82.0/24 maxlen: 24
85.153.84.0/22 maxlen: 22
85.153.80.0/24 maxlen: 24
85.153.81.0/24 maxlen: 24
85.153.88.0/22 maxlen: 22
85.153.94.0/24 maxlen: 24
85.153.95.0/24 maxlen: 24
85.153.92.0/24 maxlen: 24
85.153.108.0/22 maxlen: 22
85.153.113.0/24 maxlen: 24
85.153.118.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.mft
rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 03 May 2024 08:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:94:6b:d2:1d:65:37:b7:33:bb:b7:39:e7:04:a3:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Validity
Not Before: Jan 2 00:30:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5730205697d59b9c7286f834ee1c3f1919b9cdb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:51:23:fe:94:22:22:bc:5d:ad:14:6e:22:8e:
ce:06:23:e5:3e:0d:af:ef:bf:c0:69:bf:34:6b:91:
41:3f:a3:bb:e2:7c:72:20:97:2f:20:89:5a:58:f9:
cc:73:1e:c5:24:ef:bb:54:2d:7a:d1:31:62:7a:7e:
8a:bc:f2:ad:7c:9e:bb:d0:60:e9:e6:dd:c4:86:53:
3a:10:9e:ab:db:4d:64:37:91:3b:2a:c6:61:26:33:
ea:09:49:24:f6:97:61:b3:ea:64:4e:f4:51:7f:51:
00:44:4e:9e:57:7f:16:5f:21:54:b6:0e:46:ef:60:
c4:27:bf:b4:58:89:ab:d4:d3:4f:20:e9:2d:c3:b2:
35:6c:88:8b:40:fa:68:a0:3b:23:1b:c0:40:29:00:
e3:76:b0:ad:26:5f:14:9e:0d:06:4a:66:c2:e6:06:
38:00:c9:9e:0e:42:84:d8:f0:42:08:e7:31:13:44:
9b:e7:8a:f4:98:0d:5d:50:c3:2b:90:e3:29:f0:e2:
1d:7f:ac:b0:ef:13:ec:a7:dc:2a:76:3f:e5:70:68:
0d:f0:4f:1b:00:39:4d:ce:53:5e:3b:70:b6:7a:7c:
06:f5:86:77:aa:49:3c:6e:68:ca:c6:2e:bd:4b:b9:
30:a1:7b:a9:26:cf:a8:4e:7b:83:15:8e:af:0d:5d:
75:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:30:20:56:97:D5:9B:9C:72:86:F8:34:EE:1C:3F:19:19:B9:CD:B7
X509v3 Authority Key Identifier:
keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/VzAgVpfVm5xyhvg07hw_GRm5zbc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.115.204.0/24
85.115.207.0/24
85.153.4.0/24
85.153.12.0/22
85.153.24.0/22
85.153.29.0/24
85.153.32.0/24
85.153.34.0-85.153.42.255
85.153.52.0/22
85.153.59.0-85.153.63.255
85.153.65.0-85.153.73.255
85.153.80.0-85.153.82.255
85.153.84.0-85.153.92.255
85.153.94.0/23
85.153.108.0/22
85.153.113.0/24
85.153.118.0-85.153.125.255
Signature Algorithm: sha256WithRSAEncryption
70:cc:f2:8f:1b:1d:3a:68:89:b5:cf:5a:c1:6c:61:ea:16:4e:
3e:bd:0e:bb:21:ec:db:80:b0:e6:bc:fa:6d:03:e9:f6:9f:9e:
c0:d4:29:68:cd:db:5c:27:8b:7b:64:bc:f7:38:6f:08:11:39:
96:6a:a0:7b:d1:c4:aa:25:4c:71:23:e1:f0:45:07:83:6d:5f:
9e:2d:7e:56:cc:45:ee:c0:6c:19:b3:8b:6f:c1:86:91:b8:2d:
27:7c:bc:ad:b6:9d:5e:ae:62:e6:ef:03:50:73:56:88:9f:07:
23:5d:a4:cc:8b:55:96:fe:5f:3c:25:d8:ec:47:78:88:01:a2:
9d:61:dd:21:e1:b8:ee:53:da:e8:92:3d:ea:c0:83:91:72:de:
b2:65:77:63:9e:2e:50:04:7d:1a:40:39:2b:cb:ed:01:7e:eb:
ac:32:0a:5e:e8:11:08:b0:67:a4:11:e8:20:bb:1d:3b:16:af:
78:30:18:f2:c5:0d:93:00:58:1e:e8:57:9a:a0:f4:d1:cd:fc:
e5:38:03:29:e2:34:0d:19:c3:5a:35:3d:f3:ca:ff:b7:e4:62:
0f:d0:4a:e1:14:4c:33:1b:ec:00:34:51:aa:d3:dc:25:42:a8:
2f:32:02:23:c3:a4:66:f7:38:c6:1d:bf:11:9c:a1:0a:b7:49:
dd:f5:f3:b1
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAYzHlGvSHWU3tzO7tznnBKNWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjQwMTAyMDAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzMwMjA1Njk3ZDU5YjljNzI4NmY4MzRlZTFjM2YxOTE5YjljZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlEj/pQiIrxdrRRuIo7OBiPlPg2v
77/Aab80a5FBP6O74nxyIJcvIIlaWPnMcx7FJO+7VC160TFien6KvPKtfJ670GDp
5t3EhlM6EJ6r201kN5E7KsZhJjPqCUkk9pdhs+pkTvRRf1EARE6eV38WXyFUtg5G
72DEJ7+0WImr1NNPIOktw7I1bIiLQPpooDsjG8BAKQDjdrCtJl8Ung0GSmbC5gY4
AMmeDkKE2PBCCOcxE0Sb54r0mA1dUMMrkOMp8OIdf6yw7xPsp9wqdj/lcGgN8E8b
ADlNzlNeO3C2enwG9YZ3qkk8bmjKxi69S7kwoXupJs+oTnuDFY6vDV11ewIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFFcwIFaX1Zuccob4NO4cPxkZuc23MB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvVnpBZ1ZwZlZtNXh5aHZnMDdod19HUm01emJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGzBggrBgEFBQcBBwEB/wSBozCBoDCBnQQCAAEwgZYDBABV
c8wDBABVc88DBABVmQQDBAJVmQwDBAJVmRgDBABVmR0DBABVmSAwDAMEAVWZIgME
AFWZKgMEAlWZNDAMAwQAVZk7AwQGVZkAMAwDBABVmUEDBAFVmUgwDAMEBFWZUAME
AFWZUjAMAwQCVZlUAwQAVZlcAwQBVZleAwQCVZlsAwQAVZlxMAwDBAFVmXYDBAFV
mXwwDQYJKoZIhvcNAQELBQADggEBAHDM8o8bHTpoibXPWsFsYeoWTj69Drsh7NuA
sOa8+m0D6fafnsDUKWjN21wni3tkvPc4bwgROZZqoHvRxKolTHEj4fBFB4NtX54t
flbMRe7AbBmzi2/BhpG4LSd8vK22nV6uYubvA1BzVoifByNdpMyLVZb+Xzwl2OxH
eIgBop1h3SHhuO5T2uiSPerAg5Fy3rJld2OeLlAEfRpAOSvL7QF+66wyCl7oEQiw
Z6QR6CC7HTsWr3gwGPLFDZMAWB7oV5qg9NHN/OU4AyniNA0Zw1o1PfPK/7fkYg/Q
SuEUTDMb7AA0UarT3CVCqC8yAiPDpGb3OMYdvxGcoQq3Sd3187E=
-----END CERTIFICATE-----
Generated at Thu May 2 18:02:20 2024 by rpki-client on console-ams.rpki-client.org