Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/S8OyXg--PlrRVv69-zSLnUMGFu0.roa
File: S8OyXg--PlrRVv69-zSLnUMGFu0.roa (raw, json)
Hash identifier: 323XnoIxpCxpobsZbdRW24dLIhOWdvicieV0WWF5uKQ=
Subject key identifier: 4B:C3:B2:5E:0F:BE:3E:5A:D1:56:FE:BD:FB:34:8B:9D:43:06:16:ED
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018D6990D92091017CB2CDF39BA473133691
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/S8OyXg--PlrRVv69-zSLnUMGFu0.roa
Signing time: Fri 02 Feb 2024 11:25:16 +0000
ROA not before: Fri 02 Feb 2024 11:25:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9009
IP address blocks: 81.5.156.0/24 maxlen: 24
81.168.41.0/24 maxlen: 24
82.152.111.0/24 maxlen: 24
82.152.250.0/24 maxlen: 24
82.152.252.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
82.152.255.0/24 maxlen: 24
82.153.67.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
82.153.78.0/24 maxlen: 24
82.153.137.0/24 maxlen: 24
82.153.139.0/24 maxlen: 24
82.153.140.0/24 maxlen: 24
82.153.221.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
82.153.240.0/24 maxlen: 24
82.153.248.0/24 maxlen: 24
82.153.250.0/24 maxlen: 24
89.213.135.0/24 maxlen: 24
89.213.136.0/24 maxlen: 24
89.213.137.0/24 maxlen: 24
89.213.138.0/24 maxlen: 24
89.213.141.0/24 maxlen: 24
89.213.153.0/24 maxlen: 24
89.213.163.0/24 maxlen: 24
89.213.168.0/24 maxlen: 24
89.213.170.0/24 maxlen: 24
89.213.185.0/24 maxlen: 24
89.213.188.0/24 maxlen: 24
89.213.189.0/24 maxlen: 24
109.176.209.0/24 maxlen: 24
109.176.211.0/24 maxlen: 24
109.176.216.0/24 maxlen: 24
109.176.217.0/24 maxlen: 24
109.176.218.0/24 maxlen: 24
109.176.219.0/24 maxlen: 24
109.176.220.0/24 maxlen: 24
109.176.221.0/24 maxlen: 24
109.176.222.0/24 maxlen: 24
109.176.223.0/24 maxlen: 24
109.176.249.0/24 maxlen: 24
185.49.125.0/24 maxlen: 24
213.152.61.0/24 maxlen: 24
213.152.62.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Nov 2024 16:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:69:90:d9:20:91:01:7c:b2:cd:f3:9b:a4:73:13:36:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Feb 2 11:25:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4bc3b25e0fbe3e5ad156febdfb348b9d430616ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:e8:37:02:29:d2:80:a6:c3:5c:a0:56:55:28:
3f:7f:67:ef:26:03:ae:bb:4c:2a:c5:41:00:0e:b7:
04:4f:c7:d0:78:02:5b:8e:1b:3b:96:26:c6:d4:49:
8b:2e:1a:6f:f3:81:0a:1f:b2:f2:ee:21:33:3a:f2:
6d:e6:b1:2c:35:21:4b:57:83:ee:62:47:ee:ed:87:
78:cb:81:bc:bb:22:00:d4:96:c5:67:2e:a7:a4:13:
79:0d:da:aa:4f:82:cf:42:57:1f:ea:be:c3:94:b6:
b6:97:59:58:cc:bc:5b:2e:28:8b:86:d9:1b:58:a1:
59:b5:94:73:97:db:8f:bb:a1:40:41:55:27:8f:85:
3e:46:90:1e:77:47:60:a0:3e:5a:50:41:08:15:4d:
b0:30:0a:fb:15:1c:2f:01:a3:07:ec:42:89:3a:1c:
6d:92:d5:8d:96:38:18:d2:52:d8:e6:9a:c7:b8:51:
c1:9f:44:54:45:a8:8b:e6:7c:d3:66:7b:09:a3:5f:
65:97:e2:f0:0c:46:9f:ee:f9:cb:2a:4b:6b:96:15:
48:74:71:c5:7d:42:22:fc:a8:53:c5:85:09:b1:0d:
ea:cb:b0:70:41:b2:3b:21:48:98:52:e3:43:e3:3e:
24:18:7b:a7:c0:2f:54:99:13:e6:af:ed:96:a2:b7:
5f:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:C3:B2:5E:0F:BE:3E:5A:D1:56:FE:BD:FB:34:8B:9D:43:06:16:ED
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/S8OyXg--PlrRVv69-zSLnUMGFu0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.156.0/24
81.168.41.0/24
82.152.111.0/24
82.152.250.0/24
82.152.252.0/23
82.152.255.0/24
82.153.67.0/24
82.153.73.0/24
82.153.78.0/24
82.153.137.0/24
82.153.139.0-82.153.140.255
82.153.221.0/24
82.153.223.0/24
82.153.240.0/24
82.153.248.0/24
82.153.250.0/24
89.213.135.0-89.213.138.255
89.213.141.0/24
89.213.153.0/24
89.213.163.0/24
89.213.168.0/24
89.213.170.0/24
89.213.185.0/24
89.213.188.0/23
109.176.209.0/24
109.176.211.0/24
109.176.216.0/21
109.176.249.0/24
185.49.125.0/24
213.152.61.0-213.152.62.255
Signature Algorithm: sha256WithRSAEncryption
48:18:27:56:2a:a3:df:45:56:24:33:da:1d:17:1f:af:df:a7:
ba:5f:8d:c7:e8:ed:9a:fd:61:c7:dd:5c:41:0a:6b:60:ac:fb:
cf:59:53:b3:9e:df:e7:be:3a:b7:27:d3:ea:16:15:08:70:3a:
88:31:c4:49:ef:9f:44:ab:3a:7e:74:26:f9:19:96:cb:52:12:
31:e2:72:35:c4:e5:e8:a3:a5:cb:c1:d2:85:b6:69:36:dc:aa:
a0:fb:6a:07:2a:93:68:fc:8f:01:31:e4:db:69:32:11:20:21:
22:f4:05:45:8d:c9:ad:03:98:d9:2d:80:62:e4:5e:64:0a:a6:
3c:fb:ce:39:57:2a:f2:ab:6c:dc:a7:df:73:e6:2f:41:31:a6:
95:aa:19:e9:0d:22:5d:d5:63:13:3b:1a:ac:e0:15:18:21:e9:
60:c1:cf:da:47:22:fe:3c:df:cb:82:34:6c:fa:66:9d:8d:ca:
99:6b:e8:96:6f:d9:ca:95:ef:ad:9e:03:5b:3d:2c:77:42:bc:
cf:8c:1b:e6:dc:7c:00:c5:b0:7e:31:b9:d1:c3:5c:4b:13:12:
6d:3e:5b:c4:6b:8a:5e:51:bf:03:18:0e:60:92:dd:36:3a:84:
f1:a5:23:41:b1:08:47:fd:13:ea:4f:48:ef:83:d6:cf:24:83:
cb:a7:9a:8b
-----BEGIN CERTIFICATE-----
MIIFyDCCBLCgAwIBAgISAY1pkNkgkQF8ss3zm6RzEzaRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjAyMTEyNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmMzYjI1ZTBmYmUzZTVhZDE1NmZlYmRmYjM0OGI5ZDQzMDYxNmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+g3AinSgKbDXKBWVSg/f2fvJgOu
u0wqxUEADrcET8fQeAJbjhs7libG1EmLLhpv84EKH7Ly7iEzOvJt5rEsNSFLV4Pu
Ykfu7Yd4y4G8uyIA1JbFZy6npBN5DdqqT4LPQlcf6r7DlLa2l1lYzLxbLiiLhtkb
WKFZtZRzl9uPu6FAQVUnj4U+RpAed0dgoD5aUEEIFU2wMAr7FRwvAaMH7EKJOhxt
ktWNljgY0lLY5prHuFHBn0RURaiL5nzTZnsJo19ll+LwDEaf7vnLKktrlhVIdHHF
fUIi/KhTxYUJsQ3qy7BwQbI7IUiYUuND4z4kGHunwC9UmRPmr+2WordfewIDAQAB
o4IC1DCCAtAwHQYDVR0OBBYEFEvDsl4Pvj5a0Vb+vfs0i51DBhbtMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUzhPeVhnLS1QbHJSVnY2OS16U0xuVU1HRnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHpBggrBgEFBQcBBwEB/wSB2TCB1jCB0wQCAAEwgcwDBABR
BZwDBABRqCkDBABSmG8DBABSmPoDBAFSmPwDBABSmP8DBABSmUMDBABSmUkDBABS
mU4DBABSmYkwDAMEAFKZiwMEAFKZjAMEAFKZ3QMEAFKZ3wMEAFKZ8AMEAFKZ+AME
AFKZ+jAMAwQAWdWHAwQAWdWKAwQAWdWNAwQAWdWZAwQAWdWjAwQAWdWoAwQAWdWq
AwQAWdW5AwQBWdW8AwQAbbDRAwQAbbDTAwQDbbDYAwQAbbD5AwQAuTF9MAwDBADV
mD0DBADVmD4wDQYJKoZIhvcNAQELBQADggEBAEgYJ1Yqo99FViQz2h0XH6/fp7pf
jcfo7Zr9YcfdXEEKa2Cs+89ZU7Oe3+e+Orcn0+oWFQhwOogxxEnvn0SrOn50JvkZ
lstSEjHicjXE5eijpcvB0oW2aTbcqqD7agcqk2j8jwEx5NtpMhEgISL0BUWNya0D
mNktgGLkXmQKpjz7zjlXKvKrbNyn33PmL0ExppWqGekNIl3VYxM7GqzgFRgh6WDB
z9pHIv4838uCNGz6Zp2Nyplr6JZv2cqV762eA1s9LHdCvM+MG+bcfADFsH4xudHD
XEsTEm0+W8Rril5RvwMYDmCS3TY6hPGlI0GxCEf9E+pPSO+D1s8kg8unmos=
-----END CERTIFICATE-----
Generated at Thu Nov 21 23:56:11 2024 by rpki-client on console-ams.rpki-client.org