Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/on1-5F-RFz6kXBGw7LTiFeuM0Xg.roa
File: on1-5F-RFz6kXBGw7LTiFeuM0Xg.roa (raw, json)
Hash identifier: VKQEizlBAUBwWqr8CSowWeyS62jsC2vEUuyiLVuOobs=
Subject key identifier: A2:7D:7E:E4:5F:91:17:3E:A4:5C:11:B0:EC:B4:E2:15:EB:8C:D1:78
Certificate issuer: /CN=bdfa3af839aa1dce758f489e2d31ae22092fc99a
Certificate serial: 018CCA286B69F12E6FF4660AC7F3418F07D7
Authority key identifier: BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/on1-5F-RFz6kXBGw7LTiFeuM0Xg.roa
Signing time: Tue 02 Jan 2024 12:31:35 +0000
ROA not before: Tue 02 Jan 2024 12:31:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 5432
IP address blocks: 62.4.128.0/17 maxlen: 17
46.178.0.0/15 maxlen: 16
195.13.0.0/19 maxlen: 19
178.144.0.0/15 maxlen: 16
213.181.32.0/19 maxlen: 19
62.235.0.0/16 maxlen: 16
91.176.0.0/14 maxlen: 16
81.240.0.0/14 maxlen: 16
83.134.0.0/16 maxlen: 16
195.207.0.0/16 maxlen: 16
81.244.0.0/14 maxlen: 16
91.180.0.0/14 maxlen: 16
193.74.0.0/16 maxlen: 16
188.5.0.0/16 maxlen: 16
217.136.0.0/16 maxlen: 16
80.200.0.0/15 maxlen: 16
92.48.128.0/18 maxlen: 18
109.136.0.0/14 maxlen: 16
81.11.128.0/17 maxlen: 17
193.75.128.0/17 maxlen: 17
37.62.0.0/16 maxlen: 16
193.121.0.0/16 maxlen: 16
194.119.224.0/19 maxlen: 19
109.140.0.0/14 maxlen: 16
212.239.128.0/17 maxlen: 17
195.0.0.0/17 maxlen: 17
109.128.0.0/14 maxlen: 16
87.64.0.0/14 maxlen: 16
213.49.0.0/16 maxlen: 16
195.74.192.0/19 maxlen: 19
213.177.128.0/19 maxlen: 19
195.95.0.0/17 maxlen: 17
80.236.128.0/17 maxlen: 17
109.132.0.0/14 maxlen: 16
193.91.96.0/19 maxlen: 19
88.197.128.0/17 maxlen: 17
37.184.0.0/15 maxlen: 16
195.238.0.0/19 maxlen: 19
194.78.0.0/16 maxlen: 16
212.233.0.0/19 maxlen: 19
81.169.0.0/17 maxlen: 17
2a02:a000::/26 maxlen: 26
2a04:6c40::/29 maxlen: 29
2a04:9f80::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.crl
rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.mft
rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 12:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:28:6b:69:f1:2e:6f:f4:66:0a:c7:f3:41:8f:07:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bdfa3af839aa1dce758f489e2d31ae22092fc99a
Validity
Not Before: Jan 2 12:31:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a27d7ee45f91173ea45c11b0ecb4e215eb8cd178
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:fb:b2:67:06:db:44:29:62:d0:32:10:86:86:
c0:99:15:9c:40:08:5d:05:f9:e1:00:ea:41:ca:16:
55:b2:75:9f:aa:26:bf:80:27:60:e7:d0:f9:d2:69:
c7:0b:79:b8:10:a6:c8:cf:8a:02:dc:22:86:4f:f2:
c6:d1:25:f5:43:47:d8:7c:64:03:53:22:a5:63:d9:
aa:25:1d:b4:be:7e:8a:39:5f:46:63:df:8b:14:01:
24:65:67:48:46:b1:6c:33:db:96:31:ca:78:b8:4f:
07:68:5d:2e:55:2a:23:3a:af:d2:5d:d0:a7:ee:af:
c2:6c:af:15:ca:ca:23:20:8a:88:ac:b3:58:d1:ac:
6d:12:32:56:ee:f2:ac:13:92:c9:0c:77:88:1c:22:
bc:76:6d:1d:92:5c:8b:8d:b4:ec:0a:f1:43:f8:b9:
cd:e9:b7:10:b9:db:0e:31:08:95:e9:82:ee:c0:c4:
cc:2a:0f:70:c5:9f:1a:d5:5a:34:e7:78:d6:5b:c8:
66:7c:03:d5:6a:d4:8e:bd:cb:09:62:cd:34:86:8f:
1a:91:af:4c:99:bc:e3:10:c1:15:17:44:c5:79:7a:
e5:8c:fb:2e:37:c7:d4:8a:a1:af:d4:3b:ff:f8:28:
a5:26:83:ad:f4:27:53:a0:f0:5c:b1:40:f7:50:13:
df:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:7D:7E:E4:5F:91:17:3E:A4:5C:11:B0:EC:B4:E2:15:EB:8C:D1:78
X509v3 Authority Key Identifier:
keyid:BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/on1-5F-RFz6kXBGw7LTiFeuM0Xg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.62.0.0/16
37.184.0.0/15
46.178.0.0/15
62.4.128.0/17
62.235.0.0/16
80.200.0.0/15
80.236.128.0/17
81.11.128.0/17
81.169.0.0/17
81.240.0.0/13
83.134.0.0/16
87.64.0.0/14
88.197.128.0/17
91.176.0.0/13
92.48.128.0/18
109.128.0.0/12
178.144.0.0/15
188.5.0.0/16
193.74.0.0/16
193.75.128.0/17
193.91.96.0/19
193.121.0.0/16
194.78.0.0/16
194.119.224.0/19
195.0.0.0/17
195.13.0.0/19
195.74.192.0/19
195.95.0.0/17
195.207.0.0/16
195.238.0.0/19
212.233.0.0/19
212.239.128.0/17
213.49.0.0/16
213.177.128.0/19
213.181.32.0/19
217.136.0.0/16
IPv6:
2a02:a000::/26
2a04:6c40::/29
2a04:9f80::/29
Signature Algorithm: sha256WithRSAEncryption
4b:ee:15:b8:74:fd:be:b2:e1:f3:1a:a3:6f:b5:46:92:79:ad:
96:6f:13:c5:87:a9:bc:64:d7:e6:84:39:92:5d:ba:bb:6b:93:
bd:73:04:d8:f9:8f:35:fb:c5:50:e2:55:75:47:44:67:2c:79:
72:f6:fc:79:67:38:07:d1:67:c8:95:0e:ae:d3:b0:df:c3:7f:
76:76:c9:58:c2:11:d2:b4:b8:9c:db:d4:a4:5b:cd:9e:75:92:
09:e0:1f:39:2f:33:c6:55:cc:b8:25:bf:a1:1b:b5:2e:bb:c3:
d7:24:6c:98:c6:10:6d:14:2e:02:8b:68:22:e6:b8:40:4c:94:
01:c3:87:51:de:0d:d7:8c:3e:9d:7c:3f:33:37:d8:15:27:39:
e3:10:7f:65:6d:22:59:9b:b7:8c:91:b3:47:4e:7f:8e:b7:49:
27:a5:bc:86:ff:9d:8c:eb:26:2a:99:06:1a:f6:04:9f:af:2e:
90:f0:2a:3f:9e:02:2e:23:17:a5:11:7f:34:a4:11:3e:0b:04:
4a:25:0c:86:23:4a:c4:8e:49:c0:cd:8b:ab:8f:d7:0f:d4:53:
ae:e8:0b:4d:b1:85:20:40:71:c0:b6:ce:9f:3b:76:2c:7d:94:
16:c1:bc:91:d5:2a:68:d2:8e:2b:49:e0:6a:63:4c:ef:b3:f4:
32:61:42:9f
-----BEGIN CERTIFICATE-----
MIIF4DCCBMigAwIBAgISAYzKKGtp8S5v9GYKx/NBjwfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmEzYWY4MzlhYTFkY2U3NThmNDg5ZTJkMzFhZTIyMDky
ZmM5OWEwHhcNMjQwMTAyMTIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjdkN2VlNDVmOTExNzNlYTQ1YzExYjBlY2I0ZTIxNWViOGNkMTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPuyZwbbRCli0DIQhobAmRWcQAhd
BfnhAOpByhZVsnWfqia/gCdg59D50mnHC3m4EKbIz4oC3CKGT/LG0SX1Q0fYfGQD
UyKlY9mqJR20vn6KOV9GY9+LFAEkZWdIRrFsM9uWMcp4uE8HaF0uVSojOq/SXdCn
7q/CbK8VysojIIqIrLNY0axtEjJW7vKsE5LJDHeIHCK8dm0dklyLjbTsCvFD+LnN
6bcQudsOMQiV6YLuwMTMKg9wxZ8a1Vo053jWW8hmfAPVatSOvcsJYs00ho8aka9M
mbzjEMEVF0TFeXrljPsuN8fUiqGv1Dv/+CilJoOt9CdToPBcsUD3UBPfzQIDAQAB
o4IC7DCCAugwHQYDVR0OBBYEFKJ9fuRfkRc+pFwRsOy04hXrjNF4MB8GA1UdIwQY
MBaAFL36Ovg5qh3OdY9Ini0xriIJL8maMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZvNi1EbXFIYzUxajBpZUxUR3VJZ2t2eVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC84Y2RiYzUtOTM2NS00YTBjLWI5YTMt
YWU3NzQ2ZjA5NjMwLzEvb24xLTVGLVJGejZrWEJHdzdMVGlGZXVNMFhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC84Y2RiYzUtOTM2NS00YTBjLWI5YTMtYWU3NzQ2ZjA5NjMw
LzEvdmZvNi1EbXFIYzUxajBpZUxUR3VJZ2t2eVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAAYIKwYBBQUHAQcBAf8EgfAwge0wgc0EAgABMIHGAwMA
JT4DAwEluAMDAS6yAwQHPgSAAwMAPusDAwFQyAMEB1DsgAMEB1ELgAMEB1GpAAMD
A1HwAwMAU4YDAwJXQAMEB1jFgAMDA1uwAwQGXDCAAwMEbYADAwGykAMDALwFAwMA
wUoDBAfBS4ADBAXBW2ADAwDBeQMDAMJOAwQFwnfgAwQHwwAAAwQFww0AAwQFw0rA
AwQHw18AAwMAw88DBAXD7gADBAXU6QADBAfU74ADAwDVMQMEBdWxgAMEBdW1IAMD
ANmIMBsEAgACMBUDBQYqAqAAAwUDKgRsQAMFAyoEn4AwDQYJKoZIhvcNAQELBQAD
ggEBAEvuFbh0/b6y4fMao2+1RpJ5rZZvE8WHqbxk1+aEOZJdurtrk71zBNj5jzX7
xVDiVXVHRGcseXL2/HlnOAfRZ8iVDq7TsN/Df3Z2yVjCEdK0uJzb1KRbzZ51kgng
HzkvM8ZVzLglv6EbtS67w9ckbJjGEG0ULgKLaCLmuEBMlAHDh1HeDdeMPp18PzM3
2BUnOeMQf2VtIlmbt4yRs0dOf463SSelvIb/nYzrJiqZBhr2BJ+vLpDwKj+eAi4j
F6URfzSkET4LBEolDIYjSsSOScDNi6uP1w/UU67oC02xhSBAccC2zp87dix9lBbB
vJHVKmjSjitJ4GpjTO+z9DJhQp8=
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:14:00 2024 by rpki-client on console-fra.rpki-client.org