Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/597232-f846-4fd7-bcc2-6afef5d0daa6/1/j1QS6vcWnhCOhpSrpgJRhYBelqA.roa
File: j1QS6vcWnhCOhpSrpgJRhYBelqA.roa (raw, json)
Hash identifier: MH6wYsjuM8ktK/rXwhEeggca51nIdEVqKz1Md4+1lFo=
Subject key identifier: 8F:54:12:EA:F7:16:9E:10:8E:86:94:AB:A6:02:51:85:80:5E:96:A0
Certificate issuer: /CN=1003cd25315330350d73f2a3579aa95e052b718d
Certificate serial: 019314E300E877F828238775795C9F9AF4B3
Authority key identifier: 10:03:CD:25:31:53:30:35:0D:73:F2:A3:57:9A:A9:5E:05:2B:71:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EAPNJTFTMDUNc_KjV5qpXgUrcY0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/597232-f846-4fd7-bcc2-6afef5d0daa6/1/j1QS6vcWnhCOhpSrpgJRhYBelqA.roa
Signing time: Sun 10 Nov 2024 07:04:01 +0000
ROA not before: Sun 10 Nov 2024 07:04:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16116
IP address blocks: 37.25.32.0/24 maxlen: 24
37.25.33.0/24 maxlen: 24
37.25.34.0/24 maxlen: 24
37.25.35.0/24 maxlen: 24
37.25.36.0/24 maxlen: 24
37.25.37.0/24 maxlen: 24
37.25.38.0/24 maxlen: 24
37.25.39.0/24 maxlen: 24
46.19.80.0/21 maxlen: 24
46.19.83.0/24 maxlen: 24
46.19.84.0/24 maxlen: 24
62.112.0.0/22 maxlen: 24
85.159.160.0/21 maxlen: 24
85.159.161.0/24 maxlen: 24
85.159.162.0/24 maxlen: 24
85.159.163.0/24 maxlen: 24
85.159.164.0/24 maxlen: 24
85.159.165.0/24 maxlen: 24
85.159.166.0/24 maxlen: 24
85.159.167.0/24 maxlen: 24
89.37.236.0/22 maxlen: 24
89.40.66.0/24 maxlen: 24
89.41.188.0/24 maxlen: 24
89.43.48.0/24 maxlen: 24
91.135.96.0/20 maxlen: 24
93.113.31.0/24 maxlen: 24
130.185.96.0/21 maxlen: 24
141.226.88.0/21 maxlen: 24
141.226.90.0/24 maxlen: 24
147.189.144.0/22 maxlen: 24
147.189.148.0/23 maxlen: 24
185.80.108.0/22 maxlen: 24
185.196.126.0/23 maxlen: 24
185.246.252.0/23 maxlen: 24
185.246.254.0/24 maxlen: 24
185.246.255.0/24 maxlen: 24
188.64.200.0/21 maxlen: 24
188.64.200.0/24 maxlen: 24
188.64.201.0/24 maxlen: 24
188.64.202.0/24 maxlen: 24
188.64.203.0/24 maxlen: 24
188.64.204.0/24 maxlen: 24
188.64.205.0/24 maxlen: 24
193.41.202.0/24 maxlen: 24
193.41.208.0/23 maxlen: 24
193.41.209.0/24 maxlen: 24
195.133.152.0/21 maxlen: 24
212.90.108.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/90/597232-f846-4fd7-bcc2-6afef5d0daa6/1/EAPNJTFTMDUNc_KjV5qpXgUrcY0.crl
rsync://rpki.ripe.net/repository/DEFAULT/90/597232-f846-4fd7-bcc2-6afef5d0daa6/1/EAPNJTFTMDUNc_KjV5qpXgUrcY0.mft
rsync://rpki.ripe.net/repository/DEFAULT/EAPNJTFTMDUNc_KjV5qpXgUrcY0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 10:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:14:e3:00:e8:77:f8:28:23:87:75:79:5c:9f:9a:f4:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1003cd25315330350d73f2a3579aa95e052b718d
Validity
Not Before: Nov 10 07:04:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8f5412eaf7169e108e8694aba6025185805e96a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:14:9b:9e:ea:f7:ab:62:c8:17:8c:60:34:2f:
69:2c:8c:54:f0:3b:d4:b0:c5:f5:b5:c1:6d:6a:77:
c9:ab:b7:01:80:9e:4f:c8:70:77:60:e9:45:5d:fb:
90:be:e7:41:c8:96:ad:92:6c:9f:18:33:83:98:cd:
ed:69:b6:19:cb:e4:06:ee:95:84:d0:b2:de:6e:f0:
41:56:92:77:a5:ce:46:35:86:4f:e6:2c:58:e8:61:
84:fe:05:97:b7:91:ca:34:86:bf:0b:e6:c2:e9:5f:
7d:ed:f6:17:5e:5b:1b:36:68:2c:34:66:2e:bf:05:
32:e0:38:58:f5:9e:cd:92:0c:ef:d0:87:94:b5:2d:
22:56:6a:f1:da:bd:0d:21:64:fc:d3:2e:35:fa:ff:
3b:2e:d1:53:fd:6c:b1:02:a2:c1:44:8b:55:67:92:
aa:1d:25:75:bd:b0:e6:6b:15:d4:cd:df:d5:c8:3a:
a2:6b:2d:13:55:a1:dc:06:08:cc:71:d7:c7:07:d6:
49:31:d6:6c:54:9c:0b:a7:1b:47:aa:cc:31:38:47:
aa:85:c0:c5:e1:0b:f9:ba:45:e7:5a:2c:c4:5f:8f:
66:07:27:e3:fa:10:57:1b:47:39:c1:55:4a:45:d3:
e8:f3:bc:b2:3a:a6:16:59:64:43:d8:89:ce:35:6e:
04:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:54:12:EA:F7:16:9E:10:8E:86:94:AB:A6:02:51:85:80:5E:96:A0
X509v3 Authority Key Identifier:
keyid:10:03:CD:25:31:53:30:35:0D:73:F2:A3:57:9A:A9:5E:05:2B:71:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EAPNJTFTMDUNc_KjV5qpXgUrcY0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/597232-f846-4fd7-bcc2-6afef5d0daa6/1/j1QS6vcWnhCOhpSrpgJRhYBelqA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/597232-f846-4fd7-bcc2-6afef5d0daa6/1/EAPNJTFTMDUNc_KjV5qpXgUrcY0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.25.32.0/21
46.19.80.0/21
62.112.0.0/22
85.159.160.0/21
89.37.236.0/22
89.40.66.0/24
89.41.188.0/24
89.43.48.0/24
91.135.96.0/20
93.113.31.0/24
130.185.96.0/21
141.226.88.0/21
147.189.144.0-147.189.149.255
185.80.108.0/22
185.196.126.0/23
185.246.252.0/22
188.64.200.0/21
193.41.202.0/24
193.41.208.0/23
195.133.152.0/21
212.90.108.0/22
Signature Algorithm: sha256WithRSAEncryption
74:1e:4a:32:64:2c:3a:0f:7a:fa:de:e5:2c:aa:fb:a5:fe:eb:
6b:32:16:cc:35:47:1e:3d:aa:c4:3b:9f:bb:ec:05:dd:64:2f:
df:58:38:e0:76:31:9a:09:26:b8:7a:11:42:05:0c:8e:22:10:
2d:28:e9:eb:b4:06:1c:f9:ff:3c:2d:5b:5f:c2:7f:1f:b0:18:
92:c1:42:cd:c8:64:63:fb:62:86:bb:6d:12:ff:c4:22:c4:1f:
76:f5:02:36:1f:f6:9e:c8:f3:75:74:4a:75:f3:d4:86:9c:cb:
f1:c2:47:d3:6e:ca:6e:a1:c6:b1:d9:52:fc:18:b1:07:c8:30:
4e:6d:37:7c:f3:51:d6:df:93:9e:9c:03:8c:02:da:15:0d:7c:
44:f1:eb:17:63:97:86:fd:fb:22:e2:82:b5:32:02:54:e4:99:
64:72:37:96:bd:b9:29:bf:46:9f:d4:27:84:9b:9f:fe:4c:4d:
27:be:b3:a1:0d:fe:a2:26:f3:58:e1:95:48:3f:2e:2e:9d:2f:
a8:5b:51:17:e2:57:51:79:c6:b0:48:af:35:b5:a6:85:67:d3:
bd:fe:55:b3:c4:24:29:55:8b:95:ad:a2:9f:09:02:84:e3:c7:
bb:2c:bf:12:e5:8d:a2:5c:bf:3a:f5:b2:3b:6c:3e:c0:47:6d:
db:7b:04:aa
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgISAZMU4wDod/goI4d1eVyfmvSzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMDNjZDI1MzE1MzMwMzUwZDczZjJhMzU3OWFhOTVlMDUy
YjcxOGQwHhcNMjQxMTEwMDcwNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjU0MTJlYWY3MTY5ZTEwOGU4Njk0YWJhNjAyNTE4NTgwNWU5NmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xSbnur3q2LIF4xgNC9pLIxU8DvU
sMX1tcFtanfJq7cBgJ5PyHB3YOlFXfuQvudByJatkmyfGDODmM3tabYZy+QG7pWE
0LLebvBBVpJ3pc5GNYZP5ixY6GGE/gWXt5HKNIa/C+bC6V997fYXXlsbNmgsNGYu
vwUy4DhY9Z7Nkgzv0IeUtS0iVmrx2r0NIWT80y41+v87LtFT/WyxAqLBRItVZ5Kq
HSV1vbDmaxXUzd/VyDqiay0TVaHcBgjMcdfHB9ZJMdZsVJwLpxtHqswxOEeqhcDF
4Qv5ukXnWizEX49mByfj+hBXG0c5wVVKRdPo87yyOqYWWWRD2InONW4EywIDAQAB
o4ICjjCCAoowHQYDVR0OBBYEFI9UEur3Fp4QjoaUq6YCUYWAXpagMB8GA1UdIwQY
MBaAFBADzSUxUzA1DXPyo1eaqV4FK3GNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUFQTkpURlRNRFVOY19LalY1cXBYZ1VyY1kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC81OTcyMzItZjg0Ni00ZmQ3LWJjYzIt
NmFmZWY1ZDBkYWE2LzEvajFRUzZ2Y1duaENPaHBTcnBnSlJoWUJlbHFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC81OTcyMzItZjg0Ni00ZmQ3LWJjYzItNmFmZWY1ZDBkYWE2
LzEvRUFQTkpURlRNRFVOY19LalY1cXBYZ1VyY1kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGjBggrBgEFBQcBBwEB/wSBkzCBkDCBjQQCAAEwgYYDBAMl
GSADBAMuE1ADBAI+cAADBANVn6ADBAJZJewDBABZKEIDBABZKbwDBABZKzADBARb
h2ADBABdcR8DBAOCuWADBAON4lgwDAMEBJO9kAMEAZO9lAMEArlQbAMEAbnEfgME
Arn2/AMEA7xAyAMEAMEpygMEAcEp0AMEA8OFmAMEAtRabDANBgkqhkiG9w0BAQsF
AAOCAQEAdB5KMmQsOg96+t7lLKr7pf7razIWzDVHHj2qxDufu+wF3WQv31g44HYx
mgkmuHoRQgUMjiIQLSjp67QGHPn/PC1bX8J/H7AYksFCzchkY/tihrttEv/EIsQf
dvUCNh/2nsjzdXRKdfPUhpzL8cJH027KbqHGsdlS/BixB8gwTm03fPNR1t+TnpwD
jALaFQ18RPHrF2OXhv37IuKCtTICVOSZZHI3lr25Kb9Gn9QnhJuf/kxNJ76zoQ3+
oibzWOGVSD8uLp0vqFtRF+JXUXnGsEivNbWmhWfTvf5Vs8QkKVWLla2inwkChOPH
uyy/EuWNoly/OvWyO2w+wEdt23sEqg==
-----END CERTIFICATE-----
Generated at Tue Nov 26 20:00:13 2024 by rpki-client on console-ams.rpki-client.org