Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/j17T50-XIH3-7R7kEYfNbnlEr1E.roa
File: j17T50-XIH3-7R7kEYfNbnlEr1E.roa (raw, json)
Hash identifier: JBgAaa/0HILQP91bs7dVth9lkFOShJK12GPHw7C+5/U=
Subject key identifier: 8F:5E:D3:E7:4F:97:20:7D:FE:ED:1E:E4:11:87:CD:6E:79:44:AF:51
Certificate issuer: /CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
Certificate serial: 018CC8DEEF3476BE409A08C39AE72DBE15F4
Authority key identifier: D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/j17T50-XIH3-7R7kEYfNbnlEr1E.roa
Signing time: Tue 02 Jan 2024 06:31:42 +0000
ROA not before: Tue 02 Jan 2024 06:31:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 25540
IP address blocks: 95.140.0.0/20 maxlen: 20
178.251.80.0/21 maxlen: 21
79.141.0.0/20 maxlen: 24
141.101.48.0/21 maxlen: 21
185.14.120.0/22 maxlen: 22
217.15.80.0/20 maxlen: 20
37.122.200.0/21 maxlen: 21
185.4.20.0/22 maxlen: 23
171.33.152.0/21 maxlen: 21
95.170.8.0/22 maxlen: 22
83.167.128.0/19 maxlen: 24
46.254.224.0/21 maxlen: 21
2a01:6380::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 May 2024 19:51:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:de:ef:34:76:be:40:9a:08:c3:9a:e7:2d:be:15:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
Validity
Not Before: Jan 2 06:31:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8f5ed3e74f97207dfeed1ee41187cd6e7944af51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:7a:58:b7:2a:32:21:c9:eb:76:fb:bc:c5:65:
86:7d:c3:cd:05:74:cd:ff:4a:11:bf:11:46:8d:b1:
4c:fd:40:3b:a4:d3:18:4a:c7:41:8f:81:2e:4f:95:
e8:3d:fd:d4:c2:99:0d:c9:f1:50:ca:30:4d:0b:a0:
a9:90:ad:50:53:91:57:0e:46:b1:e7:8f:13:1c:01:
83:6f:62:f3:02:fa:a4:0e:79:b0:22:84:8c:e4:aa:
46:de:db:1a:84:ce:c9:ba:2d:f1:82:f4:4e:a5:c0:
f1:04:e4:db:91:9a:c7:82:9f:bb:da:2f:f7:fb:03:
13:6c:61:c4:ff:bd:06:2c:05:51:9d:57:f2:92:42:
bc:db:52:f9:6b:57:0e:1d:f2:a4:2a:2a:78:f8:0e:
63:5c:e0:d3:56:01:a1:2b:46:db:a8:55:80:14:3a:
bb:c8:73:dd:1e:0c:aa:08:0d:78:a9:ac:18:de:5a:
cc:28:0e:70:39:0c:2a:1e:3d:54:a0:6e:f3:d9:fa:
39:d2:27:30:56:5d:56:f9:48:51:cb:20:b5:e3:d6:
2e:8a:57:be:8e:42:70:92:d6:7d:e4:4d:6c:ab:cd:
d5:1e:13:97:e4:37:5f:c0:21:b3:0c:68:a6:39:49:
55:3b:4d:c0:56:ff:91:97:82:4e:b6:52:e1:72:10:
45:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:5E:D3:E7:4F:97:20:7D:FE:ED:1E:E4:11:87:CD:6E:79:44:AF:51
X509v3 Authority Key Identifier:
keyid:D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/j17T50-XIH3-7R7kEYfNbnlEr1E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.122.200.0/21
46.254.224.0/21
79.141.0.0/20
83.167.128.0/19
95.140.0.0/20
95.170.8.0/22
141.101.48.0/21
171.33.152.0/21
178.251.80.0/21
185.4.20.0/22
185.14.120.0/22
217.15.80.0/20
IPv6:
2a01:6380::/32
Signature Algorithm: sha256WithRSAEncryption
89:d2:9f:6d:de:ab:4d:21:e8:61:f6:b5:b2:90:70:a6:f1:08:
52:45:38:37:57:b4:60:8e:83:70:33:b6:9c:b8:c4:8d:16:10:
d6:44:99:7c:09:ae:df:6a:bb:77:bd:80:37:99:c7:40:86:d2:
37:86:e4:a6:34:96:1d:6d:f9:70:b7:83:1f:52:a7:b9:a8:a9:
c7:10:fa:c6:b6:83:a8:b1:bd:e8:a5:bd:05:56:0d:1a:9f:be:
4f:d8:ee:63:eb:d0:38:3f:13:5b:ff:42:ff:6e:a1:03:70:91:
68:e2:eb:26:85:56:07:e2:22:d2:fd:b8:f1:e7:cf:db:39:85:
d9:7e:18:a9:9a:2e:cd:84:50:9d:df:65:b2:ea:b5:c7:f2:d9:
8e:81:1a:23:cb:b8:b7:47:8d:e0:45:f8:42:1e:0d:ff:16:40:
b5:d8:3b:e7:cd:30:12:c4:28:2c:04:d0:85:25:81:eb:f2:af:
b5:9e:eb:de:c2:3f:0d:7b:6c:3a:22:d5:c2:01:6d:2a:57:04:
eb:0b:1e:d1:16:32:5e:b6:a3:5f:ee:e1:73:7c:5e:a0:8e:a3:
f1:ab:c1:e6:7e:34:b2:0b:67:8d:05:f3:2c:77:4f:26:d7:8d:
be:c5:ab:5e:71:4d:4d:a3:a5:08:4c:36:3a:18:ae:66:ca:c7:
50:f3:69:fb
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYzI3u80dr5AmgjDmuctvhX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZWUwMzg5Njg3ZGJkNDQ1ZGU2ZjkyMzljMWQwMmMzNzcw
Y2Y1NzQwHhcNMjQwMTAyMDYzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjVlZDNlNzRmOTcyMDdkZmVlZDFlZTQxMTg3Y2Q2ZTc5NDRhZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXpYtyoyIcnrdvu8xWWGfcPNBXTN
/0oRvxFGjbFM/UA7pNMYSsdBj4EuT5XoPf3UwpkNyfFQyjBNC6CpkK1QU5FXDkax
548THAGDb2LzAvqkDnmwIoSM5KpG3tsahM7Jui3xgvROpcDxBOTbkZrHgp+72i/3
+wMTbGHE/70GLAVRnVfykkK821L5a1cOHfKkKip4+A5jXODTVgGhK0bbqFWAFDq7
yHPdHgyqCA14qawY3lrMKA5wOQwqHj1UoG7z2fo50icwVl1W+UhRyyC149Yuile+
jkJwktZ95E1sq83VHhOX5DdfwCGzDGimOUlVO03AVv+Rl4JOtlLhchBFkQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFI9e0+dPlyB9/u0e5BGHzW55RK9RMB8GA1UdIwQY
MBaAFNDuA4lofb1EXeb5I5wdAsN3DPV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEt
MWEyOWE0NDhkMzA5LzEvajE3VDUwLVhJSDMtN1I3a0VZZk5ibmxFcjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEtMWEyOWE0NDhkMzA5
LzEvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDJXrIAwQD
Lv7gAwQET40AAwQFU6eAAwQEX4wAAwQCX6oIAwQDjWUwAwQDqyGYAwQDsvtQAwQC
uQQUAwQCuQ54AwQE2Q9QMA0EAgACMAcDBQAqAWOAMA0GCSqGSIb3DQEBCwUAA4IB
AQCJ0p9t3qtNIehh9rWykHCm8QhSRTg3V7RgjoNwM7acuMSNFhDWRJl8Ca7fart3
vYA3mcdAhtI3huSmNJYdbflwt4MfUqe5qKnHEPrGtoOosb3opb0FVg0an75P2O5j
69A4PxNb/0L/bqEDcJFo4usmhVYH4iLS/bjx58/bOYXZfhipmi7NhFCd32Wy6rXH
8tmOgRojy7i3R43gRfhCHg3/FkC12DvnzTASxCgsBNCFJYHr8q+1nuvewj8Ne2w6
ItXCAW0qVwTrCx7RFjJetqNf7uFzfF6gjqPxq8HmfjSyC2eNBfMsd08m142+xate
cU1No6UITDY6GK5mysdQ82n7
-----END CERTIFICATE-----
Generated at Mon May 20 00:55:27 2024 by rpki-client on console-ams.rpki-client.org