Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/i4KZ-otmpRbNPfYqpmhb0iZI4Ys.roa
File: i4KZ-otmpRbNPfYqpmhb0iZI4Ys.roa (raw, json)
Hash identifier: P+hkAJB0dydkqMkRKi2MiojfBO+OyabH8RrqBCwtrDE=
Subject key identifier: 8B:82:99:FA:8B:66:A5:16:CD:3D:F6:2A:A6:68:5B:D2:26:48:E1:8B
Certificate issuer: /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial: 01917A37EB106DC515FE84E8A36534A2B6DE
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/i4KZ-otmpRbNPfYqpmhb0iZI4Ys.roa
Signing time: Thu 22 Aug 2024 13:12:50 +0000
ROA not before: Thu 22 Aug 2024 13:12:50 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31708
IP address blocks: 31.193.168.0/21 maxlen: 21
31.193.170.0/24 maxlen: 24
62.197.40.0/23 maxlen: 23
62.197.44.0/24 maxlen: 24
62.197.50.0/23 maxlen: 23
83.142.24.0/22 maxlen: 22
83.142.29.0/24 maxlen: 24
85.13.192.0/18 maxlen: 18
85.13.192.0/24 maxlen: 24
85.13.199.0/24 maxlen: 24
85.13.208.0/24 maxlen: 24
85.13.209.0/24 maxlen: 24
85.13.214.0/24 maxlen: 24
85.13.216.0/24 maxlen: 24
85.13.222.0/24 maxlen: 24
85.13.228.0/24 maxlen: 24
85.13.230.0/24 maxlen: 24
85.13.234.0/24 maxlen: 24
85.13.247.0/24 maxlen: 24
85.13.251.0/24 maxlen: 24
89.187.64.0/22 maxlen: 22
89.187.70.0/23 maxlen: 23
89.187.72.0/24 maxlen: 24
89.187.74.0/23 maxlen: 23
89.187.76.0/24 maxlen: 24
89.187.78.0/23 maxlen: 23
89.187.78.0/24 maxlen: 24
89.187.79.0/24 maxlen: 24
89.187.80.0/21 maxlen: 21
89.187.80.0/24 maxlen: 24
89.187.81.0/24 maxlen: 24
89.187.84.0/24 maxlen: 24
89.187.85.0/24 maxlen: 24
89.187.86.0/24 maxlen: 24
89.187.88.0/22 maxlen: 22
89.187.91.0/24 maxlen: 24
89.187.92.0/24 maxlen: 24
89.187.94.0/23 maxlen: 23
89.187.95.0/24 maxlen: 24
109.70.136.0/21 maxlen: 21
109.70.141.0/24 maxlen: 24
109.70.143.0/24 maxlen: 24
193.26.222.0/24 maxlen: 24
2a01:c0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl
rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.mft
rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 17:02:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:7a:37:eb:10:6d:c5:15:fe:84:e8:a3:65:34:a2:b6:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Validity
Not Before: Aug 22 13:12:50 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8b8299fa8b66a516cd3df62aa6685bd22648e18b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:23:2e:fb:93:d2:c3:c8:36:a7:a2:d6:fc:65:
a6:45:ec:d2:05:15:ef:72:17:97:76:bd:f6:bc:d8:
83:a5:ac:ea:42:cf:90:2a:a9:11:15:e5:d6:18:f0:
c8:d6:a4:6d:6a:c0:92:78:92:13:6b:01:7c:24:e3:
93:44:0d:a4:dd:39:fa:5a:f9:2a:d4:1b:c8:85:15:
4d:d5:e4:68:ff:37:85:75:8f:1b:95:76:5d:05:f6:
4f:b0:f8:48:b9:1d:46:eb:b1:4f:83:45:6c:9f:37:
93:51:f7:06:d8:e8:27:15:20:5d:fa:3a:4c:2b:d3:
84:da:2e:e6:26:0a:4d:e9:fd:5b:94:9a:f3:fb:53:
1f:9e:fe:41:0f:59:5c:42:4a:a0:d9:ee:bf:cb:e0:
e7:3b:36:99:62:41:e1:cf:2b:88:e5:c4:db:af:df:
c9:5a:b3:7e:c2:45:9a:ea:08:0c:23:5b:d4:e1:57:
16:67:04:42:f8:b1:b9:fc:20:72:5c:47:14:78:12:
f3:db:d9:98:a7:23:79:c5:d0:02:ed:aa:98:08:5b:
26:01:bd:90:b1:14:10:28:dc:a8:98:73:30:aa:e5:
9a:59:02:d3:70:e8:31:2f:3d:ed:47:86:07:9e:e7:
8f:fc:e9:c2:31:b4:4b:ed:f6:72:91:01:08:80:49:
cc:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:82:99:FA:8B:66:A5:16:CD:3D:F6:2A:A6:68:5B:D2:26:48:E1:8B
X509v3 Authority Key Identifier:
keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/i4KZ-otmpRbNPfYqpmhb0iZI4Ys.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.193.168.0/21
62.197.40.0/23
62.197.44.0/24
62.197.50.0/23
83.142.24.0/22
83.142.29.0/24
85.13.192.0/18
89.187.64.0/22
89.187.70.0-89.187.72.255
89.187.74.0-89.187.76.255
89.187.78.0-89.187.92.255
89.187.94.0/23
109.70.136.0/21
193.26.222.0/24
IPv6:
2a01:c0::/32
Signature Algorithm: sha256WithRSAEncryption
58:ee:72:96:05:63:03:13:56:62:d5:8d:2b:29:39:cb:62:eb:
09:ef:5e:dd:7a:ab:4b:31:2c:1d:e8:64:b8:2a:da:f7:b9:06:
6b:81:6a:9c:1d:43:b9:b0:a0:b5:2d:d2:5b:51:58:fb:b2:59:
05:f9:03:bc:f8:20:4a:b0:07:6e:7a:9e:30:59:33:a2:6e:28:
20:67:86:02:9d:1d:ec:9c:71:30:65:ec:61:ed:60:07:2f:4a:
21:83:78:c0:4a:bd:87:cb:6a:3a:e7:72:f5:f0:f8:d0:88:38:
a7:5a:92:33:77:61:ee:e4:b3:39:4f:01:54:c4:31:53:0d:0f:
65:c0:eb:f5:4d:01:ea:48:42:2e:6b:09:b0:44:f4:82:93:d2:
1f:71:7d:63:46:43:08:00:bb:78:18:4c:56:e2:22:2f:60:71:
c8:2e:7e:11:cc:92:38:2f:f6:e8:26:40:73:e7:53:98:f4:44:
a1:ec:f5:0b:78:aa:a2:a5:4f:c8:23:61:4d:ab:99:d6:6b:8e:
b1:ae:ae:6d:60:73:a5:e7:6f:af:ba:9c:a1:2b:e2:64:20:0e:
87:2c:5a:2b:f2:ad:6e:ed:cf:3a:82:a6:b8:40:c5:a1:f3:d1:
72:6d:9f:8a:72:23:08:45:01:e0:19:c1:e6:50:86:2c:05:bc:
b7:ba:4c:a4
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAZF6N+sQbcUV/oToo2U0orbeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjQwODIyMTMxMjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjgyOTlmYThiNjZhNTE2Y2QzZGY2MmFhNjY4NWJkMjI2NDhlMThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCMu+5PSw8g2p6LW/GWmRezSBRXv
cheXdr32vNiDpazqQs+QKqkRFeXWGPDI1qRtasCSeJITawF8JOOTRA2k3Tn6Wvkq
1BvIhRVN1eRo/zeFdY8blXZdBfZPsPhIuR1G67FPg0VsnzeTUfcG2OgnFSBd+jpM
K9OE2i7mJgpN6f1blJrz+1Mfnv5BD1lcQkqg2e6/y+DnOzaZYkHhzyuI5cTbr9/J
WrN+wkWa6ggMI1vU4VcWZwRC+LG5/CByXEcUeBLz29mYpyN5xdAC7aqYCFsmAb2Q
sRQQKNyomHMwquWaWQLTcOgxLz3tR4YHnueP/OnCMbRL7fZykQEIgEnM8wIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFIuCmfqLZqUWzT32KqZoW9ImSOGLMB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvaTRLWi1vdG1wUmJOUGZZcXBtaGIwaVpJNFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzByBAIAATBsAwQDH8Go
AwQBPsUoAwQAPsUsAwQBPsUyAwQCU44YAwQAU44dAwQGVQ3AAwQCWbtAMAwDBAFZ
u0YDBABZu0gwDAMEAVm7SgMEAFm7TDAMAwQBWbtOAwQAWbtcAwQBWbteAwQDbUaI
AwQAwRreMA0EAgACMAcDBQAqAQDAMA0GCSqGSIb3DQEBCwUAA4IBAQBY7nKWBWMD
E1Zi1Y0rKTnLYusJ717deqtLMSwd6GS4Ktr3uQZrgWqcHUO5sKC1LdJbUVj7slkF
+QO8+CBKsAduep4wWTOibiggZ4YCnR3snHEwZexh7WAHL0ohg3jASr2Hy2o653L1
8PjQiDinWpIzd2Hu5LM5TwFUxDFTDQ9lwOv1TQHqSEIuawmwRPSCk9IfcX1jRkMI
ALt4GExW4iIvYHHILn4RzJI4L/boJkBz51OY9ESh7PULeKqipU/II2FNq5nWa46x
rq5tYHOl52+vupyhK+JkIA6HLFor8q1u7c86gqa4QMWh89FybZ+KciMIRQHgGcHm
UIYsBby3ukyk
-----END CERTIFICATE-----
Generated at Sat Nov 23 01:18:00 2024 by rpki-client on console-fra.rpki-client.org