Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/Nsj0oiIKC-Tkj7NOBASjpUnxTak.roa
File: Nsj0oiIKC-Tkj7NOBASjpUnxTak.roa (raw, json)
Hash identifier: LEcDgsiDskc4uU8d2d2v3oD6GNkitQ8mElipShmr77U=
Subject key identifier: 36:C8:F4:A2:22:0A:0B:E4:E4:8F:B3:4E:04:04:A3:A5:49:F1:4D:A9
Certificate issuer: /CN=df0198a7b3afdcdd7003562a0871878e238760ad
Certificate serial: 018D3BA8245AF958CD90CF1FB875290FEC5C
Authority key identifier: DF:01:98:A7:B3:AF:DC:DD:70:03:56:2A:08:71:87:8E:23:87:60:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/Nsj0oiIKC-Tkj7NOBASjpUnxTak.roa
Signing time: Wed 24 Jan 2024 13:28:11 +0000
ROA not before: Wed 24 Jan 2024 13:28:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1299
IP address blocks: 5.63.192.0/18 maxlen: 24
5.148.192.0/18 maxlen: 24
5.206.128.0/18 maxlen: 24
37.188.80.0/21 maxlen: 24
37.191.0.0/18 maxlen: 24
37.220.192.0/18 maxlen: 24
78.139.0.0/18 maxlen: 24
80.98.0.0/15 maxlen: 24
80.244.96.0/20 maxlen: 24
86.101.0.0/16 maxlen: 24
88.87.240.0/21 maxlen: 24
89.132.0.0/14 maxlen: 24
89.223.128.0/17 maxlen: 24
94.44.0.0/16 maxlen: 24
130.43.192.0/18 maxlen: 24
151.0.64.0/18 maxlen: 24
176.63.0.0/16 maxlen: 24
178.48.0.0/16 maxlen: 24
185.10.124.0/22 maxlen: 24
185.33.80.0/23 maxlen: 24
185.123.28.0/22 maxlen: 24
188.142.160.0/19 maxlen: 24
188.142.192.0/18 maxlen: 24
195.184.160.0/19 maxlen: 24
212.48.240.0/20 maxlen: 24
212.96.32.0/19 maxlen: 24
213.222.128.0/18 maxlen: 24
2a02:ab80::/28 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.crl
rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.mft
rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 16 May 2024 12:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:3b:a8:24:5a:f9:58:cd:90:cf:1f:b8:75:29:0f:ec:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df0198a7b3afdcdd7003562a0871878e238760ad
Validity
Not Before: Jan 24 13:28:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=36c8f4a2220a0be4e48fb34e0404a3a549f14da9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:ad:96:09:4c:9f:e9:26:9c:60:01:67:26:1d:
82:17:ae:a6:b0:89:96:14:f9:a6:5d:0e:37:9f:8e:
5c:b8:83:1b:09:6d:47:6a:17:a1:c2:51:f3:ae:aa:
33:6f:8a:d0:f8:4a:6f:50:b7:19:56:a3:86:50:e5:
e3:8c:67:55:f4:ae:3f:99:aa:0a:43:62:03:92:1e:
d5:6f:95:4d:d3:c5:7f:38:03:f8:0e:83:1d:99:32:
71:bb:95:9e:60:02:30:d3:6c:ed:09:ac:25:64:f3:
39:94:17:b9:15:db:73:08:58:44:b6:31:bc:5a:8b:
88:73:c0:40:00:ba:f9:2d:13:34:2c:f8:44:06:b8:
31:1e:7f:25:9c:7d:65:99:ca:ca:b6:de:c0:95:cc:
cb:d0:65:92:00:a3:d0:c7:e2:73:ef:6d:1a:0a:4b:
b4:df:4c:75:dd:9a:43:45:2a:c9:c9:2f:1d:ce:b2:
71:c0:f8:2e:e2:b6:de:a0:44:bb:6c:f9:b6:3b:57:
80:64:bd:6a:74:6b:08:de:f2:fe:9c:73:52:37:3b:
b0:ab:9d:f0:c4:80:37:ce:ce:5d:ab:96:62:51:83:
e5:87:33:f0:a4:ac:b6:05:30:e6:5b:bf:ec:5d:e3:
5a:90:c5:eb:63:56:54:e6:cd:0f:f3:5b:09:6e:e1:
35:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:C8:F4:A2:22:0A:0B:E4:E4:8F:B3:4E:04:04:A3:A5:49:F1:4D:A9
X509v3 Authority Key Identifier:
keyid:DF:01:98:A7:B3:AF:DC:DD:70:03:56:2A:08:71:87:8E:23:87:60:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/Nsj0oiIKC-Tkj7NOBASjpUnxTak.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.63.192.0/18
5.148.192.0/18
5.206.128.0/18
37.188.80.0/21
37.191.0.0/18
37.220.192.0/18
78.139.0.0/18
80.98.0.0/15
80.244.96.0/20
86.101.0.0/16
88.87.240.0/21
89.132.0.0/14
89.223.128.0/17
94.44.0.0/16
130.43.192.0/18
151.0.64.0/18
176.63.0.0/16
178.48.0.0/16
185.10.124.0/22
185.33.80.0/23
185.123.28.0/22
188.142.160.0-188.142.255.255
195.184.160.0/19
212.48.240.0/20
212.96.32.0/19
213.222.128.0/18
IPv6:
2a02:ab80::/28
Signature Algorithm: sha256WithRSAEncryption
96:f4:37:d1:72:7d:87:64:1e:2c:6f:8d:86:44:59:59:0c:b4:
c5:3a:5b:c2:af:8c:ab:19:64:4d:e8:a3:d1:15:f8:4e:94:9c:
1d:7e:67:25:92:e6:2f:3a:f2:0d:b3:fd:e0:e1:a2:d3:76:6a:
94:fe:ad:bb:90:d8:70:ff:84:6f:a7:9a:e7:e5:a8:38:b9:23:
e0:df:b5:49:40:73:fb:0c:a4:fb:89:0c:af:4b:67:e0:c4:ec:
c8:30:fe:39:74:b3:af:68:26:63:69:22:b2:8d:ca:ac:6c:44:
9f:dd:3f:60:78:41:dc:96:05:dc:7b:12:0d:d7:c4:96:af:8e:
d7:7f:f0:32:be:83:72:51:15:72:38:8b:f3:eb:15:0d:9a:9f:
5e:50:13:10:08:c1:61:ec:cc:4f:7e:27:bf:9c:be:83:0e:e7:
b1:77:a6:13:1b:fd:1b:22:42:1d:d1:16:b2:51:e6:86:e9:bb:
d8:b6:4c:2f:3c:0c:4f:0e:98:c2:5c:e0:93:69:5d:46:f0:de:
fd:21:24:a4:10:ee:de:55:f2:6e:dd:ad:41:1c:3e:f0:70:a0:
4d:92:bb:74:e9:df:9b:0c:90:80:4b:2a:3c:26:3b:fd:83:20:
0e:f5:df:2a:fb:8d:0a:24:5e:f6:9e:b8:54:4a:09:ed:10:65:
f1:8c:b2:cf
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAY07qCRa+VjNkM8fuHUpD+xcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMDE5OGE3YjNhZmRjZGQ3MDAzNTYyYTA4NzE4NzhlMjM4
NzYwYWQwHhcNMjQwMTI0MTMyODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmM4ZjRhMjIyMGEwYmU0ZTQ4ZmIzNGUwNDA0YTNhNTQ5ZjE0ZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo62WCUyf6SacYAFnJh2CF66msImW
FPmmXQ43n45cuIMbCW1HahehwlHzrqozb4rQ+EpvULcZVqOGUOXjjGdV9K4/maoK
Q2IDkh7Vb5VN08V/OAP4DoMdmTJxu5WeYAIw02ztCawlZPM5lBe5FdtzCFhEtjG8
WouIc8BAALr5LRM0LPhEBrgxHn8lnH1lmcrKtt7AlczL0GWSAKPQx+Jz720aCku0
30x13ZpDRSrJyS8dzrJxwPgu4rbeoES7bPm2O1eAZL1qdGsI3vL+nHNSNzuwq53w
xIA3zs5dq5ZiUYPlhzPwpKy2BTDmW7/sXeNakMXrY1ZU5s0P81sJbuE18wIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFDbI9KIiCgvk5I+zTgQEo6VJ8U2pMB8GA1UdIwQY
MBaAFN8BmKezr9zdcANWKghxh44jh2CtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3dHWXA3T3YzTjF3QTFZcUNIR0hqaU9IWUswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9kM2ZjYTYtZWNiNS00M2FhLThjOWQt
MGZjYzZjMzAxMWZjLzEvTnNqMG9pSUtDLVRrajdOT0JBU2pwVW54VGFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9kM2ZjYTYtZWNiNS00M2FhLThjOWQtMGZjYzZjMzAxMWZj
LzEvM3dHWXA3T3YzTjF3QTFZcUNIR0hqaU9IWUswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHJBggrBgEFBQcBBwEB/wSBuTCBtjCBpAQCAAEwgZ0DBAYF
P8ADBAYFlMADBAYFzoADBAMlvFADBAYlvwADBAYl3MADBAZOiwADAwFQYgMEBFD0
YAMDAFZlAwQDWFfwAwMCWYQDBAdZ34ADAwBeLAMEBoIrwAMEBpcAQAMDALA/AwMA
sjADBAK5CnwDBAG5IVADBAK5exwwCwMEBbyOoAMDALyOAwQFw7igAwQE1DDwAwQF
1GAgAwQG1d6AMA0EAgACMAcDBQQqAquAMA0GCSqGSIb3DQEBCwUAA4IBAQCW9DfR
cn2HZB4sb42GRFlZDLTFOlvCr4yrGWRN6KPRFfhOlJwdfmclkuYvOvINs/3g4aLT
dmqU/q27kNhw/4Rvp5rn5ag4uSPg37VJQHP7DKT7iQyvS2fgxOzIMP45dLOvaCZj
aSKyjcqsbESf3T9geEHclgXcexIN18SWr47Xf/AyvoNyURVyOIvz6xUNmp9eUBMQ
CMFh7MxPfie/nL6DDuexd6YTG/0bIkId0RayUeaG6bvYtkwvPAxPDpjCXOCTaV1G
8N79ISSkEO7eVfJu3a1BHD7wcKBNkrt06d+bDJCASyo8Jjv9gyAO9d8q+40KJF72
nrhUSgntEGXxjLLP
-----END CERTIFICATE-----
Generated at Wed May 15 16:59:49 2024 by rpki-client on console-ams.rpki-client.org