Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/g5hXv8rju1_pKG0EE4YMInRmIVQ.roa
File: g5hXv8rju1_pKG0EE4YMInRmIVQ.roa (raw, json)
Hash identifier: 1ooGOe51X/Br1hSFUd7zufZDjlua5bAKdmbpAvivq9g=
Subject key identifier: 83:98:57:BF:CA:E3:BB:5F:E9:28:6D:04:13:86:0C:22:74:66:21:54
Certificate issuer: /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial: 01931CAC3C79AF67A177D7565C3F0E81ED72
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/g5hXv8rju1_pKG0EE4YMInRmIVQ.roa
Signing time: Mon 11 Nov 2024 19:21:09 +0000
ROA not before: Mon 11 Nov 2024 19:21:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12578
IP address blocks: 46.109.0.0/16 maxlen: 24
62.85.0.0/17 maxlen: 24
78.84.0.0/16 maxlen: 24
80.232.128.0/17 maxlen: 24
80.232.147.0/24 maxlen: 24
80.232.150.0/24 maxlen: 24
80.232.150.13/32 maxlen: 32
80.232.195.0/24 maxlen: 24
81.198.0.0/16 maxlen: 24
81.198.95.0/24 maxlen: 24
84.237.128.0/17 maxlen: 24
87.110.0.0/16 maxlen: 24
87.246.144.0/20 maxlen: 24
87.246.160.0/19 maxlen: 24
87.246.181.0/24 maxlen: 24
91.105.0.0/17 maxlen: 24
95.68.0.0/17 maxlen: 24
185.38.56.0/22 maxlen: 24
194.8.16.0/21 maxlen: 24
194.8.24.0/22 maxlen: 24
195.2.96.0/19 maxlen: 24
195.13.128.0/17 maxlen: 24
195.13.200.0/24 maxlen: 24
195.13.201.0/24 maxlen: 24
195.13.215.0/24 maxlen: 24
195.13.228.0/24 maxlen: 24
195.13.237.0/24 maxlen: 24
195.13.245.0/24 maxlen: 24
195.13.249.0/24 maxlen: 24
195.13.251.0/24 maxlen: 24
195.13.253.0/24 maxlen: 24
195.114.32.0/19 maxlen: 24
195.122.0.0/19 maxlen: 24
195.122.26.0/23 maxlen: 24
195.122.28.0/24 maxlen: 24
195.122.29.0/24 maxlen: 24
2a02:2330::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 12:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:1c:ac:3c:79:af:67:a1:77:d7:56:5c:3f:0e:81:ed:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Validity
Not Before: Nov 11 19:21:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=839857bfcae3bb5fe9286d0413860c2274662154
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:a1:58:0f:e0:67:9c:3b:dc:b3:c9:82:83:38:
04:1b:df:43:66:46:74:c5:7c:8e:77:c4:61:2e:5d:
4e:12:10:ad:d4:88:77:d2:bb:0d:06:5c:28:0c:a4:
c8:e3:e2:92:68:a6:c1:e0:0f:75:73:8d:fd:ac:61:
48:33:d1:93:50:b3:7a:b7:ca:13:de:ca:43:11:22:
42:b7:9b:24:73:82:a3:39:9f:57:02:8f:10:a6:e7:
07:44:d6:40:3e:86:cc:2e:c9:eb:80:eb:4a:bb:29:
fa:5b:50:ff:fe:05:38:d3:1b:70:ae:9d:33:ae:8d:
d0:52:89:95:32:ee:86:52:0d:4d:11:b5:59:d4:4f:
91:96:16:55:7f:53:07:2f:cd:b5:c8:4d:73:e2:2d:
1d:4d:15:4e:86:de:05:14:9f:48:7a:d5:5d:15:91:
7a:3a:25:de:a6:15:17:4c:33:a4:8a:c4:c3:70:4b:
83:06:28:f0:bd:aa:b6:55:6d:28:82:24:e2:83:66:
2c:f6:30:06:46:43:58:ff:c4:c5:f7:0a:14:eb:30:
ba:bf:37:7b:8d:4f:05:cf:81:f6:e2:18:00:b7:dd:
94:19:9f:d2:fa:a7:1e:ca:32:9e:85:5c:90:44:52:
83:4d:7d:94:ec:78:b6:90:31:7d:99:2e:2f:03:8c:
da:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:98:57:BF:CA:E3:BB:5F:E9:28:6D:04:13:86:0C:22:74:66:21:54
X509v3 Authority Key Identifier:
keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/g5hXv8rju1_pKG0EE4YMInRmIVQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.109.0.0/16
62.85.0.0/17
78.84.0.0/16
80.232.128.0/17
81.198.0.0/16
84.237.128.0/17
87.110.0.0/16
87.246.144.0-87.246.191.255
91.105.0.0/17
95.68.0.0/17
185.38.56.0/22
194.8.16.0-194.8.27.255
195.2.96.0/19
195.13.128.0/17
195.114.32.0/19
195.122.0.0/19
IPv6:
2a02:2330::/29
Signature Algorithm: sha256WithRSAEncryption
2e:9d:9b:cf:16:61:e1:65:e6:79:0a:89:21:ae:31:7f:cb:c4:
1c:04:ac:65:1b:a3:b6:79:a5:8d:89:cc:7c:ae:2c:57:b9:3d:
4e:70:24:9c:bb:31:d9:c3:e4:af:7e:8d:4e:34:94:87:25:9b:
60:1a:31:ee:de:1c:13:e7:35:cb:89:ee:b8:ef:01:b8:89:bb:
06:e6:0b:c8:f6:8e:ee:64:98:13:59:e1:23:34:47:52:e7:8a:
85:43:2d:1f:cd:db:c1:17:1b:b0:02:c7:0d:85:3b:ca:ea:23:
b8:3a:53:c4:93:68:6c:83:0c:16:2e:ae:a1:bf:21:0c:92:d6:
08:92:04:79:d3:ca:25:55:56:6f:34:9c:92:51:d0:9d:9c:cf:
7b:ad:8c:52:d0:fd:c5:26:42:e4:99:2e:18:21:45:6c:a3:97:
16:24:76:59:83:0c:96:21:96:62:3b:8f:fc:f3:d6:8f:97:0a:
ef:25:1c:24:79:88:31:11:76:41:36:1c:fd:58:6a:44:30:45:
d0:e6:78:d0:8f:e0:56:9d:e3:03:05:84:e2:da:af:42:0d:ea:
86:d6:36:ea:f6:c1:2f:47:f6:62:04:65:47:ef:b5:70:b2:6c:
9d:5e:4e:90:72:e8:73:ce:6d:93:7f:1d:a4:bd:3f:3f:e2:65:
01:c7:ec:6c
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAZMcrDx5r2ehd9dWXD8Oge1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQxMTExMTkyMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzk4NTdiZmNhZTNiYjVmZTkyODZkMDQxMzg2MGMyMjc0NjYyMTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4aFYD+BnnDvcs8mCgzgEG99DZkZ0
xXyOd8RhLl1OEhCt1Ih30rsNBlwoDKTI4+KSaKbB4A91c439rGFIM9GTULN6t8oT
3spDESJCt5skc4KjOZ9XAo8QpucHRNZAPobMLsnrgOtKuyn6W1D//gU40xtwrp0z
ro3QUomVMu6GUg1NEbVZ1E+RlhZVf1MHL821yE1z4i0dTRVOht4FFJ9IetVdFZF6
OiXephUXTDOkisTDcEuDBijwvaq2VW0ogiTig2Ys9jAGRkNY/8TF9woU6zC6vzd7
jU8Fz4H24hgAt92UGZ/S+qceyjKehVyQRFKDTX2U7Hi2kDF9mS4vA4zaYwIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFIOYV7/K47tf6ShtBBOGDCJ0ZiFUMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvZzVoWHY4cmp1MV9wS0cwRUU0WU1JblJtSVZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzByBAIAATBsAwMALm0D
BAc+VQADAwBOVAMEB1DogAMDAFHGAwQHVO2AAwMAV24wDAMEBFf2kAMEBlf2gAME
B1tpAAMEB19EAAMEArkmODAMAwQEwggQAwQCwggYAwQFwwJgAwQHww2AAwQFw3Ig
AwQFw3oAMA0EAgACMAcDBQMqAiMwMA0GCSqGSIb3DQEBCwUAA4IBAQAunZvPFmHh
ZeZ5CokhrjF/y8QcBKxlG6O2eaWNicx8rixXuT1OcCScuzHZw+Svfo1ONJSHJZtg
GjHu3hwT5zXLie647wG4ibsG5gvI9o7uZJgTWeEjNEdS54qFQy0fzdvBFxuwAscN
hTvK6iO4OlPEk2hsgwwWLq6hvyEMktYIkgR508olVVZvNJySUdCdnM97rYxS0P3F
JkLkmS4YIUVso5cWJHZZgwyWIZZiO4/889aPlwrvJRwkeYgxEXZBNhz9WGpEMEXQ
5njQj+BWneMDBYTi2q9CDeqG1jbq9sEvR/ZiBGVH77VwsmydXk6Qcuhzzm2Tfx2k
vT8/4mUBx+xs
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:24:49 2024 by rpki-client on console-ams.rpki-client.org