Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/v6JJV5gqlEHjdSShRUsQlJamPJw.roa
File: v6JJV5gqlEHjdSShRUsQlJamPJw.roa (raw, json)
Hash identifier: fXl9uTehmb1k4pE5taNpKk/nGnlKhEUq+Co960IkHsQ=
Subject key identifier: BF:A2:49:57:98:2A:94:41:E3:75:24:A1:45:4B:10:94:96:A6:3C:9C
Certificate issuer: /CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
Certificate serial: 018CC6B91B694111383E68C392A1EF38B195
Authority key identifier: AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/v6JJV5gqlEHjdSShRUsQlJamPJw.roa
Signing time: Mon 01 Jan 2024 20:31:09 +0000
ROA not before: Mon 01 Jan 2024 20:31:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200000
IP address blocks: 185.124.8.0/22 maxlen: 22
185.39.224.0/22 maxlen: 22
89.19.128.0/19 maxlen: 19
185.235.168.0/22 maxlen: 22
109.205.96.0/21 maxlen: 21
45.154.218.0/24 maxlen: 24
173.242.48.0/20 maxlen: 20
185.104.44.0/22 maxlen: 22
185.104.45.0/24 maxlen: 24
185.65.244.0/22 maxlen: 22
217.173.208.0/20 maxlen: 20
185.25.116.0/22 maxlen: 22
185.130.120.0/22 maxlen: 22
185.69.152.0/22 maxlen: 22
185.234.176.0/22 maxlen: 22
185.233.120.0/22 maxlen: 22
185.233.136.0/22 maxlen: 22
37.139.64.0/21 maxlen: 21
185.233.152.0/22 maxlen: 23
185.149.40.0/22 maxlen: 22
185.233.116.0/22 maxlen: 22
91.105.208.0/21 maxlen: 21
46.247.80.0/21 maxlen: 21
185.226.24.0/22 maxlen: 22
185.225.212.0/22 maxlen: 22
185.68.16.0/24 maxlen: 24
185.68.16.0/22 maxlen: 22
185.233.36.0/22 maxlen: 22
185.233.40.0/22 maxlen: 22
185.233.44.0/22 maxlen: 22
185.209.168.0/22 maxlen: 22
185.239.180.0/22 maxlen: 22
2a0c:c80::/29 maxlen: 29
2a0c:6080::/29 maxlen: 29
2a0c:e80::/29 maxlen: 29
2a0c:680::/29 maxlen: 29
2a00:7a60::/32 maxlen: 32
2a0c:880::/29 maxlen: 29
2a0c:681::/32 maxlen: 32
2a0c:682::/31 maxlen: 31
2a0c:a80::/29 maxlen: 29
2a0c:684::/30 maxlen: 30
2a0c:d80::/29 maxlen: 29
2a04:8000::/29 maxlen: 29
2a0d:6500::/29 maxlen: 29
2a0d:1100::/29 maxlen: 29
2a05:480::/29 maxlen: 29
2a0c:780::/29 maxlen: 29
2a06:6440::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.mft
rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 20 Sep 2024 13:01:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b9:1b:69:41:11:38:3e:68:c3:92:a1:ef:38:b1:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
Validity
Not Before: Jan 1 20:31:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bfa24957982a9441e37524a1454b109496a63c9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:f7:c0:2b:90:87:58:c6:11:7e:3b:24:99:98:
0c:82:54:5f:d5:f6:30:15:fc:c3:0f:92:f7:8e:07:
30:2f:de:c9:fb:98:da:41:5b:e1:99:92:0c:9f:45:
05:74:92:52:e4:fd:ec:fc:70:c6:13:b6:f0:82:6c:
97:59:24:d7:05:21:d1:fc:89:72:d2:c9:0e:b8:1e:
e2:df:99:e9:ac:3e:45:08:fd:70:60:9c:54:30:4d:
8a:db:13:7b:29:5f:e1:0a:61:1b:28:a9:3c:01:c6:
f0:f7:37:40:dd:7d:89:b9:34:4a:53:4d:df:7f:13:
7d:19:2d:5a:4c:d6:a4:52:1d:99:d9:50:6d:44:a3:
8b:9f:4e:15:1e:8f:cc:a2:73:d9:51:28:46:de:63:
13:8f:0f:41:a7:52:90:55:62:47:35:b2:83:46:7d:
34:47:83:26:7f:20:cf:e3:67:cb:0f:d6:27:e4:ce:
2d:91:5c:89:c1:bd:37:9a:67:cd:bb:03:1a:bf:93:
df:04:bc:ab:8d:b5:8a:f0:7c:a1:88:6b:82:26:5e:
67:f9:8a:eb:ce:d0:42:d6:a5:0e:aa:d3:91:e7:d0:
d9:e7:41:1f:d3:0a:25:2c:a0:f9:2d:ad:a8:78:70:
33:47:4f:8c:e1:97:27:3e:53:6c:26:ed:64:04:81:
fd:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:A2:49:57:98:2A:94:41:E3:75:24:A1:45:4B:10:94:96:A6:3C:9C
X509v3 Authority Key Identifier:
keyid:AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/v6JJV5gqlEHjdSShRUsQlJamPJw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.64.0/21
45.154.218.0/24
46.247.80.0/21
89.19.128.0/19
91.105.208.0/21
109.205.96.0/21
173.242.48.0/20
185.25.116.0/22
185.39.224.0/22
185.65.244.0/22
185.68.16.0/22
185.69.152.0/22
185.104.44.0/22
185.124.8.0/22
185.130.120.0/22
185.149.40.0/22
185.209.168.0/22
185.225.212.0/22
185.226.24.0/22
185.233.36.0-185.233.47.255
185.233.116.0-185.233.123.255
185.233.136.0/22
185.233.152.0/22
185.234.176.0/22
185.235.168.0/22
185.239.180.0/22
217.173.208.0/20
IPv6:
2a00:7a60::/32
2a04:8000::/29
2a05:480::/29
2a06:6440::/29
2a0c:680::/29
2a0c:780::/29
2a0c:880::/29
2a0c:a80::/29
2a0c:c80::/29
2a0c:d80::/29
2a0c:e80::/29
2a0c:6080::/29
2a0d:1100::/29
2a0d:6500::/29
Signature Algorithm: sha256WithRSAEncryption
5e:e0:8f:91:29:9c:f2:f3:b1:01:03:91:3d:2a:3a:84:df:b5:
7e:e9:a4:b6:95:fe:98:cf:b0:a7:4b:bd:2f:82:22:16:ec:22:
67:36:92:d7:11:14:2c:cd:ed:6d:a2:77:56:d2:5d:35:21:c3:
6c:36:43:f3:9e:c2:de:e7:21:c3:e3:97:86:71:fe:3a:fd:d9:
72:b5:ef:09:0f:58:95:74:e0:e2:05:42:7d:ca:7e:00:58:33:
ee:40:79:6e:d7:d0:cc:87:4f:df:1a:47:e5:1c:66:d7:f7:d0:
6d:5b:81:4e:c1:59:76:0e:ec:d6:66:a2:1f:3e:29:a7:99:df:
62:3b:7b:9a:51:b4:22:cd:6c:d1:71:cf:f6:02:8a:56:58:c2:
16:4e:fd:ff:71:41:f8:2c:96:77:a4:8c:f6:9b:e3:ad:4a:20:
98:81:02:13:d0:e7:97:0a:c9:7e:37:33:66:20:4b:c3:0c:0a:
e8:fa:90:c4:b9:6f:6d:db:3a:16:95:d8:7c:8a:eb:eb:cc:c6:
c8:e1:d4:13:8a:1f:d7:6c:01:ad:11:d7:18:6d:0b:d1:74:f2:
de:5e:54:a4:c7:b4:cd:ce:4a:92:f6:cf:5b:36:94:97:57:a8:
19:c8:8c:04:cb:26:f0:da:2e:aa:26:6e:7c:57:e2:f0:35:19:
c8:25:a1:76
-----BEGIN CERTIFICATE-----
MIIGGzCCBQOgAwIBAgISAYzGuRtpQRE4PmjDkqHvOLGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOGEwZTBiMWIyMWYwOTMzMzNjMDc0ODE0NWIxNjI4NDE4
Y2YyYjUwHhcNMjQwMTAxMjAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmEyNDk1Nzk4MmE5NDQxZTM3NTI0YTE0NTRiMTA5NDk2YTYzYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkffAK5CHWMYRfjskmZgMglRf1fYw
FfzDD5L3jgcwL97J+5jaQVvhmZIMn0UFdJJS5P3s/HDGE7bwgmyXWSTXBSHR/Ily
0skOuB7i35nprD5FCP1wYJxUME2K2xN7KV/hCmEbKKk8Acbw9zdA3X2JuTRKU03f
fxN9GS1aTNakUh2Z2VBtRKOLn04VHo/MonPZUShG3mMTjw9Bp1KQVWJHNbKDRn00
R4MmfyDP42fLD9Yn5M4tkVyJwb03mmfNuwMav5PfBLyrjbWK8HyhiGuCJl5n+Yrr
ztBC1qUOqtOR59DZ50Ef0wolLKD5La2oeHAzR0+M4ZcnPlNsJu1kBIH9AQIDAQAB
o4IDJzCCAyMwHQYDVR0OBBYEFL+iSVeYKpRB43UkoUVLEJSWpjycMB8GA1UdIwQY
MBaAFKyKDgsbIfCTMzwHSBRbFihBjPK1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMt
ZGI4ZWZmMWIxMWEwLzEvdjZKSlY1Z3FsRUhqZFNTaFJVc1FsSmFtUEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMtZGI4ZWZmMWIxMWEw
LzEvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOwYIKwYBBQUHAQcBAf8EggEqMIIBJjCBuQQCAAEwgbID
BAMli0ADBAAtmtoDBAMu91ADBAVZE4ADBANbadADBANtzWADBASt8jADBAK5GXQD
BAK5J+ADBAK5QfQDBAK5RBADBAK5RZgDBAK5aCwDBAK5fAgDBAK5gngDBAK5lSgD
BAK50agDBAK54dQDBAK54hgwDAMEArnpJAMEBLnpIDAMAwQCuel0AwQCuel4AwQC
uemIAwQCuemYAwQCueqwAwQCueuoAwQCue+0AwQE2a3QMGgEAgACMGIDBQAqAHpg
AwUDKgSAAAMFAyoFBIADBQMqBmRAAwUDKgwGgAMFAyoMB4ADBQMqDAiAAwUDKgwK
gAMFAyoMDIADBQMqDA2AAwUDKgwOgAMFAyoMYIADBQMqDREAAwUDKg1lADANBgkq
hkiG9w0BAQsFAAOCAQEAXuCPkSmc8vOxAQORPSo6hN+1fumktpX+mM+wp0u9L4Ii
FuwiZzaS1xEULM3tbaJ3VtJdNSHDbDZD857C3uchw+OXhnH+Ov3ZcrXvCQ9YlXTg
4gVCfcp+AFgz7kB5btfQzIdP3xpH5Rxm1/fQbVuBTsFZdg7s1maiHz4pp5nfYjt7
mlG0Is1s0XHP9gKKVljCFk79/3FB+CyWd6SM9pvjrUogmIECE9DnlwrJfjczZiBL
wwwK6PqQxLlvbds6FpXYfIrr68zGyOHUE4of12wBrRHXGG0L0XTy3l5UpMe0zc5K
kvbPWzaUl1eoGciMBMsm8NouqiZufFfi8DUZyCWhdg==
-----END CERTIFICATE-----
Generated at Thu Sep 19 20:23:14 2024 by rpki-client on console-ams.rpki-client.org