Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/84b489-8b6f-459d-9a31-f18ad9f4cc34/1/yn1DQzn2arsLk09XHCU4974pZKk.roa
File: yn1DQzn2arsLk09XHCU4974pZKk.roa (raw, json)
Hash identifier: 4FLWzEBUoMfuJTZt2SwgaAt1/9Yk0f2FvgQmctfcK8I=
Subject key identifier: CA:7D:43:43:39:F6:6A:BB:0B:93:4F:57:1C:25:38:F7:BE:29:64:A9
Certificate issuer: /CN=19b800c39126db3ca4e0d56910f0ad379257e4a0
Certificate serial: 018CC5DC1C17487DB436D15B2F270E16E73A
Authority key identifier: 19:B8:00:C3:91:26:DB:3C:A4:E0:D5:69:10:F0:AD:37:92:57:E4:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GbgAw5Em2zyk4NVpEPCtN5JX5KA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/84b489-8b6f-459d-9a31-f18ad9f4cc34/1/yn1DQzn2arsLk09XHCU4974pZKk.roa
Signing time: Mon 01 Jan 2024 16:29:45 +0000
ROA not before: Mon 01 Jan 2024 16:29:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12897
IP address blocks: 185.117.68.0/22 maxlen: 22
195.80.52.0/22 maxlen: 22
94.16.64.0/19 maxlen: 19
92.119.8.0/22 maxlen: 22
185.189.140.0/22 maxlen: 22
5.182.236.0/22 maxlen: 22
185.238.252.0/22 maxlen: 22
212.232.80.0/20 maxlen: 20
45.14.188.0/22 maxlen: 22
85.132.192.0/19 maxlen: 19
213.188.96.0/19 maxlen: 19
45.131.36.0/22 maxlen: 22
45.136.168.0/22 maxlen: 22
149.249.128.0/19 maxlen: 19
213.157.0.0/19 maxlen: 19
134.101.16.0/20 maxlen: 20
95.131.96.0/21 maxlen: 21
45.143.76.0/22 maxlen: 22
45.10.60.0/22 maxlen: 22
185.9.28.0/22 maxlen: 22
45.128.180.0/22 maxlen: 22
94.46.64.0/19 maxlen: 19
45.93.108.0/22 maxlen: 22
46.243.80.0/21 maxlen: 21
185.194.64.0/22 maxlen: 22
2a02:b98::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/be/84b489-8b6f-459d-9a31-f18ad9f4cc34/1/GbgAw5Em2zyk4NVpEPCtN5JX5KA.crl
rsync://rpki.ripe.net/repository/DEFAULT/be/84b489-8b6f-459d-9a31-f18ad9f4cc34/1/GbgAw5Em2zyk4NVpEPCtN5JX5KA.mft
rsync://rpki.ripe.net/repository/DEFAULT/GbgAw5Em2zyk4NVpEPCtN5JX5KA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 06:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:1c:17:48:7d:b4:36:d1:5b:2f:27:0e:16:e7:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=19b800c39126db3ca4e0d56910f0ad379257e4a0
Validity
Not Before: Jan 1 16:29:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ca7d434339f66abb0b934f571c2538f7be2964a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:3f:fa:32:5b:a8:06:76:25:e9:56:64:52:dc:
60:3c:7b:4d:08:c4:93:19:79:c5:d1:ea:c5:c5:d5:
f5:ab:fe:52:29:1b:60:14:2f:cc:90:8a:04:65:57:
de:da:92:6d:ac:61:4d:b9:8d:4a:db:51:ff:74:94:
c3:0b:11:3d:51:6a:ec:04:2c:66:8a:13:d5:ee:e7:
f5:46:5f:34:9a:89:2f:15:f4:9e:25:e6:b1:da:51:
0c:ef:5a:6b:9d:1a:43:c4:6c:53:15:0c:77:0f:2c:
ee:fa:70:c6:ae:85:7f:37:04:06:e7:24:21:d3:35:
9d:84:fa:d4:fb:47:66:6f:cc:cb:63:d6:44:7c:87:
85:8d:b0:99:2b:8d:ef:36:66:5c:d7:c2:01:98:b7:
cf:67:21:d2:74:6a:b4:e0:60:e6:1f:f8:d8:af:e7:
3f:91:22:69:19:16:38:e6:50:f2:31:d2:94:ff:ba:
7f:14:27:4b:0b:de:dc:23:6f:99:9f:3c:d0:50:90:
f9:87:20:bb:09:85:be:d9:97:4d:74:8b:0c:a3:02:
cc:4e:df:e9:0b:69:a0:f0:60:bc:37:f0:00:9f:27:
7d:44:24:ab:0d:55:6f:6d:b6:a3:77:9b:a9:dd:e9:
dc:0f:47:d0:33:ad:90:4b:0f:9b:54:c3:db:93:31:
a8:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:7D:43:43:39:F6:6A:BB:0B:93:4F:57:1C:25:38:F7:BE:29:64:A9
X509v3 Authority Key Identifier:
keyid:19:B8:00:C3:91:26:DB:3C:A4:E0:D5:69:10:F0:AD:37:92:57:E4:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GbgAw5Em2zyk4NVpEPCtN5JX5KA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/84b489-8b6f-459d-9a31-f18ad9f4cc34/1/yn1DQzn2arsLk09XHCU4974pZKk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/84b489-8b6f-459d-9a31-f18ad9f4cc34/1/GbgAw5Em2zyk4NVpEPCtN5JX5KA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.236.0/22
45.10.60.0/22
45.14.188.0/22
45.93.108.0/22
45.128.180.0/22
45.131.36.0/22
45.136.168.0/22
45.143.76.0/22
46.243.80.0/21
85.132.192.0/19
92.119.8.0/22
94.16.64.0/19
94.46.64.0/19
95.131.96.0/21
134.101.16.0/20
149.249.128.0/19
185.9.28.0/22
185.117.68.0/22
185.189.140.0/22
185.194.64.0/22
185.238.252.0/22
195.80.52.0/22
212.232.80.0/20
213.157.0.0/19
213.188.96.0/19
IPv6:
2a02:b98::/32
Signature Algorithm: sha256WithRSAEncryption
62:33:45:ec:9c:5d:8b:f1:2f:bd:a3:10:36:75:1e:5b:44:4d:
ac:48:22:97:d5:84:ab:9f:bb:c0:d6:d8:e0:ab:23:1a:e3:71:
9a:cb:f7:c2:50:b9:d2:6f:a5:87:7f:cd:b1:94:1a:f9:ad:32:
20:4e:7e:d4:f2:3a:22:a0:6b:f3:c4:00:7a:8e:18:02:cb:fb:
54:21:bf:17:2f:3c:e7:08:9d:f8:70:df:9e:27:48:7d:24:b0:
de:a5:09:f1:66:7e:1a:c4:da:29:4f:11:bd:a0:35:05:30:ca:
cc:bb:76:38:8b:72:32:d6:09:19:02:9b:8f:53:ff:56:97:30:
a7:92:7d:ed:dd:09:1e:d6:0c:89:63:cc:49:64:d2:e9:1b:0e:
54:b7:6b:99:82:89:c7:d9:1e:52:96:a6:9b:bf:da:98:d5:75:
08:6b:2b:63:47:b3:35:98:77:10:a0:94:c6:01:55:67:10:8f:
f6:ef:c3:46:90:1d:34:9d:15:b6:28:a6:e7:c3:4a:d1:7f:47:
f3:ab:3b:72:fb:0d:5a:52:a3:b0:53:95:32:53:1f:2a:0e:ac:
66:89:bd:fa:98:c0:a7:ae:f5:d4:36:d3:77:f7:6a:d2:42:69:
85:34:85:cb:42:53:c3:75:e2:cf:c0:11:dd:bf:d5:84:1c:87:
88:be:57:a3
-----BEGIN CERTIFICATE-----
MIIFoTCCBImgAwIBAgISAYzF3BwXSH20NtFbLycOFuc6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YjgwMGMzOTEyNmRiM2NhNGUwZDU2OTEwZjBhZDM3OTI1
N2U0YTAwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTdkNDM0MzM5ZjY2YWJiMGI5MzRmNTcxYzI1MzhmN2JlMjk2NGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlj/6MluoBnYl6VZkUtxgPHtNCMST
GXnF0erFxdX1q/5SKRtgFC/MkIoEZVfe2pJtrGFNuY1K21H/dJTDCxE9UWrsBCxm
ihPV7uf1Rl80mokvFfSeJeax2lEM71prnRpDxGxTFQx3Dyzu+nDGroV/NwQG5yQh
0zWdhPrU+0dmb8zLY9ZEfIeFjbCZK43vNmZc18IBmLfPZyHSdGq04GDmH/jYr+c/
kSJpGRY45lDyMdKU/7p/FCdLC97cI2+ZnzzQUJD5hyC7CYW+2ZdNdIsMowLMTt/p
C2mg8GC8N/AAnyd9RCSrDVVvbbajd5up3encD0fQM62QSw+bVMPbkzGoRwIDAQAB
o4ICrTCCAqkwHQYDVR0OBBYEFMp9Q0M59mq7C5NPVxwlOPe+KWSpMB8GA1UdIwQY
MBaAFBm4AMORJts8pODVaRDwrTeSV+SgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2JnQXc1RW0yenlrNE5WcEVQQ3RONUpYNUtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS84NGI0ODktOGI2Zi00NTlkLTlhMzEt
ZjE4YWQ5ZjRjYzM0LzEveW4xRFF6bjJhcnNMazA5WEhDVTQ5NzRwWktrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS84NGI0ODktOGI2Zi00NTlkLTlhMzEtZjE4YWQ5ZjRjYzM0
LzEvR2JnQXc1RW0yenlrNE5WcEVQQ3RONUpYNUtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHCBggrBgEFBQcBBwEB/wSBsjCBrzCBnQQCAAEwgZYDBAIF
tuwDBAItCjwDBAItDrwDBAItXWwDBAItgLQDBAItgyQDBAItiKgDBAItj0wDBAMu
81ADBAVVhMADBAJcdwgDBAVeEEADBAVeLkADBANfg2ADBASGZRADBAWV+YADBAK5
CRwDBAK5dUQDBAK5vYwDBAK5wkADBAK57vwDBALDUDQDBATU6FADBAXVnQADBAXV
vGAwDQQCAAIwBwMFACoCC5gwDQYJKoZIhvcNAQELBQADggEBAGIzReycXYvxL72j
EDZ1HltETaxIIpfVhKufu8DW2OCrIxrjcZrL98JQudJvpYd/zbGUGvmtMiBOftTy
OiKga/PEAHqOGALL+1QhvxcvPOcInfhw354nSH0ksN6lCfFmfhrE2ilPEb2gNQUw
ysy7djiLcjLWCRkCm49T/1aXMKeSfe3dCR7WDIljzElk0ukbDlS3a5mCicfZHlKW
ppu/2pjVdQhrK2NHszWYdxCglMYBVWcQj/bvw0aQHTSdFbYopufDStF/R/OrO3L7
DVpSo7BTlTJTHyoOrGaJvfqYwKeu9dQ203f3atJCaYU0hctCU8N14s/AEd2/1YQc
h4i+V6M=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:13:42 2024 by rpki-client on console-fra.rpki-client.org