Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/oxlN8brEY9L3en9vgpPmOHDmcQA.roa
File: oxlN8brEY9L3en9vgpPmOHDmcQA.roa (raw, json)
Hash identifier: DydYj2aZNC+uXdrOGeqG78SIoj2CYfEQzkcxroOLTIY=
Subject key identifier: A3:19:4D:F1:BA:C4:63:D2:F7:7A:7F:6F:82:93:E6:38:70:E6:71:00
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 0192BA41093E2CDF9185ED28370FDB97C556
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/oxlN8brEY9L3en9vgpPmOHDmcQA.roa
Signing time: Wed 23 Oct 2024 16:41:17 +0000
ROA not before: Wed 23 Oct 2024 16:41:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209641
IP address blocks: 45.89.66.0/24 maxlen: 24
45.89.67.0/24 maxlen: 24
45.128.176.0/22 maxlen: 22
45.128.176.0/24 maxlen: 24
45.128.177.0/24 maxlen: 24
45.128.178.0/24 maxlen: 24
45.128.179.0/24 maxlen: 24
45.132.252.0/24 maxlen: 24
91.217.80.0/24 maxlen: 24
94.142.136.0/21 maxlen: 21
94.142.139.0/24 maxlen: 24
94.142.140.0/24 maxlen: 24
94.142.141.0/24 maxlen: 24
94.142.142.0/24 maxlen: 24
103.82.103.0/24 maxlen: 24
185.5.248.0/22 maxlen: 22
185.5.248.0/23 maxlen: 23
185.5.250.0/23 maxlen: 23
185.5.250.0/24 maxlen: 24
185.58.204.0/22 maxlen: 22
185.58.207.0/24 maxlen: 24
185.87.48.0/22 maxlen: 22
185.87.48.0/24 maxlen: 24
185.87.49.0/24 maxlen: 24
185.87.50.0/24 maxlen: 24
185.87.51.0/24 maxlen: 24
185.105.116.0/24 maxlen: 24
185.105.117.0/24 maxlen: 24
185.117.152.0/22 maxlen: 22
185.125.216.0/22 maxlen: 22
185.125.218.0/23 maxlen: 23
185.125.229.0/24 maxlen: 24
185.125.231.0/24 maxlen: 24
185.200.188.0/24 maxlen: 24
193.109.85.0/24 maxlen: 24
193.124.176.0/20 maxlen: 20
193.124.176.0/21 maxlen: 21
193.124.176.0/22 maxlen: 22
193.124.176.0/24 maxlen: 24
193.124.177.0/24 maxlen: 24
193.124.178.0/24 maxlen: 24
193.124.179.0/24 maxlen: 24
193.124.180.0/24 maxlen: 24
193.124.181.0/24 maxlen: 24
193.124.182.0/24 maxlen: 24
193.124.183.0/24 maxlen: 24
193.124.184.0/21 maxlen: 21
193.124.184.0/24 maxlen: 24
193.124.189.0/24 maxlen: 24
193.124.191.0/24 maxlen: 24
193.168.224.0/24 maxlen: 24
194.67.192.0/19 maxlen: 19
194.67.194.0/23 maxlen: 23
194.67.196.0/22 maxlen: 22
194.67.200.0/21 maxlen: 21
194.67.202.0/24 maxlen: 24
194.67.203.0/24 maxlen: 24
194.67.204.0/22 maxlen: 22
194.67.208.0/20 maxlen: 20
195.47.250.0/24 maxlen: 24
2a0a:9300::/48 maxlen: 48
2a0a:9300:2::/48 maxlen: 48
2a0a:9300:d0::/48 maxlen: 48
2a0a:9300:d1::/48 maxlen: 48
2a0a:9300:d2::/48 maxlen: 48
2a0a:9301::/48 maxlen: 48
2a0a:9301:1::/48 maxlen: 48
2a0a:9301:2::/48 maxlen: 48
2a0a:9302::/32 maxlen: 32
2a0a:9302:1::/48 maxlen: 48
2a0b:7780::/29 maxlen: 29
2a0c:77c0::/32 maxlen: 32
2a0d:3880::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 03:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:ba:41:09:3e:2c:df:91:85:ed:28:37:0f:db:97:c5:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Oct 23 16:41:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a3194df1bac463d2f77a7f6f8293e63870e67100
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:9c:26:a5:8d:41:3d:3d:72:0f:9f:7a:17:ad:
d1:ba:76:a4:97:87:d5:53:0b:72:21:27:fc:7e:ec:
18:f7:1d:7a:d1:03:1c:3d:e3:59:77:61:ad:d2:7b:
28:04:2f:70:30:e3:a9:9f:27:d4:31:a8:c5:12:af:
92:a0:a8:06:d8:5e:b0:1b:37:23:96:61:14:c8:75:
48:49:34:fb:1f:dc:e6:9f:80:60:64:81:1b:c4:56:
c5:90:b3:7a:fa:1c:73:df:9f:b5:4c:63:70:c5:3c:
74:a5:e2:88:fe:6c:83:36:64:0d:cd:7f:7e:5f:7a:
02:98:b5:10:b1:63:5b:0a:02:94:0e:47:4d:91:33:
69:e1:1a:f8:52:81:73:ee:21:67:eb:24:73:d1:35:
fa:fb:f1:e3:1e:36:4a:14:91:f5:b2:e7:dd:9d:88:
0a:4e:b2:d1:ac:7a:00:83:2e:87:1d:15:64:2a:63:
d0:c5:48:40:e1:5f:30:f1:57:d4:ff:cd:4e:28:29:
38:02:44:38:79:8e:1c:11:08:4d:5e:8f:c9:74:21:
f0:f4:40:43:34:3c:43:22:f6:64:02:15:24:08:9b:
2c:de:b0:64:f9:10:c3:74:1d:ff:14:84:0a:b0:42:
e7:4e:46:dd:59:bc:5b:4d:fe:78:d8:87:b9:28:ef:
84:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:19:4D:F1:BA:C4:63:D2:F7:7A:7F:6F:82:93:E6:38:70:E6:71:00
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/oxlN8brEY9L3en9vgpPmOHDmcQA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.89.66.0/23
45.128.176.0/22
45.132.252.0/24
91.217.80.0/24
94.142.136.0/21
103.82.103.0/24
185.5.248.0/22
185.58.204.0/22
185.87.48.0/22
185.105.116.0/23
185.117.152.0/22
185.125.216.0/22
185.125.229.0/24
185.125.231.0/24
185.200.188.0/24
193.109.85.0/24
193.124.176.0/20
193.168.224.0/24
194.67.192.0/19
195.47.250.0/24
IPv6:
2a0a:9300::/48
2a0a:9300:2::/48
2a0a:9300:d0::-2a0a:9300:d2:ffff:ffff:ffff:ffff:ffff
2a0a:9301::-2a0a:9301:2:ffff:ffff:ffff:ffff:ffff
2a0a:9302::/32
2a0b:7780::/29
2a0c:77c0::/32
2a0d:3880::/29
Signature Algorithm: sha256WithRSAEncryption
95:8d:9c:ca:6f:d7:d4:29:57:5d:35:4c:6c:ab:f3:56:65:08:
b2:27:27:48:0a:a1:ae:2a:13:b9:e9:0c:71:39:06:a9:3b:91:
f5:06:4b:48:99:27:03:98:3d:70:e3:b9:35:27:06:cb:2e:5c:
fd:59:25:74:f7:b3:b4:ca:8d:61:3a:ca:06:54:9f:e2:97:88:
54:67:51:6e:0f:ef:71:45:42:05:78:f9:ea:04:ea:dd:26:39:
2a:6a:0d:e4:f3:be:82:83:a5:31:4d:87:b4:68:43:a7:3c:02:
85:5d:0a:79:53:45:1e:6c:35:ed:fb:30:7f:53:58:5a:b7:8f:
f5:4a:63:b8:0e:4c:93:66:5e:d2:6b:48:8b:f1:b5:f0:f5:a3:
43:94:04:37:30:df:1f:ad:23:4e:0e:0d:af:98:2c:12:7f:54:
09:f9:12:85:07:b3:8c:18:b0:04:46:3b:95:5a:df:51:69:79:
e8:42:35:90:b2:a0:e5:fc:73:5e:38:29:29:9d:8a:7a:29:a8:
15:61:95:dc:32:e2:d9:45:d4:97:c7:a6:a0:6c:47:f7:ae:06:
f4:64:1b:2b:93:a6:0e:dd:fa:57:c6:b3:78:77:ee:23:af:8e:
1b:c1:a8:01:d7:24:79:87:d4:47:13:ce:59:dd:94:51:09:ba:
2c:a5:1a:97
-----BEGIN CERTIFICATE-----
MIIFzjCCBLagAwIBAgISAZK6QQk+LN+Rhe0oNw/bl8VWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQxMDIzMTY0MTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzE5NGRmMWJhYzQ2M2QyZjc3YTdmNmY4MjkzZTYzODcwZTY3MTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5wmpY1BPT1yD596F63Runakl4fV
UwtyISf8fuwY9x160QMcPeNZd2Gt0nsoBC9wMOOpnyfUMajFEq+SoKgG2F6wGzcj
lmEUyHVISTT7H9zmn4BgZIEbxFbFkLN6+hxz35+1TGNwxTx0peKI/myDNmQNzX9+
X3oCmLUQsWNbCgKUDkdNkTNp4Rr4UoFz7iFn6yRz0TX6+/HjHjZKFJH1sufdnYgK
TrLRrHoAgy6HHRVkKmPQxUhA4V8w8VfU/81OKCk4AkQ4eY4cEQhNXo/JdCHw9EBD
NDxDIvZkAhUkCJss3rBk+RDDdB3/FIQKsELnTkbdWbxbTf542Ie5KO+ELwIDAQAB
o4IC2jCCAtYwHQYDVR0OBBYEFKMZTfG6xGPS93p/b4KT5jhw5nEAMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvb3hsTjhickVZOUwzZW45dmdwUG1PSERtY1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHvBggrBgEFBQcBBwEB/wSB3zCB3DB+BAIAATB4AwQBLVlC
AwQCLYCwAwQALYT8AwQAW9lQAwQDXo6IAwQAZ1JnAwQCuQX4AwQCuTrMAwQCuVcw
AwQBuWl0AwQCuXWYAwQCuX3YAwQAuX3lAwQAuX3nAwQAuci8AwQAwW1VAwQEwXyw
AwQAwajgAwQFwkPAAwQAwy/6MFoEAgACMFQDBwAqCpMAAAADBwAqCpMAAAIwEgMH
BCoKkwAA0AMHACoKkwAA0jAQAwUAKgqTAQMHACoKkwEAAgMFACoKkwIDBQMqC3eA
AwUAKgx3wAMFAyoNOIAwDQYJKoZIhvcNAQELBQADggEBAJWNnMpv19QpV101TGyr
81ZlCLInJ0gKoa4qE7npDHE5Bqk7kfUGS0iZJwOYPXDjuTUnBssuXP1ZJXT3s7TK
jWE6ygZUn+KXiFRnUW4P73FFQgV4+eoE6t0mOSpqDeTzvoKDpTFNh7RoQ6c8AoVd
CnlTRR5sNe37MH9TWFq3j/VKY7gOTJNmXtJrSIvxtfD1o0OUBDcw3x+tI04ODa+Y
LBJ/VAn5EoUHs4wYsARGO5Va31FpeehCNZCyoOX8c144KSmdinopqBVhldwy4tlF
1JfHpqBsR/euBvRkGyuTpg7d+lfGs3h37iOvjhvBqAHXJHmH1EcTzlndlFEJuiyl
Gpc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:08:52 2024 by rpki-client on console-fra.rpki-client.org