Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/MCdNDELjr0x2GOi9fdhyxV49x4o.roa
File: MCdNDELjr0x2GOi9fdhyxV49x4o.roa (raw, json)
Hash identifier: qSoXopON3BXLwkxVbCYxVpnDI95/8xfMTgapToTYzY4=
Subject key identifier: 30:27:4D:0C:42:E3:AF:4C:76:18:E8:BD:7D:D8:72:C5:5E:3D:C7:8A
Certificate issuer: /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial: 018E9E63D056795D6BB766CCD1C7CF7E5AEA
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/MCdNDELjr0x2GOi9fdhyxV49x4o.roa
Signing time: Tue 02 Apr 2024 10:38:45 +0000
ROA not before: Tue 02 Apr 2024 10:38:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31213
IP address blocks: 37.28.160.0/21 maxlen: 21
37.28.168.0/21 maxlen: 21
37.29.48.0/21 maxlen: 21
37.29.56.0/21 maxlen: 21
37.29.64.0/22 maxlen: 22
37.29.68.0/23 maxlen: 23
37.29.70.0/24 maxlen: 24
37.29.71.0/24 maxlen: 24
78.25.96.0/21 maxlen: 21
78.25.104.0/22 maxlen: 22
78.25.108.0/22 maxlen: 22
78.25.120.0/22 maxlen: 22
83.149.0.0/21 maxlen: 21
85.26.128.0/20 maxlen: 20
85.26.208.0/22 maxlen: 22
85.26.212.0/22 maxlen: 22
85.26.216.0/22 maxlen: 22
85.26.220.0/22 maxlen: 22
85.26.248.0/22 maxlen: 22
85.26.252.0/22 maxlen: 22
94.25.208.0/22 maxlen: 22
94.25.216.0/21 maxlen: 21
94.25.224.0/21 maxlen: 21
94.25.228.0/23 maxlen: 23
94.25.232.0/21 maxlen: 21
109.188.128.0/17 maxlen: 17
128.204.74.0/24 maxlen: 24
128.204.75.0/24 maxlen: 24
176.106.130.0/24 maxlen: 24
176.106.131.0/24 maxlen: 24
178.178.224.0/24 maxlen: 24
178.178.225.0/24 maxlen: 24
178.178.226.0/24 maxlen: 24
178.178.227.0/24 maxlen: 24
188.162.64.0/23 maxlen: 23
188.170.65.0/24 maxlen: 24
188.170.66.0/24 maxlen: 24
188.170.67.0/24 maxlen: 24
188.170.68.0/24 maxlen: 24
188.170.72.0/21 maxlen: 21
188.170.80.0/21 maxlen: 21
188.170.92.0/22 maxlen: 22
2a03:d000::/40 maxlen: 40
2a03:d000::/41 maxlen: 41
2a03:d000:80::/41 maxlen: 41
2a03:d000:100::/40 maxlen: 40
2a03:d000:100::/41 maxlen: 41
2a03:d000:180::/41 maxlen: 41
2a03:d000:200::/41 maxlen: 41
2a03:d000:280::/41 maxlen: 41
2a03:d000:301::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 21:00:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:9e:63:d0:56:79:5d:6b:b7:66:cc:d1:c7:cf:7e:5a:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Validity
Not Before: Apr 2 10:38:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=30274d0c42e3af4c7618e8bd7dd872c55e3dc78a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:d1:1c:e4:a8:c9:49:81:74:19:89:9d:74:33:
fe:81:7f:e8:e9:2c:60:07:4a:d6:a2:4c:0c:13:05:
d5:0a:39:6a:4e:79:9c:84:a0:cf:97:2f:99:d0:0e:
27:b9:cd:91:a3:f5:59:6e:dc:58:3a:cd:bd:53:fd:
b9:69:a9:4e:53:bf:8d:d6:4c:37:c8:b2:37:a8:43:
bf:1b:27:1c:7e:e8:3f:92:79:c1:61:04:ee:29:54:
e6:a8:27:51:39:af:c5:2f:01:38:35:fc:c2:4d:d6:
37:32:bd:3d:96:a8:98:c9:db:74:f1:99:e4:40:cf:
6f:6f:91:ce:67:37:fe:47:be:3b:af:cb:71:09:1e:
99:86:8f:33:81:70:85:37:2b:a6:5b:14:70:47:fd:
04:2e:b9:71:83:42:85:a4:64:d4:25:ee:6d:44:1a:
42:b2:35:6d:f1:17:5b:e4:33:7d:a0:63:e3:18:a4:
96:c2:ac:a4:aa:97:2f:30:9f:80:3b:76:b3:ba:02:
79:31:7d:14:36:3c:6d:1f:5f:32:21:ea:f1:66:06:
21:bf:40:47:cd:bc:16:dc:13:42:60:87:15:66:29:
78:30:61:1a:3e:be:e2:54:db:53:95:ab:07:db:32:
b0:ea:9a:0a:c2:31:ad:0d:47:d5:94:65:41:5c:ae:
95:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:27:4D:0C:42:E3:AF:4C:76:18:E8:BD:7D:D8:72:C5:5E:3D:C7:8A
X509v3 Authority Key Identifier:
keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/MCdNDELjr0x2GOi9fdhyxV49x4o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.28.160.0/20
37.29.48.0-37.29.71.255
78.25.96.0/20
78.25.120.0/22
83.149.0.0/21
85.26.128.0/20
85.26.208.0/20
85.26.248.0/21
94.25.208.0/22
94.25.216.0-94.25.239.255
109.188.128.0/17
128.204.74.0/23
176.106.130.0/23
178.178.224.0/22
188.162.64.0/23
188.170.65.0-188.170.68.255
188.170.72.0-188.170.87.255
188.170.92.0/22
IPv6:
2a03:d000::-2a03:d000:2ff:ffff:ffff:ffff:ffff:ffff
2a03:d000:301::/48
Signature Algorithm: sha256WithRSAEncryption
1b:11:48:55:e2:aa:e3:a6:0e:b9:53:01:6b:33:49:1a:3d:29:
c5:d0:95:9d:73:c3:63:9c:64:99:9f:6f:c4:9f:56:54:8b:a9:
77:87:18:22:59:1e:25:8c:54:00:31:ea:f4:3c:80:96:96:2d:
6c:c9:4c:a3:f9:85:e8:c6:e5:f4:3b:84:9c:1b:84:08:4d:cd:
42:9b:f8:71:6e:14:c0:24:29:67:57:18:00:96:57:be:e4:e5:
46:33:41:54:85:63:e7:de:7b:05:ba:c8:b5:bf:cb:e4:d8:9c:
47:9d:20:95:6e:a5:7b:d7:f8:51:6e:7f:64:2b:91:65:11:67:
ba:d1:c7:6e:9b:5d:c8:44:02:5b:2a:9b:8a:79:ff:0c:8d:01:
cb:2e:ee:e0:e1:7e:86:ac:d8:4e:b9:b9:4d:ed:7e:31:d8:c9:
78:7f:05:b4:1b:14:c6:71:89:ac:b0:f1:cb:a8:0e:86:de:48:
01:0a:8c:59:53:52:a3:f0:99:6c:b9:97:39:5f:1b:f5:06:73:
9f:27:f7:0d:ef:8c:56:dd:4d:b5:b7:bc:cc:d1:22:c1:0a:c3:
36:a1:57:cf:ac:8f:9d:f5:e3:b3:7d:d0:ee:e9:b1:f6:7a:af:
a3:1b:e3:fd:2f:b0:41:a1:d4:e3:53:44:0e:aa:b7:d7:e2:2b:
2e:6e:59:e4
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAY6eY9BWeV1rt2bM0cfPflrqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwNDAyMTAzODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDI3NGQwYzQyZTNhZjRjNzYxOGU4YmQ3ZGQ4NzJjNTVlM2RjNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNEc5KjJSYF0GYmddDP+gX/o6Sxg
B0rWokwMEwXVCjlqTnmchKDPly+Z0A4nuc2Ro/VZbtxYOs29U/25aalOU7+N1kw3
yLI3qEO/Gyccfug/knnBYQTuKVTmqCdROa/FLwE4NfzCTdY3Mr09lqiYydt08Znk
QM9vb5HOZzf+R747r8txCR6Zho8zgXCFNyumWxRwR/0ELrlxg0KFpGTUJe5tRBpC
sjVt8Rdb5DN9oGPjGKSWwqykqpcvMJ+AO3azugJ5MX0UNjxtH18yIerxZgYhv0BH
zbwW3BNCYIcVZil4MGEaPr7iVNtTlasH2zKw6poKwjGtDUfVlGVBXK6VIwIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFDAnTQxC469MdhjovX3YcsVePceKMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvTUNkTkRFTGpyMHgyR09pOWZkaHl4VjQ5eDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHKBggrBgEFBQcBBwEB/wSBujCBtzCBkwQCAAEwgYwDBAQl
HKAwDAMEBCUdMAMEAyUdQAMEBE4ZYAMEAk4ZeAMEA1OVAAMEBFUagAMEBFUa0AME
A1Ua+AMEAl4Z0DAMAwQDXhnYAwQEXhngAwQHbbyAAwQBgMxKAwQBsGqCAwQCsrLg
AwQBvKJAMAwDBAC8qkEDBAC8qkQwDAMEA7yqSAMEA7yqUAMEAryqXDAfBAIAAjAZ
MA4DBAQqA9ADBgAqA9AAAgMHACoD0AADATANBgkqhkiG9w0BAQsFAAOCAQEAGxFI
VeKq46YOuVMBazNJGj0pxdCVnXPDY5xkmZ9vxJ9WVIupd4cYIlkeJYxUADHq9DyA
lpYtbMlMo/mF6Mbl9DuEnBuECE3NQpv4cW4UwCQpZ1cYAJZXvuTlRjNBVIVj5957
BbrItb/L5NicR50glW6le9f4UW5/ZCuRZRFnutHHbptdyEQCWyqbinn/DI0Byy7u
4OF+hqzYTrm5Te1+MdjJeH8FtBsUxnGJrLDxy6gOht5IAQqMWVNSo/CZbLmXOV8b
9QZznyf3De+MVt1Ntbe8zNEiwQrDNqFXz6yPnfXjs33Q7umx9nqvoxvj/S+wQaHU
41NEDqq31+IrLm5Z5A==
-----END CERTIFICATE-----
Generated at Sat Jun 8 04:15:05 2024 by rpki-client on console-ams.rpki-client.org