Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/NwEklZa0XBXDVtQBDakF_Hb6x_o.roa
File: NwEklZa0XBXDVtQBDakF_Hb6x_o.roa (raw, json)
Hash identifier: izc1nnKeGv1KWp13PqwyJm9iqd50sbJq6xozpFK+kCc=
Subject key identifier: 37:01:24:95:96:B4:5C:15:C3:56:D4:01:0D:A9:05:FC:76:FA:C7:FA
Certificate issuer: /CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Certificate serial: 018CC79407A58490A14C9BB5AEF3CC6FEFAD
Authority key identifier: EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/NwEklZa0XBXDVtQBDakF_Hb6x_o.roa
Signing time: Tue 02 Jan 2024 00:30:16 +0000
ROA not before: Tue 02 Jan 2024 00:30:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 15975
IP address blocks: 217.66.224.0/21 maxlen: 21
217.66.224.0/23 maxlen: 23
217.66.226.0/24 maxlen: 24
82.205.0.0/17 maxlen: 17
217.66.227.0/24 maxlen: 24
217.66.232.0/24 maxlen: 24
217.66.228.0/22 maxlen: 22
217.66.238.0/23 maxlen: 23
217.66.236.0/24 maxlen: 24
217.66.236.0/22 maxlen: 22
86.107.16.0/22 maxlen: 22
87.252.108.0/22 maxlen: 22
188.215.100.0/22 maxlen: 22
82.205.80.0/20 maxlen: 20
82.205.96.0/20 maxlen: 20
82.205.112.0/21 maxlen: 21
217.66.240.0/20 maxlen: 20
82.205.32.0/20 maxlen: 20
212.33.96.0/20 maxlen: 20
212.33.96.0/19 maxlen: 19
185.171.132.0/22 maxlen: 22
82.205.48.0/20 maxlen: 20
82.205.64.0/20 maxlen: 20
212.33.112.0/20 maxlen: 20
212.106.80.0/20 maxlen: 20
82.102.240.0/20 maxlen: 20
82.102.192.0/20 maxlen: 20
37.8.112.0/20 maxlen: 20
82.102.208.0/20 maxlen: 20
82.102.216.0/23 maxlen: 23
82.102.224.0/20 maxlen: 20
82.102.224.0/21 maxlen: 21
212.106.64.0/20 maxlen: 20
212.106.64.0/19 maxlen: 19
82.102.232.0/24 maxlen: 24
82.102.233.0/24 maxlen: 24
212.106.73.0/24 maxlen: 24
82.102.236.0/22 maxlen: 22
82.102.234.0/23 maxlen: 23
85.113.96.0/20 maxlen: 20
85.113.96.0/19 maxlen: 19
85.113.112.0/20 maxlen: 20
176.65.12.0/22 maxlen: 22
147.189.176.0/20 maxlen: 20
194.169.123.0/24 maxlen: 24
194.169.122.0/24 maxlen: 24
194.169.121.0/24 maxlen: 24
199.250.128.0/21 maxlen: 21
199.250.128.0/19 maxlen: 19
217.21.14.0/23 maxlen: 23
217.21.12.0/23 maxlen: 23
188.209.208.0/22 maxlen: 22
37.8.64.0/20 maxlen: 20
37.8.80.0/20 maxlen: 20
37.8.96.0/20 maxlen: 20
37.8.0.0/17 maxlen: 17
199.250.136.0/21 maxlen: 21
199.250.144.0/21 maxlen: 21
199.250.152.0/21 maxlen: 21
37.8.32.0/20 maxlen: 20
37.8.48.0/20 maxlen: 20
109.232.163.0/24 maxlen: 24
109.232.162.0/24 maxlen: 24
185.90.242.0/24 maxlen: 24
217.78.48.0/21 maxlen: 21
217.78.56.0/24 maxlen: 24
217.78.56.0/22 maxlen: 22
217.21.3.0/24 maxlen: 24
217.21.2.0/24 maxlen: 24
217.21.4.0/24 maxlen: 24
217.21.0.0/23 maxlen: 23
217.21.6.0/23 maxlen: 23
217.21.8.0/23 maxlen: 23
217.21.5.0/24 maxlen: 24
217.21.10.0/23 maxlen: 23
2a01:7f80::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl
rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.mft
rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Nov 2024 00:17:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:94:07:a5:84:90:a1:4c:9b:b5:ae:f3:cc:6f:ef:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Validity
Not Before: Jan 2 00:30:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3701249596b45c15c356d4010da905fc76fac7fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:8e:15:34:7e:56:6d:01:54:3c:57:96:15:86:
52:45:86:35:af:ce:3b:1c:98:20:7d:8d:6f:83:88:
cf:a3:8c:75:9d:e5:c7:3b:7b:c3:19:0f:61:56:84:
91:ea:6e:85:07:bb:e8:9a:2e:45:2a:48:ce:ec:eb:
e3:24:23:ae:28:77:8e:59:a7:fa:b6:56:57:df:61:
77:e4:27:98:3f:02:52:c5:28:98:d2:66:fb:96:0d:
28:a8:6d:57:11:ca:a6:e9:39:2f:9f:90:a4:56:95:
9b:88:db:e1:29:86:00:1d:8d:11:69:f2:17:1b:53:
6e:5b:f3:2f:93:d2:b4:e4:58:82:59:62:59:3e:10:
3e:5f:3d:a3:10:2c:36:60:45:95:ec:fe:4d:1e:20:
12:44:ba:cd:5e:68:63:65:c2:ec:48:c4:0f:f7:9e:
a1:f8:31:f1:ac:f0:01:69:9c:08:8e:d7:64:d4:ab:
86:16:c5:21:aa:9a:29:35:f3:43:85:b5:06:d2:80:
ad:85:60:52:83:b0:bd:69:3f:a3:e0:31:8b:94:7c:
45:48:c4:9e:88:83:9a:89:28:e9:04:46:b0:01:99:
c5:fd:a8:7d:a5:4e:8c:21:b6:0d:d4:82:83:2d:35:
20:66:01:c3:86:67:e1:16:54:0d:e3:9d:44:c4:9b:
58:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:01:24:95:96:B4:5C:15:C3:56:D4:01:0D:A9:05:FC:76:FA:C7:FA
X509v3 Authority Key Identifier:
keyid:EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/NwEklZa0XBXDVtQBDakF_Hb6x_o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.8.0.0/17
82.102.192.0/18
82.205.0.0/17
85.113.96.0/19
86.107.16.0/22
87.252.108.0/22
109.232.162.0/23
147.189.176.0/20
176.65.12.0/22
185.90.242.0/24
185.171.132.0/22
188.209.208.0/22
188.215.100.0/22
194.169.121.0-194.169.123.255
199.250.128.0/19
212.33.96.0/19
212.106.64.0/19
217.21.0.0/20
217.66.224.0-217.66.232.255
217.66.236.0-217.66.255.255
217.78.48.0-217.78.59.255
IPv6:
2a01:7f80::/32
Signature Algorithm: sha256WithRSAEncryption
2e:c1:c5:a9:11:e8:85:bd:4c:f6:af:41:e7:e9:62:73:26:6c:
01:ce:c3:20:11:9c:10:9d:5a:07:98:47:eb:7e:99:e6:7b:d5:
9a:c6:23:05:5b:f6:9c:e2:37:df:86:90:43:8f:20:4e:9a:70:
a5:41:7f:53:16:46:ef:bb:bb:c1:24:0e:ed:53:f3:c2:b1:c1:
1e:37:9a:1c:37:6b:41:32:2b:31:4a:aa:bc:23:3d:6e:51:e5:
17:7a:cb:91:ec:dc:88:18:ba:a2:b4:e1:32:c5:61:c6:39:9f:
55:e9:a0:be:d6:ae:c5:86:75:d7:02:d1:48:5c:dc:a8:2f:df:
a9:d5:c7:0f:3e:85:06:40:bb:89:bd:09:ef:af:4b:dc:fc:18:
9f:97:e5:ad:83:30:3c:7b:77:b2:ff:52:d0:43:4f:93:24:b1:
0c:a7:11:38:06:7c:75:89:0e:50:ce:6c:52:d7:4f:d3:20:9d:
fc:9e:63:f1:80:76:2c:48:f6:d6:e2:8d:e3:92:75:46:b5:7b:
99:86:5a:6b:09:1e:c2:ba:c5:25:62:01:34:bf:45:9b:1f:28:
01:d2:63:bc:cf:44:61:e5:a6:fa:77:01:3b:13:69:07:26:a7:
cd:a5:44:1a:41:3c:f2:f1:93:01:f1:cc:26:fd:9e:e9:06:46:
b2:e6:56:f5
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAYzHlAelhJChTJu1rvPMb++tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjM2E2MzNlZjJjMDgyNTFhNTg2MDM1NjJlNTZhYTZlZmE5
M2VjMjUwHhcNMjQwMTAyMDAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzAxMjQ5NTk2YjQ1YzE1YzM1NmQ0MDEwZGE5MDVmYzc2ZmFjN2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoo4VNH5WbQFUPFeWFYZSRYY1r847
HJggfY1vg4jPo4x1neXHO3vDGQ9hVoSR6m6FB7vomi5FKkjO7OvjJCOuKHeOWaf6
tlZX32F35CeYPwJSxSiY0mb7lg0oqG1XEcqm6Tkvn5CkVpWbiNvhKYYAHY0RafIX
G1NuW/Mvk9K05FiCWWJZPhA+Xz2jECw2YEWV7P5NHiASRLrNXmhjZcLsSMQP956h
+DHxrPABaZwIjtdk1KuGFsUhqpopNfNDhbUG0oCthWBSg7C9aT+j4DGLlHxFSMSe
iIOaiSjpBEawAZnF/ah9pU6MIbYN1IKDLTUgZgHDhmfhFlQN451ExJtYkwIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFDcBJJWWtFwVw1bUAQ2pBfx2+sf6MB8GA1UdIwQY
MBaAFOw6Yz7ywIJRpYYDVi5Wqm76k+wlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUt
ZjdjMmMyYTkxYmMyLzEvTndFa2xaYTBYQlhEVnRRQkRha0ZfSGI2eF9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUtZjdjMmMyYTkxYmMy
LzEvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHJBggrBgEFBQcBBwEB/wSBuTCBtjCBpAQCAAEwgZ0DBAcl
CAADBAZSZsADBAdSzQADBAVVcWADBAJWaxADBAJX/GwDBAFt6KIDBASTvbADBAKw
QQwDBAC5WvIDBAK5q4QDBAK80dADBAK812QwDAMEAMKpeQMEAsKpeAMEBcf6gAME
BdQhYAMEBdRqQAMEBNkVADAMAwQF2ULgAwQA2ULoMAsDBALZQuwDAwDZQjAMAwQE
2U4wAwQC2U44MA0EAgACMAcDBQAqAX+AMA0GCSqGSIb3DQEBCwUAA4IBAQAuwcWp
EeiFvUz2r0Hn6WJzJmwBzsMgEZwQnVoHmEfrfpnme9WaxiMFW/ac4jffhpBDjyBO
mnClQX9TFkbvu7vBJA7tU/PCscEeN5ocN2tBMisxSqq8Iz1uUeUXesuR7NyIGLqi
tOEyxWHGOZ9V6aC+1q7FhnXXAtFIXNyoL9+p1ccPPoUGQLuJvQnvr0vc/Bifl+Wt
gzA8e3ey/1LQQ0+TJLEMpxE4Bnx1iQ5QzmxS10/TIJ38nmPxgHYsSPbW4o3jknVG
tXuZhlprCR7CusUlYgE0v0WbHygB0mO8z0Rh5ab6dwE7E2kHJqfNpUQaQTzy8ZMB
8cwm/Z7pBkay5lb1
-----END CERTIFICATE-----
Generated at Sat Nov 23 07:50:20 2024 by rpki-client on console-ams.rpki-client.org