Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/6LENCRUTBr2mHiY6afhjp5aIhTU.roa
File: 6LENCRUTBr2mHiY6afhjp5aIhTU.roa (raw, json)
Hash identifier: QybG+Egajez7cououQaTYEb5Az4WE/CgkluBa8LhkGc=
Subject key identifier: E8:B1:0D:09:15:13:06:BD:A6:1E:26:3A:69:F8:63:A7:96:88:85:35
Certificate issuer: /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial: 0192D765A984A51B5E2DA1F674A9706E355B
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/6LENCRUTBr2mHiY6afhjp5aIhTU.roa
Signing time: Tue 29 Oct 2024 08:30:16 +0000
ROA not before: Tue 29 Oct 2024 08:30:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 5430
IP address blocks: 62.104.0.0/16 maxlen: 16
62.104.10.0/23 maxlen: 23
62.104.12.0/22 maxlen: 22
62.104.16.0/24 maxlen: 24
62.104.17.0/24 maxlen: 24
62.104.18.0/24 maxlen: 24
62.104.20.0/23 maxlen: 24
62.104.45.0/24 maxlen: 24
62.104.46.0/23 maxlen: 23
62.104.48.0/23 maxlen: 23
62.104.50.0/24 maxlen: 24
62.104.56.0/24 maxlen: 24
62.104.66.0/23 maxlen: 23
62.104.95.0/24 maxlen: 24
62.104.96.0/21 maxlen: 22
62.104.104.0/22 maxlen: 22
62.104.164.0/22 maxlen: 22
62.104.164.0/24 maxlen: 24
62.104.168.0/22 maxlen: 22
62.104.172.0/23 maxlen: 23
62.104.174.0/24 maxlen: 24
62.104.175.0/24 maxlen: 24
62.104.176.0/22 maxlen: 22
89.58.120.0/21 maxlen: 21
194.97.0.0/18 maxlen: 18
194.97.46.0/23 maxlen: 24
194.97.58.0/24 maxlen: 24
194.97.96.0/19 maxlen: 19
194.97.96.0/24 maxlen: 24
194.97.102.0/24 maxlen: 24
194.97.118.0/24 maxlen: 24
194.97.119.0/24 maxlen: 24
194.97.120.0/23 maxlen: 23
194.97.122.0/24 maxlen: 24
194.97.160.0/19 maxlen: 19
194.97.164.0/22 maxlen: 22
195.4.0.0/17 maxlen: 17
195.4.6.0/24 maxlen: 24
195.4.12.0/23 maxlen: 23
195.4.16.0/22 maxlen: 22
195.4.16.0/24 maxlen: 24
195.4.27.0/24 maxlen: 24
195.4.70.0/24 maxlen: 24
195.4.71.0/24 maxlen: 24
195.4.104.0/22 maxlen: 22
195.4.176.0/21 maxlen: 24
195.4.176.0/24 maxlen: 24
195.4.178.0/23 maxlen: 23
195.4.216.0/21 maxlen: 21
195.4.224.0/19 maxlen: 19
2001:748::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 08:00:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:d7:65:a9:84:a5:1b:5e:2d:a1:f6:74:a9:70:6e:35:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Validity
Not Before: Oct 29 08:30:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e8b10d09151306bda61e263a69f863a796888535
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:8e:1c:e6:c7:74:8f:61:bf:90:b2:14:7d:aa:
0f:3b:2c:34:59:d3:f4:21:ab:20:f1:8a:d2:c4:b8:
e0:00:29:f5:26:02:f6:a7:54:20:6a:35:fc:29:6a:
d5:1e:58:9a:32:a1:57:3f:4d:4c:eb:32:e1:ba:c5:
2b:01:47:d1:2e:c4:4d:10:51:e2:e7:dd:a6:68:e2:
cb:11:bb:99:11:79:93:03:cb:00:35:35:33:63:df:
b3:a3:d0:f6:94:d8:53:52:51:4b:e6:76:ec:40:70:
32:8c:b1:37:0f:3a:20:fd:aa:31:2d:86:cb:c5:2b:
6f:d6:38:5f:20:b8:69:58:59:d9:07:15:59:a8:4a:
6a:21:90:40:19:09:4e:44:77:59:7d:e0:d1:58:c2:
59:37:16:3d:db:b7:52:b2:a3:74:92:61:b7:6a:b2:
79:d9:2e:04:27:c2:82:91:4b:fc:ae:54:2d:54:ff:
d1:69:67:d7:85:a5:15:07:3d:09:c3:1b:72:75:3d:
1a:a6:90:98:71:d2:4b:7f:e8:18:1f:bb:38:81:05:
ba:f5:eb:4f:07:c7:b9:95:fa:85:f9:4d:2b:8b:9c:
9a:fd:5b:da:44:32:29:1d:01:86:26:c7:e4:32:29:
12:13:40:e7:a9:cf:06:c2:4a:d4:91:6a:e0:51:79:
67:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:B1:0D:09:15:13:06:BD:A6:1E:26:3A:69:F8:63:A7:96:88:85:35
X509v3 Authority Key Identifier:
keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/6LENCRUTBr2mHiY6afhjp5aIhTU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.104.0.0/16
89.58.120.0/21
194.97.0.0/18
194.97.96.0/19
194.97.160.0/19
195.4.0.0/17
195.4.176.0/21
195.4.216.0-195.4.255.255
IPv6:
2001:748::/32
Signature Algorithm: sha256WithRSAEncryption
14:5f:b2:8c:64:aa:9a:72:31:1e:7d:43:6f:c7:cf:c0:fe:2b:
d6:d1:99:a9:a9:9a:9e:db:de:16:80:25:28:f4:97:9b:a5:49:
f1:06:e0:6b:3a:3e:ef:54:6c:d8:c9:89:07:06:e8:b2:cd:2b:
75:88:31:7e:cf:5f:c5:4b:e4:69:90:7e:35:4d:ad:86:73:6e:
57:06:ea:8c:cb:b0:7b:3d:7c:1b:b8:09:e2:9a:59:2e:3d:dc:
27:9f:09:67:d9:6a:5e:f7:83:54:4a:31:88:e0:82:53:05:37:
e0:2c:1b:cf:02:77:d7:94:db:7c:16:d2:e8:2c:48:89:e1:84:
7b:84:a5:fb:d8:d1:ec:4d:2a:15:17:a7:38:e8:34:a8:75:27:
5b:4d:e5:31:6d:5c:25:0f:e0:5f:8e:e6:f6:37:0d:3a:00:b8:
4d:83:36:59:5c:81:78:17:24:07:e0:cf:05:db:f8:37:33:3a:
3e:22:8e:47:2c:19:2a:25:a4:e6:5f:8e:61:35:51:66:51:40:
77:77:45:ba:89:c8:79:f5:38:c7:bd:c6:02:7b:a7:61:2e:1f:
b5:4f:59:15:9f:c3:2d:6d:68:2d:95:9c:d7:e3:c8:52:de:49:
28:12:5d:57:00:b0:e6:b2:c9:29:84:2f:f1:c8:9f:bb:0d:71:
ee:1d:bc:0d
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZLXZamEpRteLaH2dKlwbjVbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjQxMDI5MDgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGIxMGQwOTE1MTMwNmJkYTYxZTI2M2E2OWY4NjNhNzk2ODg4NTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr44c5sd0j2G/kLIUfaoPOyw0WdP0
Iasg8YrSxLjgACn1JgL2p1QgajX8KWrVHliaMqFXP01M6zLhusUrAUfRLsRNEFHi
592maOLLEbuZEXmTA8sANTUzY9+zo9D2lNhTUlFL5nbsQHAyjLE3Dzog/aoxLYbL
xStv1jhfILhpWFnZBxVZqEpqIZBAGQlORHdZfeDRWMJZNxY927dSsqN0kmG3arJ5
2S4EJ8KCkUv8rlQtVP/RaWfXhaUVBz0JwxtydT0appCYcdJLf+gYH7s4gQW69etP
B8e5lfqF+U0ri5ya/VvaRDIpHQGGJsfkMikSE0Dnqc8GwkrUkWrgUXlnPQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFOixDQkVEwa9ph4mOmn4Y6eWiIU1MB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvNkxFTkNSVVRCcjJtSGlZNmFmaGpwNWFJaFRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwMAPmgDBANZ
OngDBAbCYQADBAXCYWADBAXCYaADBAfDBAADBAPDBLAwCwMEA8ME2AMDAMMEMA0E
AgACMAcDBQAgAQdIMA0GCSqGSIb3DQEBCwUAA4IBAQAUX7KMZKqacjEefUNvx8/A
/ivW0ZmpqZqe294WgCUo9JebpUnxBuBrOj7vVGzYyYkHBuiyzSt1iDF+z1/FS+Rp
kH41Ta2Gc25XBuqMy7B7PXwbuAnimlkuPdwnnwln2Wpe94NUSjGI4IJTBTfgLBvP
AnfXlNt8FtLoLEiJ4YR7hKX72NHsTSoVF6c46DSodSdbTeUxbVwlD+Bfjub2Nw06
ALhNgzZZXIF4FyQH4M8F2/g3Mzo+Io5HLBkqJaTmX45hNVFmUUB3d0W6ich59TjH
vcYCe6dhLh+1T1kVn8MtbWgtlZzX48hS3kkoEl1XALDmsskphC/xyJ+7DXHuHbwN
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:05:27 2024 by rpki-client on console-fra.rpki-client.org