Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/R8aF17WmY7eq3okCCuOK7_a9WZA.roa
File: R8aF17WmY7eq3okCCuOK7_a9WZA.roa (raw, json)
Hash identifier: 0lR6KIF8mNFcvb24ietYcYUUE5ID+4HihrVA5KaYYI0=
Subject key identifier: 47:C6:85:D7:B5:A6:63:B7:AA:DE:89:02:0A:E3:8A:EF:F6:BD:59:90
Certificate issuer: /CN=db9d197fbbee2a1dccb4f55722a8210d3105b042
Certificate serial: 018CC348991F5F36ACA09A9FF04F3BAE698C
Authority key identifier: DB:9D:19:7F:BB:EE:2A:1D:CC:B4:F5:57:22:A8:21:0D:31:05:B0:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/250Zf7vuKh3MtPVXIqghDTEFsEI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/R8aF17WmY7eq3okCCuOK7_a9WZA.roa
Signing time: Mon 01 Jan 2024 04:29:24 +0000
ROA not before: Mon 01 Jan 2024 04:29:24 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 25255
IP address blocks: 91.141.0.0/20 maxlen: 20
91.141.0.0/22 maxlen: 22
91.141.0.0/17 maxlen: 17
94.245.192.0/24 maxlen: 24
94.245.192.0/18 maxlen: 18
213.94.64.0/21 maxlen: 21
213.94.64.0/18 maxlen: 18
213.94.78.0/24 maxlen: 24
213.94.76.0/24 maxlen: 24
213.94.77.0/24 maxlen: 24
91.141.32.0/19 maxlen: 19
91.141.64.0/20 maxlen: 20
77.119.224.0/19 maxlen: 19
77.116.128.0/17 maxlen: 17
77.119.160.0/20 maxlen: 20
178.113.0.0/17 maxlen: 17
77.119.192.0/19 maxlen: 19
77.117.0.0/17 maxlen: 17
46.220.0.0/16 maxlen: 16
178.112.0.0/17 maxlen: 17
194.24.128.0/19 maxlen: 19
178.112.0.0/14 maxlen: 14
178.115.128.0/20 maxlen: 20
178.115.128.0/22 maxlen: 22
194.24.158.0/24 maxlen: 24
194.24.159.0/24 maxlen: 24
77.116.0.0/17 maxlen: 17
77.116.0.0/14 maxlen: 14
77.119.128.0/20 maxlen: 20
77.119.128.0/22 maxlen: 22
109.126.64.0/18 maxlen: 18
178.112.128.0/17 maxlen: 17
178.115.224.0/19 maxlen: 19
81.3.192.0/24 maxlen: 24
81.3.192.0/18 maxlen: 18
213.94.79.0/24 maxlen: 24
213.94.80.0/22 maxlen: 22
213.94.96.0/21 maxlen: 21
213.94.95.0/24 maxlen: 24
178.165.192.0/20 maxlen: 20
178.115.64.0/20 maxlen: 20
81.3.204.0/23 maxlen: 23
81.3.206.0/23 maxlen: 23
81.3.201.0/24 maxlen: 24
81.3.211.0/24 maxlen: 24
81.3.210.0/24 maxlen: 24
178.165.128.0/17 maxlen: 17
178.165.128.0/22 maxlen: 22
178.165.128.0/20 maxlen: 20
178.165.160.0/19 maxlen: 19
178.115.32.0/19 maxlen: 19
2a02:2861:d::/48 maxlen: 48
2a02:2864::/30 maxlen: 30
2a02:2861::/32 maxlen: 32
2a02:2861:e::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/250Zf7vuKh3MtPVXIqghDTEFsEI.crl
rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/250Zf7vuKh3MtPVXIqghDTEFsEI.mft
rsync://rpki.ripe.net/repository/DEFAULT/250Zf7vuKh3MtPVXIqghDTEFsEI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 27 Nov 2024 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:48:99:1f:5f:36:ac:a0:9a:9f:f0:4f:3b:ae:69:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=db9d197fbbee2a1dccb4f55722a8210d3105b042
Validity
Not Before: Jan 1 04:29:24 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=47c685d7b5a663b7aade89020ae38aeff6bd5990
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:a4:0d:f5:e6:bf:0d:6c:bc:b9:21:ec:c0:6d:
3d:08:07:22:9c:b0:d0:95:f8:35:78:7e:d0:5c:8d:
bb:aa:1f:e3:ed:2d:f8:11:9b:44:e7:18:6a:b1:c8:
3a:d5:f0:8b:4b:e5:2d:36:4f:2c:bf:f6:08:43:7f:
18:f0:8a:a9:68:c1:99:fd:d3:55:82:3b:ba:e0:a4:
d3:b2:72:61:f6:36:5d:ae:b1:07:6c:23:44:67:3a:
05:5c:85:f3:69:ab:64:7c:ed:d1:e5:01:49:1a:98:
f3:f8:6b:2f:95:49:17:65:bb:8e:c2:ca:ff:be:4c:
56:bc:b2:cc:28:09:37:16:3b:a2:5c:d3:42:da:25:
66:e7:87:c5:68:2b:2a:09:83:e1:1d:f5:0f:10:a5:
ce:17:7b:b0:c3:27:5d:38:b7:97:a5:d6:de:31:f2:
9f:15:4c:aa:1b:15:e3:77:19:a1:69:23:a0:0d:cc:
8b:4f:de:59:de:90:50:35:f2:a2:1c:ce:4c:42:74:
1f:b2:5f:b4:93:ba:a3:66:df:42:ff:d9:28:3f:2e:
e9:7a:9f:75:7f:be:42:4b:c9:98:2b:26:97:0a:65:
38:b4:c7:4a:db:52:dc:8e:b2:59:5c:9f:66:e0:fd:
ba:67:22:7d:a3:40:34:25:32:72:af:7a:ca:3c:40:
ef:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:C6:85:D7:B5:A6:63:B7:AA:DE:89:02:0A:E3:8A:EF:F6:BD:59:90
X509v3 Authority Key Identifier:
keyid:DB:9D:19:7F:BB:EE:2A:1D:CC:B4:F5:57:22:A8:21:0D:31:05:B0:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/250Zf7vuKh3MtPVXIqghDTEFsEI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/R8aF17WmY7eq3okCCuOK7_a9WZA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/250Zf7vuKh3MtPVXIqghDTEFsEI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.220.0.0/16
77.116.0.0/14
81.3.192.0/18
91.141.0.0/17
94.245.192.0/18
109.126.64.0/18
178.112.0.0/14
178.165.128.0/17
194.24.128.0/19
213.94.64.0/18
IPv6:
2a02:2861::/32
2a02:2864::/30
Signature Algorithm: sha256WithRSAEncryption
51:19:5e:ad:33:40:a2:bc:da:42:73:e8:ab:b4:38:4f:27:76:
51:ab:39:a0:e7:20:fc:33:18:e5:aa:e6:29:47:c3:9b:3a:f9:
88:1a:ed:7d:1a:d5:9a:cd:81:a3:4b:f6:21:56:e9:0e:3f:b7:
4e:cf:91:85:31:d8:24:9a:ef:0e:a4:43:3e:6a:a0:7f:5a:5d:
63:cb:64:65:d5:0a:d8:52:9d:60:d6:6b:3f:d9:81:60:3a:2c:
c7:11:07:5b:b6:97:c4:b6:80:65:27:b0:b9:f5:60:cb:c7:54:
98:4b:2e:ac:22:4f:92:21:77:a9:eb:00:88:ce:bd:b5:3b:53:
b7:34:21:ce:46:dd:05:73:34:c9:db:35:da:c5:71:99:5b:23:
d7:bb:3d:13:8b:da:b5:b3:38:af:f9:58:25:82:76:05:c6:1b:
99:09:ad:c7:5f:4d:49:d2:1b:4f:c4:e5:91:8d:e6:ea:cf:26:
d7:76:10:f4:9d:37:f7:01:96:51:a6:44:56:81:0f:7a:ef:23:
e3:06:21:b8:24:cc:f2:d8:33:9f:28:95:91:4a:f9:44:cb:57:
25:ec:6e:3d:ea:23:e9:e7:6c:7d:42:d0:85:f1:c9:51:e2:27:
fa:1e:6e:5d:1c:9a:5f:da:e3:88:84:ab:11:8a:f8:08:39:e6:
3a:12:05:4f
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYzDSJkfXzasoJqf8E87rmmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiOWQxOTdmYmJlZTJhMWRjY2I0ZjU1NzIyYTgyMTBkMzEw
NWIwNDIwHhcNMjQwMTAxMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2M2ODVkN2I1YTY2M2I3YWFkZTg5MDIwYWUzOGFlZmY2YmQ1OTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6QN9ea/DWy8uSHswG09CAcinLDQ
lfg1eH7QXI27qh/j7S34EZtE5xhqscg61fCLS+UtNk8sv/YIQ38Y8IqpaMGZ/dNV
gju64KTTsnJh9jZdrrEHbCNEZzoFXIXzaatkfO3R5QFJGpjz+GsvlUkXZbuOwsr/
vkxWvLLMKAk3FjuiXNNC2iVm54fFaCsqCYPhHfUPEKXOF3uwwyddOLeXpdbeMfKf
FUyqGxXjdxmhaSOgDcyLT95Z3pBQNfKiHM5MQnQfsl+0k7qjZt9C/9koPy7pep91
f75CS8mYKyaXCmU4tMdK21LcjrJZXJ9m4P26ZyJ9o0A0JTJyr3rKPEDv4wIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFEfGhde1pmO3qt6JAgrjiu/2vVmQMB8GA1UdIwQY
MBaAFNudGX+77iodzLT1VyKoIQ0xBbBCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjUwWmY3dnVLaDNNdFBWWElxZ2hEVEVGc0VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8wOWQxMzctNDc3Yi00ZWZlLWEzZDMt
NGIyMzk1NmZiZDg2LzEvUjhhRjE3V21ZN2VxM29rQ0N1T0s3X2E5V1pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8wOWQxMzctNDc3Yi00ZWZlLWEzZDMtNGIyMzk1NmZiZDg2
LzEvMjUwWmY3dnVLaDNNdFBWWElxZ2hEVEVGc0VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzA/BAIAATA5AwMALtwDAwJN
dAMEBlEDwAMEB1uNAAMEBl71wAMEBm1+QAMDArJwAwQHsqWAAwQFwhiAAwQG1V5A
MBQEAgACMA4DBQAqAihhAwUCKgIoZDANBgkqhkiG9w0BAQsFAAOCAQEAURlerTNA
orzaQnPoq7Q4Tyd2Uas5oOcg/DMY5armKUfDmzr5iBrtfRrVms2Bo0v2IVbpDj+3
Ts+RhTHYJJrvDqRDPmqgf1pdY8tkZdUK2FKdYNZrP9mBYDosxxEHW7aXxLaAZSew
ufVgy8dUmEsurCJPkiF3qesAiM69tTtTtzQhzkbdBXM0yds12sVxmVsj17s9E4va
tbM4r/lYJYJ2BcYbmQmtx19NSdIbT8TlkY3m6s8m13YQ9J039wGWUaZEVoEPeu8j
4wYhuCTM8tgznyiVkUr5RMtXJexuPeoj6edsfULQhfHJUeIn+h5uXRyaX9rjiISr
EYr4CDnmOhIFTw==
-----END CERTIFICATE-----
Generated at Wed Nov 27 01:02:15 2024 by rpki-client on console-fra.rpki-client.org