Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/999RUH74yD7B4_2B443zAzrr7SQ.roa
File: 999RUH74yD7B4_2B443zAzrr7SQ.roa (raw, json)
Hash identifier: Yll3VMhcFqpJRpydGvXWWM+zhFA4kZ0qgrzgl9oqVHM=
Subject key identifier: F7:DF:51:50:7E:F8:C8:3E:C1:E3:FD:81:E3:8D:F3:03:3A:EB:ED:24
Certificate issuer: /CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
Certificate serial: 018CC9BC76E311C68BE1268475969210C602
Authority key identifier: 92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/999RUH74yD7B4_2B443zAzrr7SQ.roa
Signing time: Tue 02 Jan 2024 10:33:40 +0000
ROA not before: Tue 02 Jan 2024 10:33:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29208
IP address blocks: 213.191.96.0/19 maxlen: 19
212.80.64.0/19 maxlen: 19
88.208.64.0/18 maxlen: 18
88.146.0.0/17 maxlen: 17
195.250.128.0/19 maxlen: 19
89.235.0.0/18 maxlen: 18
212.24.128.0/19 maxlen: 19
62.4.96.0/21 maxlen: 21
62.4.104.0/22 maxlen: 22
195.122.192.0/19 maxlen: 19
83.148.0.0/18 maxlen: 18
109.235.176.0/22 maxlen: 22
95.80.192.0/18 maxlen: 18
213.175.32.0/19 maxlen: 19
194.213.224.0/19 maxlen: 19
213.151.64.0/19 maxlen: 19
185.24.236.0/22 maxlen: 22
195.250.154.0/24 maxlen: 24
46.227.8.0/21 maxlen: 21
62.44.0.0/19 maxlen: 19
82.113.32.0/19 maxlen: 19
82.119.240.0/20 maxlen: 20
151.237.224.0/21 maxlen: 21
212.20.96.0/19 maxlen: 19
82.100.0.0/18 maxlen: 18
195.128.192.0/19 maxlen: 19
85.93.96.0/19 maxlen: 19
212.27.192.0/19 maxlen: 19
62.177.64.0/18 maxlen: 18
2001:4de8::/32 maxlen: 48
2a00:c40::/32 maxlen: 32
2001:1508::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl
rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.mft
rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Jun 2024 10:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:76:e3:11:c6:8b:e1:26:84:75:96:92:10:c6:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
Validity
Not Before: Jan 2 10:33:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f7df51507ef8c83ec1e3fd81e38df3033aebed24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:9a:ae:ad:87:91:c4:c4:dd:be:49:18:76:81:
e4:ab:44:38:74:9c:70:e9:64:ff:33:91:ec:ee:1d:
0f:ce:1b:14:3d:dd:5f:16:1b:fd:f7:e7:27:ab:eb:
ff:56:7c:cc:ba:07:1f:88:59:2e:71:37:31:ad:7f:
e2:2f:a9:5f:0d:c5:fc:7c:ea:3a:cc:09:1b:38:8e:
45:a6:1f:fe:53:02:30:c9:ba:22:e1:5e:48:6b:a1:
f1:68:16:f8:8d:33:7e:2c:4f:65:55:e9:98:b1:62:
9b:05:ae:20:4a:d5:e0:a9:f5:b1:c6:fd:9f:e2:25:
5a:83:2f:96:78:db:01:bd:62:31:33:ca:f1:b5:60:
ff:cc:6c:cd:77:a7:2f:7e:e2:33:fb:bb:4c:bc:50:
24:07:12:b0:18:c3:96:f1:8f:e9:de:29:5d:6a:cc:
33:e6:86:09:c8:b3:4f:a2:a0:70:a5:13:76:31:e2:
97:2c:5c:ea:37:a7:95:a3:fa:1e:47:bd:15:f2:fe:
87:33:2b:be:49:14:94:96:fe:af:9c:89:b6:fe:5c:
8b:c9:73:c1:6d:50:ab:c1:18:fa:5c:82:e0:14:36:
f7:0e:4a:55:09:42:4f:eb:6b:74:af:d2:75:43:ca:
73:6a:03:4a:7c:b8:96:5e:44:a3:6c:d7:59:cf:ee:
47:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:DF:51:50:7E:F8:C8:3E:C1:E3:FD:81:E3:8D:F3:03:3A:EB:ED:24
X509v3 Authority Key Identifier:
keyid:92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/999RUH74yD7B4_2B443zAzrr7SQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.227.8.0/21
62.4.96.0-62.4.107.255
62.44.0.0/19
62.177.64.0/18
82.100.0.0/18
82.113.32.0/19
82.119.240.0/20
83.148.0.0/18
85.93.96.0/19
88.146.0.0/17
88.208.64.0/18
89.235.0.0/18
95.80.192.0/18
109.235.176.0/22
151.237.224.0/21
185.24.236.0/22
194.213.224.0/19
195.122.192.0/19
195.128.192.0/19
195.250.128.0/19
212.20.96.0/19
212.24.128.0/19
212.27.192.0/19
212.80.64.0/19
213.151.64.0/19
213.175.32.0/19
213.191.96.0/19
IPv6:
2001:1508::/32
2001:4de8::/32
2a00:c40::/32
Signature Algorithm: sha256WithRSAEncryption
e7:71:4b:00:d5:82:00:93:b8:e3:5c:d9:05:34:05:cc:16:42:
bf:fd:4c:e5:3c:5a:3d:6a:a3:9a:2f:ca:b6:3a:e1:3f:ad:d8:
d3:c8:22:49:5a:fd:f7:d9:88:c8:ae:54:ba:85:61:d7:08:ab:
e9:7c:33:05:a5:52:a7:a2:36:51:de:fd:47:54:2a:02:16:03:
00:b2:c6:6d:8d:cc:db:5a:70:88:ac:45:45:39:f6:30:ae:6f:
3a:97:29:4a:07:69:49:81:a4:ee:83:02:27:2b:a5:df:08:bf:
6e:12:d0:5f:96:fc:7e:dd:2f:b1:5b:4a:ac:80:34:59:df:6a:
68:83:53:ad:f2:3d:03:3b:db:e9:8f:a8:e6:eb:7f:7a:87:ef:
b5:0d:a3:8b:f2:14:cb:e1:8c:fb:33:00:55:5b:18:04:d4:81:
06:5d:3d:b8:8b:63:f9:bd:12:52:4e:ed:91:ea:62:09:24:6c:
e8:7c:8c:c7:cb:8c:ab:9d:7c:7b:47:4d:0d:bd:81:b9:bd:fc:
80:53:a2:8e:5a:fc:f1:5a:c4:16:bf:c7:1c:9a:a9:4f:14:32:
59:c7:79:50:0c:40:74:62:96:a7:c8:2e:b3:d8:de:3f:9b:00:
51:cb:6b:32:d6:35:9f:da:fd:bd:15:46:66:5b:19:e5:33:93:
08:44:91:ea
-----BEGIN CERTIFICATE-----
MIIFwzCCBKugAwIBAgISAYzJvHbjEcaL4SaEdZaSEMYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyOTM1MmE4ZDJkZDcwYzkxZmZjZWM4ZTMyM2ZlNjlmMWU5
YTQxMzkwHhcNMjQwMTAyMTAzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2RmNTE1MDdlZjhjODNlYzFlM2ZkODFlMzhkZjMwMzNhZWJlZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpqurYeRxMTdvkkYdoHkq0Q4dJxw
6WT/M5Hs7h0PzhsUPd1fFhv99+cnq+v/VnzMugcfiFkucTcxrX/iL6lfDcX8fOo6
zAkbOI5Fph/+UwIwyboi4V5Ia6HxaBb4jTN+LE9lVemYsWKbBa4gStXgqfWxxv2f
4iVagy+WeNsBvWIxM8rxtWD/zGzNd6cvfuIz+7tMvFAkBxKwGMOW8Y/p3ildaswz
5oYJyLNPoqBwpRN2MeKXLFzqN6eVo/oeR70V8v6HMyu+SRSUlv6vnIm2/lyLyXPB
bVCrwRj6XILgFDb3DkpVCUJP62t0r9J1Q8pzagNKfLiWXkSjbNdZz+5HLwIDAQAB
o4ICzzCCAsswHQYDVR0OBBYEFPffUVB++Mg+weP9geON8wM66+0kMB8GA1UdIwQY
MBaAFJKTUqjS3XDJH/zsjjI/5p8emkE5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYt
MGExYTM1ODk3ZjEwLzEvOTk5UlVINzR5RDdCNF8yQjQ0M3pBenJyN1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYtMGExYTM1ODk3ZjEw
LzEva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHkBggrBgEFBQcBBwEB/wSB1DCB0TCBsQQCAAEwgaoDBAMu
4wgwDAMEBT4EYAMEAj4EaAMEBT4sAAMEBj6xQAMEBlJkAAMEBVJxIAMEBFJ38AME
BlOUAAMEBVVdYAMEB1iSAAMEBljQQAMEBlnrAAMEBl9QwAMEAm3rsAMEA5ft4AME
ArkY7AMEBcLV4AMEBcN6wAMEBcOAwAMEBcP6gAMEBdQUYAMEBdQYgAMEBdQbwAME
BdRQQAMEBdWXQAMEBdWvIAMEBdW/YDAbBAIAAjAVAwUAIAEVCAMFACABTegDBQAq
AAxAMA0GCSqGSIb3DQEBCwUAA4IBAQDncUsA1YIAk7jjXNkFNAXMFkK//UzlPFo9
aqOaL8q2OuE/rdjTyCJJWv332YjIrlS6hWHXCKvpfDMFpVKnojZR3v1HVCoCFgMA
ssZtjczbWnCIrEVFOfYwrm86lylKB2lJgaTugwInK6XfCL9uEtBflvx+3S+xW0qs
gDRZ32pog1Ot8j0DO9vpj6jm6396h++1DaOL8hTL4Yz7MwBVWxgE1IEGXT24i2P5
vRJSTu2R6mIJJGzofIzHy4yrnXx7R00NvYG5vfyAU6KOWvzxWsQWv8ccmqlPFDJZ
x3lQDEB0YpanyC6z2N4/mwBRy2sy1jWf2v29FUZmWxnlM5MIRJHq
-----END CERTIFICATE-----
Generated at Sat Jun 1 17:02:12 2024 by rpki-client on console-ams.rpki-client.org