Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/86hG3shlfKdUSvkVBOCwgUfnFak.roa
File: 86hG3shlfKdUSvkVBOCwgUfnFak.roa (raw, json)
Hash identifier: g6hFGZB5sjfd6uG+fw6dsamoiAjOAVOgtyEoTXA5WQA=
Subject key identifier: F3:A8:46:DE:C8:65:7C:A7:54:4A:F9:15:04:E0:B0:81:47:E7:15:A9
Certificate issuer: /CN=3545a7200164912041bb931efb1feac123b43a18
Certificate serial: 018E7ADCF69338427C85CBED90A705472840
Authority key identifier: 35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/86hG3shlfKdUSvkVBOCwgUfnFak.roa
Signing time: Tue 26 Mar 2024 13:04:45 +0000
ROA not before: Tue 26 Mar 2024 13:04:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 24768
IP address blocks: 5.253.181.0/24 maxlen: 24
5.253.182.0/24 maxlen: 24
5.253.183.0/24 maxlen: 24
82.102.7.0/24 maxlen: 24
94.46.12.0/22 maxlen: 22
94.46.12.0/24 maxlen: 24
94.46.13.0/24 maxlen: 24
94.46.14.0/24 maxlen: 24
94.46.15.0/24 maxlen: 24
94.46.16.0/22 maxlen: 22
94.46.16.0/24 maxlen: 24
94.46.20.0/22 maxlen: 22
94.46.20.0/24 maxlen: 24
94.46.21.0/24 maxlen: 24
94.46.22.0/24 maxlen: 24
94.46.23.0/24 maxlen: 24
94.46.25.0/24 maxlen: 24
94.46.26.0/24 maxlen: 24
94.46.27.0/24 maxlen: 24
94.46.28.0/22 maxlen: 22
94.46.28.0/24 maxlen: 24
94.46.29.0/24 maxlen: 24
94.46.30.0/24 maxlen: 24
94.46.128.0/21 maxlen: 21
94.46.132.0/24 maxlen: 24
94.46.133.0/24 maxlen: 24
94.46.160.0/20 maxlen: 24
94.46.176.0/21 maxlen: 21
109.71.40.0/21 maxlen: 21
109.71.40.0/24 maxlen: 24
109.71.41.0/24 maxlen: 24
109.71.42.0/24 maxlen: 24
109.71.43.0/24 maxlen: 24
109.71.44.0/24 maxlen: 24
109.71.45.0/24 maxlen: 24
109.71.46.0/24 maxlen: 24
109.71.47.0/24 maxlen: 24
130.185.80.0/21 maxlen: 21
130.185.81.0/24 maxlen: 24
130.185.82.0/24 maxlen: 24
130.185.83.0/24 maxlen: 24
130.185.84.0/24 maxlen: 24
130.185.85.0/24 maxlen: 24
130.185.86.0/24 maxlen: 24
130.185.87.0/24 maxlen: 24
185.15.20.0/22 maxlen: 22
185.15.20.0/24 maxlen: 24
185.15.22.0/24 maxlen: 24
185.15.23.0/24 maxlen: 24
2a00:1650::/33 maxlen: 33
2a00:1650:8000::/33 maxlen: 33
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl
rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.mft
rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 04 Jun 2024 22:00:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:7a:dc:f6:93:38:42:7c:85:cb:ed:90:a7:05:47:28:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3545a7200164912041bb931efb1feac123b43a18
Validity
Not Before: Mar 26 13:04:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f3a846dec8657ca7544af91504e0b08147e715a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:78:a9:f1:cd:c4:f3:a6:1f:19:04:41:d0:a8:
2b:fe:c1:3e:1b:6c:cc:ef:81:d5:70:01:2e:b4:d8:
b5:33:be:06:da:33:12:51:0c:be:bd:c2:90:b9:15:
08:ef:ff:81:f6:b0:80:45:c7:07:1e:82:1b:42:9c:
4a:17:ca:5c:3b:a8:05:80:64:f4:ca:a8:61:2b:f2:
2a:3b:3f:af:e6:1d:95:30:a1:3d:95:46:89:cb:53:
ff:f6:3d:88:b6:cc:0c:94:24:33:ca:3e:ad:76:d5:
35:e0:68:49:dd:73:46:de:f6:be:c8:6e:50:80:93:
8b:46:a8:58:57:03:54:1b:e4:d6:01:ec:b0:6c:a9:
6c:bf:19:37:30:b6:b4:78:8b:38:02:de:cb:88:ab:
5b:21:26:1c:d2:7d:2a:3f:ae:8c:a2:63:52:d5:3d:
5e:f7:f9:aa:38:29:a1:4c:39:9e:13:f6:2a:5a:82:
e6:c0:4b:cb:b5:84:77:71:ce:1c:77:64:3c:ee:05:
32:59:77:71:56:75:29:7d:71:31:08:f8:85:33:ba:
e2:4c:3f:93:78:55:a7:bd:11:56:9a:f1:72:7b:08:
ca:64:ec:b5:d9:ef:9b:74:78:7e:a1:4d:7c:ae:9b:
f2:cd:24:e5:c5:78:ce:4a:c3:f3:21:77:ad:63:4e:
6c:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:A8:46:DE:C8:65:7C:A7:54:4A:F9:15:04:E0:B0:81:47:E7:15:A9
X509v3 Authority Key Identifier:
keyid:35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/86hG3shlfKdUSvkVBOCwgUfnFak.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.181.0-5.253.183.255
82.102.7.0/24
94.46.12.0-94.46.23.255
94.46.25.0-94.46.31.255
94.46.128.0/21
94.46.160.0-94.46.183.255
109.71.40.0/21
130.185.80.0/21
185.15.20.0/22
IPv6:
2a00:1650::/32
Signature Algorithm: sha256WithRSAEncryption
53:1c:4d:ed:e6:79:7b:62:59:f6:9d:97:d9:03:46:5e:76:c5:
a6:f0:67:c2:8a:4f:f9:87:27:4f:46:2b:a7:4e:08:41:99:d6:
15:75:5b:df:26:5c:63:09:f0:e7:5a:29:cc:0b:b1:f6:12:89:
72:ad:5a:3a:ec:7b:07:18:50:e4:8b:e8:bc:93:5c:fd:54:2d:
bb:f8:dc:ef:8d:47:8e:09:f9:db:f5:5a:45:61:21:db:fa:9d:
e3:1e:c4:30:25:80:05:10:38:13:34:f1:ad:ff:18:fd:02:60:
9a:df:44:f9:bf:0e:6a:2c:46:8b:fc:99:92:a6:e6:b8:69:8a:
9c:94:69:b9:89:0d:fe:ff:6f:ae:10:b2:9b:5f:ac:a2:bb:b6:
37:02:73:38:1b:58:de:6d:33:f6:7f:e7:be:58:20:93:0e:3a:
9e:f9:6d:07:9c:a2:e1:b6:60:d6:e8:a8:d2:60:3a:85:f7:07:
c7:d6:25:62:bc:57:b6:de:e9:d4:5e:00:08:ea:82:47:c9:5d:
53:0b:cd:c9:f7:a8:72:8c:65:1e:bd:16:17:64:64:df:53:f8:
30:32:55:d3:ca:0f:68:86:c6:88:1f:84:7a:df:fe:b3:c8:8d:
90:69:9b:d6:cd:b5:c5:6e:c5:25:ef:28:11:63:32:b7:d2:b7:
29:64:ad:e5
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAY563PaTOEJ8hcvtkKcFRyhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDVhNzIwMDE2NDkxMjA0MWJiOTMxZWZiMWZlYWMxMjNi
NDNhMTgwHhcNMjQwMzI2MTMwNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2E4NDZkZWM4NjU3Y2E3NTQ0YWY5MTUwNGUwYjA4MTQ3ZTcxNWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Xip8c3E86YfGQRB0Kgr/sE+G2zM
74HVcAEutNi1M74G2jMSUQy+vcKQuRUI7/+B9rCARccHHoIbQpxKF8pcO6gFgGT0
yqhhK/IqOz+v5h2VMKE9lUaJy1P/9j2ItswMlCQzyj6tdtU14GhJ3XNG3va+yG5Q
gJOLRqhYVwNUG+TWAeywbKlsvxk3MLa0eIs4At7LiKtbISYc0n0qP66MomNS1T1e
9/mqOCmhTDmeE/YqWoLmwEvLtYR3cc4cd2Q87gUyWXdxVnUpfXExCPiFM7riTD+T
eFWnvRFWmvFyewjKZOy12e+bdHh+oU18rpvyzSTlxXjOSsPzIXetY05sEwIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFPOoRt7IZXynVEr5FQTgsIFH5xWpMB8GA1UdIwQY
MBaAFDVFpyABZJEgQbuTHvsf6sEjtDoYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDkt
YWFiYjA2MmU0MGRiLzEvODZoRzNzaGxmS2RVU3ZrVkJPQ3dnVWZuRmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDktYWFiYjA2MmU0MGRi
LzEvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBcBAIAATBWMAwDBAAF/bUD
BAMF/bADBABSZgcwDAMEAl4uDAMEA14uEDAMAwQAXi4ZAwQFXi4AAwQDXi6AMAwD
BAVeLqADBANeLrADBANtRygDBAOCuVADBAK5DxQwDQQCAAIwBwMFACoAFlAwDQYJ
KoZIhvcNAQELBQADggEBAFMcTe3meXtiWfadl9kDRl52xabwZ8KKT/mHJ09GK6dO
CEGZ1hV1W98mXGMJ8OdaKcwLsfYSiXKtWjrsewcYUOSL6LyTXP1ULbv43O+NR44J
+dv1WkVhIdv6neMexDAlgAUQOBM08a3/GP0CYJrfRPm/DmosRov8mZKm5rhpipyU
abmJDf7/b64QsptfrKK7tjcCczgbWN5tM/Z/575YIJMOOp75bQecouG2YNboqNJg
OoX3B8fWJWK8V7be6dReAAjqgkfJXVMLzcn3qHKMZR69FhdkZN9T+DAyVdPKD2iG
xogfhHrf/rPIjZBpm9bNtcVuxSXvKBFjMrfStylkreU=
-----END CERTIFICATE-----
Generated at Tue Jun 4 04:15:20 2024 by rpki-client on console-ams.rpki-client.org