Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/s5hxLq5buMsdEifQmu7Y6C-GeBo.roa
File: s5hxLq5buMsdEifQmu7Y6C-GeBo.roa (raw, json)
Hash identifier: LNGNm9e4aoNPpiS3JuwJvhXc/aLoyxuyHGU62SeR6Qg=
Subject key identifier: B3:98:71:2E:AE:5B:B8:CB:1D:12:27:D0:9A:EE:D8:E8:2F:86:78:1A
Certificate issuer: /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial: 0192E6C8074A043C7B635AE5782D783BB768
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/s5hxLq5buMsdEifQmu7Y6C-GeBo.roa
Signing time: Fri 01 Nov 2024 08:12:01 +0000
ROA not before: Fri 01 Nov 2024 08:12:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34602
IP address blocks: 31.130.128.0/21 maxlen: 21
31.130.144.0/21 maxlen: 21
31.130.152.0/22 maxlen: 22
77.50.0.0/16 maxlen: 16
77.50.0.0/23 maxlen: 23
77.50.2.0/23 maxlen: 23
77.50.4.0/22 maxlen: 22
77.50.8.0/21 maxlen: 21
77.50.16.0/20 maxlen: 20
77.50.32.0/19 maxlen: 19
77.50.53.0/24 maxlen: 24
77.50.64.0/18 maxlen: 24
77.50.128.0/17 maxlen: 24
77.233.192.0/19 maxlen: 19
77.243.96.0/20 maxlen: 20
81.17.144.0/20 maxlen: 24
91.204.128.0/22 maxlen: 22
91.204.128.0/23 maxlen: 23
91.204.130.0/24 maxlen: 24
94.141.160.0/19 maxlen: 19
94.141.162.0/23 maxlen: 23
94.141.164.0/22 maxlen: 22
94.141.168.0/22 maxlen: 22
94.141.172.0/22 maxlen: 22
94.141.176.0/20 maxlen: 20
185.185.140.0/24 maxlen: 24
2a00:e78::/31 maxlen: 36
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 12:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:e6:c8:07:4a:04:3c:7b:63:5a:e5:78:2d:78:3b:b7:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Validity
Not Before: Nov 1 08:12:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b398712eae5bb8cb1d1227d09aeed8e82f86781a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:f5:3b:a0:3b:76:6b:38:ba:90:69:c9:40:74:
a2:88:17:f8:86:58:f2:d0:d6:26:f1:d6:58:bd:b0:
10:69:dc:01:00:d3:09:19:4f:40:73:fb:92:36:3f:
55:67:3f:ba:54:bf:8e:03:7b:d5:df:7e:bc:cd:08:
4c:0f:fc:51:19:4d:90:af:c8:39:38:80:1b:20:f3:
9e:22:bc:c7:9b:6c:2c:ea:fe:72:6f:76:26:b9:4b:
b4:26:ce:68:3f:1f:d7:ed:75:55:3b:61:61:96:7d:
88:f4:8e:c8:60:d6:f5:49:e7:78:88:5d:1d:d8:71:
e4:f2:ac:73:fe:46:8f:3f:50:7b:20:a2:fd:74:14:
31:69:0b:69:6e:3d:a6:d9:1e:f0:26:ec:88:bd:74:
90:b5:e6:8b:0a:11:91:15:eb:6c:1c:d6:bf:2c:1e:
18:75:83:2c:2a:f3:a9:00:3a:64:c9:15:e6:58:06:
d0:02:b0:05:51:03:52:09:11:89:42:dd:a4:9f:93:
6c:17:d4:d3:85:d3:b5:24:44:1a:61:00:84:40:0b:
be:44:93:17:34:20:4a:9f:1f:33:df:e6:14:f0:51:
50:05:e7:c1:d2:a7:31:d0:ff:51:5c:7a:ce:f6:42:
2e:64:2a:e9:b6:5d:fe:45:bd:3a:23:7b:84:5f:9e:
6c:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:98:71:2E:AE:5B:B8:CB:1D:12:27:D0:9A:EE:D8:E8:2F:86:78:1A
X509v3 Authority Key Identifier:
keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/s5hxLq5buMsdEifQmu7Y6C-GeBo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.130.128.0/21
31.130.144.0-31.130.155.255
77.50.0.0/16
77.233.192.0/19
77.243.96.0/20
81.17.144.0/20
91.204.128.0/22
94.141.160.0/19
185.185.140.0/24
IPv6:
2a00:e78::/31
Signature Algorithm: sha256WithRSAEncryption
60:71:a1:50:c7:3a:c7:c5:3c:3b:46:38:d6:ff:0f:01:df:f1:
d4:9d:b9:b4:95:24:43:bf:57:f5:40:8e:1a:03:e7:f4:83:0b:
22:1e:72:92:10:23:bb:ab:f7:37:b0:eb:3b:84:95:1e:5c:bd:
1e:ee:a9:6d:00:46:e8:81:ef:cf:73:57:28:40:9f:10:57:7e:
53:07:73:de:56:f8:e3:d5:86:18:28:1b:5c:62:ae:e0:02:61:
82:76:64:1c:3b:31:4f:2b:6a:14:1b:51:e9:91:95:49:a4:ca:
91:b4:93:23:17:75:c7:7a:55:aa:e0:9c:44:c0:d3:15:3b:f9:
9e:5f:31:44:b8:f6:ae:20:4a:88:02:2b:bf:2e:46:71:bd:9e:
aa:57:a5:fc:55:fe:7c:b9:6e:82:c5:cb:a7:99:52:4a:ee:ad:
db:27:60:00:6f:bf:29:22:e5:d5:43:84:37:26:57:d6:5f:bb:
f5:66:3f:73:df:35:1d:75:41:70:98:20:fc:57:8d:6e:51:2d:
c7:6f:b0:66:c5:5a:08:de:7c:91:03:ef:0c:6e:fc:58:96:55:
b6:25:f2:9d:29:f3:39:b7:52:c2:24:59:2b:bf:b0:11:b2:9c:
38:9e:3b:59:dd:bf:cd:f9:0c:89:df:a4:f3:a1:1f:5e:5d:b1:
f6:87:f5:7b
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZLmyAdKBDx7Y1rleC14O7doMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjQxMTAxMDgxMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzk4NzEyZWFlNWJiOGNiMWQxMjI3ZDA5YWVlZDhlODJmODY3ODFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/U7oDt2azi6kGnJQHSiiBf4hljy
0NYm8dZYvbAQadwBANMJGU9Ac/uSNj9VZz+6VL+OA3vV3368zQhMD/xRGU2Qr8g5
OIAbIPOeIrzHm2ws6v5yb3YmuUu0Js5oPx/X7XVVO2Fhln2I9I7IYNb1Sed4iF0d
2HHk8qxz/kaPP1B7IKL9dBQxaQtpbj2m2R7wJuyIvXSQteaLChGRFetsHNa/LB4Y
dYMsKvOpADpkyRXmWAbQArAFUQNSCRGJQt2kn5NsF9TThdO1JEQaYQCEQAu+RJMX
NCBKnx8z3+YU8FFQBefB0qcx0P9RXHrO9kIuZCrptl3+Rb06I3uEX55sNQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFLOYcS6uW7jLHRIn0Jru2OgvhngaMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvczVoeExxNWJ1TXNkRWlmUW11N1k2Qy1HZUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBDBAIAATA9AwQDH4KAMAwD
BAQfgpADBAIfgpgDAwBNMgMEBU3pwAMEBE3zYAMEBFERkAMEAlvMgAMEBV6NoAME
ALm5jDANBAIAAjAHAwUBKgAOeDANBgkqhkiG9w0BAQsFAAOCAQEAYHGhUMc6x8U8
O0Y41v8PAd/x1J25tJUkQ79X9UCOGgPn9IMLIh5ykhAju6v3N7DrO4SVHly9Hu6p
bQBG6IHvz3NXKECfEFd+Uwdz3lb449WGGCgbXGKu4AJhgnZkHDsxTytqFBtR6ZGV
SaTKkbSTIxd1x3pVquCcRMDTFTv5nl8xRLj2riBKiAIrvy5Gcb2eqlel/FX+fLlu
gsXLp5lSSu6t2ydgAG+/KSLl1UOENyZX1l+79WY/c981HXVBcJgg/FeNblEtx2+w
ZsVaCN58kQPvDG78WJZVtiXynSnzObdSwiRZK7+wEbKcOJ47Wd2/zfkMid+k86Ef
Xl2x9of1ew==
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:16:08 2024 by rpki-client on console-fra.rpki-client.org