Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/IH8PlVGKZQJwwtQtjUd7rFVeiAE.roa
File: IH8PlVGKZQJwwtQtjUd7rFVeiAE.roa (raw, json)
Hash identifier: aB4/lt+P3UzZUfM0UROBxPauyxBATMU0165+ysAjchQ=
Subject key identifier: 20:7F:0F:95:51:8A:65:02:70:C2:D4:2D:8D:47:7B:AC:55:5E:88:01
Certificate issuer: /CN=5a43e9e267956e7f262c17f0089f0f60ba7abefb
Certificate serial: 01922F00B5F43FFBACF9D7E41F24C74F511D
Authority key identifier: 5A:43:E9:E2:67:95:6E:7F:26:2C:17:F0:08:9F:0F:60:BA:7A:BE:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/IH8PlVGKZQJwwtQtjUd7rFVeiAE.roa
Signing time: Thu 26 Sep 2024 15:43:48 +0000
ROA not before: Thu 26 Sep 2024 15:43:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 25233
IP address blocks: 77.64.0.0/17 maxlen: 17
77.64.40.0/24 maxlen: 24
78.93.0.0/16 maxlen: 16
78.93.28.0/24 maxlen: 24
78.93.45.0/24 maxlen: 24
78.93.50.0/24 maxlen: 24
78.93.92.0/22 maxlen: 22
78.93.96.0/22 maxlen: 22
78.93.107.0/24 maxlen: 24
78.93.108.0/24 maxlen: 24
78.93.109.0/24 maxlen: 24
78.93.144.0/24 maxlen: 24
78.93.145.0/24 maxlen: 24
78.93.146.0/24 maxlen: 24
78.93.147.0/24 maxlen: 24
78.93.148.0/24 maxlen: 24
78.93.149.0/24 maxlen: 24
78.93.150.0/24 maxlen: 24
78.93.151.0/24 maxlen: 24
78.93.152.0/24 maxlen: 24
78.93.153.0/24 maxlen: 24
78.93.154.0/24 maxlen: 24
78.93.155.0/24 maxlen: 24
78.93.156.0/24 maxlen: 24
78.93.157.0/24 maxlen: 24
78.93.158.0/24 maxlen: 24
78.93.159.0/24 maxlen: 24
78.93.160.0/24 maxlen: 24
78.93.161.0/24 maxlen: 24
84.22.224.0/19 maxlen: 19
84.22.231.0/24 maxlen: 24
84.22.234.0/24 maxlen: 24
84.22.238.0/24 maxlen: 24
84.22.241.0/24 maxlen: 24
84.22.254.0/24 maxlen: 24
86.60.64.0/18 maxlen: 18
86.60.101.0/24 maxlen: 24
86.60.107.0/24 maxlen: 24
86.60.109.0/24 maxlen: 24
86.60.112.0/21 maxlen: 21
86.60.126.0/24 maxlen: 24
212.93.192.0/19 maxlen: 19
212.93.196.0/24 maxlen: 24
212.100.192.0/19 maxlen: 19
212.100.210.0/24 maxlen: 24
212.100.218.0/24 maxlen: 24
212.116.192.0/19 maxlen: 19
213.184.160.0/19 maxlen: 19
2a02:df0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/WkPp4meVbn8mLBfwCJ8PYLp6vvs.crl
rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/WkPp4meVbn8mLBfwCJ8PYLp6vvs.mft
rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 21:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:2f:00:b5:f4:3f:fb:ac:f9:d7:e4:1f:24:c7:4f:51:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5a43e9e267956e7f262c17f0089f0f60ba7abefb
Validity
Not Before: Sep 26 15:43:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=207f0f95518a650270c2d42d8d477bac555e8801
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:ee:38:33:16:72:37:8d:f0:1d:46:95:6a:c2:
48:5d:3b:fc:27:51:da:2a:82:c9:e5:6d:c7:a0:98:
91:31:90:b7:2b:2e:c8:16:99:69:ce:aa:28:38:33:
6b:99:41:37:3c:3c:66:8c:a8:31:57:30:4f:5b:6e:
4f:f0:fc:ca:51:0e:be:df:0e:e3:a1:d4:26:00:11:
bf:ca:c8:b4:52:0f:8a:29:c8:8f:da:b4:88:9f:5f:
25:c6:b2:ca:a8:a2:ec:0d:fd:be:25:06:4e:de:3f:
63:a5:27:12:9a:3a:d8:d0:31:53:51:d4:ae:83:6e:
0a:55:b9:5b:47:e9:91:e4:97:02:b6:43:46:5a:63:
6b:00:23:1b:71:7e:85:5f:8a:57:e3:89:44:f4:d9:
b6:55:41:45:4f:f3:2a:2b:e8:a7:c7:77:4d:4e:f8:
6b:d2:7c:59:75:54:1e:ee:2d:79:0d:2f:ad:61:0a:
87:9a:d3:5c:6e:0d:45:be:d6:14:20:49:57:b8:a2:
84:6c:15:52:99:a5:9c:34:7a:fc:d6:a0:a7:a7:a7:
27:fb:2b:90:34:14:8b:0b:2e:b9:cc:75:1e:b6:7b:
5a:af:21:19:c5:c4:93:a7:30:1f:87:74:2a:80:79:
6b:4e:12:d8:7e:b1:42:96:0c:fc:a5:f7:62:70:f0:
25:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:7F:0F:95:51:8A:65:02:70:C2:D4:2D:8D:47:7B:AC:55:5E:88:01
X509v3 Authority Key Identifier:
keyid:5A:43:E9:E2:67:95:6E:7F:26:2C:17:F0:08:9F:0F:60:BA:7A:BE:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/IH8PlVGKZQJwwtQtjUd7rFVeiAE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/WkPp4meVbn8mLBfwCJ8PYLp6vvs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.64.0.0/17
78.93.0.0/16
84.22.224.0/19
86.60.64.0/18
212.93.192.0/19
212.100.192.0/19
212.116.192.0/19
213.184.160.0/19
IPv6:
2a02:df0::/32
Signature Algorithm: sha256WithRSAEncryption
c2:89:b8:95:54:0b:08:7e:56:b0:61:6c:1f:a5:4f:c5:96:e7:
cf:7f:4e:b2:b8:a0:79:dd:c8:02:14:a6:f9:5d:d0:2b:f3:5e:
ad:7f:68:f5:c5:63:f4:56:c9:32:7e:e8:7f:76:e6:50:25:1a:
4e:38:40:79:92:f8:c3:d5:2b:48:b4:61:c9:c8:81:86:4e:91:
ce:76:72:dc:9c:65:94:41:94:47:e0:67:67:8b:da:2c:6f:fe:
69:59:dd:e7:a7:33:07:54:c1:17:ef:94:14:a1:08:57:ca:7a:
f7:36:a3:0b:a6:9b:e8:5c:14:d6:9b:28:51:74:35:ba:cf:f2:
53:b1:05:a0:87:0b:3c:c8:e0:1f:b0:90:1b:f6:f7:56:af:33:
e7:56:53:84:55:0a:4e:d6:b6:f3:06:50:b0:f1:70:32:da:71:
68:a9:28:53:86:48:b4:fa:e6:4a:79:18:09:bf:1e:49:76:5b:
cc:12:04:dd:ed:84:82:2f:64:40:43:24:20:b6:d3:19:e2:59:
b0:0a:1c:7f:c5:f1:7b:ac:d1:53:48:39:a5:15:9e:96:00:3a:
0f:95:da:04:c3:de:cb:e8:19:cc:a6:6c:66:14:19:c5:a9:bd:
4c:66:b4:64:56:59:68:2e:9b:89:ad:16:58:da:98:e3:5d:7c:
cb:0b:75:d8
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZIvALX0P/us+dfkHyTHT1EdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNDNlOWUyNjc5NTZlN2YyNjJjMTdmMDA4OWYwZjYwYmE3
YWJlZmIwHhcNMjQwOTI2MTU0MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDdmMGY5NTUxOGE2NTAyNzBjMmQ0MmQ4ZDQ3N2JhYzU1NWU4ODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+44MxZyN43wHUaVasJIXTv8J1Ha
KoLJ5W3HoJiRMZC3Ky7IFplpzqooODNrmUE3PDxmjKgxVzBPW25P8PzKUQ6+3w7j
odQmABG/ysi0Ug+KKciP2rSIn18lxrLKqKLsDf2+JQZO3j9jpScSmjrY0DFTUdSu
g24KVblbR+mR5JcCtkNGWmNrACMbcX6FX4pX44lE9Nm2VUFFT/MqK+inx3dNTvhr
0nxZdVQe7i15DS+tYQqHmtNcbg1FvtYUIElXuKKEbBVSmaWcNHr81qCnp6cn+yuQ
NBSLCy65zHUetntaryEZxcSTpzAfh3QqgHlrThLYfrFClgz8pfdicPAlBwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFCB/D5VRimUCcMLULY1He6xVXogBMB8GA1UdIwQY
MBaAFFpD6eJnlW5/JiwX8AifD2C6er77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2tQcDRtZVZibjhtTEJmd0NKOFBZTHA2dnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8wNjQ0NGMtOWQ5Yi00YzZiLTk1MGIt
NzljODk4N2E4YjFjLzEvSUg4UGxWR0taUUp3d3RRdGpVZDdyRlZlaUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8wNjQ0NGMtOWQ5Yi00YzZiLTk1MGItNzljODk4N2E4YjFj
LzEvV2tQcDRtZVZibjhtTEJmd0NKOFBZTHA2dnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjA1BAIAATAvAwQHTUAAAwMA
Tl0DBAVUFuADBAZWPEADBAXUXcADBAXUZMADBAXUdMADBAXVuKAwDQQCAAIwBwMF
ACoCDfAwDQYJKoZIhvcNAQELBQADggEBAMKJuJVUCwh+VrBhbB+lT8WW589/TrK4
oHndyAIUpvld0CvzXq1/aPXFY/RWyTJ+6H925lAlGk44QHmS+MPVK0i0YcnIgYZO
kc52ctycZZRBlEfgZ2eL2ixv/mlZ3eenMwdUwRfvlBShCFfKevc2owumm+hcFNab
KFF0NbrP8lOxBaCHCzzI4B+wkBv291avM+dWU4RVCk7WtvMGULDxcDLacWipKFOG
SLT65kp5GAm/Hkl2W8wSBN3thIIvZEBDJCC20xniWbAKHH/F8Xus0VNIOaUVnpYA
Og+V2gTD3svoGcymbGYUGcWpvUxmtGRWWWgum4mtFljamONdfMsLddg=
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:47:46 2024 by rpki-client on console-ams.rpki-client.org