Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/IGrjhR2mEpz--QrWuV2LHfrOnXk.roa
File: IGrjhR2mEpz--QrWuV2LHfrOnXk.roa (raw, json)
Hash identifier: 835H2uW4LC49ih8FdIhNTs9rfsrsmtuxoF4X6ACbJ+I=
Subject key identifier: 20:6A:E3:85:1D:A6:12:9C:FE:F9:0A:D6:B9:5D:8B:1D:FA:CE:9D:79
Certificate issuer: /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial: 019423D74CD6307EC8EB334B389DE298C876
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/IGrjhR2mEpz--QrWuV2LHfrOnXk.roa
Signing time: Wed 01 Jan 2025 21:48:19 +0000
ROA not before: Wed 01 Jan 2025 21:48:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6739
IP address blocks: 2.152.0.0/14 maxlen: 17
2.152.0.0/16 maxlen: 16
2.154.0.0/16 maxlen: 16
2.154.192.0/18 maxlen: 18
5.40.0.0/16 maxlen: 16
62.42.0.0/15 maxlen: 16
62.57.0.0/16 maxlen: 16
62.81.0.0/16 maxlen: 24
62.82.0.0/15 maxlen: 16
62.100.96.0/19 maxlen: 19
62.101.160.0/19 maxlen: 19
62.174.0.0/15 maxlen: 19
79.108.0.0/15 maxlen: 18
80.173.0.0/16 maxlen: 17
80.174.0.0/16 maxlen: 17
80.224.0.0/16 maxlen: 16
81.60.0.0/15 maxlen: 18
81.184.0.0/16 maxlen: 16
81.202.0.0/15 maxlen: 15
82.158.0.0/15 maxlen: 16
82.213.128.0/18 maxlen: 18
83.173.128.0/18 maxlen: 18
84.120.0.0/13 maxlen: 19
84.127.229.0/24 maxlen: 24
85.136.0.0/15 maxlen: 15
85.155.0.0/16 maxlen: 16
85.155.174.0/24 maxlen: 24
85.219.0.0/17 maxlen: 17
85.251.0.0/16 maxlen: 17
89.140.0.0/16 maxlen: 17
95.39.0.0/16 maxlen: 19
185.128.128.0/22 maxlen: 24
194.106.0.0/19 maxlen: 19
194.140.128.0/18 maxlen: 18
194.149.192.0/19 maxlen: 19
212.21.224.0/19 maxlen: 19
212.40.224.0/19 maxlen: 19
212.40.224.0/24 maxlen: 24
212.78.128.0/19 maxlen: 19
212.79.128.0/19 maxlen: 19
212.95.192.0/19 maxlen: 19
212.97.160.0/19 maxlen: 19
212.183.192.0/18 maxlen: 18
213.37.0.0/16 maxlen: 16
213.201.0.0/17 maxlen: 17
213.227.0.0/18 maxlen: 18
213.231.64.0/18 maxlen: 18
213.254.64.0/18 maxlen: 18
217.216.0.0/15 maxlen: 15
2a02:a800::/26 maxlen: 26
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 17 Apr 2025 13:16:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:4c:d6:30:7e:c8:eb:33:4b:38:9d:e2:98:c8:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Validity
Not Before: Jan 1 21:48:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=206ae3851da6129cfef90ad6b95d8b1dface9d79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:d9:6e:8c:d9:1e:90:3d:ab:d1:7e:98:06:f1:
3d:7f:66:11:88:b4:a3:24:bf:07:57:b9:50:62:9e:
41:7b:5f:6a:a2:aa:c2:42:54:4f:94:a9:2a:31:1e:
76:07:9a:76:73:da:21:81:bc:20:cb:47:de:7e:34:
a5:ad:c4:02:35:26:37:dd:db:89:a7:10:0d:77:e0:
da:fd:13:00:1c:75:4d:ad:b2:fc:e8:7f:01:81:6f:
ad:99:84:67:8d:49:bf:04:af:53:d4:3b:fa:f2:42:
a9:5a:8e:04:18:71:72:6b:7e:10:da:43:38:13:d9:
96:72:97:9b:56:5a:0a:3a:e5:4e:dc:d7:10:18:d5:
c5:4d:9c:cc:20:56:2a:67:2d:6d:e0:5f:c3:90:3b:
61:00:38:b8:a1:e1:b8:a4:35:f5:42:b1:d2:c1:ee:
2e:9b:48:bc:41:56:51:2d:40:79:79:27:7f:23:75:
35:c4:8f:ff:e8:06:0a:36:4c:8b:b8:d7:39:42:cb:
ec:43:a4:03:47:fd:88:45:c4:7c:7a:e2:eb:cc:3f:
10:4f:bb:3c:fa:c9:e2:14:68:2d:02:fc:87:ad:aa:
bf:88:31:5a:62:fb:ce:c1:3b:68:ad:86:d8:fa:76:
2f:e2:ac:ff:25:94:cf:b8:0a:d3:7a:5e:33:c3:91:
d1:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:6A:E3:85:1D:A6:12:9C:FE:F9:0A:D6:B9:5D:8B:1D:FA:CE:9D:79
X509v3 Authority Key Identifier:
keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/IGrjhR2mEpz--QrWuV2LHfrOnXk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.152.0.0/14
5.40.0.0/16
62.42.0.0/15
62.57.0.0/16
62.81.0.0-62.83.255.255
62.100.96.0/19
62.101.160.0/19
62.174.0.0/15
79.108.0.0/15
80.173.0.0-80.174.255.255
80.224.0.0/16
81.60.0.0/15
81.184.0.0/16
81.202.0.0/15
82.158.0.0/15
82.213.128.0/18
83.173.128.0/18
84.120.0.0/13
85.136.0.0/15
85.155.0.0/16
85.219.0.0/17
85.251.0.0/16
89.140.0.0/16
95.39.0.0/16
185.128.128.0/22
194.106.0.0/19
194.140.128.0/18
194.149.192.0/19
212.21.224.0/19
212.40.224.0/19
212.78.128.0/19
212.79.128.0/19
212.95.192.0/19
212.97.160.0/19
212.183.192.0/18
213.37.0.0/16
213.201.0.0/17
213.227.0.0/18
213.231.64.0/18
213.254.64.0/18
217.216.0.0/15
IPv6:
2a02:a800::/26
Signature Algorithm: sha256WithRSAEncryption
12:1d:4c:25:45:f9:be:15:49:bf:34:e4:3d:c9:5e:67:b0:65:
7e:f3:1d:1f:5c:b7:5e:04:2e:d6:cc:61:b2:92:28:6f:00:a7:
6e:58:7d:a9:7f:34:96:f5:f9:66:d8:83:b2:7d:d2:f7:8a:44:
1c:c7:ac:9c:a1:db:e5:e9:ea:98:52:38:a4:33:48:ae:dd:48:
8f:25:20:75:c5:73:2d:39:27:56:35:77:d7:5c:41:3d:8a:b3:
40:ae:cf:96:b0:f4:de:cb:46:b0:6c:b9:44:3c:a6:66:df:d2:
ed:16:d8:01:4b:0b:b4:b9:1a:8d:24:bb:21:4b:60:33:73:f4:
7b:c2:83:a2:db:59:73:ac:8d:41:cc:92:af:2c:3e:7c:69:22:
06:16:58:55:2c:ff:44:25:39:bc:6b:83:a2:8a:69:bc:d2:fd:
24:d0:7d:f3:d8:cf:ac:05:41:2d:3c:77:3b:26:c6:62:ce:91:
40:83:4e:73:69:20:f5:f9:34:1b:32:a5:5f:af:6f:53:23:26:
eb:10:6f:ce:0b:73:58:78:57:a9:71:ec:73:92:6c:3d:f2:04:
d1:cd:ea:25:d1:09:3d:64:fe:df:5f:80:18:9b:85:4d:cb:b1:
0b:29:6b:03:f8:09:73:6e:18:62:a1:84:85:47:ed:1d:aa:ec:
34:0c:91:30
-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAwIBAgISAZQj10zWMH7I6zNLOJ3imMh2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjUwMTAxMjE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDZhZTM4NTFkYTYxMjljZmVmOTBhZDZiOTVkOGIxZGZhY2U5ZDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9lujNkekD2r0X6YBvE9f2YRiLSj
JL8HV7lQYp5Be19qoqrCQlRPlKkqMR52B5p2c9ohgbwgy0fefjSlrcQCNSY33duJ
pxANd+Da/RMAHHVNrbL86H8BgW+tmYRnjUm/BK9T1Dv68kKpWo4EGHFya34Q2kM4
E9mWcpebVloKOuVO3NcQGNXFTZzMIFYqZy1t4F/DkDthADi4oeG4pDX1QrHSwe4u
m0i8QVZRLUB5eSd/I3U1xI//6AYKNkyLuNc5QsvsQ6QDR/2IRcR8euLrzD8QT7s8
+sniFGgtAvyHraq/iDFaYvvOwTtorYbY+nYv4qz/JZTPuArTel4zw5HREQIDAQAB
o4IDCTCCAwUwHQYDVR0OBBYEFCBq44UdphKc/vkK1rldix36zp15MB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvSUdyamhSMm1FcHotLVFyV3VWMkxIZnJPblhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHQYIKwYBBQUHAQcBAf8EggEMMIIBCDCB9gQCAAEwge8D
AwICmAMDAAUoAwMBPioDAwA+OTAKAwMAPlEDAwI+UAMEBT5kYAMEBT5loAMDAT6u
AwMBT2wwCgMDAFCtAwMAUK4DAwBQ4AMDAVE8AwMAUbgDAwFRygMDAVKeAwQGUtWA
AwQGU62AAwMDVHgDAwFViAMDAFWbAwQHVdsAAwMAVfsDAwBZjAMDAF8nAwQCuYCA
AwQFwmoAAwQGwoyAAwQFwpXAAwQF1BXgAwQF1CjgAwQF1E6AAwQF1E+AAwQF1F/A
AwQF1GGgAwQG1LfAAwMA1SUDBAfVyQADBAbV4wADBAbV50ADBAbV/kADAwHZ2DAN
BAIAAjAHAwUGKgKoADANBgkqhkiG9w0BAQsFAAOCAQEAEh1MJUX5vhVJvzTkPcle
Z7BlfvMdH1y3XgQu1sxhspIobwCnblh9qX80lvX5ZtiDsn3S94pEHMesnKHb5enq
mFI4pDNIrt1IjyUgdcVzLTknVjV311xBPYqzQK7PlrD03stGsGy5RDymZt/S7RbY
AUsLtLkajSS7IUtgM3P0e8KDottZc6yNQcySryw+fGkiBhZYVSz/RCU5vGuDoopp
vNL9JNB989jPrAVBLTx3OybGYs6RQINOc2kg9fk0GzKlX69vUyMm6xBvzgtzWHhX
qXHsc5JsPfIE0c3qJdEJPWT+31+AGJuFTcuxCylrA/gJc24YYqGEhUftHarsNAyR
MA==
-----END CERTIFICATE-----
Generated at Thu Apr 17 08:16:14 2025 by rpki-client