Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/QRVhwubhTibIe73r-9jKpkQoPVs.roa
File: QRVhwubhTibIe73r-9jKpkQoPVs.roa (raw, json)
Hash identifier: Mmf5lF/NMDS3mDElX6bkZc7sEYFTrSjbET/BLIhIxSE=
Subject key identifier: 41:15:61:C2:E6:E1:4E:26:C8:7B:BD:EB:FB:D8:CA:A6:44:28:3D:5B
Certificate issuer: /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial: 018CC5DCB04E2C7A9AB3EE78A313BC86073B
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/QRVhwubhTibIe73r-9jKpkQoPVs.roa
Signing time: Mon 01 Jan 2024 16:30:23 +0000
ROA not before: Mon 01 Jan 2024 16:30:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6739
IP address blocks: 81.60.0.0/15 maxlen: 18
62.100.96.0/19 maxlen: 19
2.154.192.0/18 maxlen: 18
84.127.229.0/24 maxlen: 24
81.202.0.0/15 maxlen: 15
212.97.160.0/19 maxlen: 19
213.37.0.0/16 maxlen: 16
5.40.0.0/16 maxlen: 16
82.158.0.0/15 maxlen: 16
62.57.0.0/16 maxlen: 16
89.140.0.0/16 maxlen: 17
95.39.0.0/16 maxlen: 19
212.79.128.0/19 maxlen: 19
83.173.128.0/18 maxlen: 18
80.224.0.0/16 maxlen: 16
85.251.0.0/16 maxlen: 17
212.183.192.0/18 maxlen: 18
84.120.0.0/13 maxlen: 19
194.140.128.0/18 maxlen: 18
2.154.0.0/16 maxlen: 16
81.184.0.0/16 maxlen: 16
213.231.64.0/18 maxlen: 18
80.174.0.0/16 maxlen: 17
62.174.0.0/15 maxlen: 19
213.201.0.0/17 maxlen: 17
62.82.0.0/15 maxlen: 16
80.173.0.0/16 maxlen: 17
212.78.128.0/19 maxlen: 19
194.149.192.0/19 maxlen: 19
194.106.0.0/19 maxlen: 19
213.254.64.0/18 maxlen: 18
62.42.0.0/15 maxlen: 16
212.21.224.0/19 maxlen: 19
82.213.128.0/18 maxlen: 18
85.136.0.0/15 maxlen: 15
213.227.0.0/18 maxlen: 18
212.95.192.0/19 maxlen: 19
79.108.0.0/15 maxlen: 18
85.219.0.0/17 maxlen: 17
85.155.0.0/16 maxlen: 16
62.81.0.0/16 maxlen: 24
85.155.174.0/24 maxlen: 24
212.40.224.0/19 maxlen: 19
212.40.224.0/24 maxlen: 24
2.152.0.0/16 maxlen: 16
217.216.0.0/15 maxlen: 15
185.128.128.0/22 maxlen: 24
2.152.0.0/14 maxlen: 17
62.101.160.0/19 maxlen: 19
2a02:a800::/26 maxlen: 26
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 May 2024 01:00:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:b0:4e:2c:7a:9a:b3:ee:78:a3:13:bc:86:07:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Validity
Not Before: Jan 1 16:30:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=411561c2e6e14e26c87bbdebfbd8caa644283d5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:d9:7d:fe:03:be:cc:28:39:81:e9:8a:e8:cb:
7c:55:5e:e8:40:b5:d8:41:23:d4:b0:40:35:ef:fb:
ef:cb:5f:0c:3e:58:86:fa:94:be:46:73:ec:4c:0d:
e0:ad:c8:95:9d:b7:76:ef:8b:5e:85:26:ad:c6:fa:
a3:17:ee:aa:3e:a1:e3:b0:6c:55:fa:61:4e:5f:49:
95:d5:63:44:94:c9:41:ac:f2:c0:c7:d4:68:12:62:
1c:1b:9a:28:f9:8f:dc:27:fc:dd:66:e3:d8:64:09:
f4:44:66:46:33:30:55:b0:1a:0f:05:16:e1:29:8e:
8b:18:c3:a1:1d:84:db:5d:5a:ab:bf:14:c0:3a:d0:
8e:53:eb:9e:e3:3c:5f:a0:d8:bf:59:aa:56:2e:47:
af:dc:1a:91:07:38:e5:fb:e5:cf:d0:08:4c:a0:22:
75:cc:13:2e:22:87:88:c2:7a:2e:68:4b:92:d7:3a:
08:ee:19:3d:88:e1:cc:92:29:9d:4a:e6:ee:1a:93:
ba:b9:93:7a:fb:b4:56:50:8a:50:44:90:1a:ec:5d:
ce:7a:ec:f2:70:8d:83:37:f2:43:08:88:ce:2a:9f:
77:33:8e:cc:d4:41:d0:41:c6:13:f0:c4:0c:d2:0f:
de:c9:fb:b5:24:6f:d1:5c:a7:01:d7:39:f7:96:1d:
a3:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:15:61:C2:E6:E1:4E:26:C8:7B:BD:EB:FB:D8:CA:A6:44:28:3D:5B
X509v3 Authority Key Identifier:
keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/QRVhwubhTibIe73r-9jKpkQoPVs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.152.0.0/14
5.40.0.0/16
62.42.0.0/15
62.57.0.0/16
62.81.0.0-62.83.255.255
62.100.96.0/19
62.101.160.0/19
62.174.0.0/15
79.108.0.0/15
80.173.0.0-80.174.255.255
80.224.0.0/16
81.60.0.0/15
81.184.0.0/16
81.202.0.0/15
82.158.0.0/15
82.213.128.0/18
83.173.128.0/18
84.120.0.0/13
85.136.0.0/15
85.155.0.0/16
85.219.0.0/17
85.251.0.0/16
89.140.0.0/16
95.39.0.0/16
185.128.128.0/22
194.106.0.0/19
194.140.128.0/18
194.149.192.0/19
212.21.224.0/19
212.40.224.0/19
212.78.128.0/19
212.79.128.0/19
212.95.192.0/19
212.97.160.0/19
212.183.192.0/18
213.37.0.0/16
213.201.0.0/17
213.227.0.0/18
213.231.64.0/18
213.254.64.0/18
217.216.0.0/15
IPv6:
2a02:a800::/26
Signature Algorithm: sha256WithRSAEncryption
47:b5:d1:d1:c1:cd:12:bd:83:75:6f:69:34:6c:c6:47:8f:f3:
3d:d2:53:e7:db:58:5a:8e:da:cc:89:9b:26:8d:4d:96:06:f7:
ee:f1:19:a3:c2:6f:b4:33:99:f4:c9:21:27:69:c5:28:65:1c:
d8:5e:d7:d6:3b:05:48:89:9f:cd:35:62:9e:1d:05:26:5c:1a:
e2:9f:f7:cd:4d:bd:df:07:39:11:17:2d:8c:d1:6a:70:32:dc:
fe:62:15:5c:74:1a:45:2f:36:04:03:01:eb:9f:dc:14:d5:de:
e7:a8:d3:fc:e8:63:7b:3e:91:a5:d8:08:b6:fb:8f:e4:2e:e0:
cc:bc:40:74:16:88:3f:2b:6f:ed:3e:32:2c:36:6e:8a:c3:ab:
89:4f:22:45:ab:93:b4:27:ee:8f:f7:b0:22:ce:70:02:ae:8f:
2f:b0:29:fd:82:00:20:9b:f4:50:a2:d6:61:24:48:fc:0d:76:
d2:2e:1c:a7:ad:0d:60:b7:7e:b9:36:9c:ad:2f:35:75:91:6b:
6f:46:61:8e:4f:fe:e2:fe:bc:d4:b8:d8:d7:4e:d8:87:e9:b0:
71:b5:31:ec:cb:1f:fe:1d:6e:6a:f7:ed:f1:1a:2a:7d:ed:01:
87:3d:18:d6:32:91:9d:ac:e0:d5:9c:8b:6e:65:3d:ce:ca:f5:
19:be:8a:04
-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAwIBAgISAYzF3LBOLHqas+54oxO8hgc7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjQwMTAxMTYzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTE1NjFjMmU2ZTE0ZTI2Yzg3YmJkZWJmYmQ4Y2FhNjQ0MjgzZDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNl9/gO+zCg5gemK6Mt8VV7oQLXY
QSPUsEA17/vvy18MPliG+pS+RnPsTA3grciVnbd274tehSatxvqjF+6qPqHjsGxV
+mFOX0mV1WNElMlBrPLAx9RoEmIcG5oo+Y/cJ/zdZuPYZAn0RGZGMzBVsBoPBRbh
KY6LGMOhHYTbXVqrvxTAOtCOU+ue4zxfoNi/WapWLkev3BqRBzjl++XP0AhMoCJ1
zBMuIoeIwnouaEuS1zoI7hk9iOHMkimdSubuGpO6uZN6+7RWUIpQRJAa7F3Oeuzy
cI2DN/JDCIjOKp93M47M1EHQQcYT8MQM0g/eyfu1JG/RXKcB1zn3lh2jOQIDAQAB
o4IDCTCCAwUwHQYDVR0OBBYEFEEVYcLm4U4myHu96/vYyqZEKD1bMB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvUVJWaHd1YmhUaWJJZTczci05aktwa1FvUFZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHQYIKwYBBQUHAQcBAf8EggEMMIIBCDCB9gQCAAEwge8D
AwICmAMDAAUoAwMBPioDAwA+OTAKAwMAPlEDAwI+UAMEBT5kYAMEBT5loAMDAT6u
AwMBT2wwCgMDAFCtAwMAUK4DAwBQ4AMDAVE8AwMAUbgDAwFRygMDAVKeAwQGUtWA
AwQGU62AAwMDVHgDAwFViAMDAFWbAwQHVdsAAwMAVfsDAwBZjAMDAF8nAwQCuYCA
AwQFwmoAAwQGwoyAAwQFwpXAAwQF1BXgAwQF1CjgAwQF1E6AAwQF1E+AAwQF1F/A
AwQF1GGgAwQG1LfAAwMA1SUDBAfVyQADBAbV4wADBAbV50ADBAbV/kADAwHZ2DAN
BAIAAjAHAwUGKgKoADANBgkqhkiG9w0BAQsFAAOCAQEAR7XR0cHNEr2DdW9pNGzG
R4/zPdJT59tYWo7azImbJo1Nlgb37vEZo8JvtDOZ9MkhJ2nFKGUc2F7X1jsFSImf
zTVinh0FJlwa4p/3zU293wc5ERctjNFqcDLc/mIVXHQaRS82BAMB65/cFNXe56jT
/Ohjez6RpdgItvuP5C7gzLxAdBaIPytv7T4yLDZuisOriU8iRauTtCfuj/ewIs5w
Aq6PL7Ap/YIAIJv0UKLWYSRI/A120i4cp60NYLd+uTacrS81dZFrb0Zhjk/+4v68
1LjY107Yh+mwcbUx7Msf/h1uavft8Roqfe0Bhz0Y1jKRnazg1ZyLbmU9zsr1Gb6K
BA==
-----END CERTIFICATE-----
Generated at Sun May 19 06:53:23 2024 by rpki-client on console-fra.rpki-client.org