Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/GA_1nlkKjKTpstVoxndPTD0iYYw.roa
File: GA_1nlkKjKTpstVoxndPTD0iYYw.roa (raw, json)
Hash identifier: 8ptj14RXR5azTGhzw7U96wiaDDdO08xtDiS2gqb28Bk=
Subject key identifier: 18:0F:F5:9E:59:0A:8C:A4:E9:B2:D5:68:C6:77:4F:4C:3D:22:61:8C
Certificate issuer: /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial: 018EE14E962B88A73C45D03EA7385B9BBA1D
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/GA_1nlkKjKTpstVoxndPTD0iYYw.roa
Signing time: Mon 15 Apr 2024 10:30:07 +0000
ROA not before: Mon 15 Apr 2024 10:30:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 33934
IP address blocks: 83.239.128.0/18 maxlen: 18
83.239.128.0/22 maxlen: 22
83.239.132.0/24 maxlen: 24
83.239.138.0/23 maxlen: 23
83.239.142.0/23 maxlen: 23
83.239.144.0/24 maxlen: 24
83.239.151.0/24 maxlen: 24
83.239.152.0/22 maxlen: 22
83.239.156.0/23 maxlen: 23
83.239.158.0/24 maxlen: 24
83.239.161.0/24 maxlen: 24
83.239.162.0/23 maxlen: 23
83.239.164.0/24 maxlen: 24
83.239.167.0/24 maxlen: 24
83.239.168.0/23 maxlen: 23
83.239.172.0/22 maxlen: 22
83.239.176.0/24 maxlen: 24
83.239.179.0/24 maxlen: 24
83.239.180.0/22 maxlen: 22
83.239.184.0/22 maxlen: 22
83.239.188.0/23 maxlen: 23
83.239.191.0/24 maxlen: 24
85.172.112.0/20 maxlen: 20
85.172.120.0/23 maxlen: 23
85.172.122.0/24 maxlen: 24
85.172.126.0/23 maxlen: 23
85.172.168.0/22 maxlen: 22
85.172.170.0/24 maxlen: 24
85.173.64.0/19 maxlen: 19
85.173.80.0/22 maxlen: 22
85.173.84.0/23 maxlen: 23
85.173.192.0/19 maxlen: 19
85.173.208.0/23 maxlen: 23
85.174.0.0/17 maxlen: 17
85.174.63.0/24 maxlen: 24
85.174.69.0/24 maxlen: 24
85.174.70.0/23 maxlen: 23
85.174.80.0/22 maxlen: 22
85.174.84.0/24 maxlen: 24
85.174.100.0/24 maxlen: 24
94.233.0.0/17 maxlen: 17
94.233.20.0/24 maxlen: 24
94.233.23.0/24 maxlen: 24
94.233.24.0/22 maxlen: 22
94.233.28.0/24 maxlen: 24
94.233.30.0/23 maxlen: 23
94.233.32.0/21 maxlen: 21
94.233.44.0/23 maxlen: 23
94.233.47.0/24 maxlen: 24
94.233.48.0/21 maxlen: 21
94.233.106.0/24 maxlen: 24
94.233.107.0/24 maxlen: 24
94.233.126.0/23 maxlen: 23
178.34.64.0/22 maxlen: 22
178.35.128.0/18 maxlen: 18
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Jun 2024 22:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:e1:4e:96:2b:88:a7:3c:45:d0:3e:a7:38:5b:9b:ba:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Validity
Not Before: Apr 15 10:30:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=180ff59e590a8ca4e9b2d568c6774f4c3d22618c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:67:aa:42:c2:6c:35:d6:35:44:49:ff:c9:24:
b2:c0:69:1f:ea:33:8b:f1:8b:f7:d9:cd:04:27:58:
33:2b:0d:5e:f4:c1:4b:70:1f:2e:9b:9c:b5:73:ce:
16:f3:33:aa:8e:a7:1c:f8:6d:87:e8:90:1e:3f:0c:
c3:7d:71:39:77:6c:c4:88:cc:4d:c7:92:ed:82:73:
da:63:fc:fc:a5:83:f6:41:4d:a1:8b:61:64:07:28:
e1:d1:e5:6d:8d:3c:0b:40:54:b5:63:ca:a6:f3:03:
7f:4b:fd:ac:94:93:ce:9e:6c:b7:db:1b:fe:2e:bb:
fb:35:c4:bf:81:51:a2:f1:d0:56:e4:b2:4e:0e:36:
ee:53:d4:ad:2d:e8:1a:49:4e:f0:22:10:9e:42:5b:
42:83:12:c9:5c:4d:68:3c:77:3d:3e:33:96:87:03:
e2:cf:43:57:06:70:bc:ac:32:ce:45:66:80:ec:6a:
28:b9:17:a3:0c:61:cd:6f:48:70:29:ba:7c:e6:c3:
f0:77:7d:68:82:fb:39:da:c6:13:1e:06:1f:86:a2:
01:49:06:48:37:fd:ee:a8:a7:6f:45:16:d9:40:99:
2e:46:94:01:06:d6:8e:30:f3:76:b6:05:fd:35:ff:
d6:14:25:60:27:ee:30:a8:f6:9b:04:06:a4:2d:38:
78:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:0F:F5:9E:59:0A:8C:A4:E9:B2:D5:68:C6:77:4F:4C:3D:22:61:8C
X509v3 Authority Key Identifier:
keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/GA_1nlkKjKTpstVoxndPTD0iYYw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.239.128.0/18
85.172.112.0/20
85.172.168.0/22
85.173.64.0/19
85.173.192.0/19
85.174.0.0/17
94.233.0.0/17
178.34.64.0/22
178.35.128.0/18
Signature Algorithm: sha256WithRSAEncryption
8a:b9:13:05:56:c2:0b:1b:79:2d:09:dd:21:45:04:42:24:01:
c5:ec:c9:10:77:11:86:66:11:f2:92:af:db:cb:e6:74:f2:86:
e5:42:30:eb:4f:db:8e:f5:86:1b:52:59:ad:e3:6c:23:98:43:
57:b5:18:6b:cf:be:ee:bb:a4:16:3f:9f:65:1d:7f:29:95:0b:
cb:7e:ef:b2:b2:08:ff:83:28:68:c3:9b:e1:eb:5e:ca:dc:4b:
e3:77:78:68:20:e9:1d:b8:9b:0b:84:6e:80:63:93:be:2e:55:
e3:b9:01:fb:9e:84:c2:35:47:d1:61:7e:8a:5c:29:38:25:e4:
3b:bd:f7:ca:8e:ba:44:29:f2:ec:95:e6:04:b8:7c:cd:62:33:
08:92:5b:4d:f1:33:f2:23:65:2c:0c:b2:36:a2:0b:9d:7a:70:
5d:52:fe:e0:e2:32:c5:09:19:1b:e7:1a:09:52:78:ae:77:f3:
ef:03:9f:d6:f4:c9:3c:9e:97:42:e7:bf:d2:8a:38:04:d2:e5:
4a:ce:73:1c:f7:25:79:19:55:ab:1b:5d:c0:cb:d4:bd:df:2e:
7b:64:a8:99:97:11:af:8c:5b:66:26:4a:fe:a2:da:ff:34:c6:
ff:c1:39:0e:5e:89:b0:39:61:1a:c4:4f:ba:28:81:b6:6e:2b:
e6:d6:e4:0b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY7hTpYriKc8RdA+pzhbm7odMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDE1MTAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODBmZjU5ZTU5MGE4Y2E0ZTliMmQ1NjhjNjc3NGY0YzNkMjI2MThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomeqQsJsNdY1REn/ySSywGkf6jOL
8Yv32c0EJ1gzKw1e9MFLcB8um5y1c84W8zOqjqcc+G2H6JAePwzDfXE5d2zEiMxN
x5LtgnPaY/z8pYP2QU2hi2FkByjh0eVtjTwLQFS1Y8qm8wN/S/2slJPOnmy32xv+
Lrv7NcS/gVGi8dBW5LJODjbuU9StLegaSU7wIhCeQltCgxLJXE1oPHc9PjOWhwPi
z0NXBnC8rDLORWaA7GoouRejDGHNb0hwKbp85sPwd31ogvs52sYTHgYfhqIBSQZI
N/3uqKdvRRbZQJkuRpQBBtaOMPN2tgX9Nf/WFCVgJ+4wqPabBAakLTh41QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFBgP9Z5ZCoyk6bLVaMZ3T0w9ImGMMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvR0FfMW5sa0tqS1Rwc3RWb3huZFBURDBpWVl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQGU++AAwQE
VaxwAwQCVayoAwQFVa1AAwQFVa3AAwQHVa4AAwQHXukAAwQCsiJAAwQGsiOAMA0G
CSqGSIb3DQEBCwUAA4IBAQCKuRMFVsILG3ktCd0hRQRCJAHF7MkQdxGGZhHykq/b
y+Z08oblQjDrT9uO9YYbUlmt42wjmENXtRhrz77uu6QWP59lHX8plQvLfu+ysgj/
gyhow5vh617K3Evjd3hoIOkduJsLhG6AY5O+LlXjuQH7noTCNUfRYX6KXCk4JeQ7
vffKjrpEKfLsleYEuHzNYjMIkltN8TPyI2UsDLI2ogudenBdUv7g4jLFCRkb5xoJ
Uniud/PvA5/W9Mk8npdC57/SijgE0uVKznMc9yV5GVWrG13Ay9S93y57ZKiZlxGv
jFtmJkr+otr/NMb/wTkOXomwOWEaxE+6KIG2bivm1uQL
-----END CERTIFICATE-----
Generated at Sat Jun 8 04:02:50 2024 by rpki-client on console-fra.rpki-client.org