Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/l8DcSRXFPtOCGlsZCUBXnaf6a7I.roa
File: l8DcSRXFPtOCGlsZCUBXnaf6a7I.roa (raw, json)
Hash identifier: hui8mde2TbmU6i9u4385N80g/774iLQTBRSp8Z4JYWM=
Subject key identifier: 97:C0:DC:49:15:C5:3E:D3:82:1A:5B:19:09:40:57:9D:A7:FA:6B:B2
Certificate issuer: /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial: 01942746FE6136007463DAD59AFBEB432C07
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/l8DcSRXFPtOCGlsZCUBXnaf6a7I.roa
Signing time: Thu 02 Jan 2025 13:49:11 +0000
ROA not before: Thu 02 Jan 2025 13:49:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 216024
IP address blocks: 2a10:9681::/32 maxlen: 32
2a10:9682::/32 maxlen: 32
2a10:9683::/32 maxlen: 32
2a10:9687::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 08:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:46:fe:61:36:00:74:63:da:d5:9a:fb:eb:43:2c:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Validity
Not Before: Jan 2 13:49:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=97c0dc4915c53ed3821a5b190940579da7fa6bb2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:24:6d:a1:fa:e6:2c:38:b7:a7:9c:d7:ac:d1:
69:f1:fe:de:8b:dd:74:b8:0a:92:fc:31:9a:a6:42:
a4:a7:69:93:68:d4:91:61:36:a5:e2:78:ce:39:9e:
b8:c7:70:b1:cb:f8:a2:04:1b:a7:69:0e:87:55:fc:
c8:b6:39:0d:52:bf:a9:3f:6f:92:df:dc:ec:67:64:
5a:85:54:28:70:1c:48:4d:f2:3c:bc:a6:e9:54:fb:
c6:46:19:46:42:71:7f:2c:9d:74:17:60:28:eb:fa:
75:9d:15:a1:2f:4b:22:8f:32:22:93:75:4e:5f:b2:
10:1c:d8:da:cd:d8:0d:af:bf:cd:41:06:88:af:92:
97:1f:e6:fd:3d:49:1d:e7:93:fd:8f:70:db:4d:b2:
1f:0c:9b:80:3d:1c:48:64:84:31:0b:b5:b3:54:14:
53:5c:fb:d4:67:77:3c:c8:4d:68:99:0c:23:48:2a:
d8:02:70:67:f2:4d:ad:ef:17:c9:29:b0:e9:19:88:
44:d2:31:0d:c9:d9:40:45:5e:d3:f9:33:b6:d3:b8:
c2:a3:67:27:4c:18:fc:36:30:73:19:c5:43:b5:88:
1b:8f:3f:85:3f:c0:38:28:25:cf:7d:c4:7e:41:74:
a9:55:6d:f7:da:94:7f:b6:20:b8:c9:fc:48:db:43:
4f:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:C0:DC:49:15:C5:3E:D3:82:1A:5B:19:09:40:57:9D:A7:FA:6B:B2
X509v3 Authority Key Identifier:
keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/l8DcSRXFPtOCGlsZCUBXnaf6a7I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a10:9681::-2a10:9683:ffff:ffff:ffff:ffff:ffff:ffff
2a10:9687::/32
Signature Algorithm: sha256WithRSAEncryption
58:39:70:7f:e9:99:8a:5b:2e:07:5a:1f:e7:ba:a3:7e:30:14:
65:fc:59:83:e6:84:30:37:88:f6:92:1d:66:34:a2:c1:a8:9b:
33:90:6a:e7:4d:e3:51:60:60:c6:44:94:20:0d:84:6f:5e:9c:
28:2a:da:0a:4d:c8:72:6f:e7:9b:2f:a3:6b:20:4f:88:ab:90:
9a:ec:10:ba:5f:3e:f5:1e:e8:0a:52:42:c7:9d:9e:0e:67:d1:
aa:ca:91:cb:cc:05:4a:7d:8f:ba:e9:59:14:eb:b8:a1:cc:e9:
48:71:7b:c6:91:ad:b3:f4:e0:76:49:f8:66:de:64:06:05:01:
b1:1b:e6:1b:3b:7b:38:61:e1:38:f0:4e:40:28:e1:a1:e0:a7:
b0:6d:26:ea:d6:1f:63:24:c1:99:4f:18:86:fb:6a:f8:45:ed:
42:6c:d8:57:77:e0:31:f3:11:c8:9b:97:88:f1:61:04:88:5a:
82:ae:6a:83:fb:e6:38:59:f5:c7:f8:38:59:f4:d2:98:45:ce:
19:28:6c:15:4d:24:cd:08:f5:7a:a5:0e:cf:15:1c:c2:7a:ee:
4c:ef:79:79:4b:ec:d2:71:ef:6c:a6:47:30:bb:8f:08:e1:18:
a2:50:56:7b:63:d7:7f:fa:34:ad:31:39:e2:2e:e9:8c:d3:ac:
fe:25:d9:db
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnRv5hNgB0Y9rVmvvrQywHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjUwMTAyMTM0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2MwZGM0OTE1YzUzZWQzODIxYTViMTkwOTQwNTc5ZGE3ZmE2YmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviRtofrmLDi3p5zXrNFp8f7ei910
uAqS/DGapkKkp2mTaNSRYTal4njOOZ64x3Cxy/iiBBunaQ6HVfzItjkNUr+pP2+S
39zsZ2RahVQocBxITfI8vKbpVPvGRhlGQnF/LJ10F2Ao6/p1nRWhL0sijzIik3VO
X7IQHNjazdgNr7/NQQaIr5KXH+b9PUkd55P9j3DbTbIfDJuAPRxIZIQxC7WzVBRT
XPvUZ3c8yE1omQwjSCrYAnBn8k2t7xfJKbDpGYhE0jENydlARV7T+TO207jCo2cn
TBj8NjBzGcVDtYgbjz+FP8A4KCXPfcR+QXSpVW332pR/tiC4yfxI20NPFQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJfA3EkVxT7TghpbGQlAV52n+muyMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvbDhEY1NSWEZQdE9DR2xzWkNVQlhuYWY2YTdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXMA4DBQAqEJaB
AwUCKhCWgAMFACoQlocwDQYJKoZIhvcNAQELBQADggEBAFg5cH/pmYpbLgdaH+e6
o34wFGX8WYPmhDA3iPaSHWY0osGomzOQaudN41FgYMZElCANhG9enCgq2gpNyHJv
55svo2sgT4irkJrsELpfPvUe6ApSQsedng5n0arKkcvMBUp9j7rpWRTruKHM6Uhx
e8aRrbP04HZJ+GbeZAYFAbEb5hs7ezhh4TjwTkAo4aHgp7BtJurWH2MkwZlPGIb7
avhF7UJs2Fd34DHzEcibl4jxYQSIWoKuaoP75jhZ9cf4OFn00phFzhkobBVNJM0I
9XqlDs8VHMJ67kzveXlL7NJx72ymRzC7jwjhGKJQVntj13/6NK0xOeIu6YzTrP4l
2ds=
-----END CERTIFICATE-----
Generated at Tue Apr 8 14:46:32 2025 by rpki-client