Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/ZxWk3FF7G-mV4dvIh9xuINcMa3g.roa
File: ZxWk3FF7G-mV4dvIh9xuINcMa3g.roa (raw, json)
Hash identifier: osnpqNECQOCJYS+g2GUaYHD48aPmIaJ8ifNTfYGelL0=
Subject key identifier: 67:15:A4:DC:51:7B:1B:E9:95:E1:DB:C8:87:DC:6E:20:D7:0C:6B:78
Certificate issuer: /CN=ef55459645979c413d0bc6f7454f0d36e40e99f9
Certificate serial: 0196361A5CCA3141890170FB6C98DBA017E5
Authority key identifier: EF:55:45:96:45:97:9C:41:3D:0B:C6:F7:45:4F:0D:36:E4:0E:99:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/71VFlkWXnEE9C8b3RU8NNuQOmfk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/ZxWk3FF7G-mV4dvIh9xuINcMa3g.roa
Signing time: Mon 14 Apr 2025 21:00:19 +0000
ROA not before: Mon 14 Apr 2025 21:00:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213579
IP address blocks: 2a14:47c0:e000::/40 maxlen: 40
2a14:47c0:e000::/48 maxlen: 48
2a14:47c0:e001::/48 maxlen: 48
2a14:47c0:e002::/48 maxlen: 48
2a14:47c0:e003::/48 maxlen: 48
2a14:47c0:e004::/48 maxlen: 48
2a14:47c0:e005::/48 maxlen: 48
2a14:47c0:e0ff::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/71VFlkWXnEE9C8b3RU8NNuQOmfk.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/71VFlkWXnEE9C8b3RU8NNuQOmfk.mft
rsync://rpki.ripe.net/repository/DEFAULT/71VFlkWXnEE9C8b3RU8NNuQOmfk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Apr 2025 14:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:36:1a:5c:ca:31:41:89:01:70:fb:6c:98:db:a0:17:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef55459645979c413d0bc6f7454f0d36e40e99f9
Validity
Not Before: Apr 14 21:00:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6715a4dc517b1be995e1dbc887dc6e20d70c6b78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:e1:92:64:5c:c5:10:83:23:d6:bc:be:2d:14:
7f:31:bf:bc:fa:21:de:63:55:48:e0:b2:8d:d7:41:
46:8f:ca:23:a9:f1:63:43:0f:1d:b4:41:15:08:16:
4f:3a:6d:30:b0:9e:79:78:34:52:cc:2e:66:b8:97:
98:99:e4:c4:45:86:45:ec:40:de:29:e1:b8:4d:71:
28:fe:fd:1c:b0:7c:dc:82:bd:55:c6:b8:eb:3c:4b:
9f:73:b4:28:2e:e7:f6:bb:46:27:3f:73:e5:30:d3:
96:83:ee:c1:b3:3f:56:05:37:8a:28:2c:62:e4:6e:
ab:1c:f0:a8:8c:cc:ac:3e:6c:15:c8:fb:c7:b1:7b:
4b:fc:01:72:4c:1c:6b:36:b0:be:95:03:aa:3a:63:
bf:0b:40:49:a7:ee:13:c0:52:f9:ef:d4:24:27:0b:
da:2e:4e:37:11:68:ed:27:5b:b8:02:97:f8:20:ac:
36:7b:1a:11:7d:df:51:2c:63:75:39:42:83:b1:82:
84:eb:a9:8e:35:66:e4:8f:b3:d1:ba:c2:f8:01:2d:
4f:a5:f3:6c:f2:58:ce:e7:8a:da:8b:14:6d:8b:a8:
2b:71:74:0b:07:d8:ab:ca:6f:01:3b:a3:9c:e1:7c:
7b:1c:2e:45:9b:00:e3:04:90:ca:f5:f7:38:b4:2c:
37:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:15:A4:DC:51:7B:1B:E9:95:E1:DB:C8:87:DC:6E:20:D7:0C:6B:78
X509v3 Authority Key Identifier:
keyid:EF:55:45:96:45:97:9C:41:3D:0B:C6:F7:45:4F:0D:36:E4:0E:99:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71VFlkWXnEE9C8b3RU8NNuQOmfk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/ZxWk3FF7G-mV4dvIh9xuINcMa3g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/71VFlkWXnEE9C8b3RU8NNuQOmfk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:47c0:e000::/40
Signature Algorithm: sha256WithRSAEncryption
a5:ed:fd:64:c7:13:03:7f:ea:e5:6a:aa:c7:42:ad:88:1d:d0:
34:95:d5:5d:e3:ee:56:2c:99:96:2e:f8:67:f2:1d:d7:e3:88:
8c:a9:cf:7a:2e:af:86:3b:ae:95:c2:86:65:45:84:40:0a:e1:
75:bd:44:4b:41:58:88:7e:74:1d:85:f5:77:73:66:0e:aa:9b:
7b:ba:54:1c:ca:90:22:96:65:44:34:13:bb:3c:39:3c:29:87:
60:6d:07:2f:75:f1:17:f3:3d:8d:b2:8f:6b:11:30:41:b0:7a:
5f:99:69:45:aa:74:df:7d:2b:00:dd:cb:d1:ab:14:d3:e0:4b:
c9:f5:8e:73:dc:3e:d3:48:46:06:ba:32:b0:1a:9e:19:2b:f8:
cc:0f:9f:73:23:96:13:f8:c5:f2:5b:31:e0:38:b4:0d:6a:de:
86:fb:3b:76:50:82:06:f3:65:51:0c:0f:cd:97:5f:39:72:01:
8d:6d:cc:2e:ff:d0:4d:b8:56:3e:71:ca:1e:05:cf:13:0b:87:
3d:44:d2:7c:eb:cf:ab:8a:16:66:b2:da:98:d4:8d:6e:47:4a:
1c:ec:53:8f:48:6b:14:41:63:f5:76:f5:e6:25:59:3d:5a:fb:
a1:2b:b7:7b:d7:ee:5a:b4:9b:20:83:94:84:6a:ba:4c:85:a8:
66:e6:d1:09
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZY2GlzKMUGJAXD7bJjboBflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTU0NTk2NDU5NzljNDEzZDBiYzZmNzQ1NGYwZDM2ZTQw
ZTk5ZjkwHhcNMjUwNDE0MjEwMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzE1YTRkYzUxN2IxYmU5OTVlMWRiYzg4N2RjNmUyMGQ3MGM2Yjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuGSZFzFEIMj1ry+LRR/Mb+8+iHe
Y1VI4LKN10FGj8ojqfFjQw8dtEEVCBZPOm0wsJ55eDRSzC5muJeYmeTERYZF7EDe
KeG4TXEo/v0csHzcgr1VxrjrPEufc7QoLuf2u0YnP3PlMNOWg+7Bsz9WBTeKKCxi
5G6rHPCojMysPmwVyPvHsXtL/AFyTBxrNrC+lQOqOmO/C0BJp+4TwFL579QkJwva
Lk43EWjtJ1u4Apf4IKw2exoRfd9RLGN1OUKDsYKE66mONWbkj7PRusL4AS1PpfNs
8ljO54raixRti6grcXQLB9irym8BO6Oc4Xx7HC5FmwDjBJDK9fc4tCw37QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGcVpNxRexvpleHbyIfcbiDXDGt4MB8GA1UdIwQY
MBaAFO9VRZZFl5xBPQvG90VPDTbkDpn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFWRmxrV1huRUU5QzhiM1JVOE5OdVFPbWZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8wNTEyZGYtN2QwYy00NjNiLTg3MjQt
ODI1MzFlOWM3ODA0LzEvWnhXazNGRjdHLW1WNGR2SWg5eHVJTmNNYTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8wNTEyZGYtN2QwYy00NjNiLTg3MjQtODI1MzFlOWM3ODA0
LzEvNzFWRmxrV1huRUU5QzhiM1JVOE5OdVFPbWZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRHwOAw
DQYJKoZIhvcNAQELBQADggEBAKXt/WTHEwN/6uVqqsdCrYgd0DSV1V3j7lYsmZYu
+GfyHdfjiIypz3our4Y7rpXChmVFhEAK4XW9REtBWIh+dB2F9XdzZg6qm3u6VBzK
kCKWZUQ0E7s8OTwph2BtBy918RfzPY2yj2sRMEGwel+ZaUWqdN99KwDdy9GrFNPg
S8n1jnPcPtNIRga6MrAanhkr+MwPn3MjlhP4xfJbMeA4tA1q3ob7O3ZQggbzZVEM
D82XXzlyAY1tzC7/0E24Vj5xyh4FzxMLhz1E0nzrz6uKFmay2pjUjW5HShzsU49I
axRBY/V29eYlWT1a+6Ert3vX7lq0myCDlIRqukyFqGbm0Qk=
-----END CERTIFICATE-----
Generated at Tue Apr 22 21:10:50 2025 by rpki-client