Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/12417f-7665-4098-a338-4949b1e2b60f/1/jx2XkRRJ1Pen6eLqWGsTXmBaP9o.roa
File: jx2XkRRJ1Pen6eLqWGsTXmBaP9o.roa (raw, json)
Hash identifier: yl4Uer3PsgYBYL8law/V2acfxxr/ONbHAHnzrh/MmEQ=
Subject key identifier: 8F:1D:97:91:14:49:D4:F7:A7:E9:E2:EA:58:6B:13:5E:60:5A:3F:DA
Certificate issuer: /CN=965a6abfdb0874f2fec2262cdea3373adcb2dc55
Certificate serial: 019420D667206A789C8389A98CC2D4030744
Authority key identifier: 96:5A:6A:BF:DB:08:74:F2:FE:C2:26:2C:DE:A3:37:3A:DC:B2:DC:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/llpqv9sIdPL-wiYs3qM3Otyy3FU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/12417f-7665-4098-a338-4949b1e2b60f/1/jx2XkRRJ1Pen6eLqWGsTXmBaP9o.roa
Signing time: Wed 01 Jan 2025 07:48:29 +0000
ROA not before: Wed 01 Jan 2025 07:48:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12511
IP address blocks: 84.246.232.0/21 maxlen: 22
138.189.0.0/16 maxlen: 16
138.191.0.0/16 maxlen: 16
194.41.128.0/17 maxlen: 18
2a00:17c8::/32 maxlen: 32
2a00:17c9::/32 maxlen: 32
2a00:17cf::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/10/12417f-7665-4098-a338-4949b1e2b60f/1/llpqv9sIdPL-wiYs3qM3Otyy3FU.crl
rsync://rpki.ripe.net/repository/DEFAULT/10/12417f-7665-4098-a338-4949b1e2b60f/1/llpqv9sIdPL-wiYs3qM3Otyy3FU.mft
rsync://rpki.ripe.net/repository/DEFAULT/llpqv9sIdPL-wiYs3qM3Otyy3FU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 07:01:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:67:20:6a:78:9c:83:89:a9:8c:c2:d4:03:07:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=965a6abfdb0874f2fec2262cdea3373adcb2dc55
Validity
Not Before: Jan 1 07:48:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8f1d97911449d4f7a7e9e2ea586b135e605a3fda
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:74:41:1a:05:2e:9a:c0:80:bd:81:82:6a:1b:
bb:2b:cf:f9:76:a6:96:31:77:8e:87:a3:c9:ed:f1:
3c:65:5a:d2:9e:af:7c:61:98:b0:99:54:30:48:15:
d7:0b:66:89:62:cb:1e:56:ff:06:52:da:c9:9f:31:
1a:c9:be:63:e4:64:2e:2c:c1:49:28:3f:87:fa:a2:
c5:82:29:27:39:d6:85:95:35:69:d3:41:09:7b:88:
41:be:7a:7a:92:61:81:1e:02:6a:31:0e:59:43:49:
f2:54:52:86:14:ea:3c:67:8b:52:f6:32:66:fe:b3:
e3:22:e6:63:f3:5f:20:f1:c2:00:81:63:71:3d:a3:
76:f7:a8:fe:b4:25:d1:78:60:ab:32:85:be:e7:55:
b8:e3:8d:36:95:b0:cf:97:b2:da:7b:e4:a9:92:47:
f0:55:a1:fc:a4:54:56:b8:fd:ae:7f:1f:f9:4c:9b:
09:e4:b1:1d:3f:bb:d9:e7:3c:28:4c:8d:37:6e:4c:
70:ec:fe:0d:ae:09:ab:3e:5f:12:e6:58:a8:cd:2d:
22:02:39:ff:65:fe:0e:5f:7d:24:ef:9d:6d:ed:aa:
14:cf:38:1d:26:e5:2d:3e:eb:56:fd:78:78:85:f1:
e3:f0:39:87:99:fc:20:fb:7e:bf:e6:9a:64:82:dd:
fe:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:1D:97:91:14:49:D4:F7:A7:E9:E2:EA:58:6B:13:5E:60:5A:3F:DA
X509v3 Authority Key Identifier:
keyid:96:5A:6A:BF:DB:08:74:F2:FE:C2:26:2C:DE:A3:37:3A:DC:B2:DC:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/llpqv9sIdPL-wiYs3qM3Otyy3FU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/12417f-7665-4098-a338-4949b1e2b60f/1/jx2XkRRJ1Pen6eLqWGsTXmBaP9o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/12417f-7665-4098-a338-4949b1e2b60f/1/llpqv9sIdPL-wiYs3qM3Otyy3FU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.246.232.0/21
138.189.0.0/16
138.191.0.0/16
194.41.128.0/17
IPv6:
2a00:17c8::/31
2a00:17cf::/32
Signature Algorithm: sha256WithRSAEncryption
88:0c:36:58:d4:53:6d:e2:de:56:c7:ae:b0:20:b5:bd:da:9f:
23:e2:05:88:19:20:a8:a2:c0:ee:c3:18:03:6f:48:ee:88:47:
78:35:51:50:4a:b0:0d:7a:03:42:ee:2a:07:62:40:88:d9:ce:
9e:1e:fe:57:20:aa:dd:80:d6:d3:47:6e:ee:d7:60:cd:54:74:
26:3a:c4:04:d3:8c:22:e9:ea:e1:51:94:61:a0:cf:5e:3c:23:
b7:8b:74:9d:5e:0f:24:e7:ec:35:9c:77:af:90:96:0f:3b:b2:
06:a2:d1:12:ad:d4:a0:91:30:74:2f:ac:d2:16:f4:c2:a8:a9:
59:e7:4a:1e:42:46:da:f9:d6:ae:9c:45:e1:e9:b9:33:75:a2:
87:9a:3a:58:1f:4c:6d:bd:7d:0c:97:dc:36:eb:ce:a2:3a:d5:
0a:6e:2e:82:de:50:b4:9c:7b:9b:80:7a:08:1c:00:39:57:21:
74:de:b0:17:0e:b3:76:52:d4:cb:6c:a7:de:69:65:79:32:5d:
77:71:03:36:cf:eb:b2:cb:a1:19:e5:af:5b:be:e8:76:30:51:
10:00:4a:05:ff:a2:3a:23:c2:a7:41:b3:25:76:e5:9b:b4:ea:
73:5d:31:20:77:a1:b3:8c:0c:4d:71:71:0d:b6:08:0c:67:bf:
c5:4b:f8:2e
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZQg1mcganicg4mpjMLUAwdEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NWE2YWJmZGIwODc0ZjJmZWMyMjYyY2RlYTMzNzNhZGNi
MmRjNTUwHhcNMjUwMTAxMDc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjFkOTc5MTE0NDlkNGY3YTdlOWUyZWE1ODZiMTM1ZTYwNWEzZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonRBGgUumsCAvYGCahu7K8/5dqaW
MXeOh6PJ7fE8ZVrSnq98YZiwmVQwSBXXC2aJYsseVv8GUtrJnzEayb5j5GQuLMFJ
KD+H+qLFgiknOdaFlTVp00EJe4hBvnp6kmGBHgJqMQ5ZQ0nyVFKGFOo8Z4tS9jJm
/rPjIuZj818g8cIAgWNxPaN296j+tCXReGCrMoW+51W44402lbDPl7Lae+Spkkfw
VaH8pFRWuP2ufx/5TJsJ5LEdP7vZ5zwoTI03bkxw7P4NrgmrPl8S5liozS0iAjn/
Zf4OX30k751t7aoUzzgdJuUtPutW/Xh4hfHj8DmHmfwg+36/5ppkgt3+qwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFI8dl5EUSdT3p+ni6lhrE15gWj/aMB8GA1UdIwQY
MBaAFJZaar/bCHTy/sImLN6jNzrcstxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGxwcXY5c0lkUEwtd2lZczNxTTNPdHl5M0ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8xMjQxN2YtNzY2NS00MDk4LWEzMzgt
NDk0OWIxZTJiNjBmLzEvangyWGtSUkoxUGVuNmVMcVdHc1RYbUJhUDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8xMjQxN2YtNzY2NS00MDk4LWEzMzgtNDk0OWIxZTJiNjBm
LzEvbGxwcXY5c0lkUEwtd2lZczNxTTNPdHl5M0ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAcBAIAATAWAwQDVPboAwMA
ir0DAwCKvwMEB8IpgDAUBAIAAjAOAwUBKgAXyAMFACoAF88wDQYJKoZIhvcNAQEL
BQADggEBAIgMNljUU23i3lbHrrAgtb3anyPiBYgZIKiiwO7DGANvSO6IR3g1UVBK
sA16A0LuKgdiQIjZzp4e/lcgqt2A1tNHbu7XYM1UdCY6xATTjCLp6uFRlGGgz148
I7eLdJ1eDyTn7DWcd6+Qlg87sgai0RKt1KCRMHQvrNIW9MKoqVnnSh5CRtr51q6c
ReHpuTN1ooeaOlgfTG29fQyX3DbrzqI61QpuLoLeULSce5uAeggcADlXIXTesBcO
s3ZS1Mtsp95pZXkyXXdxAzbP67LLoRnlr1u+6HYwURAASgX/ojojwqdBsyV25Zu0
6nNdMSB3obOMDE1xcQ22CAxnv8VL+C4=
-----END CERTIFICATE-----
Generated at Mon Apr 7 14:23:42 2025 by rpki-client