Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/Yj1ZixuYkYbRfQKF1z7pgksE4us.roa
File: Yj1ZixuYkYbRfQKF1z7pgksE4us.roa (raw, json)
Hash identifier: YrNKpDljk4B4Ef1MFB8qPNVZiTFjojjO2XPhpM/1UPY=
Subject key identifier: 62:3D:59:8B:1B:98:91:86:D1:7D:02:85:D7:3E:E9:82:4B:04:E2:EB
Certificate issuer: /CN=f68e231d5551876e15afc6637eab7fca80088391
Certificate serial: 019420681E7951CCAF1E85E1126BCEBBF46C
Authority key identifier: F6:8E:23:1D:55:51:87:6E:15:AF:C6:63:7E:AB:7F:CA:80:08:83:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/Yj1ZixuYkYbRfQKF1z7pgksE4us.roa
Signing time: Wed 01 Jan 2025 05:48:01 +0000
ROA not before: Wed 01 Jan 2025 05:48:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213100
IP address blocks: 2001:678:d68::/48 maxlen: 48
2001:678:d6c::/48 maxlen: 48
2001:678:d70::/48 maxlen: 48
2001:67c:2848::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.crl
rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.mft
rsync://rpki.ripe.net/repository/DEFAULT/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:1e:79:51:cc:af:1e:85:e1:12:6b:ce:bb:f4:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f68e231d5551876e15afc6637eab7fca80088391
Validity
Not Before: Jan 1 05:48:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=623d598b1b989186d17d0285d73ee9824b04e2eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:0e:88:b1:09:c3:7b:be:96:a9:f7:f2:30:80:
4a:cb:d2:31:23:19:ee:02:71:57:32:f0:f9:b0:67:
08:36:07:67:69:ec:3b:f7:9f:0c:39:df:01:be:57:
37:34:4a:24:0b:39:e8:e0:d8:37:2b:36:2f:e3:4e:
26:5a:8f:f1:1b:03:74:f1:ce:74:50:4f:2c:c3:1b:
3d:ec:2c:5c:81:74:a7:65:16:20:e9:4d:7d:c0:1c:
fc:aa:69:3e:6e:2a:ac:6a:39:e7:d2:dc:72:c7:a6:
e6:2d:6a:09:92:53:d9:11:77:89:b9:f2:3f:d5:a9:
4b:e8:2d:19:2b:2c:cd:10:40:5a:17:cd:93:22:f5:
ed:06:ac:fc:87:b0:88:aa:4d:e8:69:54:11:08:2a:
ab:2f:8e:84:08:7c:2b:d9:58:05:76:8f:b1:09:5c:
9d:32:14:dd:1e:0f:cf:e0:dc:93:7f:73:e1:0f:90:
89:a5:ab:eb:d7:c0:c2:c7:b2:43:cc:b8:16:ea:00:
65:d8:a6:d9:dd:61:a6:2f:46:c2:76:45:92:f7:68:
3a:39:8d:ac:e9:1b:01:39:2d:78:a8:44:ab:ec:23:
92:2b:41:cc:4d:40:b1:4d:89:64:b6:82:0f:94:4c:
4d:64:44:00:e4:21:bf:af:10:81:6f:c3:5f:f8:f9:
69:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:3D:59:8B:1B:98:91:86:D1:7D:02:85:D7:3E:E9:82:4B:04:E2:EB
X509v3 Authority Key Identifier:
keyid:F6:8E:23:1D:55:51:87:6E:15:AF:C6:63:7E:AB:7F:CA:80:08:83:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/Yj1ZixuYkYbRfQKF1z7pgksE4us.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:d68::/48
2001:678:d6c::/48
2001:678:d70::/48
2001:67c:2848::/48
Signature Algorithm: sha256WithRSAEncryption
81:dd:89:09:c2:08:06:df:cd:20:1d:5c:57:6a:e2:27:45:b8:
e5:2f:31:e0:2e:89:54:97:2b:2c:ed:34:cd:9f:dc:3d:7d:7f:
1d:53:e9:16:53:e4:51:b9:e4:35:1c:61:e0:37:36:79:64:fb:
18:17:2a:ea:fe:dd:a4:6d:f1:23:64:53:79:81:1d:b8:c9:7a:
30:6d:d1:eb:9f:f7:b2:fe:c5:31:13:4f:f9:69:e6:d4:95:b3:
d5:38:6e:ca:9c:f2:03:59:5e:2d:5c:42:e7:67:88:cc:fb:b6:
00:e8:b4:be:09:81:34:e8:6b:2b:25:1b:26:f5:56:d5:4e:91:
5b:1c:ae:be:a2:8f:c8:8a:f9:87:7a:74:a0:20:3e:4a:10:c8:
a4:36:61:67:04:11:b0:a6:ad:ee:7e:3d:f5:a2:1a:f1:3a:d3:
a5:f1:33:7a:cc:0b:89:93:0c:80:b4:f2:1e:f4:da:f6:f9:5a:
98:ec:00:6e:2d:79:94:f7:9f:6c:18:93:95:a8:76:a9:e4:6e:
bc:83:60:ad:5a:ee:bd:5c:48:12:1e:ca:b0:b5:c6:0d:c6:61:
cc:2e:62:2d:b4:07:23:59:dc:01:c5:06:5f:a5:60:89:0c:92:
fa:a4:07:96:75:3f:e9:62:ec:d0:41:3a:32:75:50:40:26:30:
c8:6a:f1:b9
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQgaB55UcyvHoXhEmvOu/RsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OGUyMzFkNTU1MTg3NmUxNWFmYzY2MzdlYWI3ZmNhODAw
ODgzOTEwHhcNMjUwMTAxMDU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjNkNTk4YjFiOTg5MTg2ZDE3ZDAyODVkNzNlZTk4MjRiMDRlMmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsA6IsQnDe76WqffyMIBKy9IxIxnu
AnFXMvD5sGcINgdnaew7958MOd8Bvlc3NEokCzno4Ng3KzYv404mWo/xGwN08c50
UE8swxs97CxcgXSnZRYg6U19wBz8qmk+biqsajnn0txyx6bmLWoJklPZEXeJufI/
1alL6C0ZKyzNEEBaF82TIvXtBqz8h7CIqk3oaVQRCCqrL46ECHwr2VgFdo+xCVyd
MhTdHg/P4NyTf3PhD5CJpavr18DCx7JDzLgW6gBl2KbZ3WGmL0bCdkWS92g6OY2s
6RsBOS14qESr7COSK0HMTUCxTYlktoIPlExNZEQA5CG/rxCBb8Nf+PlpgwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFGI9WYsbmJGG0X0Chdc+6YJLBOLrMB8GA1UdIwQY
MBaAFPaOIx1VUYduFa/GY36rf8qACIORMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOW80akhWVlJoMjRWcjhaamZxdF95b0FJZzVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8zNDM5ZDgtN2VhMy00ZTMyLTkzNTIt
YmExZWQ5NDc0YmEyLzEvWWoxWml4dVlrWWJSZlFLRjF6N3Bna3NFNHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8zNDM5ZDgtN2VhMy00ZTMyLTkzNTItYmExZWQ5NDc0YmEy
LzEvOW80akhWVlJoMjRWcjhaamZxdF95b0FJZzVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkAwcAIAEGeA1o
AwcAIAEGeA1sAwcAIAEGeA1wAwcAIAEGfChIMA0GCSqGSIb3DQEBCwUAA4IBAQCB
3YkJwggG380gHVxXauInRbjlLzHgLolUlyss7TTNn9w9fX8dU+kWU+RRueQ1HGHg
NzZ5ZPsYFyrq/t2kbfEjZFN5gR24yXowbdHrn/ey/sUxE0/5aebUlbPVOG7KnPID
WV4tXELnZ4jM+7YA6LS+CYE06GsrJRsm9VbVTpFbHK6+oo/IivmHenSgID5KEMik
NmFnBBGwpq3ufj31ohrxOtOl8TN6zAuJkwyAtPIe9Nr2+VqY7ABuLXmU959sGJOV
qHap5G68g2CtWu69XEgSHsqwtcYNxmHMLmIttAcjWdwBxQZfpWCJDJL6pAeWdT/p
YuzQQToydVBAJjDIavG5
-----END CERTIFICATE-----
Generated at Tue Apr 22 05:08:45 2025 by rpki-client