Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/9c83a5-3a9a-4715-9b16-4046324970af/1/3U4MivbAgZFFTzpri9v9qzr-9Dg.roa
File: 3U4MivbAgZFFTzpri9v9qzr-9Dg.roa (raw, json)
Hash identifier: OpxoqQJPTPV/7nPesTeS09o0jfmFmQcqEJLqODzVTIM=
Subject key identifier: DD:4E:0C:8A:F6:C0:81:91:45:4F:3A:6B:8B:DB:FD:AB:3A:FE:F4:38
Certificate issuer: /CN=ab9dc85f94ca647de0db64d74d3139947cc449ba
Certificate serial: 019427B52EE8E8D78EF28579BF090E3DF9D3
Authority key identifier: AB:9D:C8:5F:94:CA:64:7D:E0:DB:64:D7:4D:31:39:94:7C:C4:49:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q53IX5TKZH3g22TXTTE5lHzESbo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/9c83a5-3a9a-4715-9b16-4046324970af/1/3U4MivbAgZFFTzpri9v9qzr-9Dg.roa
Signing time: Thu 02 Jan 2025 15:49:32 +0000
ROA not before: Thu 02 Jan 2025 15:49:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20705
IP address blocks: 2a0c:6c40:a4ee::/47 maxlen: 48
2a0c:6c40:c82e::/47 maxlen: 48
2a0c:6c40:c840::/47 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/37/9c83a5-3a9a-4715-9b16-4046324970af/1/q53IX5TKZH3g22TXTTE5lHzESbo.crl
rsync://rpki.ripe.net/repository/DEFAULT/37/9c83a5-3a9a-4715-9b16-4046324970af/1/q53IX5TKZH3g22TXTTE5lHzESbo.mft
rsync://rpki.ripe.net/repository/DEFAULT/q53IX5TKZH3g22TXTTE5lHzESbo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:2e:e8:e8:d7:8e:f2:85:79:bf:09:0e:3d:f9:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab9dc85f94ca647de0db64d74d3139947cc449ba
Validity
Not Before: Jan 2 15:49:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dd4e0c8af6c08191454f3a6b8bdbfdab3afef438
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:60:82:b6:24:79:17:12:a9:41:f6:2e:3f:31:
2e:74:c0:98:72:f8:98:2b:39:72:b1:6d:8b:55:c8:
ac:9b:4c:f8:c1:13:31:16:ad:31:71:47:e7:7a:b4:
1c:ba:a7:9a:14:7b:58:c1:d1:d2:ed:52:ae:9d:40:
c2:01:cc:ae:1d:51:60:21:ee:3a:f1:1d:07:02:16:
2d:41:31:0b:e5:22:98:12:79:19:88:2c:f0:df:a8:
b6:9e:b7:52:33:6a:da:e8:28:0c:ae:1f:4f:61:7a:
1d:3f:ac:fe:3c:1f:53:9a:35:d2:ea:20:53:13:f3:
8a:0d:be:d8:a6:d6:ce:78:79:f9:e8:38:12:7b:59:
bd:53:82:76:84:ba:4e:41:35:58:16:18:6a:ed:2f:
2a:a0:4d:8f:8f:83:f5:66:90:e6:39:46:2a:e0:a4:
81:2f:3a:fd:b1:26:13:43:85:ae:ae:85:e0:56:81:
c0:28:e3:0f:3c:a7:f0:06:5d:b2:24:b2:99:ad:7f:
20:f1:1c:a0:1b:13:55:25:98:4b:17:ee:b8:3f:69:
a4:eb:49:19:f2:98:4c:47:18:a3:74:e6:36:df:20:
56:df:16:0e:6f:f5:f1:f3:e4:f3:94:67:64:f0:10:
b7:c6:7c:8a:56:49:be:1e:a2:85:f4:73:6c:b6:db:
d2:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:4E:0C:8A:F6:C0:81:91:45:4F:3A:6B:8B:DB:FD:AB:3A:FE:F4:38
X509v3 Authority Key Identifier:
keyid:AB:9D:C8:5F:94:CA:64:7D:E0:DB:64:D7:4D:31:39:94:7C:C4:49:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q53IX5TKZH3g22TXTTE5lHzESbo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/9c83a5-3a9a-4715-9b16-4046324970af/1/3U4MivbAgZFFTzpri9v9qzr-9Dg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/9c83a5-3a9a-4715-9b16-4046324970af/1/q53IX5TKZH3g22TXTTE5lHzESbo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0c:6c40:a4ee::/47
2a0c:6c40:c82e::/47
2a0c:6c40:c840::/47
Signature Algorithm: sha256WithRSAEncryption
4a:6a:70:15:ee:81:c5:16:e1:c7:2a:3b:43:eb:da:7d:32:22:
11:06:78:c9:61:cd:21:db:87:cd:cb:57:00:76:c9:1d:2d:49:
61:bc:7e:e8:d9:c8:7b:35:c3:05:27:90:91:14:72:95:02:38:
c7:ee:64:18:63:05:32:bb:53:ea:12:7e:3f:4a:91:65:88:1d:
d1:cc:93:a0:89:f9:56:43:b9:5e:84:e5:11:f0:5f:e5:93:a5:
48:74:ea:5c:81:4c:cf:e3:2e:e4:43:3d:11:42:22:88:14:c1:
6c:4e:ff:60:a3:8a:7b:7d:7b:e7:14:bb:ee:05:d1:05:e8:45:
fd:a6:8b:8d:ec:9a:6e:82:39:4c:a9:fa:64:f8:84:f6:a3:8e:
c5:a1:0a:af:b5:1a:28:59:fd:07:a7:46:7e:8e:ae:b8:7a:9b:
88:cc:d9:c9:25:90:90:d0:12:50:27:bd:fc:18:45:ba:b4:49:
ee:c2:eb:3b:c7:f5:6e:e6:84:04:b4:ed:93:66:6f:ac:2b:1c:
2b:52:fd:a2:1a:27:e8:ce:7e:47:8d:b6:91:8d:00:94:cb:c2:
64:81:39:f9:3e:b6:ae:66:24:d2:da:b5:b9:5a:07:9a:c6:7a:
71:fe:d9:42:ff:3e:28:23:1f:e1:af:73:0e:e5:a7:bb:af:4e:
a6:65:54:e5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQntS7o6NeO8oV5vwkOPfnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOWRjODVmOTRjYTY0N2RlMGRiNjRkNzRkMzEzOTk0N2Nj
NDQ5YmEwHhcNMjUwMTAyMTU0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDRlMGM4YWY2YzA4MTkxNDU0ZjNhNmI4YmRiZmRhYjNhZmVmNDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmCCtiR5FxKpQfYuPzEudMCYcviY
KzlysW2LVcism0z4wRMxFq0xcUfnerQcuqeaFHtYwdHS7VKunUDCAcyuHVFgIe46
8R0HAhYtQTEL5SKYEnkZiCzw36i2nrdSM2ra6CgMrh9PYXodP6z+PB9TmjXS6iBT
E/OKDb7YptbOeHn56DgSe1m9U4J2hLpOQTVYFhhq7S8qoE2Pj4P1ZpDmOUYq4KSB
Lzr9sSYTQ4WuroXgVoHAKOMPPKfwBl2yJLKZrX8g8RygGxNVJZhLF+64P2mk60kZ
8phMRxijdOY23yBW3xYOb/Xx8+TzlGdk8BC3xnyKVkm+HqKF9HNsttvSvwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFN1ODIr2wIGRRU86a4vb/as6/vQ4MB8GA1UdIwQY
MBaAFKudyF+UymR94Ntk100xOZR8xEm6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTUzSVg1VEtaSDNnMjJUWFRURTVsSHpFU2JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy85YzgzYTUtM2E5YS00NzE1LTliMTYt
NDA0NjMyNDk3MGFmLzEvM1U0TWl2YkFnWkZGVHpwcmk5djlxenItOURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy85YzgzYTUtM2E5YS00NzE1LTliMTYtNDA0NjMyNDk3MGFm
LzEvcTUzSVg1VEtaSDNnMjJUWFRURTVsSHpFU2JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcBKgxsQKTu
AwcBKgxsQMguAwcBKgxsQMhAMA0GCSqGSIb3DQEBCwUAA4IBAQBKanAV7oHFFuHH
KjtD69p9MiIRBnjJYc0h24fNy1cAdskdLUlhvH7o2ch7NcMFJ5CRFHKVAjjH7mQY
YwUyu1PqEn4/SpFliB3RzJOgiflWQ7lehOUR8F/lk6VIdOpcgUzP4y7kQz0RQiKI
FMFsTv9go4p7fXvnFLvuBdEF6EX9pouN7JpugjlMqfpk+IT2o47FoQqvtRooWf0H
p0Z+jq64epuIzNnJJZCQ0BJQJ738GEW6tEnuwus7x/Vu5oQEtO2TZm+sKxwrUv2i
Gifozn5HjbaRjQCUy8JkgTn5PrauZiTS2rW5Wgeaxnpx/tlC/z4oIx/hr3MO5ae7
r06mZVTl
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:57:56 2025 by rpki-client