Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/YLMZPsprpRxhmDT0WIbhqx6F--Y.roa
File: YLMZPsprpRxhmDT0WIbhqx6F--Y.roa (raw, json)
Hash identifier: tFoaXBl2VXqD6JFS6seQ88nt8uiv/guhHad/lARB2fE=
Subject key identifier: 60:B3:19:3E:CA:6B:A5:1C:61:98:34:F4:58:86:E1:AB:1E:85:FB:E6
Certificate issuer: /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial: 019423D6F9FE156230700145E0F31384E56C
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/YLMZPsprpRxhmDT0WIbhqx6F--Y.roa
Signing time: Wed 01 Jan 2025 21:47:58 +0000
ROA not before: Wed 01 Jan 2025 21:47:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213220
IP address blocks: 2a11:3c40::/32 maxlen: 32
2a11:3c41::/32 maxlen: 32
2a11:6bc1::/32 maxlen: 32
2a11:6bc2::/32 maxlen: 32
2a11:6bc4::/32 maxlen: 32
2a11:6bc6::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.mft
rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 08:00:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d6:f9:fe:15:62:30:70:01:45:e0:f3:13:84:e5:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Validity
Not Before: Jan 1 21:47:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=60b3193eca6ba51c619834f45886e1ab1e85fbe6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:69:22:79:71:e7:2a:a4:cc:71:2d:6a:61:bd:
94:fd:17:44:26:80:7f:6d:9e:57:f4:57:40:96:ea:
fb:f8:cc:84:e2:61:a9:6f:71:fe:c7:29:84:e7:dd:
dc:33:db:47:9e:5b:6c:59:bd:45:b6:80:30:64:b8:
c5:d7:c6:70:33:9e:99:8c:b4:7b:8b:80:14:41:c7:
7d:58:80:36:35:f5:4b:81:19:c8:5f:83:b7:62:13:
b4:f1:63:f4:da:7c:b4:0b:c2:00:35:95:58:7a:82:
a7:05:02:df:0a:52:66:7c:01:1c:3e:be:24:33:6d:
68:d1:0e:e5:ff:fc:2e:b4:ec:7b:9f:70:27:6b:70:
41:62:37:a8:f3:48:28:0e:dd:b7:a1:da:42:21:04:
f9:ba:d1:57:f0:25:c5:b2:6d:d6:5c:68:cd:45:3f:
19:e8:6c:b0:e7:63:dd:89:20:c2:bd:a0:6a:e3:79:
06:fe:97:e8:42:aa:26:b9:48:ce:a2:38:73:af:ea:
f4:1f:5c:38:86:21:52:5e:30:72:dc:b0:d4:41:fe:
81:4f:b3:fa:62:bb:df:a4:7a:ef:74:2c:6a:69:2d:
7d:a8:00:22:a1:14:34:5e:96:8d:04:c7:8c:34:4d:
bc:f7:43:88:e0:4f:59:35:82:05:d4:0a:a5:2e:f5:
b2:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:B3:19:3E:CA:6B:A5:1C:61:98:34:F4:58:86:E1:AB:1E:85:FB:E6
X509v3 Authority Key Identifier:
keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/YLMZPsprpRxhmDT0WIbhqx6F--Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:3c40::/31
2a11:6bc1::-2a11:6bc2:ffff:ffff:ffff:ffff:ffff:ffff
2a11:6bc4::/32
2a11:6bc6::/32
Signature Algorithm: sha256WithRSAEncryption
55:a4:0d:ed:d0:55:e7:44:fd:0d:4c:41:44:ff:5c:d9:06:52:
31:ac:b3:8b:23:b4:6e:9a:ed:b2:ca:6c:29:2f:a2:45:ef:6d:
59:ae:33:78:ec:22:12:8f:04:cc:c6:70:b3:f1:65:d5:db:ae:
31:08:7e:d2:b7:3d:82:c0:48:9a:b0:ac:83:0a:24:98:99:de:
b9:57:d6:df:f8:ce:72:87:63:26:b2:2e:30:54:48:dc:a3:3b:
6d:bf:83:8f:0c:e6:b8:c3:db:05:7e:ba:45:71:89:1f:c0:28:
1d:28:7a:67:40:d5:77:c8:4d:53:0d:8a:6d:bb:42:d8:4c:98:
ac:d7:3f:8e:ea:ae:99:65:0b:80:f4:6b:52:7a:93:ce:a1:4e:
09:73:c6:01:04:ba:06:82:1b:b4:7c:0b:67:96:d8:6e:53:61:
4a:5e:1c:fc:fb:37:be:49:9e:0f:ef:66:03:d4:e9:b8:c4:6a:
b6:f6:62:64:5b:9a:c7:8d:89:23:22:f5:1a:ac:53:d0:1b:d7:
88:f3:93:70:7d:cd:11:74:37:d1:8c:57:75:0f:c1:b6:00:de:
08:0d:21:71:f8:17:bb:65:3f:97:e3:3b:0f:53:20:db:1c:48:
be:4f:fd:3b:6f:e3:da:f8:80:15:62:cf:34:c0:af:24:b8:40:
55:f6:f5:e1
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZQj1vn+FWIwcAFF4PMThOVsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjUwMTAxMjE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGIzMTkzZWNhNmJhNTFjNjE5ODM0ZjQ1ODg2ZTFhYjFlODVmYmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2kieXHnKqTMcS1qYb2U/RdEJoB/
bZ5X9FdAlur7+MyE4mGpb3H+xymE593cM9tHnltsWb1FtoAwZLjF18ZwM56ZjLR7
i4AUQcd9WIA2NfVLgRnIX4O3YhO08WP02ny0C8IANZVYeoKnBQLfClJmfAEcPr4k
M21o0Q7l//wutOx7n3Ana3BBYjeo80goDt23odpCIQT5utFX8CXFsm3WXGjNRT8Z
6Gyw52PdiSDCvaBq43kG/pfoQqomuUjOojhzr+r0H1w4hiFSXjBy3LDUQf6BT7P6
YrvfpHrvdCxqaS19qAAioRQ0XpaNBMeMNE2890OI4E9ZNYIF1AqlLvWyEwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFGCzGT7Ka6UcYZg09FiG4asehfvmMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvWUxNWlBzcHJwUnhobURUMFdJYmhxeDZGLS1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTArBAIAAjAlAwUBKhE8QDAO
AwUAKhFrwQMFACoRa8IDBQAqEWvEAwUAKhFrxjANBgkqhkiG9w0BAQsFAAOCAQEA
VaQN7dBV50T9DUxBRP9c2QZSMayziyO0bprtsspsKS+iRe9tWa4zeOwiEo8EzMZw
s/Fl1duuMQh+0rc9gsBImrCsgwokmJneuVfW3/jOcodjJrIuMFRI3KM7bb+Djwzm
uMPbBX66RXGJH8AoHSh6Z0DVd8hNUw2KbbtC2EyYrNc/juqumWULgPRrUnqTzqFO
CXPGAQS6BoIbtHwLZ5bYblNhSl4c/Ps3vkmeD+9mA9TpuMRqtvZiZFuax42JIyL1
GqxT0BvXiPOTcH3NEXQ30YxXdQ/BtgDeCA0hcfgXu2U/l+M7D1Mg2xxIvk/9O2/j
2viAFWLPNMCvJLhAVfb14Q==
-----END CERTIFICATE-----
Generated at Mon Apr 7 13:10:41 2025 by rpki-client