Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/cae652-a218-42f6-97af-794b28eb16c5/1/1bCVWoklxu9pgUWQ1mLHB-EXkFA.roa
File: 1bCVWoklxu9pgUWQ1mLHB-EXkFA.roa (raw, json)
Hash identifier: D3wGeYBSZH8FYHWMq5xGTReS6aaUmIPr/PoC2v0b+3Q=
Subject key identifier: D5:B0:95:5A:89:25:C6:EF:69:81:45:90:D6:62:C7:07:E1:17:90:50
Certificate issuer: /CN=7139bc5cef3aeadf32613f7d959ec8e40a742918
Certificate serial: 0194214451A2D3DEB41202450E233499C2A6
Authority key identifier: 71:39:BC:5C:EF:3A:EA:DF:32:61:3F:7D:95:9E:C8:E4:0A:74:29:18
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cTm8XO866t8yYT99lZ7I5Ap0KRg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/cae652-a218-42f6-97af-794b28eb16c5/1/1bCVWoklxu9pgUWQ1mLHB-EXkFA.roa
Signing time: Wed 01 Jan 2025 09:48:33 +0000
ROA not before: Wed 01 Jan 2025 09:48:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2a10:e341::/32 maxlen: 32
2a10:e342::/32 maxlen: 32
2a10:e343::/32 maxlen: 32
2a10:e344::/32 maxlen: 32
2a10:e345::/32 maxlen: 32
2a10:e346::/32 maxlen: 32
2a10:e347::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4d/cae652-a218-42f6-97af-794b28eb16c5/1/cTm8XO866t8yYT99lZ7I5Ap0KRg.crl
rsync://rpki.ripe.net/repository/DEFAULT/4d/cae652-a218-42f6-97af-794b28eb16c5/1/cTm8XO866t8yYT99lZ7I5Ap0KRg.mft
rsync://rpki.ripe.net/repository/DEFAULT/cTm8XO866t8yYT99lZ7I5Ap0KRg.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:51:a2:d3:de:b4:12:02:45:0e:23:34:99:c2:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7139bc5cef3aeadf32613f7d959ec8e40a742918
Validity
Not Before: Jan 1 09:48:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d5b0955a8925c6ef69814590d662c707e1179050
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:43:54:c5:c3:6a:b0:09:18:26:3e:a3:32:73:
78:b7:6b:cf:7f:08:d7:1d:aa:e5:3b:1e:89:9a:d1:
36:62:9d:95:88:21:8a:2b:c3:d9:8f:d9:b6:91:f9:
62:a4:d9:76:1b:19:7a:90:d0:62:e8:77:cd:97:2b:
22:62:9b:5d:85:fe:61:3c:7a:8f:9d:ae:4f:be:57:
6d:58:80:3b:39:1b:ce:9f:bc:df:7c:f3:9e:92:12:
49:f8:df:77:61:fb:4c:39:db:1e:a9:f7:7f:9c:3c:
89:cb:17:76:c1:c3:68:5f:83:ac:a9:a2:32:05:ba:
11:83:d6:c6:d7:59:27:a5:90:d3:26:49:c0:02:8f:
4c:2a:70:73:61:f8:e2:79:f3:a6:e0:88:66:63:61:
57:3c:00:5d:85:f7:a4:01:9a:3a:74:44:f0:2e:6c:
60:28:e1:38:1f:83:39:e2:80:a6:92:4a:56:51:18:
b5:ea:5c:d1:56:ac:2a:59:ba:5b:02:f0:1a:80:e5:
ff:3f:5c:ac:8e:80:a1:49:0f:7c:68:a2:18:95:f4:
ad:35:64:3e:2e:46:0d:73:b5:46:84:4d:c7:cb:b2:
09:b7:56:fb:1c:15:18:68:6e:a8:64:fa:22:2f:62:
61:f1:bd:b9:d0:3c:12:5b:9b:95:65:f5:b3:cf:f8:
15:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:B0:95:5A:89:25:C6:EF:69:81:45:90:D6:62:C7:07:E1:17:90:50
X509v3 Authority Key Identifier:
keyid:71:39:BC:5C:EF:3A:EA:DF:32:61:3F:7D:95:9E:C8:E4:0A:74:29:18
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cTm8XO866t8yYT99lZ7I5Ap0KRg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/cae652-a218-42f6-97af-794b28eb16c5/1/1bCVWoklxu9pgUWQ1mLHB-EXkFA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/cae652-a218-42f6-97af-794b28eb16c5/1/cTm8XO866t8yYT99lZ7I5Ap0KRg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a10:e341::-2a10:e347:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
33:78:63:66:d5:cf:3a:1b:81:16:d6:ff:3d:4f:76:19:fd:4d:
e0:33:3e:50:a5:ef:7b:47:47:f0:72:51:14:28:d8:ac:d6:2e:
f8:7e:1f:cf:a9:09:27:fb:b6:e8:84:51:8a:d0:47:57:9e:08:
f0:d0:07:65:13:4d:12:a1:3f:3e:dd:61:cb:5e:19:da:de:d5:
be:6f:d1:49:b7:b9:a7:f1:f8:ea:0b:4e:7b:5b:49:2b:27:2c:
1b:6d:d6:7e:2a:1a:1c:eb:0b:cd:1d:40:8f:f5:e3:5a:5f:8a:
2e:90:86:51:d2:7d:b2:d8:a5:d7:22:56:24:e9:b7:cd:07:c3:
96:a2:c7:2c:3b:6b:8b:c2:f3:f1:49:18:ad:98:75:7f:51:5f:
fa:1c:75:a4:24:4a:3a:b4:cb:66:bc:0a:e5:07:ca:5a:47:a6:
60:c2:fb:db:90:6a:f3:5b:c5:45:0f:00:bc:eb:a4:fd:8f:a8:
aa:37:ab:05:1a:62:b9:85:0d:b3:f7:21:42:db:bc:09:22:c7:
18:75:95:8c:e8:59:64:02:aa:65:5b:c8:f4:98:da:82:2b:62:
7e:ea:e7:b5:9a:5f:47:cb:58:6e:a4:a4:54:51:fd:e8:50:22:
21:00:31:4a:40:ff:33:7a:25:07:bf:ea:f9:ab:e2:42:e4:0f:
1d:cc:81:e3
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQhRFGi0960EgJFDiM0mcKmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMzliYzVjZWYzYWVhZGYzMjYxM2Y3ZDk1OWVjOGU0MGE3
NDI5MTgwHhcNMjUwMTAxMDk0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWIwOTU1YTg5MjVjNmVmNjk4MTQ1OTBkNjYyYzcwN2UxMTc5MDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ENUxcNqsAkYJj6jMnN4t2vPfwjX
HarlOx6JmtE2Yp2ViCGKK8PZj9m2kflipNl2Gxl6kNBi6HfNlysiYptdhf5hPHqP
na5PvldtWIA7ORvOn7zffPOekhJJ+N93YftMOdseqfd/nDyJyxd2wcNoX4OsqaIy
BboRg9bG11knpZDTJknAAo9MKnBzYfjiefOm4IhmY2FXPABdhfekAZo6dETwLmxg
KOE4H4M54oCmkkpWURi16lzRVqwqWbpbAvAagOX/P1ysjoChSQ98aKIYlfStNWQ+
LkYNc7VGhE3Hy7IJt1b7HBUYaG6oZPoiL2Jh8b250DwSW5uVZfWzz/gVawIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFNWwlVqJJcbvaYFFkNZixwfhF5BQMB8GA1UdIwQY
MBaAFHE5vFzvOurfMmE/fZWeyOQKdCkYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1RtOFhPODY2dDh5WVQ5OWxaN0k1QXAwS1JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jYWU2NTItYTIxOC00MmY2LTk3YWYt
Nzk0YjI4ZWIxNmM1LzEvMWJDVldva2x4dTlwZ1VXUTFtTEhCLUVYa0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jYWU2NTItYTIxOC00MmY2LTk3YWYtNzk0YjI4ZWIxNmM1
LzEvY1RtOFhPODY2dDh5WVQ5OWxaN0k1QXAwS1JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqEONB
AwUDKhDjQDANBgkqhkiG9w0BAQsFAAOCAQEAM3hjZtXPOhuBFtb/PU92Gf1N4DM+
UKXve0dH8HJRFCjYrNYu+H4fz6kJJ/u26IRRitBHV54I8NAHZRNNEqE/Pt1hy14Z
2t7Vvm/RSbe5p/H46gtOe1tJKycsG23WfioaHOsLzR1Aj/XjWl+KLpCGUdJ9stil
1yJWJOm3zQfDlqLHLDtri8Lz8UkYrZh1f1Ff+hx1pCRKOrTLZrwK5QfKWkemYML7
25Bq81vFRQ8AvOuk/Y+oqjerBRpiuYUNs/chQtu8CSLHGHWVjOhZZAKqZVvI9Jja
gitifurntZpfR8tYbqSkVFH96FAiIQAxSkD/M3olB7/q+aviQuQPHcyB4w==
-----END CERTIFICATE-----
Generated at Sat Apr 12 02:26:45 2025 by rpki-client