Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XN3HiqEGei1o-ga4sROls56hvQY.roa
File: XN3HiqEGei1o-ga4sROls56hvQY.roa (raw, json)
Hash identifier: /l2maiEhXpQ+M3NtaCHa1vRMf/Mmr6Qp4xhxFg3idFU=
Subject key identifier: 5C:DD:C7:8A:A1:06:7A:2D:68:FA:06:B8:B1:13:A5:B3:9E:A1:BD:06
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 019349E42C15FCABC166515CE0D8D6FA75BA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XN3HiqEGei1o-ga4sROls56hvQY.roa
Signing time: Wed 20 Nov 2024 14:05:10 +0000
ROA not before: Wed 20 Nov 2024 14:05:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215980
IP address blocks: 2a0e:97c0:e30::/48 maxlen: 48
2a10:ccc0:3000::/48 maxlen: 48
2a10:ccc0:3001::/48 maxlen: 48
2a10:ccc0:3002::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Nov 2024 17:10:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:49:e4:2c:15:fc:ab:c1:66:51:5c:e0:d8:d6:fa:75:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Nov 20 14:05:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5cddc78aa1067a2d68fa06b8b113a5b39ea1bd06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:62:31:c1:30:65:5a:4e:df:a8:de:50:f7:d4:
d7:e6:09:8d:70:75:4f:18:a7:ec:11:60:8c:3e:11:
92:34:54:d3:33:67:43:b8:f6:83:84:2d:38:0f:a3:
70:04:e8:3d:f8:7f:0b:1d:ee:80:fe:4d:ee:da:b4:
34:86:bb:e8:ae:19:65:66:2c:81:00:02:36:fa:e9:
2a:7e:d8:b3:ff:a7:db:30:d5:71:97:59:bf:85:4e:
75:04:01:87:b4:50:a8:a0:20:de:c3:8f:49:7c:5d:
b7:14:49:76:c6:24:4f:f1:af:53:2a:b4:ab:6e:21:
1f:36:f4:5c:c3:ec:75:96:d4:8e:00:3f:ff:3d:dc:
b2:5e:05:b2:41:c2:b7:d6:7e:b7:a6:0f:06:f1:53:
1b:45:a6:f0:0f:df:92:8c:85:a8:2d:e2:f5:c4:fd:
d5:34:de:94:68:38:ff:7c:91:13:31:4a:3f:2c:ff:
2b:d6:5a:5b:60:09:c5:30:d8:8c:76:70:ce:c4:17:
a0:77:b7:b1:9a:92:f1:6b:4e:78:dc:f2:ef:c0:09:
94:00:56:6d:ae:d6:e6:49:45:b2:93:4b:e9:fe:ff:
a2:47:ae:5f:7e:e5:ca:e1:0b:d5:b1:76:bf:13:62:
b2:25:4b:83:a1:3c:a7:9c:e7:c3:00:e3:76:cb:03:
31:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:DD:C7:8A:A1:06:7A:2D:68:FA:06:B8:B1:13:A5:B3:9E:A1:BD:06
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XN3HiqEGei1o-ga4sROls56hvQY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:97c0:e30::/48
2a10:ccc0:3000::-2a10:ccc0:3002:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
18:9b:7a:e4:06:60:2b:58:7a:0e:d7:56:4f:25:80:d6:4f:e9:
17:8f:1a:9c:f2:7e:9c:c8:45:cd:db:2d:83:de:6c:b6:06:cd:
8f:5e:d5:5a:1c:1c:2c:4d:99:3c:ee:9e:4a:a7:2f:5f:63:3d:
cf:72:5e:ce:c6:b8:b3:db:5c:ad:93:f1:e1:d1:77:24:72:e1:
cb:1c:c4:dc:41:14:ac:82:c1:90:85:54:66:77:d6:d2:f0:f2:
db:76:6a:92:7b:49:dc:cf:bc:8d:09:0b:ff:22:db:f1:21:c2:
47:c0:52:3e:4c:10:ab:fc:cb:51:f6:d5:59:18:57:ea:e8:6f:
5d:5c:00:ec:f4:fd:c4:3c:ef:64:9a:02:65:78:7b:c2:f9:fb:
8a:39:b1:c1:9e:8b:8d:84:9d:55:1f:42:73:a3:6e:c3:4a:d2:
c6:5b:cd:72:ef:18:36:fc:13:e7:d0:79:6f:7e:87:ab:e1:a1:
4c:e5:1a:04:cc:85:13:94:b1:a3:d1:f3:89:72:a8:6d:35:63:
7f:de:f7:2b:da:b5:b0:da:db:9a:27:5e:2d:e8:0c:e8:b7:52:
be:d7:b8:9f:91:6c:7e:3b:40:f0:68:dd:5c:1d:25:3d:6b:2e:
1e:ad:1b:3e:9a:39:71:e1:16:cc:60:30:ad:d4:d5:e5:0b:a6:
4c:d0:ce:39
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZNJ5CwV/KvBZlFc4NjW+nW6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMTIwMTQwNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2RkYzc4YWExMDY3YTJkNjhmYTA2YjhiMTEzYTViMzllYTFiZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmIxwTBlWk7fqN5Q99TX5gmNcHVP
GKfsEWCMPhGSNFTTM2dDuPaDhC04D6NwBOg9+H8LHe6A/k3u2rQ0hrvorhllZiyB
AAI2+ukqftiz/6fbMNVxl1m/hU51BAGHtFCooCDew49JfF23FEl2xiRP8a9TKrSr
biEfNvRcw+x1ltSOAD//PdyyXgWyQcK31n63pg8G8VMbRabwD9+SjIWoLeL1xP3V
NN6UaDj/fJETMUo/LP8r1lpbYAnFMNiMdnDOxBegd7exmpLxa0543PLvwAmUAFZt
rtbmSUWyk0vp/v+iR65ffuXK4QvVsXa/E2KyJUuDoTynnOfDAON2ywMxvwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFFzdx4qhBnotaPoGuLETpbOeob0GMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWE4zSGlxRUdlaTFvLWdhNHNST2xzNTZodlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwcAKg6XwA4w
MBEDBgQqEMzAMAMHACoQzMAwAjANBgkqhkiG9w0BAQsFAAOCAQEAGJt65AZgK1h6
DtdWTyWA1k/pF48anPJ+nMhFzdstg95stgbNj17VWhwcLE2ZPO6eSqcvX2M9z3Je
zsa4s9tcrZPx4dF3JHLhyxzE3EEUrILBkIVUZnfW0vDy23ZqkntJ3M+8jQkL/yLb
8SHCR8BSPkwQq/zLUfbVWRhX6uhvXVwA7PT9xDzvZJoCZXh7wvn7ijmxwZ6LjYSd
VR9Cc6Nuw0rSxlvNcu8YNvwT59B5b36Hq+GhTOUaBMyFE5Sxo9HziXKobTVjf973
K9q1sNrbmideLegM6LdSvte4n5FsfjtA8GjdXB0lPWsuHq0bPpo5ceEWzGAwrdTV
5QumTNDOOQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:24:31 2024 by rpki-client on console-fra.rpki-client.org