Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LB_t08DPTNyxU120z1nclHuMwMI.roa
File: LB_t08DPTNyxU120z1nclHuMwMI.roa (raw, json)
Hash identifier: tD2v/rZHmdopAY/iPcE41q7HJJs5sc+Muz0vNadXByE=
Subject key identifier: 2C:1F:ED:D3:C0:CF:4C:DC:B1:53:5D:B4:CF:59:DC:94:7B:8C:C0:C2
Certificate issuer: /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial: 01941F8C8A4BDEB3179F17304AE7EA573B2E
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LB_t08DPTNyxU120z1nclHuMwMI.roa
Signing time: Wed 01 Jan 2025 01:48:11 +0000
ROA not before: Wed 01 Jan 2025 01:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213220
IP address blocks: 2a13:5200::/32 maxlen: 32
2a13:5201::/32 maxlen: 32
2a13:5202::/32 maxlen: 32
2a13:5203::/32 maxlen: 32
2a13:5204::/32 maxlen: 32
2a13:5205::/32 maxlen: 32
2a13:5206::/32 maxlen: 32
2a13:5207::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 22:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:8a:4b:de:b3:17:9f:17:30:4a:e7:ea:57:3b:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Validity
Not Before: Jan 1 01:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2c1fedd3c0cf4cdcb1535db4cf59dc947b8cc0c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:fa:b5:53:a8:a8:35:60:00:40:cf:2c:0d:a6:
06:70:ad:e9:28:66:d5:15:21:f3:47:ed:f1:b1:fe:
15:88:58:8c:ef:f5:03:b3:ff:cf:13:0c:93:98:b5:
e4:c7:7d:dd:98:c2:0a:da:e4:ab:39:28:6c:04:3c:
34:53:2b:80:85:95:af:d3:40:35:eb:aa:b9:dc:c3:
98:6b:d5:b2:25:35:41:88:4e:b6:7f:23:c6:73:8b:
35:c5:d6:01:97:e1:e4:52:73:7d:c3:5f:b0:5b:bf:
93:11:84:87:6d:fc:f0:10:0c:a7:71:bc:c0:2f:02:
19:cd:c8:8a:9b:7b:e8:f9:96:cf:df:ab:e5:23:dc:
ff:33:b6:70:2c:99:52:e9:7e:ec:9a:a2:cc:42:bb:
c3:0f:f2:1b:6f:70:ed:9b:c2:9d:74:a0:9d:e1:e7:
be:66:8d:cf:93:a3:07:41:e1:58:cb:cd:b2:e3:37:
c1:89:54:92:f9:e1:38:5f:ac:1a:4d:ab:c8:d5:10:
a5:5e:ec:a5:d6:2e:f7:3d:8f:2e:72:50:ae:73:88:
58:13:05:3a:55:66:55:5a:ee:d5:d7:73:ea:2c:bf:
96:e6:70:54:48:0e:ce:93:96:1b:85:bd:de:da:b6:
4b:59:fd:e0:ff:e3:e0:9f:85:ea:b8:a0:76:93:27:
e7:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:1F:ED:D3:C0:CF:4C:DC:B1:53:5D:B4:CF:59:DC:94:7B:8C:C0:C2
X509v3 Authority Key Identifier:
keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LB_t08DPTNyxU120z1nclHuMwMI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:5200::/29
Signature Algorithm: sha256WithRSAEncryption
82:ee:33:98:eb:73:e5:43:b7:65:a8:44:27:63:f4:1f:05:39:
3c:1c:ee:5f:ef:48:52:ee:45:b9:56:6c:fb:1e:48:23:e7:51:
c2:ea:8c:16:52:4a:49:5d:df:91:f7:03:21:52:4a:f5:93:17:
71:8c:8c:1b:ff:1d:e3:64:fa:72:d3:a4:b1:0a:f4:33:18:b6:
c2:b1:3e:60:fd:2e:92:00:d5:98:89:aa:b7:37:d0:94:78:de:
ab:58:11:09:5b:9d:42:cc:f2:1a:f4:c0:26:f3:aa:ef:e9:5f:
26:7b:f6:29:fc:c1:6c:89:85:7b:de:4a:01:1d:9b:e3:c2:f4:
dd:75:8a:03:56:cd:29:8f:0d:77:58:75:14:4c:dc:e2:3f:be:
b4:07:65:f3:9b:a9:8d:ae:9f:23:e3:ca:86:55:c6:ca:67:56:
46:64:12:7f:db:e6:cf:95:89:e1:f5:ac:f9:76:01:ec:d1:f3:
ef:69:e4:fa:cd:de:0c:f7:49:6f:0d:6e:d6:ea:e8:53:b7:ad:
c2:fc:a1:5c:88:7d:e8:69:50:ca:6c:75:19:fd:02:e3:3c:34:
6a:f4:77:f5:c3:da:5d:d5:ec:cb:7e:1a:c7:23:fb:ca:d2:b7:
3e:c0:57:ad:d1:75:ba:03:d0:2f:bc:67:f3:7e:fa:c1:81:af:
e7:f0:9d:68
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjIpL3rMXnxcwSufqVzsuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjUwMTAxMDE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzFmZWRkM2MwY2Y0Y2RjYjE1MzVkYjRjZjU5ZGM5NDdiOGNjMGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/q1U6ioNWAAQM8sDaYGcK3pKGbV
FSHzR+3xsf4ViFiM7/UDs//PEwyTmLXkx33dmMIK2uSrOShsBDw0UyuAhZWv00A1
66q53MOYa9WyJTVBiE62fyPGc4s1xdYBl+HkUnN9w1+wW7+TEYSHbfzwEAyncbzA
LwIZzciKm3vo+ZbP36vlI9z/M7ZwLJlS6X7smqLMQrvDD/Ibb3Dtm8KddKCd4ee+
Zo3Pk6MHQeFYy82y4zfBiVSS+eE4X6waTavI1RClXuyl1i73PY8uclCuc4hYEwU6
VWZVWu7V13PqLL+W5nBUSA7Ok5Ybhb3e2rZLWf3g/+Pgn4XquKB2kyfnkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCwf7dPAz0zcsVNdtM9Z3JR7jMDCMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvTEJfdDA4RFBUTnl4VTEyMHoxbmNsSHVNd01JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNSADAN
BgkqhkiG9w0BAQsFAAOCAQEAgu4zmOtz5UO3ZahEJ2P0HwU5PBzuX+9IUu5FuVZs
+x5II+dRwuqMFlJKSV3fkfcDIVJK9ZMXcYyMG/8d42T6ctOksQr0Mxi2wrE+YP0u
kgDVmImqtzfQlHjeq1gRCVudQszyGvTAJvOq7+lfJnv2KfzBbImFe95KAR2b48L0
3XWKA1bNKY8Nd1h1FEzc4j++tAdl85upja6fI+PKhlXGymdWRmQSf9vmz5WJ4fWs
+XYB7NHz72nk+s3eDPdJbw1u1uroU7etwvyhXIh96GlQymx1Gf0C4zw0avR39cPa
XdXsy34axyP7ytK3PsBXrdF1ugPQL7xn8376wYGv5/CdaA==
-----END CERTIFICATE-----
Generated at Sun Apr 6 05:16:23 2025 by rpki-client