Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/KBHAEuTQwMUyiCX_3RfZwtGUVwk.roa
File: KBHAEuTQwMUyiCX_3RfZwtGUVwk.roa (raw, json)
Hash identifier: MrQgPzvtmJ1OylGpfrcHItYSdYG/3jwcYZSpyY/5nO0=
Subject key identifier: 28:11:C0:12:E4:D0:C0:C5:32:88:25:FF:DD:17:D9:C2:D1:94:57:09
Certificate issuer: /CN=259490c5dbcfbf590da33bfbd37970a0763469c9
Certificate serial: 019427B5DCE0CD90EFF8EA4FB63F1F5FF78E
Authority key identifier: 25:94:90:C5:DB:CF:BF:59:0D:A3:3B:FB:D3:79:70:A0:76:34:69:C9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/KBHAEuTQwMUyiCX_3RfZwtGUVwk.roa
Signing time: Thu 02 Jan 2025 15:50:17 +0000
ROA not before: Thu 02 Jan 2025 15:50:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213388
IP address blocks: 2a09:be41::/32 maxlen: 48
2a09:be42::/32 maxlen: 48
2a09:be43::/32 maxlen: 48
2a09:be44::/32 maxlen: 48
2a09:be45::/32 maxlen: 48
2a09:be46::/32 maxlen: 48
2a09:be47::/32 maxlen: 48
2a12:49c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.crl
rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.mft
rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 16:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:dc:e0:cd:90:ef:f8:ea:4f:b6:3f:1f:5f:f7:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=259490c5dbcfbf590da33bfbd37970a0763469c9
Validity
Not Before: Jan 2 15:50:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2811c012e4d0c0c5328825ffdd17d9c2d1945709
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:d7:8b:a9:b2:d4:b6:02:42:38:1a:99:0a:5d:
7a:a4:bc:00:0e:10:98:7a:0c:1b:ca:32:cb:03:80:
0b:c3:c6:10:01:71:34:d5:e8:fc:9f:d6:7a:c1:93:
7f:22:7f:93:a4:06:7f:df:4b:bc:d8:3c:6b:c1:1e:
c5:78:87:14:05:fe:94:3c:6a:eb:85:37:2d:d1:2f:
d3:f8:7d:a8:20:75:d9:44:9d:38:d1:da:4f:a8:f0:
5e:28:2b:9b:19:fe:9a:dd:10:d6:85:91:41:5b:40:
64:86:66:81:65:50:8b:cc:fd:17:b6:6a:7d:f7:a3:
a4:48:25:24:dd:15:f1:6a:07:30:ca:5a:93:70:9f:
03:68:33:1c:45:03:c4:66:ea:d7:81:26:e1:9f:4d:
bf:78:e7:65:b5:35:28:36:39:2a:e5:e0:24:23:69:
bd:d9:c4:f9:a9:d1:76:61:fb:f3:dc:6e:3c:a0:a6:
56:6b:de:08:54:87:ba:3e:92:f7:45:a9:0e:f8:58:
43:d1:0a:d8:f2:3b:8d:15:55:76:cf:21:e0:65:3a:
78:0d:98:71:f2:27:79:38:5f:97:f2:57:ca:d8:fe:
47:3c:38:cd:28:a9:82:fb:67:44:3b:72:e4:4d:39:
92:9d:89:1a:1a:be:0d:f7:f0:49:ad:93:8d:7a:28:
79:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:11:C0:12:E4:D0:C0:C5:32:88:25:FF:DD:17:D9:C2:D1:94:57:09
X509v3 Authority Key Identifier:
keyid:25:94:90:C5:DB:CF:BF:59:0D:A3:3B:FB:D3:79:70:A0:76:34:69:C9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/KBHAEuTQwMUyiCX_3RfZwtGUVwk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:be41::-2a09:be47:ffff:ffff:ffff:ffff:ffff:ffff
2a12:49c0::/29
Signature Algorithm: sha256WithRSAEncryption
7a:46:19:dc:76:a6:e8:00:86:5e:a1:4c:e0:30:f0:8c:64:a2:
cf:c3:30:6f:c6:91:05:e9:ba:34:f1:92:f5:b3:ca:ab:ab:54:
7b:ea:66:de:e9:e3:1b:90:80:08:c0:47:f6:66:c4:aa:94:f2:
57:65:9b:7e:0f:76:a1:c7:cd:82:09:20:e8:e6:18:11:83:2b:
b8:01:bd:39:fb:c4:73:7f:76:d5:58:6f:7c:c7:26:0f:63:6c:
cd:df:1f:a6:f9:5c:98:65:11:a2:19:06:ed:95:84:4c:c7:29:
c5:d2:e6:39:43:13:86:6d:78:6f:fa:d8:f6:21:6c:c1:1a:43:
86:3f:93:f9:ed:b3:66:39:55:32:6e:46:62:27:92:07:93:fc:
cb:21:9e:fd:e8:b9:ce:7d:f7:c2:f9:9d:98:7f:fe:e7:2b:42:
0b:81:3e:1a:36:1a:45:fc:ca:df:e9:a6:dd:c3:d9:e6:36:79:
43:5d:79:8d:71:c2:bf:c6:62:bd:f3:f7:87:32:ab:46:3c:a1:
97:f5:e9:fc:88:c1:8b:77:7c:86:b8:d4:e5:77:5f:fe:b9:de:
c7:ce:71:85:2f:e4:19:7d:f9:d1:b6:07:f9:9f:d3:22:30:13:
ec:3f:9e:bd:9b:6c:56:05:74:1e:5c:7d:fe:45:29:73:11:9f:
cb:0d:49:c8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQntdzgzZDv+OpPtj8fX/eOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1OTQ5MGM1ZGJjZmJmNTkwZGEzM2JmYmQzNzk3MGEwNzYz
NDY5YzkwHhcNMjUwMTAyMTU1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODExYzAxMmU0ZDBjMGM1MzI4ODI1ZmZkZDE3ZDljMmQxOTQ1NzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydeLqbLUtgJCOBqZCl16pLwADhCY
egwbyjLLA4ALw8YQAXE01ej8n9Z6wZN/In+TpAZ/30u82DxrwR7FeIcUBf6UPGrr
hTct0S/T+H2oIHXZRJ040dpPqPBeKCubGf6a3RDWhZFBW0BkhmaBZVCLzP0Xtmp9
96OkSCUk3RXxagcwylqTcJ8DaDMcRQPEZurXgSbhn02/eOdltTUoNjkq5eAkI2m9
2cT5qdF2Yfvz3G48oKZWa94IVIe6PpL3RakO+FhD0QrY8juNFVV2zyHgZTp4DZhx
8id5OF+X8lfK2P5HPDjNKKmC+2dEO3LkTTmSnYkaGr4N9/BJrZONeih5JwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCgRwBLk0MDFMogl/90X2cLRlFcJMB8GA1UdIwQY
MBaAFCWUkMXbz79ZDaM7+9N5cKB2NGnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlpTUXhkdlB2MWtOb3p2NzAzbHdvSFkwYWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9lZGFkMmQtOTVjYy00OWQwLTg2ZjQt
M2NlM2NmOGIxYzQ5LzEvS0JIQUV1VFF3TVV5aUNYXzNSZlp3dEdVVndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9lZGFkMmQtOTVjYy00OWQwLTg2ZjQtM2NlM2NmOGIxYzQ5
LzEvSlpTUXhkdlB2MWtOb3p2NzAzbHdvSFkwYWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXMA4DBQAqCb5B
AwUDKgm+QAMFAyoSScAwDQYJKoZIhvcNAQELBQADggEBAHpGGdx2pugAhl6hTOAw
8Ixkos/DMG/GkQXpujTxkvWzyqurVHvqZt7p4xuQgAjAR/ZmxKqU8ldlm34PdqHH
zYIJIOjmGBGDK7gBvTn7xHN/dtVYb3zHJg9jbM3fH6b5XJhlEaIZBu2VhEzHKcXS
5jlDE4ZteG/62PYhbMEaQ4Y/k/nts2Y5VTJuRmInkgeT/Mshnv3ouc5998L5nZh/
/ucrQguBPho2GkX8yt/ppt3D2eY2eUNdeY1xwr/GYr3z94cyq0Y8oZf16fyIwYt3
fIa41OV3X/653sfOcYUv5Bl9+dG2B/mf0yIwE+w/nr2bbFYFdB5cff5FKXMRn8sN
Scg=
-----END CERTIFICATE-----
Generated at Sun Apr 6 22:40:15 2025 by rpki-client