Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/aLqHk2UMrsAFp8O_WkYeTwl3zWg.roa
File: aLqHk2UMrsAFp8O_WkYeTwl3zWg.roa (raw, json)
Hash identifier: KSJSQQgNlVfvoPK0hF2rIvdyy8wj5LGpw3RQ1LyRxBU=
Subject key identifier: 68:BA:87:93:65:0C:AE:C0:05:A7:C3:BF:5A:46:1E:4F:09:77:CD:68
Certificate issuer: /CN=259490c5dbcfbf590da33bfbd37970a0763469c9
Certificate serial: 019427B5DB47B87F03DCE7C5DD59E2E10714
Authority key identifier: 25:94:90:C5:DB:CF:BF:59:0D:A3:3B:FB:D3:79:70:A0:76:34:69:C9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/aLqHk2UMrsAFp8O_WkYeTwl3zWg.roa
Signing time: Thu 02 Jan 2025 15:50:17 +0000
ROA not before: Thu 02 Jan 2025 15:50:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56849
IP address blocks: 2a09:be41::/32 maxlen: 48
2a09:be42::/31 maxlen: 48
2a09:be44::/30 maxlen: 48
2a0e:ec00::/30 maxlen: 48
2a0e:ec04::/31 maxlen: 48
2a12:49c0::/29 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.crl
rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.mft
rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 10 Apr 2025 23:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:db:47:b8:7f:03:dc:e7:c5:dd:59:e2:e1:07:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=259490c5dbcfbf590da33bfbd37970a0763469c9
Validity
Not Before: Jan 2 15:50:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=68ba8793650caec005a7c3bf5a461e4f0977cd68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:7a:bd:1f:73:8e:a8:45:c0:58:8c:9a:d3:0f:
e5:33:4b:e1:d6:33:8e:29:10:8f:ba:23:b1:85:9c:
56:63:34:8d:e2:72:ed:87:4f:04:74:1b:47:97:bc:
96:f1:a5:a6:9e:c1:1f:7f:6c:28:53:80:f0:4d:84:
ff:ba:d1:cf:b1:6f:a6:20:69:43:ed:b5:48:7d:fc:
10:63:58:53:03:11:02:3e:c5:58:85:1f:6a:86:be:
6f:05:5d:50:29:c1:89:1f:7e:e0:0d:31:ba:b8:b5:
b3:92:74:7a:35:78:ca:ec:f4:6c:4f:39:e5:7b:81:
dd:87:d9:b7:cf:89:c1:db:ba:1e:51:8d:6f:7c:69:
11:e3:69:22:21:17:bd:0c:fc:c5:b5:e0:da:05:7e:
18:86:5d:d1:dc:26:80:50:1c:e7:52:ea:6a:83:cc:
c4:2f:d7:d8:69:eb:b1:56:40:19:2a:cb:f3:bb:71:
9e:4f:e4:8f:0d:5b:c4:59:c0:ac:b1:b0:68:00:f4:
c9:a8:b9:b3:e3:44:78:be:c6:10:63:34:9d:04:13:
cf:5f:5c:f2:4d:72:1c:9c:dd:00:a6:78:0a:0c:00:
d4:c3:f2:e2:15:06:dc:5c:d9:20:11:fa:31:70:d3:
e9:dc:0b:d3:0c:36:8c:95:0a:18:df:9a:ba:2e:5e:
11:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:BA:87:93:65:0C:AE:C0:05:A7:C3:BF:5A:46:1E:4F:09:77:CD:68
X509v3 Authority Key Identifier:
keyid:25:94:90:C5:DB:CF:BF:59:0D:A3:3B:FB:D3:79:70:A0:76:34:69:C9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/aLqHk2UMrsAFp8O_WkYeTwl3zWg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:be41::-2a09:be47:ffff:ffff:ffff:ffff:ffff:ffff
2a0e:ec00::-2a0e:ec05:ffff:ffff:ffff:ffff:ffff:ffff
2a12:49c0::/29
Signature Algorithm: sha256WithRSAEncryption
a6:5e:2a:0e:15:73:63:45:e4:0d:7a:3c:69:fb:d2:cd:59:f9:
2c:f0:a4:94:88:4a:b8:a8:65:d9:5c:a1:40:e7:db:d5:84:a2:
9c:22:20:75:20:81:6a:83:39:c9:10:18:a2:c0:7d:cf:47:9f:
31:54:74:e0:3c:4d:38:0d:f3:36:1a:ee:de:c8:08:18:d0:14:
2d:6d:51:fb:e9:12:c5:68:1e:e0:79:58:36:b7:52:ce:97:64:
30:a1:e8:58:c6:10:79:87:b4:5a:2e:f8:8c:11:c0:50:91:29:
08:1d:9d:37:bb:fc:15:2c:37:1c:83:2e:db:29:eb:db:43:ff:
05:fa:23:b6:d7:98:0b:42:c4:cb:59:b2:38:a2:f8:55:5d:13:
62:b3:2a:77:d6:b2:1a:16:a6:cf:56:e0:ed:13:ae:37:76:6f:
b8:e3:0e:7d:58:a6:d8:34:87:30:7a:a9:7e:16:23:03:87:40:
6d:19:ea:0c:1f:c5:ea:68:99:ce:af:56:b5:10:e4:cb:61:8b:
3a:41:c1:ec:8e:9a:cc:ce:c4:a4:13:6b:d7:f4:32:7e:c0:c7:
f1:b9:74:5c:82:b0:39:c6:b1:a7:5a:de:82:35:aa:de:1e:5e:
4c:43:5e:7d:2f:bd:59:d9:d4:5c:e5:cd:3c:50:bd:f3:3d:12:
78:fb:7d:13
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZQntdtHuH8D3OfF3Vni4QcUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1OTQ5MGM1ZGJjZmJmNTkwZGEzM2JmYmQzNzk3MGEwNzYz
NDY5YzkwHhcNMjUwMTAyMTU1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGJhODc5MzY1MGNhZWMwMDVhN2MzYmY1YTQ2MWU0ZjA5NzdjZDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnq9H3OOqEXAWIya0w/lM0vh1jOO
KRCPuiOxhZxWYzSN4nLth08EdBtHl7yW8aWmnsEff2woU4DwTYT/utHPsW+mIGlD
7bVIffwQY1hTAxECPsVYhR9qhr5vBV1QKcGJH37gDTG6uLWzknR6NXjK7PRsTznl
e4Hdh9m3z4nB27oeUY1vfGkR42kiIRe9DPzFteDaBX4Yhl3R3CaAUBznUupqg8zE
L9fYaeuxVkAZKsvzu3GeT+SPDVvEWcCssbBoAPTJqLmz40R4vsYQYzSdBBPPX1zy
TXIcnN0ApngKDADUw/LiFQbcXNkgEfoxcNPp3AvTDDaMlQoY35q6Ll4RAwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFGi6h5NlDK7ABafDv1pGHk8Jd81oMB8GA1UdIwQY
MBaAFCWUkMXbz79ZDaM7+9N5cKB2NGnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlpTUXhkdlB2MWtOb3p2NzAzbHdvSFkwYWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9lZGFkMmQtOTVjYy00OWQwLTg2ZjQt
M2NlM2NmOGIxYzQ5LzEvYUxxSGsyVU1yc0FGcDhPX1drWWVUd2wzeldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9lZGFkMmQtOTVjYy00OWQwLTg2ZjQtM2NlM2NmOGIxYzQ5
LzEvSlpTUXhkdlB2MWtOb3p2NzAzbHdvSFkwYWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAAjAmMA4DBQAqCb5B
AwUDKgm+QDANAwQCKg7sAwUBKg7sBAMFAyoSScAwDQYJKoZIhvcNAQELBQADggEB
AKZeKg4Vc2NF5A16PGn70s1Z+SzwpJSISrioZdlcoUDn29WEopwiIHUggWqDOckQ
GKLAfc9HnzFUdOA8TTgN8zYa7t7ICBjQFC1tUfvpEsVoHuB5WDa3Us6XZDCh6FjG
EHmHtFou+IwRwFCRKQgdnTe7/BUsNxyDLtsp69tD/wX6I7bXmAtCxMtZsjii+FVd
E2KzKnfWshoWps9W4O0Trjd2b7jjDn1Yptg0hzB6qX4WIwOHQG0Z6gwfxepomc6v
VrUQ5MthizpBweyOmszOxKQTa9f0Mn7Ax/G5dFyCsDnGsada3oI1qt4eXkxDXn0v
vVnZ1FzlzTxQvfM9Enj7fRM=
-----END CERTIFICATE-----
Generated at Thu Apr 10 05:04:29 2025 by rpki-client