Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/1BHVcdS3kmkGH_bI9qfHON5UHfk.roa
File: 1BHVcdS3kmkGH_bI9qfHON5UHfk.roa (raw, json)
Hash identifier: AuazvzToypQPnv8ss86Zt+CVshNBwKgwrntRNHToSZU=
Subject key identifier: D4:11:D5:71:D4:B7:92:69:06:1F:F6:C8:F6:A7:C7:38:DE:54:1D:F9
Certificate issuer: /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial: 01949278F02C57BA6D798C69136E3BD8F374
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/1BHVcdS3kmkGH_bI9qfHON5UHfk.roa
Signing time: Thu 23 Jan 2025 09:23:06 +0000
ROA not before: Thu 23 Jan 2025 09:23:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201364
IP address blocks: 2a0f:3380::/32 maxlen: 32
2a0f:3381::/32 maxlen: 32
2a0f:3382::/32 maxlen: 32
2a0f:3383::/32 maxlen: 32
2a0f:3384::/32 maxlen: 32
2a0f:3385::/32 maxlen: 32
2a0f:3386::/32 maxlen: 32
2a0f:3387::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 06:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:92:78:f0:2c:57:ba:6d:79:8c:69:13:6e:3b:d8:f3:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Validity
Not Before: Jan 23 09:23:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d411d571d4b79269061ff6c8f6a7c738de541df9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:da:54:03:4d:66:ab:37:68:54:c2:14:35:de:
40:34:49:3f:4f:4b:6f:bb:ad:4c:da:a1:9f:2e:74:
4d:19:0f:f0:98:f3:19:0a:11:ed:2b:9b:91:65:cc:
ec:5a:af:07:92:9c:4c:09:f5:61:82:da:5a:c9:10:
a4:3e:d0:d9:27:b6:92:61:f1:a9:24:44:90:4b:f9:
3d:79:ba:62:3c:aa:f8:eb:f1:a5:db:65:7a:39:18:
5b:d1:08:d8:f0:db:16:45:ca:55:f5:99:f6:76:d2:
7d:f7:46:4b:18:70:35:fd:90:27:5c:c8:64:1e:34:
56:7d:9b:9f:c7:65:d0:1f:8d:7c:23:79:39:dd:2b:
0b:4a:76:74:04:79:e3:0a:d9:0c:fe:a3:70:f1:5c:
c9:82:ae:25:c2:e7:35:24:3c:a6:11:1c:0e:1f:c7:
5b:f9:ee:fa:6b:24:1c:bb:76:e9:13:62:ab:56:5e:
c1:14:bd:6e:64:c0:aa:e9:5e:75:12:64:2d:8b:0a:
62:5c:d8:6d:e9:ba:60:81:81:07:b1:85:78:52:1a:
38:fb:83:dd:2b:8c:86:e3:13:42:f4:64:3b:30:6b:
e2:22:3b:1b:23:8e:a7:1f:78:d9:02:c6:92:34:51:
df:86:7b:70:48:b5:1d:94:e2:31:24:f6:ce:32:53:
3f:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:11:D5:71:D4:B7:92:69:06:1F:F6:C8:F6:A7:C7:38:DE:54:1D:F9
X509v3 Authority Key Identifier:
keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/1BHVcdS3kmkGH_bI9qfHON5UHfk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:3380::/29
Signature Algorithm: sha256WithRSAEncryption
06:b6:c5:cf:7d:77:aa:c4:06:d5:a2:a4:40:79:2c:46:fd:f7:
c2:f4:ba:21:6c:fd:af:3f:35:48:17:49:e3:e4:86:48:18:8b:
3d:8c:3b:d1:bc:49:12:da:26:88:11:b1:9f:ad:64:fa:e0:c8:
3a:d3:49:18:4f:41:00:79:00:3c:e5:a2:5b:98:c5:f1:8f:36:
b4:04:d5:a1:92:4f:bd:f6:1b:64:0a:93:47:2e:5f:e9:3a:f2:
6b:12:d6:49:ea:09:08:22:24:88:13:e1:db:dd:c0:35:c2:b1:
63:42:97:83:5f:74:37:d0:ab:01:82:87:e9:81:25:5a:dc:44:
55:40:9c:0d:00:c1:ff:9b:f1:98:f5:d6:7c:06:1e:8f:7c:42:
ae:7c:e2:e7:b3:bc:91:fa:28:60:44:74:ad:2e:ca:31:ca:2f:
8a:36:e5:5f:59:50:fa:8e:5c:2c:96:5f:0c:88:7c:95:59:8f:
69:5a:b9:e5:b7:54:84:0e:35:ce:d9:d3:01:c3:63:47:e7:ca:
85:0a:2a:be:f5:62:96:85:0f:5f:20:3e:30:1c:0e:65:cf:34:
b4:7d:e3:7b:c0:06:33:8b:39:22:55:fe:0a:49:69:df:15:3f:
32:62:96:ee:ff:2f:49:a5:ba:d3:6b:e4:de:47:ca:8f:e8:ed:
77:61:3c:e4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZSSePAsV7pteYxpE2472PN0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjUwMTIzMDkyMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDExZDU3MWQ0Yjc5MjY5MDYxZmY2YzhmNmE3YzczOGRlNTQxZGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtpUA01mqzdoVMIUNd5ANEk/T0tv
u61M2qGfLnRNGQ/wmPMZChHtK5uRZczsWq8HkpxMCfVhgtpayRCkPtDZJ7aSYfGp
JESQS/k9ebpiPKr46/Gl22V6ORhb0QjY8NsWRcpV9Zn2dtJ990ZLGHA1/ZAnXMhk
HjRWfZufx2XQH418I3k53SsLSnZ0BHnjCtkM/qNw8VzJgq4lwuc1JDymERwOH8db
+e76ayQcu3bpE2KrVl7BFL1uZMCq6V51EmQtiwpiXNht6bpggYEHsYV4Uho4+4Pd
K4yG4xNC9GQ7MGviIjsbI46nH3jZAsaSNFHfhntwSLUdlOIxJPbOMlM/HwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNQR1XHUt5JpBh/2yPanxzjeVB35MB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvMUJIVmNkUzNrbWtHSF9iSTlxZkhPTjVVSGZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg8zgDAN
BgkqhkiG9w0BAQsFAAOCAQEABrbFz313qsQG1aKkQHksRv33wvS6IWz9rz81SBdJ
4+SGSBiLPYw70bxJEtomiBGxn61k+uDIOtNJGE9BAHkAPOWiW5jF8Y82tATVoZJP
vfYbZAqTRy5f6TryaxLWSeoJCCIkiBPh293ANcKxY0KXg190N9CrAYKH6YElWtxE
VUCcDQDB/5vxmPXWfAYej3xCrnzi57O8kfooYER0rS7KMcovijblX1lQ+o5cLJZf
DIh8lVmPaVq55bdUhA41ztnTAcNjR+fKhQoqvvViloUPXyA+MBwOZc80tH3je8AG
M4s5IlX+Cklp3xU/MmKW7v8vSaW602vk3kfKj+jtd2E85A==
-----END CERTIFICATE-----
Generated at Sun Apr 6 11:03:34 2025 by rpki-client