Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/6MYz-ZGdNS-u8_z3MpC45Xu_sMw.roa
File: 6MYz-ZGdNS-u8_z3MpC45Xu_sMw.roa (raw, json)
Hash identifier: A1Kj+TMjQETP1ey0GJIYlCuG+gJEQ2kRAL9GRcwfmRY=
Subject key identifier: E8:C6:33:F9:91:9D:35:2F:AE:F3:FC:F7:32:90:B8:E5:7B:BF:B0:CC
Certificate issuer: /CN=78d636c505d56af42a414c167d52407d356b3d0b
Certificate serial: 019424B3D2385F9360DCF2967D0851D40BE1
Authority key identifier: 78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/6MYz-ZGdNS-u8_z3MpC45Xu_sMw.roa
Signing time: Thu 02 Jan 2025 01:49:11 +0000
ROA not before: Thu 02 Jan 2025 01:49:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209480
IP address blocks: 91.204.168.0/22 maxlen: 22
188.65.144.0/21 maxlen: 21
2a00:1aa0::/29 maxlen: 29
2a00:1aa0::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.crl
rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.mft
rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 01:00:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:d2:38:5f:93:60:dc:f2:96:7d:08:51:d4:0b:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=78d636c505d56af42a414c167d52407d356b3d0b
Validity
Not Before: Jan 2 01:49:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e8c633f9919d352faef3fcf73290b8e57bbfb0cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:11:3b:6d:08:83:75:8a:e6:d7:9b:d2:f5:5c:
d1:19:18:ae:0b:dc:44:e2:a2:9e:db:f8:ec:28:ea:
5c:89:cc:45:cf:bc:bb:45:cb:34:46:ea:ae:c5:b3:
5c:a7:ea:f1:a4:22:d0:4f:da:a3:63:11:72:4a:7c:
48:9c:5a:b7:ce:1d:89:48:18:69:4b:4f:52:20:f3:
63:23:86:ea:fa:37:3b:85:7e:75:5e:cc:37:d3:6e:
4a:a0:f0:3b:90:fc:9d:33:c6:4d:96:0b:e1:66:3d:
53:bb:c3:ed:a6:77:32:fd:46:97:97:77:26:e3:2e:
3a:2d:2d:6c:d9:60:da:45:d7:38:7e:56:a2:eb:0f:
4f:f5:86:18:74:73:75:22:a8:8f:c9:6a:6a:73:9e:
9b:c5:c0:2e:8c:1a:a9:14:68:6c:fb:70:56:64:38:
1e:96:5d:07:10:c8:37:7a:58:38:fd:07:b5:1c:85:
f2:c0:d3:e3:90:f4:c4:10:ff:62:b8:83:54:d7:cf:
d0:cf:4b:c5:71:22:27:4d:f2:a3:e8:96:39:55:9e:
5e:14:3f:d4:2a:57:cb:b1:e1:e0:a2:a2:9b:fe:4c:
ab:77:de:58:a8:66:a9:a6:1c:90:07:15:11:f4:3d:
16:52:48:26:e3:17:ed:7d:12:af:5a:b1:8a:a3:d2:
31:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:C6:33:F9:91:9D:35:2F:AE:F3:FC:F7:32:90:B8:E5:7B:BF:B0:CC
X509v3 Authority Key Identifier:
keyid:78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/6MYz-ZGdNS-u8_z3MpC45Xu_sMw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.204.168.0/22
188.65.144.0/21
IPv6:
2a00:1aa0::/29
Signature Algorithm: sha256WithRSAEncryption
26:4e:ed:94:22:9f:65:42:06:6a:e8:df:36:96:93:43:5d:e2:
42:96:63:14:5e:9d:66:a8:29:df:c6:9b:aa:8e:29:b7:72:86:
41:07:4f:35:b5:d2:73:d9:20:34:d6:ff:05:4b:4c:cb:d7:7d:
4b:58:4a:dc:2c:28:c2:c6:02:24:53:95:af:1a:ab:8b:5d:f2:
2f:fd:fb:b9:fa:0c:71:e4:16:c1:95:dd:bf:36:f1:c8:47:7e:
cf:cc:16:d3:e9:d9:8f:19:ca:09:c1:7c:42:d8:03:7a:7a:88:
80:e9:e4:48:5e:b3:e3:20:75:05:67:43:0a:70:ff:8f:e2:36:
f6:80:a0:de:98:fa:9e:d0:76:af:d3:e4:ca:31:69:60:ba:38:
3c:b4:ff:7e:e9:a8:29:23:40:46:2b:8e:5d:ee:07:49:a3:b3:
1f:ac:a4:3e:14:a1:75:26:91:7d:25:a0:18:d3:d4:db:32:f9:
c2:a0:3a:2d:da:c0:45:e2:88:05:82:58:0e:a8:30:86:55:e4:
a6:33:cd:80:1a:ea:98:5b:fe:87:a2:ca:27:00:28:12:35:fb:
91:a5:5d:82:81:be:fe:c7:eb:dd:25:4b:4a:3a:cf:a4:90:7f:
c2:fd:f0:b6:53:f4:92:72:26:5f:53:37:8b:63:e9:a7:18:32:
03:b4:7a:a3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQks9I4X5Ng3PKWfQhR1AvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZDYzNmM1MDVkNTZhZjQyYTQxNGMxNjdkNTI0MDdkMzU2
YjNkMGIwHhcNMjUwMTAyMDE0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGM2MzNmOTkxOWQzNTJmYWVmM2ZjZjczMjkwYjhlNTdiYmZiMGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRE7bQiDdYrm15vS9VzRGRiuC9xE
4qKe2/jsKOpcicxFz7y7Rcs0RuquxbNcp+rxpCLQT9qjYxFySnxInFq3zh2JSBhp
S09SIPNjI4bq+jc7hX51Xsw3025KoPA7kPydM8ZNlgvhZj1Tu8Ptpncy/UaXl3cm
4y46LS1s2WDaRdc4flai6w9P9YYYdHN1IqiPyWpqc56bxcAujBqpFGhs+3BWZDge
ll0HEMg3elg4/Qe1HIXywNPjkPTEEP9iuINU18/Qz0vFcSInTfKj6JY5VZ5eFD/U
KlfLseHgoqKb/kyrd95YqGapphyQBxUR9D0WUkgm4xftfRKvWrGKo9Ix5wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOjGM/mRnTUvrvP89zKQuOV7v7DMMB8GA1UdIwQY
MBaAFHjWNsUF1Wr0KkFMFn1SQH01az0LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTIt
ZGRjZDRkOTM1MDMwLzEvNk1Zei1aR2ROUy11OF96M01wQzQ1WHVfc013LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTItZGRjZDRkOTM1MDMw
LzEvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8yoAwQD
vEGQMA0EAgACMAcDBQMqABqgMA0GCSqGSIb3DQEBCwUAA4IBAQAmTu2UIp9lQgZq
6N82lpNDXeJClmMUXp1mqCnfxpuqjim3coZBB081tdJz2SA01v8FS0zL131LWErc
LCjCxgIkU5WvGquLXfIv/fu5+gxx5BbBld2/NvHIR37PzBbT6dmPGcoJwXxC2AN6
eoiA6eRIXrPjIHUFZ0MKcP+P4jb2gKDemPqe0Hav0+TKMWlgujg8tP9+6agpI0BG
K45d7gdJo7MfrKQ+FKF1JpF9JaAY09TbMvnCoDot2sBF4ogFglgOqDCGVeSmM82A
GuqYW/6HosonACgSNfuRpV2Cgb7+x+vdJUtKOs+kkH/C/fC2U/SSciZfUzeLY+mn
GDIDtHqj
-----END CERTIFICATE-----
Generated at Tue Apr 8 10:24:18 2025 by rpki-client