Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/3ZJjipNvCnffHlBZEGLPYL1cd6o.roa
File: 3ZJjipNvCnffHlBZEGLPYL1cd6o.roa (raw, json)
Hash identifier: 59Oe/VE87ztmqQyIvIAIji5wjLpRLRfwhyLcTm5yzDc=
Subject key identifier: DD:92:63:8A:93:6F:0A:77:DF:1E:50:59:10:62:CF:60:BD:5C:77:AA
Certificate issuer: /CN=29c170d98b5e35d7d51537671c6040a5151884bc
Certificate serial: 019425FDD49D2CABACD4D341B6B6599F30E2
Authority key identifier: 29:C1:70:D9:8B:5E:35:D7:D5:15:37:67:1C:60:40:A5:15:18:84:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KcFw2YteNdfVFTdnHGBApRUYhLw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/3ZJjipNvCnffHlBZEGLPYL1cd6o.roa
Signing time: Thu 02 Jan 2025 07:49:39 +0000
ROA not before: Thu 02 Jan 2025 07:49:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12859
IP address blocks: 212.72.224.0/21 maxlen: 21
212.72.224.0/24 maxlen: 24
212.72.225.0/24 maxlen: 24
212.72.226.0/24 maxlen: 24
212.72.227.0/24 maxlen: 24
212.72.228.0/24 maxlen: 24
212.72.229.0/24 maxlen: 24
212.72.230.0/24 maxlen: 24
212.72.231.0/24 maxlen: 24
2a02:968::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/KcFw2YteNdfVFTdnHGBApRUYhLw.crl
rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/KcFw2YteNdfVFTdnHGBApRUYhLw.mft
rsync://rpki.ripe.net/repository/DEFAULT/KcFw2YteNdfVFTdnHGBApRUYhLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 06:01:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:d4:9d:2c:ab:ac:d4:d3:41:b6:b6:59:9f:30:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29c170d98b5e35d7d51537671c6040a5151884bc
Validity
Not Before: Jan 2 07:49:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dd92638a936f0a77df1e50591062cf60bd5c77aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:c5:7b:fa:68:c2:22:23:50:18:a9:c3:c4:e6:
89:65:53:df:ec:ba:70:13:3a:5f:9b:10:d4:67:21:
6e:f5:9e:63:5c:14:53:95:f2:c8:0a:4f:84:0c:37:
aa:81:f7:13:a1:4f:b0:8d:fa:c9:5c:1e:f0:3c:73:
1a:0f:61:3b:89:0a:e5:84:a5:f0:80:fb:ee:4c:85:
96:51:36:f6:f6:fb:f8:7d:47:af:0e:e5:68:a4:83:
e0:05:5a:04:43:ff:aa:51:ec:01:40:bc:07:54:1f:
a4:2f:fd:2e:97:61:da:eb:1a:c9:45:0b:f5:3e:00:
d0:ce:d0:6d:7d:ec:dc:43:82:00:ab:a8:0f:30:f3:
e3:e7:c1:9f:ac:0c:5e:0a:b8:64:cf:00:26:2a:12:
0c:90:3c:37:2c:63:46:55:b9:8e:92:3b:cc:0c:b7:
ac:49:af:ed:d3:6a:c4:ca:70:e8:8a:99:79:de:77:
ea:91:02:dc:56:03:b4:38:15:59:97:91:5f:69:4f:
cb:08:5f:6e:3c:89:18:a1:34:78:df:ab:c0:42:bf:
44:d8:8b:38:36:28:f3:cd:2e:c7:8b:96:1a:b4:53:
26:34:db:2f:79:71:1e:ce:ad:72:47:f8:1a:9f:74:
6f:13:fa:17:b6:7c:b9:81:92:0e:1b:d8:1b:e2:49:
4d:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:92:63:8A:93:6F:0A:77:DF:1E:50:59:10:62:CF:60:BD:5C:77:AA
X509v3 Authority Key Identifier:
keyid:29:C1:70:D9:8B:5E:35:D7:D5:15:37:67:1C:60:40:A5:15:18:84:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KcFw2YteNdfVFTdnHGBApRUYhLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/3ZJjipNvCnffHlBZEGLPYL1cd6o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/e25a3c-def6-4228-a10b-c45e949e9cd6/1/KcFw2YteNdfVFTdnHGBApRUYhLw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.72.224.0/21
IPv6:
2a02:968::/32
Signature Algorithm: sha256WithRSAEncryption
2d:dd:67:d7:25:8b:3b:2f:b6:17:e1:fe:b5:aa:a1:ac:7d:9c:
7a:fc:9a:99:92:3b:91:e0:4a:21:b6:60:15:23:a0:33:dd:06:
c1:19:6e:eb:81:01:82:60:b5:78:50:1f:ce:74:57:f7:c1:34:
0e:9b:3e:f5:e8:0c:b4:0f:0a:e1:68:8f:4f:0c:6d:93:7b:3e:
ce:33:7c:40:56:06:ed:d7:95:33:df:ec:90:66:8c:2c:75:73:
0a:5f:6a:8e:e9:4f:9f:61:ad:f1:0d:e1:02:08:07:fe:63:44:
40:7a:29:fd:6d:a2:a5:85:74:e8:6b:5c:0d:ee:74:95:66:36:
41:3e:f2:fa:d0:1a:c1:a2:a2:96:a9:d1:41:f5:50:f9:00:ca:
96:0d:77:5d:6f:7c:98:f6:79:0f:d3:71:c9:8d:f5:38:f4:c0:
df:cb:b3:f9:e6:78:23:1a:fb:2f:b5:12:1b:ca:57:02:e2:ae:
4a:9e:f0:4e:75:b3:4a:d8:15:f9:c8:70:91:f9:b2:52:89:2d:
4c:5e:cf:e7:94:d8:e6:c4:da:83:9b:0c:68:cb:23:ce:c8:71:
93:15:dc:ca:05:f7:6a:52:15:e5:39:c5:43:72:e2:76:47:4b:
00:02:08:6e:f6:03:3d:95:db:35:dc:6e:80:c4:a4:bb:a6:78:
57:ec:70:74
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/dSdLKus1NNBtrZZnzDiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YzE3MGQ5OGI1ZTM1ZDdkNTE1Mzc2NzFjNjA0MGE1MTUx
ODg0YmMwHhcNMjUwMTAyMDc0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDkyNjM4YTkzNmYwYTc3ZGYxZTUwNTkxMDYyY2Y2MGJkNWM3N2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcV7+mjCIiNQGKnDxOaJZVPf7Lpw
EzpfmxDUZyFu9Z5jXBRTlfLICk+EDDeqgfcToU+wjfrJXB7wPHMaD2E7iQrlhKXw
gPvuTIWWUTb29vv4fUevDuVopIPgBVoEQ/+qUewBQLwHVB+kL/0ul2Ha6xrJRQv1
PgDQztBtfezcQ4IAq6gPMPPj58GfrAxeCrhkzwAmKhIMkDw3LGNGVbmOkjvMDLes
Sa/t02rEynDoipl53nfqkQLcVgO0OBVZl5FfaU/LCF9uPIkYoTR436vAQr9E2Is4
NijzzS7Hi5YatFMmNNsveXEezq1yR/gan3RvE/oXtny5gZIOG9gb4klNPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN2SY4qTbwp33x5QWRBiz2C9XHeqMB8GA1UdIwQY
MBaAFCnBcNmLXjXX1RU3ZxxgQKUVGIS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2NGdzJZdGVOZGZWRlRkbkhHQkFwUlVZaEx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9lMjVhM2MtZGVmNi00MjI4LWExMGIt
YzQ1ZTk0OWU5Y2Q2LzEvM1pKamlwTnZDbmZmSGxCWkVHTFBZTDFjZDZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9lMjVhM2MtZGVmNi00MjI4LWExMGItYzQ1ZTk0OWU5Y2Q2
LzEvS2NGdzJZdGVOZGZWRlRkbkhHQkFwUlVZaEx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQD1EjgMA0E
AgACMAcDBQAqAgloMA0GCSqGSIb3DQEBCwUAA4IBAQAt3WfXJYs7L7YX4f61qqGs
fZx6/JqZkjuR4EohtmAVI6Az3QbBGW7rgQGCYLV4UB/OdFf3wTQOmz716Ay0Dwrh
aI9PDG2Tez7OM3xAVgbt15Uz3+yQZowsdXMKX2qO6U+fYa3xDeECCAf+Y0RAein9
baKlhXToa1wN7nSVZjZBPvL60BrBoqKWqdFB9VD5AMqWDXddb3yY9nkP03HJjfU4
9MDfy7P55ngjGvsvtRIbylcC4q5KnvBOdbNK2BX5yHCR+bJSiS1MXs/nlNjmxNqD
mwxoyyPOyHGTFdzKBfdqUhXlOcVDcuJ2R0sAAghu9gM9lds13G6AxKS7pnhX7HB0
-----END CERTIFICATE-----
Generated at Sat Apr 5 16:38:15 2025 by rpki-client