Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/oHZuZKLdIqX9TZjhMfxVImyzxr8.roa
File: oHZuZKLdIqX9TZjhMfxVImyzxr8.roa (raw, json)
Hash identifier: 3RagyetzMFETxC4N1pLRK9iNlu+vVXTBppJLVU5AMlY=
Subject key identifier: A0:76:6E:64:A2:DD:22:A5:FD:4D:98:E1:31:FC:55:22:6C:B3:C6:BF
Certificate issuer: /CN=a9f2fdea263b79fce11389052b0cd940995c6dfe
Certificate serial: 019425FD9D11C1D6C72B316AA923372DBD8D
Authority key identifier: A9:F2:FD:EA:26:3B:79:FC:E1:13:89:05:2B:0C:D9:40:99:5C:6D:FE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qfL96iY7efzhE4kFKwzZQJlcbf4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/oHZuZKLdIqX9TZjhMfxVImyzxr8.roa
Signing time: Thu 02 Jan 2025 07:49:25 +0000
ROA not before: Thu 02 Jan 2025 07:49:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2a12:d8c2::/32 maxlen: 32
2a12:d8c3::/32 maxlen: 32
2a12:d8c4::/32 maxlen: 32
2a12:d8c5::/32 maxlen: 32
2a12:d8c6::/32 maxlen: 32
2a12:d8c7::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/qfL96iY7efzhE4kFKwzZQJlcbf4.crl
rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/qfL96iY7efzhE4kFKwzZQJlcbf4.mft
rsync://rpki.ripe.net/repository/DEFAULT/qfL96iY7efzhE4kFKwzZQJlcbf4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 07:01:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:9d:11:c1:d6:c7:2b:31:6a:a9:23:37:2d:bd:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9f2fdea263b79fce11389052b0cd940995c6dfe
Validity
Not Before: Jan 2 07:49:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a0766e64a2dd22a5fd4d98e131fc55226cb3c6bf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:1e:66:18:5a:2b:24:27:8a:26:3d:73:1b:61:
d5:47:65:02:64:86:7b:d6:95:6a:90:fd:3c:bf:40:
87:95:20:14:09:a0:2b:15:82:18:df:89:f0:28:1e:
c1:19:f2:1d:39:22:05:14:e5:6b:ee:72:2f:b3:89:
e2:22:01:76:dc:cc:59:8e:65:ab:aa:80:56:f6:be:
1f:0d:d6:67:3f:c3:93:9c:85:9b:5b:d2:ee:c0:e9:
34:05:8d:bf:44:1b:62:21:ff:29:80:fe:c1:41:28:
bb:a8:ec:18:ce:68:51:57:45:c6:63:ba:ef:59:27:
b2:aa:fb:e1:cf:63:7f:8f:c4:15:e8:cc:58:f2:f8:
c2:9b:76:74:6d:be:09:92:20:4a:f7:a0:06:bf:28:
2f:ec:cd:ba:a7:60:80:3e:db:c1:af:d9:08:02:97:
79:a1:06:45:84:fc:c1:73:98:a7:d9:f9:b3:bb:76:
3d:c0:e4:fd:23:d7:12:2d:a2:d3:2e:1e:67:28:ba:
b2:f8:e6:e6:b0:63:62:72:28:cb:ec:0f:e9:f1:ca:
30:aa:9d:87:ce:95:b7:fb:a7:7f:46:39:33:1a:4e:
ef:84:fb:84:02:58:47:c7:5a:b9:e0:0b:7f:29:d9:
0e:7a:2c:b8:1f:b1:99:d6:5f:48:48:8f:df:83:97:
48:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:76:6E:64:A2:DD:22:A5:FD:4D:98:E1:31:FC:55:22:6C:B3:C6:BF
X509v3 Authority Key Identifier:
keyid:A9:F2:FD:EA:26:3B:79:FC:E1:13:89:05:2B:0C:D9:40:99:5C:6D:FE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qfL96iY7efzhE4kFKwzZQJlcbf4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/oHZuZKLdIqX9TZjhMfxVImyzxr8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/53ff62-c1ad-4244-b91a-f8affef112d8/1/qfL96iY7efzhE4kFKwzZQJlcbf4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:d8c2::-2a12:d8c7:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
69:ee:6e:55:80:35:f6:76:ab:50:73:12:bf:0a:0b:0b:da:49:
60:58:bb:99:75:46:c6:45:7d:37:75:70:a3:2b:22:1d:71:d0:
df:40:9a:ca:f4:e7:17:2e:1d:51:c4:78:53:e6:f4:c6:c7:0e:
c0:26:fd:09:cd:3c:f2:78:81:fb:5d:bf:6c:39:ea:2d:10:0c:
c1:35:bd:47:7b:9a:92:d8:06:7c:f0:02:79:32:67:5f:45:08:
33:b0:2a:fe:cb:25:58:26:5e:1a:78:67:0f:4f:d6:b1:c2:e3:
07:55:91:7d:81:eb:dd:4f:80:b6:ae:be:2e:81:c9:ac:67:10:
0f:6e:6d:9c:3d:e7:b7:03:3b:32:00:a9:56:2b:bb:76:75:e9:
4e:54:e7:56:68:b4:03:2c:c8:bb:69:ec:09:9b:2e:ff:4f:f7:
f5:2e:a7:09:e3:b8:6e:3a:b6:d2:26:f6:89:62:c5:c7:ca:52:
af:a6:9a:af:06:03:16:92:f7:cd:95:dd:df:64:0f:c8:bf:97:
e6:85:81:58:61:d1:82:10:5d:ec:ce:59:09:e8:da:52:5a:fa:
59:cd:0b:2f:77:db:66:08:73:4d:da:65:14:20:ba:10:dc:ff:
b6:e4:37:ae:3d:c4:c6:92:e2:76:a3:98:40:50:9e:6d:12:55:
8b:6c:0b:a5
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQl/Z0RwdbHKzFqqSM3Lb2NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZjJmZGVhMjYzYjc5ZmNlMTEzODkwNTJiMGNkOTQwOTk1
YzZkZmUwHhcNMjUwMTAyMDc0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDc2NmU2NGEyZGQyMmE1ZmQ0ZDk4ZTEzMWZjNTUyMjZjYjNjNmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArh5mGForJCeKJj1zG2HVR2UCZIZ7
1pVqkP08v0CHlSAUCaArFYIY34nwKB7BGfIdOSIFFOVr7nIvs4niIgF23MxZjmWr
qoBW9r4fDdZnP8OTnIWbW9LuwOk0BY2/RBtiIf8pgP7BQSi7qOwYzmhRV0XGY7rv
WSeyqvvhz2N/j8QV6MxY8vjCm3Z0bb4JkiBK96AGvygv7M26p2CAPtvBr9kIApd5
oQZFhPzBc5in2fmzu3Y9wOT9I9cSLaLTLh5nKLqy+ObmsGNicijL7A/p8cowqp2H
zpW3+6d/RjkzGk7vhPuEAlhHx1q54At/KdkOeiy4H7GZ1l9ISI/fg5dILQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFKB2bmSi3SKl/U2Y4TH8VSJss8a/MB8GA1UdIwQY
MBaAFKny/eomO3n84ROJBSsM2UCZXG3+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWZMOTZpWTdlZnpoRTRrRkt3elpRSmxjYmY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My81M2ZmNjItYzFhZC00MjQ0LWI5MWEt
ZjhhZmZlZjExMmQ4LzEvb0hadVpLTGRJcVg5VFpqaE1meFZJbXl6eHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My81M2ZmNjItYzFhZC00MjQ0LWI5MWEtZjhhZmZlZjExMmQ4
LzEvcWZMOTZpWTdlZnpoRTRrRkt3elpRSmxjYmY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQEqEtjC
AwUDKhLYwDANBgkqhkiG9w0BAQsFAAOCAQEAae5uVYA19narUHMSvwoLC9pJYFi7
mXVGxkV9N3VwoysiHXHQ30CayvTnFy4dUcR4U+b0xscOwCb9Cc088niB+12/bDnq
LRAMwTW9R3uaktgGfPACeTJnX0UIM7Aq/sslWCZeGnhnD0/WscLjB1WRfYHr3U+A
tq6+LoHJrGcQD25tnD3ntwM7MgCpViu7dnXpTlTnVmi0AyzIu2nsCZsu/0/39S6n
CeO4bjq20ib2iWLFx8pSr6aarwYDFpL3zZXd32QPyL+X5oWBWGHRghBd7M5ZCeja
Ulr6Wc0LL3fbZghzTdplFCC6ENz/tuQ3rj3ExpLidqOYQFCebRJVi2wLpQ==
-----END CERTIFICATE-----
Generated at Tue Apr 8 14:04:53 2025 by rpki-client