Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/PaCBtCf1bBa5INu63KTKIVy_4RQ.roa
File: PaCBtCf1bBa5INu63KTKIVy_4RQ.roa (raw, json)
Hash identifier: sqT5Z5CawOs1D78edXoiBkc2bZwUDVzlQBLxb0miSK4=
Subject key identifier: 3D:A0:81:B4:27:F5:6C:16:B9:20:DB:BA:DC:A4:CA:21:5C:BF:E1:14
Certificate issuer: /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial: 01942445A748DED97083660EE8A470CE4C41
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/PaCBtCf1bBa5INu63KTKIVy_4RQ.roa
Signing time: Wed 01 Jan 2025 23:48:52 +0000
ROA not before: Wed 01 Jan 2025 23:48:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215427
IP address blocks: 2a11:ad80::/29 maxlen: 29
2a13:c0c0::/29 maxlen: 29
2a13:c140::/29 maxlen: 29
2a13:d240::/29 maxlen: 29
2a13:d2c0::/29 maxlen: 29
2a14:5740::/29 maxlen: 29
2a14:58c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 08:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:a7:48:de:d9:70:83:66:0e:e8:a4:70:ce:4c:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Validity
Not Before: Jan 1 23:48:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3da081b427f56c16b920dbbadca4ca215cbfe114
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:c7:93:ce:2f:c0:c5:bb:89:d6:62:49:73:fd:
97:54:1a:bb:11:ae:0f:70:c0:90:09:6f:c6:9e:9d:
ba:f3:93:c6:69:de:52:9b:2c:fd:bc:ca:92:ba:28:
47:79:0b:32:ef:00:71:5f:d9:02:cd:b9:9a:ae:da:
da:32:c3:41:37:c3:2c:fa:ab:b0:82:d6:49:82:8d:
33:de:a1:9e:0b:d5:75:a8:a6:20:52:cf:c8:78:98:
99:b4:cd:c4:2f:0e:63:44:6d:c9:30:c5:38:a3:bf:
a8:06:41:28:2e:be:55:07:6c:95:f1:56:67:fd:df:
fb:db:39:d8:e2:9a:d8:d9:cb:26:2f:1f:f8:cd:8e:
dc:d2:fd:1a:f9:22:09:a1:63:e0:e0:6a:0a:75:b0:
a4:b6:26:20:83:38:b8:b2:04:0c:3c:d9:62:d2:fc:
7d:e9:e2:d4:3c:c2:5e:08:9b:b9:82:6b:40:41:69:
30:56:c4:fe:d9:e2:30:8f:cc:0f:d8:e5:9d:7c:22:
29:63:7a:eb:d6:12:fe:b6:cc:4c:28:e2:f9:73:05:
a5:22:84:e5:f3:ce:98:71:24:32:d6:a4:5d:e5:ae:
36:a8:5e:69:e9:cf:11:74:21:5b:36:fd:a8:c8:af:
cd:00:b8:b3:09:ae:2d:37:25:2d:e7:63:78:ce:c7:
c7:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:A0:81:B4:27:F5:6C:16:B9:20:DB:BA:DC:A4:CA:21:5C:BF:E1:14
X509v3 Authority Key Identifier:
keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/PaCBtCf1bBa5INu63KTKIVy_4RQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:ad80::/29
2a13:c0c0::/29
2a13:c140::/29
2a13:d240::/29
2a13:d2c0::/29
2a14:5740::/29
2a14:58c0::/29
Signature Algorithm: sha256WithRSAEncryption
24:3a:f9:ee:94:d4:fb:f0:f1:e4:31:ba:e9:9f:72:0c:10:3d:
dd:72:5d:cb:8a:34:61:a7:e6:87:55:f0:90:0a:2b:a7:7b:6a:
89:9c:bf:7b:81:1e:24:93:ba:b8:a0:0d:1b:78:21:8b:96:fe:
9d:55:70:7f:5c:20:13:05:d4:39:29:51:4a:b4:e9:ee:3d:93:
46:94:1e:d0:ec:62:1f:fc:f1:69:1a:1a:35:2b:28:73:d1:dd:
07:c8:20:51:f8:bb:c2:26:7d:b2:ee:f4:3b:49:c0:ac:31:90:
11:a2:24:23:80:ef:99:c1:24:fa:17:a6:fe:69:18:bf:69:d8:
20:84:a7:1a:ff:c1:a3:5c:83:a0:aa:c3:ea:4d:5a:0d:07:0d:
45:8b:2b:45:77:69:09:e7:7f:d0:34:26:7a:d0:bf:ca:75:cf:
b1:3c:d8:fe:34:aa:cc:9d:6a:f8:50:47:27:b9:82:09:9d:98:
4a:c9:18:80:15:32:3f:62:fc:7e:94:72:e7:e3:f0:9b:86:fa:
18:77:f1:f4:06:8a:46:0b:a7:db:a2:dc:bc:21:d8:63:a8:da:
de:75:bc:03:3e:f7:dc:23:76:cd:b5:92:e3:34:19:35:a9:d3:
6a:5c:9b:0b:c0:15:74:06:3e:73:e4:59:a8:0e:1f:64:95:c0:
c0:19:89:92
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZQkRadI3tlwg2YO6KRwzkxBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwMTAxMjM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGEwODFiNDI3ZjU2YzE2YjkyMGRiYmFkY2E0Y2EyMTVjYmZlMTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhseTzi/AxbuJ1mJJc/2XVBq7Ea4P
cMCQCW/Gnp2685PGad5Smyz9vMqSuihHeQsy7wBxX9kCzbmartraMsNBN8Ms+quw
gtZJgo0z3qGeC9V1qKYgUs/IeJiZtM3ELw5jRG3JMMU4o7+oBkEoLr5VB2yV8VZn
/d/72znY4prY2csmLx/4zY7c0v0a+SIJoWPg4GoKdbCktiYggzi4sgQMPNli0vx9
6eLUPMJeCJu5gmtAQWkwVsT+2eIwj8wP2OWdfCIpY3rr1hL+tsxMKOL5cwWlIoTl
886YcSQy1qRd5a42qF5p6c8RdCFbNv2oyK/NALizCa4tNyUt52N4zsfH3wIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFD2ggbQn9WwWuSDbutykyiFcv+EUMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvUGFDQnRDZjFiQmE1SU51NjNLVEtJVnlfNFJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUDKhGtgAMF
AyoTwMADBQMqE8FAAwUDKhPSQAMFAyoT0sADBQMqFFdAAwUDKhRYwDANBgkqhkiG
9w0BAQsFAAOCAQEAJDr57pTU+/Dx5DG66Z9yDBA93XJdy4o0Yafmh1XwkAorp3tq
iZy/e4EeJJO6uKANG3ghi5b+nVVwf1wgEwXUOSlRSrTp7j2TRpQe0OxiH/zxaRoa
NSsoc9HdB8ggUfi7wiZ9su70O0nArDGQEaIkI4DvmcEk+hem/mkYv2nYIISnGv/B
o1yDoKrD6k1aDQcNRYsrRXdpCed/0DQmetC/ynXPsTzY/jSqzJ1q+FBHJ7mCCZ2Y
SskYgBUyP2L8fpRy5+Pwm4b6GHfx9AaKRgun26LcvCHYY6ja3nW8Az733CN2zbWS
4zQZNanTalybC8AVdAY+c+RZqA4fZJXAwBmJkg==
-----END CERTIFICATE-----
Generated at Sun Apr 13 13:08:42 2025 by rpki-client