Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hV84q_TPmZvnDRMjglpAdZEzC10.roa
File: hV84q_TPmZvnDRMjglpAdZEzC10.roa (raw, json)
Hash identifier: A8mFL3CVm2zMDmXarrbNx+AQ/Vj8s5Lkebj9HhbwzBQ=
Subject key identifier: 85:5F:38:AB:F4:CF:99:9B:E7:0D:13:23:82:5A:40:75:91:33:0B:5D
Certificate issuer: /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial: 01970DEA66D4F226A1930D1905249119D140
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hV84q_TPmZvnDRMjglpAdZEzC10.roa
Signing time: Mon 26 May 2025 18:45:54 +0000
ROA not before: Mon 26 May 2025 18:45:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213535
IP address blocks: 2a12:bec4:1560::/44 maxlen: 44
2a12:bec4:16f0::/44 maxlen: 44
2a12:bec4:1910::/44 maxlen: 44
2a12:bec4:1ab0::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 04 Jun 2025 15:25:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:0d:ea:66:d4:f2:26:a1:93:0d:19:05:24:91:19:d1:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Validity
Not Before: May 26 18:45:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=855f38abf4cf999be70d1323825a407591330b5d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:2e:68:0b:6c:77:e2:d6:c0:fe:47:8d:4c:96:
07:cb:9c:51:68:d7:3d:c5:4e:b9:a9:b1:c6:b9:87:
0a:fb:21:17:85:ab:ff:5a:02:52:4f:b9:3e:45:09:
30:b3:30:54:e5:7d:6f:4f:90:a9:08:b3:5f:b0:52:
3f:37:fd:92:3c:5d:b1:63:2f:7b:70:56:fc:45:f1:
e2:a2:b7:88:ba:bc:87:d4:6f:d5:24:ab:89:a2:72:
4c:75:67:b0:3e:57:f7:61:bf:28:66:00:9b:37:38:
1d:83:a5:f2:75:d6:5c:d9:38:6e:11:5d:47:48:8d:
17:0d:2f:4e:b2:a7:7f:9b:68:fa:88:69:fd:9c:d7:
c2:fe:55:e8:39:7d:58:eb:f4:f6:54:b1:0e:d9:43:
f7:1c:28:37:4e:9d:76:31:d6:ca:76:50:c6:ec:47:
70:93:cd:2c:57:fd:1d:92:6a:b6:82:30:df:13:31:
e9:65:d9:97:76:89:a0:23:cc:fa:fe:40:52:d6:0e:
b0:e8:21:da:aa:78:9b:f0:f1:62:c7:0b:85:da:b3:
fb:ee:ce:bc:07:83:4b:a6:f1:f5:9c:d9:94:92:71:
bc:aa:2a:08:33:85:d7:06:7f:1c:07:7e:88:d6:ed:
5c:03:fe:d6:e8:3d:03:45:81:6a:f0:07:59:f5:31:
ba:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:5F:38:AB:F4:CF:99:9B:E7:0D:13:23:82:5A:40:75:91:33:0B:5D
X509v3 Authority Key Identifier:
keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/hV84q_TPmZvnDRMjglpAdZEzC10.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:bec4:1560::/44
2a12:bec4:16f0::/44
2a12:bec4:1910::/44
2a12:bec4:1ab0::/44
Signature Algorithm: sha256WithRSAEncryption
37:07:7a:78:dc:7d:fc:d4:9c:35:ff:38:55:03:44:9a:68:17:
5b:da:33:22:9e:ad:19:ed:bb:14:11:04:32:0b:31:bb:81:81:
27:32:9a:46:44:c1:a5:fc:5c:b4:cc:d7:c6:31:93:b0:3c:e5:
c8:b5:2e:8c:6a:20:29:2c:64:a5:a4:d7:c2:21:0e:b6:4b:16:
e6:66:ef:01:5e:d9:04:5a:19:5d:b6:f7:4c:fc:25:ca:51:2b:
01:27:26:d2:70:ec:8e:57:dc:0e:90:3a:f5:57:92:a9:47:19:
46:17:0f:e9:32:cc:50:ba:51:c1:19:21:2c:f2:21:46:f1:20:
94:49:84:56:eb:43:da:9d:fe:a8:dd:14:bc:03:55:db:d8:3c:
78:a0:45:68:ce:65:53:f2:6b:d4:8c:16:d1:7e:dd:0e:04:94:
22:2e:35:77:c4:58:e5:51:d5:e3:df:93:3c:cd:67:06:1c:08:
87:80:30:b4:73:7d:2e:71:ec:fa:f9:e1:fc:51:14:f8:a7:eb:
a7:de:a6:76:01:3b:6d:74:ec:4e:d0:eb:7d:20:db:96:f1:55:
23:57:89:ce:3a:77:fb:72:d7:82:2e:f6:c5:34:c3:f6:d6:89:
ec:c1:2f:cb:b8:58:ff:dc:64:2f:95:fa:56:49:4a:7f:47:a2:
ef:7d:70:1f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZcN6mbU8iahkw0ZBSSRGdFAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwNTI2MTg0NTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTVmMzhhYmY0Y2Y5OTliZTcwZDEzMjM4MjVhNDA3NTkxMzMwYjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6y5oC2x34tbA/keNTJYHy5xRaNc9
xU65qbHGuYcK+yEXhav/WgJST7k+RQkwszBU5X1vT5CpCLNfsFI/N/2SPF2xYy97
cFb8RfHioreIuryH1G/VJKuJonJMdWewPlf3Yb8oZgCbNzgdg6XyddZc2ThuEV1H
SI0XDS9Osqd/m2j6iGn9nNfC/lXoOX1Y6/T2VLEO2UP3HCg3Tp12MdbKdlDG7Edw
k80sV/0dkmq2gjDfEzHpZdmXdomgI8z6/kBS1g6w6CHaqnib8PFixwuF2rP77s68
B4NLpvH1nNmUknG8qioIM4XXBn8cB36I1u1cA/7W6D0DRYFq8AdZ9TG63wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIVfOKv0z5mb5w0TI4JaQHWRMwtdMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvaFY4NHFfVFBtWnZuRFJNamdscEFkWkV6QzEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkAwcEKhK+xBVg
AwcEKhK+xBbwAwcEKhK+xBkQAwcEKhK+xBqwMA0GCSqGSIb3DQEBCwUAA4IBAQA3
B3p43H381Jw1/zhVA0SaaBdb2jMinq0Z7bsUEQQyCzG7gYEnMppGRMGl/Fy0zNfG
MZOwPOXItS6MaiApLGSlpNfCIQ62SxbmZu8BXtkEWhldtvdM/CXKUSsBJybScOyO
V9wOkDr1V5KpRxlGFw/pMsxQulHBGSEs8iFG8SCUSYRW60Panf6o3RS8A1Xb2Dx4
oEVozmVT8mvUjBbRft0OBJQiLjV3xFjlUdXj35M8zWcGHAiHgDC0c30ucez6+eH8
URT4p+un3qZ2ATttdOxO0Ot9INuW8VUjV4nOOnf7cteCLvbFNMP21onswS/LuFj/
3GQvlfpWSUp/R6LvfXAf
-----END CERTIFICATE-----
Generated at Tue Jun 3 23:46:14 2025 by rpki-client