Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/3f3HIccO3MohgHCLC_LlaFxa7sU.roa
File: 3f3HIccO3MohgHCLC_LlaFxa7sU.roa (raw, json)
Hash identifier: kCeD4JlEOramRmkp3pFIST1qhopaS50IqgyTgjDtfVo=
Subject key identifier: DD:FD:C7:21:C7:0E:DC:CA:21:80:70:8B:0B:F2:E5:68:5C:5A:EE:C5
Certificate issuer: /CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
Certificate serial: 019427B592AB7BB4171180A4B3689F8BA831
Authority key identifier: 9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/3f3HIccO3MohgHCLC_LlaFxa7sU.roa
Signing time: Thu 02 Jan 2025 15:49:58 +0000
ROA not before: Thu 02 Jan 2025 15:49:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34773
IP address blocks: 2a0a:1b80::/32 maxlen: 32
2a0a:1b81::/32 maxlen: 32
2a0a:1b82::/32 maxlen: 32
2a0a:1b83::/32 maxlen: 32
2a0a:1b84::/32 maxlen: 32
2a0a:1b85::/32 maxlen: 32
2a0a:1b86::/32 maxlen: 32
2a0a:1b87::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.crl
rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.mft
rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 18 Apr 2025 15:01:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:92:ab:7b:b4:17:11:80:a4:b3:68:9f:8b:a8:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
Validity
Not Before: Jan 2 15:49:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ddfdc721c70edcca2180708b0bf2e5685c5aeec5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:69:78:83:e1:e0:3f:c7:1f:26:a9:b8:b0:4e:
9e:4c:26:d4:26:72:18:98:57:bb:f0:9f:47:f8:d7:
18:72:ea:ad:c1:1f:57:c9:f1:e5:ae:8a:ea:5a:ca:
ec:11:7a:3b:dd:c2:b3:11:72:6f:1d:7f:e1:ee:25:
62:ba:ff:28:7a:e2:40:04:7c:b8:0d:f5:33:fa:2a:
74:19:8d:a5:32:b2:c0:54:b2:95:9a:51:12:a0:d9:
a9:dc:2f:d1:ac:eb:c3:a4:06:18:80:e9:58:9a:97:
1d:31:43:2b:48:ca:d4:b2:d5:26:d9:56:bd:ab:b1:
d4:9a:85:1e:d4:12:9f:cb:1e:68:8e:e7:81:70:d0:
9b:0e:25:80:80:84:c4:f2:30:51:1e:6c:2e:ff:00:
b0:c3:61:f9:d9:3e:51:f8:2a:54:c5:65:4f:0f:f7:
41:da:b0:99:ee:4f:c4:66:0c:e4:bc:18:3e:ab:7c:
f7:c2:40:da:f8:7c:1a:86:83:d6:ae:53:c9:6d:dd:
f5:27:3f:4f:de:31:59:0f:a5:5f:93:f4:07:b6:22:
40:03:81:c1:87:fd:99:2a:8f:7c:68:bb:2c:fd:09:
2b:b8:10:be:01:6e:49:5c:dc:52:b0:35:4b:a1:46:
c8:3b:b9:7a:60:37:f3:ba:af:0b:cb:43:79:3d:fc:
55:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:FD:C7:21:C7:0E:DC:CA:21:80:70:8B:0B:F2:E5:68:5C:5A:EE:C5
X509v3 Authority Key Identifier:
keyid:9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/3f3HIccO3MohgHCLC_LlaFxa7sU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0a:1b80::/29
Signature Algorithm: sha256WithRSAEncryption
61:d6:44:e3:07:7f:cc:3f:66:e7:5c:2c:ae:52:ef:c4:f1:28:
3f:3c:28:de:12:09:b6:49:9c:66:20:b2:3f:4c:74:e6:3a:92:
48:2f:88:66:ef:44:e8:81:ae:91:e9:ac:4e:e7:cb:68:c9:68:
d4:06:0f:55:ed:cb:48:c4:11:da:86:0b:b5:5c:87:25:a1:af:
37:6b:a4:28:6e:95:fa:1b:df:e7:97:73:b9:61:d1:c8:e5:91:
27:ed:34:fc:25:52:6a:1a:94:3f:6d:35:eb:77:4b:1d:80:b1:
b8:40:59:a7:1d:52:e0:52:4e:b3:f5:76:01:f5:35:b2:73:b8:
32:bd:ce:bb:4f:ac:56:70:54:f6:b6:af:56:72:07:67:d8:21:
cd:0f:77:67:16:0f:2d:53:c4:1a:fa:53:73:69:e7:97:f1:bc:
fb:e5:15:c0:90:00:d1:3f:49:72:76:0b:b2:18:87:cf:71:0f:
24:83:19:3a:0c:21:74:2e:c9:2b:26:d6:24:d7:e9:ec:ba:55:
6c:bf:7d:c7:d9:3c:b6:85:ad:83:0b:e8:38:3b:02:22:6e:c3:
44:a7:08:45:5d:b4:ca:86:74:ad:59:bf:38:a9:17:b8:f3:fb:
5d:2d:c5:a8:ea:0f:94:35:46:51:38:2b:89:32:a2:bb:bb:da:
40:53:7c:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntZKre7QXEYCks2ifi6gxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMWFlZDk5MTNmODg4MGFmNzU1N2VlZjNlZjAyZDZlMGZm
M2ZkNDkwHhcNMjUwMTAyMTU0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGZkYzcyMWM3MGVkY2NhMjE4MDcwOGIwYmYyZTU2ODVjNWFlZWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02l4g+HgP8cfJqm4sE6eTCbUJnIY
mFe78J9H+NcYcuqtwR9XyfHlrorqWsrsEXo73cKzEXJvHX/h7iViuv8oeuJABHy4
DfUz+ip0GY2lMrLAVLKVmlESoNmp3C/RrOvDpAYYgOlYmpcdMUMrSMrUstUm2Va9
q7HUmoUe1BKfyx5ojueBcNCbDiWAgITE8jBRHmwu/wCww2H52T5R+CpUxWVPD/dB
2rCZ7k/EZgzkvBg+q3z3wkDa+HwahoPWrlPJbd31Jz9P3jFZD6Vfk/QHtiJAA4HB
h/2ZKo98aLss/QkruBC+AW5JXNxSsDVLoUbIO7l6YDfzuq8Ly0N5PfxVhQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN39xyHHDtzKIYBwiwvy5WhcWu7FMB8GA1UdIwQY
MBaAFJwa7ZkT+IgK91V+7z7wLW4P8/1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkJydG1SUDRpQXIzVlg3dlB2QXRiZ196X1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9mZjk0ZjEtYmE2My00MGQ2LWJlY2Et
NWU2MjRhMzAzOGNmLzEvM2YzSEljY08zTW9oZ0hDTENfTGxhRnhhN3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9mZjk0ZjEtYmE2My00MGQ2LWJlY2EtNWU2MjRhMzAzOGNm
LzEvbkJydG1SUDRpQXIzVlg3dlB2QXRiZ196X1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgobgDAN
BgkqhkiG9w0BAQsFAAOCAQEAYdZE4wd/zD9m51wsrlLvxPEoPzwo3hIJtkmcZiCy
P0x05jqSSC+IZu9E6IGukemsTufLaMlo1AYPVe3LSMQR2oYLtVyHJaGvN2ukKG6V
+hvf55dzuWHRyOWRJ+00/CVSahqUP20163dLHYCxuEBZpx1S4FJOs/V2AfU1snO4
Mr3Ou0+sVnBU9ravVnIHZ9ghzQ93ZxYPLVPEGvpTc2nnl/G8++UVwJAA0T9JcnYL
shiHz3EPJIMZOgwhdC7JKybWJNfp7LpVbL99x9k8toWtgwvoODsCIm7DRKcIRV20
yoZ0rVm/OKkXuPP7XS3FqOoPlDVGUTgriTKiu7vaQFN8EQ==
-----END CERTIFICATE-----
Generated at Thu Apr 17 21:59:33 2025 by rpki-client