Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/PNjb4X8kJscwHMXMiyuXtbGZX5o.roa
File: PNjb4X8kJscwHMXMiyuXtbGZX5o.roa (raw, json)
Hash identifier: t6ZmoP2V9ihNwE35xzcIYI2VvpWaOI2bhHX5db7NWXc=
Subject key identifier: 3C:D8:DB:E1:7F:24:26:C7:30:1C:C5:CC:8B:2B:97:B5:B1:99:5F:9A
Certificate issuer: /CN=84f824d32df1a5113d82101345d785a38addbde5
Certificate serial: 0194266C3A3D43E2C6DC0BE9A7924C007384
Authority key identifier: 84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/PNjb4X8kJscwHMXMiyuXtbGZX5o.roa
Signing time: Thu 02 Jan 2025 09:50:14 +0000
ROA not before: Thu 02 Jan 2025 09:50:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51490
IP address blocks: 2a05:76c0::/29 maxlen: 29
2a05:7b81::/32 maxlen: 32
2a05:7b85::/32 maxlen: 32
2a05:7b87::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl
rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.mft
rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 01:01:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6c:3a:3d:43:e2:c6:dc:0b:e9:a7:92:4c:00:73:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84f824d32df1a5113d82101345d785a38addbde5
Validity
Not Before: Jan 2 09:50:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3cd8dbe17f2426c7301cc5cc8b2b97b5b1995f9a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:b3:c1:2b:0a:71:dc:51:a0:f3:87:8d:6b:49:
20:da:84:27:6f:bd:0b:3f:12:89:04:0b:77:ae:22:
f0:98:84:39:05:85:a4:c7:44:8c:99:b7:06:7f:5c:
2e:53:95:93:4c:97:3e:f7:0a:61:b5:f1:d0:05:6b:
51:7a:f7:05:61:3f:6e:38:dc:84:8d:dd:c1:6c:30:
f9:58:94:2e:63:fa:e9:2d:bf:25:af:5a:c2:6e:81:
19:dd:77:20:9c:0a:66:6b:04:e1:68:3c:76:00:ed:
ea:84:50:d4:d9:5f:98:d5:ab:3a:c2:69:9e:5c:01:
be:cc:c7:eb:f3:f0:89:22:ac:32:9c:18:6b:76:88:
24:e7:39:1d:4b:09:dc:7e:0f:e3:55:e0:fe:4c:0a:
72:cd:32:00:59:43:c3:39:4f:fa:bd:7f:08:b6:e2:
54:63:93:09:6e:72:6c:b5:4b:a9:34:59:86:8d:49:
d8:51:ea:c9:8e:4d:95:81:f0:fb:be:78:0b:74:bd:
e9:18:79:48:91:69:a9:76:48:0b:42:b8:f7:9b:56:
a3:06:89:09:5a:07:e0:5f:15:28:9b:fe:c6:f5:94:
40:37:56:4b:b0:f7:cc:7a:fd:5f:24:41:4f:99:6a:
61:59:8a:43:d4:02:2c:8d:15:f3:52:10:40:ba:9a:
e7:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:D8:DB:E1:7F:24:26:C7:30:1C:C5:CC:8B:2B:97:B5:B1:99:5F:9A
X509v3 Authority Key Identifier:
keyid:84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/PNjb4X8kJscwHMXMiyuXtbGZX5o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:76c0::/29
2a05:7b81::/32
2a05:7b85::/32
2a05:7b87::/32
Signature Algorithm: sha256WithRSAEncryption
9a:ca:6c:7b:75:a0:0e:8e:13:84:8a:14:64:85:1c:ad:b2:09:
13:47:88:e7:b8:b1:eb:18:84:f6:9b:09:c2:85:79:01:1c:53:
ff:a4:4c:01:96:20:e2:50:ba:dc:ba:05:ff:d8:1e:c9:e8:03:
45:68:84:ee:d0:b1:31:39:e9:ae:7f:14:ea:f8:c9:6d:f6:69:
16:13:4d:d0:49:5d:15:53:5e:35:b9:08:b6:cd:da:33:75:49:
eb:bc:c4:c4:2b:24:bb:cf:e2:5e:62:3b:28:35:f1:b4:17:cd:
38:5b:3a:92:16:03:d4:40:fd:78:9f:5d:e1:4a:94:28:d9:fc:
e1:1d:83:2d:35:b5:cf:65:d3:b5:c8:86:26:2f:48:80:94:0c:
be:d2:fa:44:c1:23:29:39:35:c5:ac:04:1e:6e:67:c5:0c:5c:
f0:43:ba:4d:7d:ac:41:4a:b4:9c:a2:6f:e2:f0:05:05:90:36:
8b:b7:38:89:d3:40:e2:bf:3b:be:5c:1b:7d:e2:ef:a8:d5:12:
31:23:5f:a0:a8:14:18:f9:8c:ce:c5:3f:0c:59:5d:69:dd:18:
ed:f8:56:64:e2:31:e6:a4:e9:53:c3:8e:ce:90:b0:09:24:47:
bf:b9:c9:42:92:49:6e:14:da:7d:cd:e6:09:b6:0e:12:4c:7e:
0a:21:c6:55
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQmbDo9Q+LG3Avpp5JMAHOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZjgyNGQzMmRmMWE1MTEzZDgyMTAxMzQ1ZDc4NWEzOGFk
ZGJkZTUwHhcNMjUwMTAyMDk1MDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2Q4ZGJlMTdmMjQyNmM3MzAxY2M1Y2M4YjJiOTdiNWIxOTk1ZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrPBKwpx3FGg84eNa0kg2oQnb70L
PxKJBAt3riLwmIQ5BYWkx0SMmbcGf1wuU5WTTJc+9wphtfHQBWtRevcFYT9uONyE
jd3BbDD5WJQuY/rpLb8lr1rCboEZ3XcgnApmawThaDx2AO3qhFDU2V+Y1as6wmme
XAG+zMfr8/CJIqwynBhrdogk5zkdSwncfg/jVeD+TApyzTIAWUPDOU/6vX8ItuJU
Y5MJbnJstUupNFmGjUnYUerJjk2VgfD7vngLdL3pGHlIkWmpdkgLQrj3m1ajBokJ
WgfgXxUom/7G9ZRAN1ZLsPfMev1fJEFPmWphWYpD1AIsjRXzUhBAuprnhwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFDzY2+F/JCbHMBzFzIsrl7WxmV+aMB8GA1UdIwQY
MBaAFIT4JNMt8aURPYIQE0XXhaOK3b3lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgt
NDM3Mzk0OTM4YzUyLzEvUE5qYjRYOGtKc2N3SE1YTWl5dVh0YkdaWDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgtNDM3Mzk0OTM4YzUy
LzEvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKgV2wAMF
ACoFe4EDBQAqBXuFAwUAKgV7hzANBgkqhkiG9w0BAQsFAAOCAQEAmspse3WgDo4T
hIoUZIUcrbIJE0eI57ix6xiE9psJwoV5ARxT/6RMAZYg4lC63LoF/9geyegDRWiE
7tCxMTnprn8U6vjJbfZpFhNN0EldFVNeNbkIts3aM3VJ67zExCsku8/iXmI7KDXx
tBfNOFs6khYD1ED9eJ9d4UqUKNn84R2DLTW1z2XTtciGJi9IgJQMvtL6RMEjKTk1
xawEHm5nxQxc8EO6TX2sQUq0nKJv4vAFBZA2i7c4idNA4r87vlwbfeLvqNUSMSNf
oKgUGPmMzsU/DFldad0Y7fhWZOIx5qTpU8OOzpCwCSRHv7nJQpJJbhTafc3mCbYO
Ekx+CiHGVQ==
-----END CERTIFICATE-----
Generated at Sat Apr 5 10:55:04 2025 by rpki-client