Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/XqPuIdI9HApjv_WddMq3bI6d3ZM.roa
File: XqPuIdI9HApjv_WddMq3bI6d3ZM.roa (raw, json)
Hash identifier: q6fnYgYmczuLoF1SwqP9SdLFNt57s6mvo6al6s6SG4E=
Subject key identifier: 5E:A3:EE:21:D2:3D:1C:0A:63:BF:F5:9D:74:CA:B7:6C:8E:9D:DD:93
Certificate issuer: /CN=d8215b57d33cb2f34c17c0e8103bb051ff801ebf
Certificate serial: 019424B37C41D9A9B0E7D996FDB02CE5025E
Authority key identifier: D8:21:5B:57:D3:3C:B2:F3:4C:17:C0:E8:10:3B:B0:51:FF:80:1E:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2CFbV9M8svNMF8DoEDuwUf-AHr8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/XqPuIdI9HApjv_WddMq3bI6d3ZM.roa
Signing time: Thu 02 Jan 2025 01:48:49 +0000
ROA not before: Thu 02 Jan 2025 01:48:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29672
IP address blocks: 217.21.224.0/20 maxlen: 20
217.21.237.0/24 maxlen: 24
2a03:c780::/29 maxlen: 29
2a03:c780::/32 maxlen: 32
2a03:c780:6::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/2CFbV9M8svNMF8DoEDuwUf-AHr8.crl
rsync://rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/2CFbV9M8svNMF8DoEDuwUf-AHr8.mft
rsync://rpki.ripe.net/repository/DEFAULT/2CFbV9M8svNMF8DoEDuwUf-AHr8.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:7c:41:d9:a9:b0:e7:d9:96:fd:b0:2c:e5:02:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8215b57d33cb2f34c17c0e8103bb051ff801ebf
Validity
Not Before: Jan 2 01:48:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5ea3ee21d23d1c0a63bff59d74cab76c8e9ddd93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:e6:50:05:58:78:0c:d3:82:31:2e:0b:a9:c4:
40:1c:fe:b9:5c:ed:d8:e7:fb:18:76:43:ea:47:c7:
f7:4a:e6:87:0f:b6:d6:9a:38:28:5c:f8:69:47:c2:
13:b6:23:aa:ce:5a:7a:aa:cb:f6:90:a2:77:be:7f:
85:23:e7:4d:a6:9c:1c:a6:0a:72:9d:52:d6:89:0f:
65:b7:b3:36:bd:12:01:64:c7:bb:27:31:3c:1d:00:
26:40:49:a1:66:54:e3:62:46:43:46:70:eb:3b:66:
e9:1d:41:5d:cd:cc:c2:5e:da:38:b4:b6:9e:9b:2c:
fa:00:21:3e:0e:3c:77:d7:ca:81:08:ad:8f:a7:1c:
19:f9:cf:b9:59:e9:aa:da:26:8a:fd:45:a0:7d:6c:
83:88:6b:38:49:ee:45:92:15:96:d1:81:73:1c:5c:
59:81:4f:70:89:fa:98:13:c5:57:d8:8d:95:34:4d:
0f:69:bb:fb:f1:a2:bc:ae:d8:fe:be:cd:f0:f9:1f:
f5:ed:eb:0e:29:6f:36:95:2d:04:6f:03:1d:65:20:
db:2d:01:0f:a5:bd:ba:a7:2d:0f:e8:41:fc:3d:f4:
1a:ee:53:b8:cd:25:97:eb:d1:44:23:fe:4e:26:49:
a0:97:dc:25:31:ff:b3:46:b5:7a:0e:f7:d0:3b:92:
97:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:A3:EE:21:D2:3D:1C:0A:63:BF:F5:9D:74:CA:B7:6C:8E:9D:DD:93
X509v3 Authority Key Identifier:
keyid:D8:21:5B:57:D3:3C:B2:F3:4C:17:C0:E8:10:3B:B0:51:FF:80:1E:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2CFbV9M8svNMF8DoEDuwUf-AHr8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/XqPuIdI9HApjv_WddMq3bI6d3ZM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b07a4-5c00-4140-9896-62dc447fe438/1/2CFbV9M8svNMF8DoEDuwUf-AHr8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.21.224.0/20
IPv6:
2a03:c780::/29
Signature Algorithm: sha256WithRSAEncryption
8f:5f:43:d6:18:56:e4:14:e3:f5:4f:9d:dc:03:9f:b0:8f:f2:
f7:97:76:ca:d7:c9:09:a1:d5:ed:2a:f3:33:d9:6c:f8:cf:cd:
c3:10:6c:6f:f9:b4:3c:16:76:43:74:ff:4f:3a:b1:bf:30:33:
93:6a:48:f3:0b:5c:c2:3b:82:6e:1c:da:47:5e:fa:55:26:0a:
c3:68:13:3d:b6:59:90:e5:64:fd:06:1b:ed:08:e4:07:aa:0c:
97:58:db:a4:be:52:ec:d4:34:81:16:2e:27:98:f7:02:2b:66:
64:9a:72:32:13:95:bc:e4:75:11:11:28:f4:88:c4:b0:6a:5b:
e9:f7:ff:7c:5c:42:b5:45:5f:7e:91:7f:63:d0:ee:e5:1c:71:
33:46:4c:74:ce:29:d1:1e:76:98:4b:68:b7:a7:a0:df:4a:a2:
a9:5c:ed:5a:e1:bb:58:30:20:ed:12:b6:fc:9d:29:b5:c0:5d:
91:53:b3:6c:9a:47:5f:87:53:02:8c:c5:7b:fb:a9:82:e2:6f:
1b:1a:23:65:4f:7a:36:3d:93:51:15:f6:41:8c:da:11:64:c1:
f2:c2:ea:f4:23:ac:63:44:7a:75:f1:92:65:b9:f1:86:a0:36:
52:c2:f5:2b:eb:ac:1f:07:04:bb:f8:63:1f:e7:18:36:77:82:
f4:e5:13:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks3xB2amw59mW/bAs5QJeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MjE1YjU3ZDMzY2IyZjM0YzE3YzBlODEwM2JiMDUxZmY4
MDFlYmYwHhcNMjUwMTAyMDE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWEzZWUyMWQyM2QxYzBhNjNiZmY1OWQ3NGNhYjc2YzhlOWRkZDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+ZQBVh4DNOCMS4LqcRAHP65XO3Y
5/sYdkPqR8f3SuaHD7bWmjgoXPhpR8ITtiOqzlp6qsv2kKJ3vn+FI+dNppwcpgpy
nVLWiQ9lt7M2vRIBZMe7JzE8HQAmQEmhZlTjYkZDRnDrO2bpHUFdzczCXto4tLae
myz6ACE+Djx318qBCK2PpxwZ+c+5Wemq2iaK/UWgfWyDiGs4Se5FkhWW0YFzHFxZ
gU9wifqYE8VX2I2VNE0Pabv78aK8rtj+vs3w+R/17esOKW82lS0EbwMdZSDbLQEP
pb26py0P6EH8PfQa7lO4zSWX69FEI/5OJkmgl9wlMf+zRrV6DvfQO5KXHQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF6j7iHSPRwKY7/1nXTKt2yOnd2TMB8GA1UdIwQY
MBaAFNghW1fTPLLzTBfA6BA7sFH/gB6/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNGYlY5TThzdk5NRjhEb0VEdXdVZi1BSHI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yYjA3YTQtNWMwMC00MTQwLTk4OTYt
NjJkYzQ0N2ZlNDM4LzEvWHFQdUlkSTlIQXBqdl9XZGRNcTNiSTZkM1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yYjA3YTQtNWMwMC00MTQwLTk4OTYtNjJkYzQ0N2ZlNDM4
LzEvMkNGYlY5TThzdk5NRjhEb0VEdXdVZi1BSHI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2RXgMA0E
AgACMAcDBQMqA8eAMA0GCSqGSIb3DQEBCwUAA4IBAQCPX0PWGFbkFOP1T53cA5+w
j/L3l3bK18kJodXtKvMz2Wz4z83DEGxv+bQ8FnZDdP9POrG/MDOTakjzC1zCO4Ju
HNpHXvpVJgrDaBM9tlmQ5WT9BhvtCOQHqgyXWNukvlLs1DSBFi4nmPcCK2ZkmnIy
E5W85HURESj0iMSwalvp9/98XEK1RV9+kX9j0O7lHHEzRkx0zinRHnaYS2i3p6Df
SqKpXO1a4btYMCDtErb8nSm1wF2RU7Nsmkdfh1MCjMV7+6mC4m8bGiNlT3o2PZNR
FfZBjNoRZMHywur0I6xjRHp18ZJlufGGoDZSwvUr66wfBwS7+GMf5xg2d4L05RNi
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:16:10 2025 by rpki-client