Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/3QJbmr0R1bBjoRiwJnUTCZzSOHg.roa
File: 3QJbmr0R1bBjoRiwJnUTCZzSOHg.roa (raw, json)
Hash identifier: ETdBwgjb1qIsUB+xFtN554lDgeb3GQYuJvYScri04MY=
Subject key identifier: DD:02:5B:9A:BD:11:D5:B0:63:A1:18:B0:26:75:13:09:9C:D2:38:78
Certificate issuer: /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial: 018CC26D626AFCA20EB5D0BD1B60C4F13016
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/3QJbmr0R1bBjoRiwJnUTCZzSOHg.roa
Signing time: Mon 01 Jan 2024 00:29:57 +0000
ROA not before: Mon 01 Jan 2024 00:29:57 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 46475
IP address blocks: 2a11:840:35::/48 maxlen: 48
2a11:840:38::/48 maxlen: 48
2a11:840:36::/48 maxlen: 48
2a11:840:39::/48 maxlen: 48
2a11:840:34::/48 maxlen: 48
2a11:840:37::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Nov 2024 03:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:62:6a:fc:a2:0e:b5:d0:bd:1b:60:c4:f1:30:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
Validity
Not Before: Jan 1 00:29:57 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dd025b9abd11d5b063a118b0267513099cd23878
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:32:92:e5:10:69:de:85:49:ae:6c:96:18:2c:
89:9b:ae:ce:82:13:47:e6:b4:8c:a4:83:c1:0c:7b:
2e:5c:32:e5:3a:26:79:91:a1:76:e1:c1:5c:0c:54:
54:b1:5a:e3:f6:68:67:2a:09:36:82:06:fa:a8:78:
2e:2d:b8:79:ed:d7:02:7e:79:93:57:84:13:b2:68:
c4:71:22:8b:a5:d7:97:46:36:be:a2:43:28:4e:bb:
1d:95:3e:40:bf:0f:4b:50:ad:f8:c7:a7:66:85:dc:
c9:d8:a7:cd:8c:39:b2:6e:ce:4b:c9:a8:65:e5:c0:
44:08:d0:14:82:5e:43:38:f4:59:e8:31:07:22:08:
53:f7:03:76:07:73:f7:82:d8:83:f2:e5:89:a5:49:
e3:8b:e1:e7:8f:70:7c:02:d7:fa:7b:b5:bd:5c:f8:
e0:e5:5f:47:33:07:4f:72:a6:3c:f6:a2:36:50:64:
ce:0b:81:90:15:5c:7b:e1:47:82:07:7b:63:84:e4:
f5:d2:46:8e:61:11:20:4d:c3:38:f7:09:8c:34:b0:
8f:13:29:f9:65:78:9d:d5:20:63:a2:53:89:d8:11:
34:8f:be:f0:ea:15:f9:09:d8:8f:c8:68:f6:07:72:
eb:2d:f4:b7:b9:1f:e3:d1:15:24:cd:16:57:1f:ce:
5d:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:02:5B:9A:BD:11:D5:B0:63:A1:18:B0:26:75:13:09:9C:D2:38:78
X509v3 Authority Key Identifier:
keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/3QJbmr0R1bBjoRiwJnUTCZzSOHg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:840:34::-2a11:840:39:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
50:0a:ba:c0:55:d5:5b:31:d8:4f:6f:be:ad:bc:c9:1a:ec:aa:
44:e3:a2:7f:16:b8:ec:42:e5:3f:77:5c:f6:33:b8:21:04:0f:
92:8c:9f:a1:8f:b9:24:a5:8a:cc:ac:9c:2e:d7:36:0b:73:79:
a2:b6:b6:02:04:a6:55:bc:2b:a6:59:7d:06:b4:9d:e6:15:3a:
32:51:cd:76:9e:fa:69:44:79:07:a0:72:ca:e0:5a:a0:af:d2:
02:b0:97:62:30:fc:f9:54:07:85:67:b6:da:d0:5f:7b:33:b5:
7e:4c:6d:40:f3:7e:71:7c:71:50:8c:c9:71:38:c2:50:db:69:
bd:30:c9:ee:e8:3b:b2:19:75:06:ad:8c:81:af:64:86:62:78:
67:c5:b0:44:c0:fe:13:6c:af:08:45:9b:f2:5f:5c:0d:34:3b:
bc:0f:84:8e:81:27:f8:c7:28:2e:1e:6f:d4:65:f4:a8:7e:ab:
45:d4:36:d7:fc:a4:bd:50:75:d2:ed:78:05:72:75:c3:67:16:
4e:18:ca:0b:17:1b:dd:54:e2:8d:89:b4:29:07:c9:0a:80:bc:
a5:14:f7:a6:19:a4:24:30:3a:39:d5:98:49:1e:ed:5a:e8:0f:
3a:31:ee:a4:07:04:c8:83:c5:5c:3d:2a:ba:33:85:40:5d:91:
37:bc:f2:ef
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzCbWJq/KIOtdC9G2DE8TAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDAyNWI5YWJkMTFkNWIwNjNhMTE4YjAyNjc1MTMwOTljZDIzODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTKS5RBp3oVJrmyWGCyJm67OghNH
5rSMpIPBDHsuXDLlOiZ5kaF24cFcDFRUsVrj9mhnKgk2ggb6qHguLbh57dcCfnmT
V4QTsmjEcSKLpdeXRja+okMoTrsdlT5Avw9LUK34x6dmhdzJ2KfNjDmybs5Lyahl
5cBECNAUgl5DOPRZ6DEHIghT9wN2B3P3gtiD8uWJpUnji+Hnj3B8Atf6e7W9XPjg
5V9HMwdPcqY89qI2UGTOC4GQFVx74UeCB3tjhOT10kaOYREgTcM49wmMNLCPEyn5
ZXid1SBjolOJ2BE0j77w6hX5CdiPyGj2B3LrLfS3uR/j0RUkzRZXH85dAQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFN0CW5q9EdWwY6EYsCZ1Ewmc0jh4MB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvM1FKYm1yMFIxYkJqb1Jpd0puVVRDWnpTT0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwIqEQhA
ADQDBwEqEQhAADgwDQYJKoZIhvcNAQELBQADggEBAFAKusBV1Vsx2E9vvq28yRrs
qkTjon8WuOxC5T93XPYzuCEED5KMn6GPuSSlisysnC7XNgtzeaK2tgIEplW8K6ZZ
fQa0neYVOjJRzXae+mlEeQegcsrgWqCv0gKwl2Iw/PlUB4VnttrQX3sztX5MbUDz
fnF8cVCMyXE4wlDbab0wye7oO7IZdQatjIGvZIZieGfFsETA/hNsrwhFm/JfXA00
O7wPhI6BJ/jHKC4eb9Rl9Kh+q0XUNtf8pL1QddLteAVydcNnFk4YygsXG91U4o2J
tCkHyQqAvKUU96YZpCQwOjnVmEke7VroDzox7qQHBMiDxVw9KrozhUBdkTe88u8=
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:54:41 2024 by rpki-client on console-fra.rpki-client.org