Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/0hXs769ouX7ZtQTTiOLlFP8mh8M.roa
File: 0hXs769ouX7ZtQTTiOLlFP8mh8M.roa (raw, json)
Hash identifier: MgGCpokd8fHgthtlPirKAzSDRHQrtYokNuVt7GJrmes=
Subject key identifier: D2:15:EC:EF:AF:68:B9:7E:D9:B5:04:D3:88:E2:E5:14:FF:26:87:C3
Certificate issuer: /CN=da7d5fca1e469929d4a8b6f57af3cbcdc639a35e
Certificate serial: 019593F3E70090A490A79AEC556828DAAB12
Authority key identifier: DA:7D:5F:CA:1E:46:99:29:D4:A8:B6:F5:7A:F3:CB:CD:C6:39:A3:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/0hXs769ouX7ZtQTTiOLlFP8mh8M.roa
Signing time: Fri 14 Mar 2025 09:19:49 +0000
ROA not before: Fri 14 Mar 2025 09:19:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210644
IP address blocks: 2a01:e5c0:2000::/36 maxlen: 36
2a01:e5c0:3000::/36 maxlen: 36
2a01:e5c0:4000::/36 maxlen: 36
2a01:e5c0:5000::/36 maxlen: 36
2a01:e5c0:6000::/36 maxlen: 36
2a01:e5c0:7000::/36 maxlen: 36
2a01:e5c0:8003::/48 maxlen: 48
2a01:e5c0:8004::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.crl
rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.mft
rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 15:01:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:93:f3:e7:00:90:a4:90:a7:9a:ec:55:68:28:da:ab:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da7d5fca1e469929d4a8b6f57af3cbcdc639a35e
Validity
Not Before: Mar 14 09:19:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d215ecefaf68b97ed9b504d388e2e514ff2687c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:60:d3:49:89:6a:53:97:5e:6c:3c:21:51:38:
61:45:12:57:af:cc:62:19:ce:e2:83:fa:cb:7a:d0:
83:62:16:a3:9f:58:91:ed:1a:aa:1a:15:08:b8:e9:
6b:90:fb:cb:53:d2:95:91:d6:5a:df:35:99:05:92:
e3:fd:7c:4e:54:84:3e:41:c8:b7:0c:02:9b:33:55:
d1:09:12:f3:d3:19:bc:90:e0:ba:a6:d1:dc:06:62:
26:98:71:ac:34:6e:d9:ab:eb:d1:66:5d:78:cd:c3:
89:74:6c:d4:4b:f5:90:2c:16:c0:d7:42:79:a8:67:
d8:62:aa:31:4b:da:02:2f:ac:d7:3b:db:9a:b7:4c:
0e:96:cd:42:bf:f6:e6:a6:24:12:ea:e8:1e:86:d6:
7e:b3:96:2a:2a:4b:36:58:8d:37:bb:60:15:da:df:
9b:51:3f:e5:ea:cb:c1:be:46:69:7a:45:33:c9:fb:
49:9b:40:14:0e:45:08:0d:d7:49:79:5b:b0:5c:32:
37:a0:80:a7:c7:0c:bf:77:82:2f:70:88:73:f3:93:
80:a5:82:e7:71:df:73:ef:56:fc:29:bf:5d:03:27:
6d:e2:34:fe:dd:cc:95:5c:e2:ba:2b:4c:4d:7b:04:
f8:2c:79:aa:74:bd:76:aa:35:97:7f:d0:6d:ae:d5:
61:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:15:EC:EF:AF:68:B9:7E:D9:B5:04:D3:88:E2:E5:14:FF:26:87:C3
X509v3 Authority Key Identifier:
keyid:DA:7D:5F:CA:1E:46:99:29:D4:A8:B6:F5:7A:F3:CB:CD:C6:39:A3:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/0hXs769ouX7ZtQTTiOLlFP8mh8M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:e5c0:2000::-2a01:e5c0:7fff:ffff:ffff:ffff:ffff:ffff
2a01:e5c0:8003::-2a01:e5c0:8004:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
ac:4b:18:f2:8d:fd:8a:39:22:6a:c3:07:6c:28:38:7d:f4:a8:
34:55:bd:be:1d:70:d4:26:94:03:4d:e1:f4:3f:c6:9d:54:5d:
3e:70:8b:56:18:7e:ac:1b:c5:50:55:b0:51:f3:5f:a1:44:8b:
c9:ee:01:3b:3b:88:b1:bd:e9:a8:cc:04:bd:4b:87:4c:59:54:
ca:15:84:83:03:8b:34:01:39:57:a8:f6:2b:a1:11:c6:2c:26:
72:c2:c8:69:2a:4a:d6:f1:19:19:78:87:ba:7f:04:80:4d:e2:
19:0a:dd:3d:0c:6e:f4:36:6b:fc:4f:04:a7:50:72:d2:ec:01:
d5:66:46:c5:f2:b4:cf:45:51:c6:6a:fd:b7:38:9d:3b:35:07:
5a:48:07:dc:d9:01:f1:1c:09:10:6f:0b:49:a3:22:b8:dc:17:
7b:f2:3d:da:ed:1c:6e:95:30:39:e4:f8:3f:84:48:4d:b5:ea:
96:6d:e9:ba:16:d6:00:53:bc:66:ba:22:bf:4f:0a:fa:da:08:
a0:6f:69:56:46:ae:96:b8:6b:7c:8b:29:c8:c5:9b:b5:06:5b:
e4:bd:26:65:88:54:a2:31:cd:bf:58:76:20:2a:1b:f0:95:d9:
83:a7:03:16:cc:57:83:f5:1e:fc:49:78:a2:29:d1:00:63:18:
3b:db:8e:bc
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZWT8+cAkKSQp5rsVWgo2qsSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhN2Q1ZmNhMWU0Njk5MjlkNGE4YjZmNTdhZjNjYmNkYzYz
OWEzNWUwHhcNMjUwMzE0MDkxOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjE1ZWNlZmFmNjhiOTdlZDliNTA0ZDM4OGUyZTUxNGZmMjY4N2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGDTSYlqU5debDwhUThhRRJXr8xi
Gc7ig/rLetCDYhajn1iR7RqqGhUIuOlrkPvLU9KVkdZa3zWZBZLj/XxOVIQ+Qci3
DAKbM1XRCRLz0xm8kOC6ptHcBmImmHGsNG7Zq+vRZl14zcOJdGzUS/WQLBbA10J5
qGfYYqoxS9oCL6zXO9uat0wOls1Cv/bmpiQS6ugehtZ+s5YqKks2WI03u2AV2t+b
UT/l6svBvkZpekUzyftJm0AUDkUIDddJeVuwXDI3oICnxwy/d4IvcIhz85OApYLn
cd9z71b8Kb9dAydt4jT+3cyVXOK6K0xNewT4LHmqdL12qjWXf9BtrtVhjwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFNIV7O+vaLl+2bUE04ji5RT/JofDMB8GA1UdIwQY
MBaAFNp9X8oeRpkp1Ki29Xrzy83GOaNeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm4xZnloNUdtU25VcUxiMWV2UEx6Y1k1bzE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8wNjBmMzItYTQ4Yi00NjU3LWE1OGIt
NDFiNzMwMzI3Yzc4LzEvMGhYczc2OW91WDdadFFUVGlPTGxGUDhtaDhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8wNjBmMzItYTQ4Yi00NjU3LWE1OGItNDFiNzMwMzI3Yzc4
LzEvMm4xZnloNUdtU25VcUxiMWV2UEx6Y1k1bzE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAAjAmMBADBgUqAeXA
IAMGByoB5cAAMBIDBwAqAeXAgAMDBwAqAeXAgAQwDQYJKoZIhvcNAQELBQADggEB
AKxLGPKN/Yo5ImrDB2woOH30qDRVvb4dcNQmlANN4fQ/xp1UXT5wi1YYfqwbxVBV
sFHzX6FEi8nuATs7iLG96ajMBL1Lh0xZVMoVhIMDizQBOVeo9iuhEcYsJnLCyGkq
StbxGRl4h7p/BIBN4hkK3T0MbvQ2a/xPBKdQctLsAdVmRsXytM9FUcZq/bc4nTs1
B1pIB9zZAfEcCRBvC0mjIrjcF3vyPdrtHG6VMDnk+D+ESE216pZt6boW1gBTvGa6
Ir9PCvraCKBvaVZGrpa4a3yLKcjFm7UGW+S9JmWIVKIxzb9YdiAqG/CV2YOnAxbM
V4P1HvxJeKIp0QBjGDvbjrw=
-----END CERTIFICATE-----
Generated at Sun Apr 6 23:35:15 2025 by rpki-client