Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/BEfZLYm22ytL2TAUbAdVw1zX1Lw.roa
File: BEfZLYm22ytL2TAUbAdVw1zX1Lw.roa (raw, json)
Hash identifier: klB/IG9rFDsKmRUAoHWuriGo/ZZNxkQ+BXChvVj85xk=
Subject key identifier: 04:47:D9:2D:89:B6:DB:2B:4B:D9:30:14:6C:07:55:C3:5C:D7:D4:BC
Certificate issuer: /CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Certificate serial: 019560ACD4969D89419C1FDE7FAECEA1D777
Authority key identifier: 3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/BEfZLYm22ytL2TAUbAdVw1zX1Lw.roa
Signing time: Tue 04 Mar 2025 10:21:34 +0000
ROA not before: Tue 04 Mar 2025 10:21:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:2002::/32 maxlen: 32
2001:2080::/28 maxlen: 28
2001:2093::/32 maxlen: 32
2001:2094::/30 maxlen: 30
2001:2098::/29 maxlen: 29
2001:20a0::/27 maxlen: 27
2001:20c0::/26 maxlen: 26
2001:2100::/24 maxlen: 24
2001:2200::/23 maxlen: 23
2001:2400::/22 maxlen: 22
2001:2800::/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl
rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.mft
rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 12 Apr 2025 16:01:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:60:ac:d4:96:9d:89:41:9c:1f:de:7f:ae:ce:a1:d7:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Validity
Not Before: Mar 4 10:21:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0447d92d89b6db2b4bd930146c0755c35cd7d4bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:eb:d3:43:79:e8:28:45:f8:97:ad:9c:3c:00:
1b:2f:01:23:6b:9f:6b:bd:f3:ac:19:62:83:15:1c:
d6:ad:1a:bd:88:8c:a7:00:97:ce:85:d9:52:b7:2f:
1e:8a:08:18:8e:2d:87:1f:e8:02:fd:be:c7:e9:1a:
8a:06:ab:4a:30:b0:2f:a1:3b:c8:be:b6:45:21:9f:
78:93:bb:4b:ae:4d:a1:e0:1d:18:9d:f0:39:c7:0d:
e2:bb:3f:7b:93:59:4e:29:e1:fc:05:05:54:64:f8:
f9:aa:78:0c:04:2f:74:6f:fb:26:02:bb:f1:73:cc:
07:16:33:45:62:4b:38:44:e0:6d:3c:9c:80:51:19:
d4:1b:19:67:33:ea:17:88:49:b8:44:fb:0b:e1:e6:
f4:14:aa:2b:10:20:18:e3:d5:de:1c:d3:35:35:9a:
bc:a9:71:78:2e:8a:d4:6e:63:6b:74:73:88:9e:d7:
76:3c:13:ec:43:21:65:66:8c:89:a7:2a:b3:24:05:
d7:aa:5c:89:f7:19:98:4a:bb:2a:16:49:30:70:20:
67:26:09:10:d2:f8:87:94:39:ce:a7:d4:eb:84:40:
30:fd:b4:86:f9:35:59:de:0b:3f:14:fb:35:8d:12:
bb:a9:3a:8a:40:aa:8f:a7:88:c5:a9:c3:51:fd:31:
ac:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:47:D9:2D:89:B6:DB:2B:4B:D9:30:14:6C:07:55:C3:5C:D7:D4:BC
X509v3 Authority Key Identifier:
keyid:3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/BEfZLYm22ytL2TAUbAdVw1zX1Lw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:2002::/32
2001:2080::/28
2001:2093::-2001:2fff:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
28:4e:92:fe:b6:4c:5c:51:9c:ad:b3:92:b0:27:e6:19:a2:51:
29:1d:67:27:e7:30:12:5c:9c:6d:f9:a4:7a:79:4b:72:9f:75:
ee:b4:0e:fb:04:78:fd:0b:ac:e5:f6:58:16:fc:3b:06:8f:96:
e6:f7:ec:6f:cb:7a:13:48:ed:4b:8a:a3:b2:de:f6:ff:8d:fc:
48:d4:98:dd:4c:b2:22:dd:f3:ac:59:7a:d3:cb:03:47:70:26:
38:ef:14:47:6f:ed:28:7a:de:63:0c:c9:2b:48:f5:2d:43:ac:
7a:9e:1a:ff:8f:df:36:c4:21:f4:14:db:1e:5c:ee:94:62:c6:
53:89:aa:50:0e:56:3b:5c:1d:46:36:83:4d:60:13:e4:fd:1d:
ea:67:f7:24:bf:43:c3:49:f1:73:a0:5e:9b:6e:96:74:3f:be:
75:10:75:45:ea:ba:e5:4f:07:f6:cb:8a:8b:af:54:4c:47:d3:
c4:4a:b6:ac:ab:67:fb:4f:85:9b:84:eb:95:37:a8:de:67:f1:
6f:15:1d:89:23:de:49:6f:8d:45:48:59:dd:7c:5d:c4:75:76:
0a:20:e0:1e:fb:2e:ea:8b:eb:5b:06:bb:3e:32:d9:dc:3b:d2:
38:18:85:1b:fb:de:3f:cc:2f:ca:3d:d4:e2:6a:7c:c2:d9:e5:
d5:7d:f9:19
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZVgrNSWnYlBnB/ef67Oodd3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTViMWMwOWFhMzFmNjcxM2M2MWIzMmU1NTgxMDllNDc5
NjZkNDIwHhcNMjUwMzA0MTAyMTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDQ3ZDkyZDg5YjZkYjJiNGJkOTMwMTQ2YzA3NTVjMzVjZDdkNGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+vTQ3noKEX4l62cPAAbLwEja59r
vfOsGWKDFRzWrRq9iIynAJfOhdlSty8eiggYji2HH+gC/b7H6RqKBqtKMLAvoTvI
vrZFIZ94k7tLrk2h4B0YnfA5xw3iuz97k1lOKeH8BQVUZPj5qngMBC90b/smArvx
c8wHFjNFYks4ROBtPJyAURnUGxlnM+oXiEm4RPsL4eb0FKorECAY49XeHNM1NZq8
qXF4LorUbmNrdHOIntd2PBPsQyFlZoyJpyqzJAXXqlyJ9xmYSrsqFkkwcCBnJgkQ
0viHlDnOp9TrhEAw/bSG+TVZ3gs/FPs1jRK7qTqKQKqPp4jFqcNR/TGs6wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFARH2S2JttsrS9kwFGwHVcNc19S8MB8GA1UdIwQY
MBaAFDulscCaox9nE8YbMuVYEJ5Hlm1CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQt
NDY2ZTljYWI3ODY0LzEvQkVmWkxZbTIyeXRMMlRBVWJBZFZ3MXpYMUx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQtNDY2ZTljYWI3ODY0
LzEvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdAwUAIAEgAgMF
BCABIIAwDQMFACABIJMDBAQgASAwDQYJKoZIhvcNAQELBQADggEBAChOkv62TFxR
nK2zkrAn5hmiUSkdZyfnMBJcnG35pHp5S3Kfde60DvsEeP0LrOX2WBb8OwaPlub3
7G/LehNI7UuKo7Le9v+N/EjUmN1MsiLd86xZetPLA0dwJjjvFEdv7Sh63mMMyStI
9S1DrHqeGv+P3zbEIfQU2x5c7pRixlOJqlAOVjtcHUY2g01gE+T9Hepn9yS/Q8NJ
8XOgXptulnQ/vnUQdUXquuVPB/bLiouvVExH08RKtqyrZ/tPhZuE65U3qN5n8W8V
HYkj3klvjUVIWd18XcR1dgog4B77LuqL61sGuz4y2dw70jgYhRv73j/ML8o91OJq
fMLZ5dV9+Rk=
-----END CERTIFICATE-----
Generated at Sat Apr 12 03:25:19 2025 by rpki-client