Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/ktD6AyHksOCblKN9a3qVRt27m9o.roa
File: ktD6AyHksOCblKN9a3qVRt27m9o.roa (raw, json)
Hash identifier: V5QNEtlJtM9vZYXeCjRbhyFbWnet1Vj6bUBis/VvlnY=
Subject key identifier: 92:D0:FA:03:21:E4:B0:E0:9B:94:A3:7D:6B:7A:95:46:DD:BB:9B:DA
Certificate issuer: /CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
Certificate serial: 019427B5D079D6A0337BD1D89124EE1A6007
Authority key identifier: FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/ktD6AyHksOCblKN9a3qVRt27m9o.roa
Signing time: Thu 02 Jan 2025 15:50:14 +0000
ROA not before: Thu 02 Jan 2025 15:50:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44194
IP address blocks: 2001:bf7::/32 maxlen: 48
2001:bf7:750::/44 maxlen: 48
2001:bf7:760::/43 maxlen: 48
2001:bf7:780::/43 maxlen: 48
2001:bf7:800::/42 maxlen: 48
2001:bf7:840::/43 maxlen: 48
2001:bf7:860::/44 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.mft
rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 20 Feb 2025 14:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:d0:79:d6:a0:33:7b:d1:d8:91:24:ee:1a:60:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
Validity
Not Before: Jan 2 15:50:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=92d0fa0321e4b0e09b94a37d6b7a9546ddbb9bda
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:44:87:18:c8:e5:2a:4a:a3:2d:7e:c1:32:63:
fd:e9:6c:dd:34:da:64:95:78:6c:6a:aa:44:47:cb:
e2:3b:e3:7a:d8:20:2b:76:9d:9a:c5:a9:b0:75:90:
99:e9:a2:d5:47:ec:47:41:44:16:1b:af:22:f0:6f:
f8:61:13:81:30:3a:67:71:90:52:01:78:88:8f:9f:
0a:5f:97:5c:fc:3f:44:fd:2d:f9:e4:98:c5:a7:33:
a2:5b:83:9a:bc:61:e9:b0:04:7c:e7:9c:35:16:e3:
d3:86:30:86:e2:90:77:86:fd:7a:89:1f:d0:9c:fa:
58:f0:d8:07:6e:13:02:43:f8:2c:be:ac:7c:47:13:
0d:22:86:a3:2d:e5:3a:e5:c8:c0:b1:f4:c4:23:8c:
9f:20:15:71:2b:ca:94:a7:9c:6a:0a:27:a6:68:1c:
2e:97:b5:84:b2:71:30:bb:ae:4d:0c:cc:30:75:3c:
c1:70:76:5f:ca:14:ce:60:82:c9:7d:57:d4:20:0c:
f9:b6:eb:80:1c:a6:47:85:aa:fc:14:e4:e1:d6:ff:
b7:d3:ca:7b:6b:24:89:3b:63:71:27:d7:5b:d8:c4:
ee:2e:d9:c2:08:78:41:fd:07:92:12:58:18:0d:88:
ff:4f:d5:b0:ec:77:88:ce:1a:ee:9e:f1:cc:a3:e7:
21:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:D0:FA:03:21:E4:B0:E0:9B:94:A3:7D:6B:7A:95:46:DD:BB:9B:DA
X509v3 Authority Key Identifier:
keyid:FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/ktD6AyHksOCblKN9a3qVRt27m9o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:bf7::/32
Signature Algorithm: sha256WithRSAEncryption
9e:38:7e:1f:e0:b0:c1:72:0f:ac:e3:76:f3:d9:82:06:22:33:
03:ea:96:1e:94:b3:f6:ba:31:5d:56:2f:a2:b6:82:b3:88:a0:
a4:ea:65:2e:5a:35:61:af:ef:d2:b7:d3:d7:e4:6b:3c:d4:2c:
a4:29:c3:d0:b7:e2:ef:ad:ab:5f:76:ce:e3:f0:1a:f6:29:a5:
bc:4d:38:08:45:d9:dd:dd:52:e2:e5:ac:78:47:eb:ee:1e:15:
89:d7:31:25:50:cf:f7:e6:69:9b:29:5a:07:c9:10:0a:13:03:
43:0b:38:8f:2e:93:1b:37:7b:21:9b:64:6b:df:88:03:e1:52:
8f:e2:70:1d:61:f1:5a:81:5a:47:f4:e1:9b:f8:f3:32:5b:f9:
d8:42:37:7d:64:b4:a6:5c:ad:db:e6:dc:e5:e6:03:7f:48:54:
15:fc:a5:1e:bf:66:6b:de:58:17:92:9a:dd:43:67:f1:f2:1b:
80:c6:76:74:b0:be:f1:cd:6a:dd:3a:61:dd:e4:93:9c:36:71:
83:8c:d3:11:62:e5:3c:df:45:cd:ed:bc:7d:e2:83:76:3b:11:
a7:d5:17:05:b1:e8:56:d7:7c:b4:76:bc:23:31:07:82:a2:fb:
5a:99:6e:b7:19:e3:84:47:42:1f:ff:61:9c:87:4b:78:2c:18:
32:d6:65:c1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntdB51qAze9HYkSTuGmAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMzE0OTI0NzNhNzhjNmZlOWY1MzlmOWZhN2QyMjUyNTYw
YTJiN2UwHhcNMjUwMTAyMTU1MDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmQwZmEwMzIxZTRiMGUwOWI5NGEzN2Q2YjdhOTU0NmRkYmI5YmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUSHGMjlKkqjLX7BMmP96WzdNNpk
lXhsaqpER8viO+N62CArdp2axamwdZCZ6aLVR+xHQUQWG68i8G/4YROBMDpncZBS
AXiIj58KX5dc/D9E/S355JjFpzOiW4OavGHpsAR855w1FuPThjCG4pB3hv16iR/Q
nPpY8NgHbhMCQ/gsvqx8RxMNIoajLeU65cjAsfTEI4yfIBVxK8qUp5xqCiemaBwu
l7WEsnEwu65NDMwwdTzBcHZfyhTOYILJfVfUIAz5tuuAHKZHhar8FOTh1v+308p7
aySJO2NxJ9db2MTuLtnCCHhB/QeSElgYDYj/T9Ww7HeIzhrunvHMo+chFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJLQ+gMh5LDgm5SjfWt6lUbdu5vaMB8GA1UdIwQY
MBaAFP8xSSRzp4xv6fU5+fp9IlJWCit+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3pGSkpIT25qR19wOVRuNS1uMGlVbFlLSzM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8xYjQxMDUtMzQ3MS00NTkyLWJmMDct
NzNmZDNiYzE5YWE3LzEva3RENkF5SGtzT0NibEtOOWEzcVZSdDI3bTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8xYjQxMDUtMzQ3MS00NTkyLWJmMDctNzNmZDNiYzE5YWE3
LzEvX3pGSkpIT25qR19wOVRuNS1uMGlVbFlLSzM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAIAEL9zAN
BgkqhkiG9w0BAQsFAAOCAQEAnjh+H+CwwXIPrON289mCBiIzA+qWHpSz9roxXVYv
oraCs4igpOplLlo1Ya/v0rfT1+RrPNQspCnD0Lfi762rX3bO4/Aa9imlvE04CEXZ
3d1S4uWseEfr7h4VidcxJVDP9+ZpmylaB8kQChMDQws4jy6TGzd7IZtka9+IA+FS
j+JwHWHxWoFaR/Thm/jzMlv52EI3fWS0plyt2+bc5eYDf0hUFfylHr9ma95YF5Ka
3UNn8fIbgMZ2dLC+8c1q3Tph3eSTnDZxg4zTEWLlPN9Fze28feKDdjsRp9UXBbHo
Vtd8tHa8IzEHgqL7WplutxnjhEdCH/9hnIdLeCwYMtZlwQ==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:38:23 2025 by rpki-client