Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/ZQIkKM0wnsGE09x8Gj2tkKkdvCo.roa
File: ZQIkKM0wnsGE09x8Gj2tkKkdvCo.roa (raw, json)
Hash identifier: c0JjbeiMwJtgSk02wQ3e/EFSSTEUVi4TY73i+98NKvg=
Subject key identifier: 65:02:24:28:CD:30:9E:C1:84:D3:DC:7C:1A:3D:AD:90:A9:1D:BC:2A
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 0195CEE0224F9CA72C13163A25408669D144
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/ZQIkKM0wnsGE09x8Gj2tkKkdvCo.roa
Signing time: Tue 25 Mar 2025 19:55:50 +0000
ROA not before: Tue 25 Mar 2025 19:55:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206873
IP address blocks: 2a11:9fc4::/32 maxlen: 32
2a11:d083::/32 maxlen: 32
2a11:fec6::/32 maxlen: 32
2a12:4c05::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 17:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ce:e0:22:4f:9c:a7:2c:13:16:3a:25:40:86:69:d1:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Mar 25 19:55:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=65022428cd309ec184d3dc7c1a3dad90a91dbc2a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:90:21:32:e3:ce:a2:ee:c2:c2:88:3a:a7:fd:
b8:85:c5:f8:16:92:96:48:37:52:28:74:58:64:97:
3e:7b:61:e0:40:cc:aa:00:db:3b:36:51:e9:98:d4:
de:6d:ce:7b:8f:45:58:6b:95:7a:ea:3e:c7:ed:c3:
71:55:8d:de:93:0d:17:09:94:15:0c:f1:f2:0d:f2:
e7:9d:c2:bd:3f:14:24:18:7c:13:dd:50:e1:76:fc:
d5:b8:5d:7e:c8:29:5d:b5:80:64:89:6e:18:49:35:
a3:2c:d1:63:77:e8:ed:f1:43:3e:1a:a5:c2:bb:e3:
0b:ed:97:f8:c5:8e:bf:c3:fa:55:da:9f:53:ae:20:
35:23:30:28:e1:25:14:45:2b:8a:d6:93:bf:fc:16:
32:a9:dc:1c:31:2d:8f:46:b4:b4:b1:6e:30:df:1f:
46:df:16:25:e9:aa:f6:18:44:15:13:15:a4:58:cd:
72:0b:c4:1e:66:89:4d:cf:59:0e:a0:8d:5a:28:6d:
a2:08:ee:bd:5c:db:10:37:35:af:74:03:98:14:73:
0f:87:8e:27:65:a1:16:b6:b3:fa:15:63:1c:1c:1c:
81:62:54:7f:73:29:21:58:e9:8e:41:0d:b3:1a:33:
9a:24:c9:d5:65:0b:95:4d:2d:48:e1:90:99:76:28:
61:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:02:24:28:CD:30:9E:C1:84:D3:DC:7C:1A:3D:AD:90:A9:1D:BC:2A
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/ZQIkKM0wnsGE09x8Gj2tkKkdvCo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:9fc4::/32
2a11:d083::/32
2a11:fec6::/32
2a12:4c05::/32
Signature Algorithm: sha256WithRSAEncryption
d8:53:b2:c0:bd:8d:85:96:b6:26:83:1e:ce:4c:22:e1:92:67:
9d:03:7d:3e:e3:0a:6b:2f:70:bd:e8:a3:f3:18:c1:59:d3:55:
a3:cc:86:16:82:e2:20:ad:a6:94:82:ea:e8:7c:7f:14:26:08:
59:f2:dc:ae:00:b7:1b:8e:2b:37:fb:74:6f:83:aa:67:1c:9d:
cb:ba:c3:f6:8e:10:3b:1c:27:bc:24:45:9f:9b:11:57:6b:0b:
5c:27:66:db:b8:55:fa:9f:25:fc:70:cb:0e:33:29:40:51:03:
d9:9c:2c:2c:bb:44:b8:bd:c1:66:38:c2:85:16:fa:53:57:be:
89:07:bf:df:fa:64:c5:52:ed:32:88:53:5c:1f:0a:61:43:2e:
8d:c4:92:a9:3a:f3:1a:b0:c3:f8:7c:e7:19:3d:17:d2:14:f8:
8f:e5:f0:39:46:80:5f:14:83:52:10:cd:c9:df:6d:80:40:49:
d4:0e:9e:10:64:18:bf:1d:a7:78:8a:b5:d9:aa:d1:a0:f1:b8:
cc:7e:a3:16:f7:10:9d:65:9e:b2:8a:cf:43:7e:9a:28:a9:84:
df:c6:7c:30:61:d3:f8:9f:fe:9d:4f:5f:b0:2d:b7:73:db:b9:
b8:15:9b:b7:82:3e:35:b7:e9:49:94:50:cc:00:e3:08:09:22:
a9:ab:ff:b0
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZXO4CJPnKcsExY6JUCGadFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwMzI1MTk1NTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTAyMjQyOGNkMzA5ZWMxODRkM2RjN2MxYTNkYWQ5MGE5MWRiYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZAhMuPOou7Cwog6p/24hcX4FpKW
SDdSKHRYZJc+e2HgQMyqANs7NlHpmNTebc57j0VYa5V66j7H7cNxVY3ekw0XCZQV
DPHyDfLnncK9PxQkGHwT3VDhdvzVuF1+yCldtYBkiW4YSTWjLNFjd+jt8UM+GqXC
u+ML7Zf4xY6/w/pV2p9TriA1IzAo4SUURSuK1pO//BYyqdwcMS2PRrS0sW4w3x9G
3xYl6ar2GEQVExWkWM1yC8QeZolNz1kOoI1aKG2iCO69XNsQNzWvdAOYFHMPh44n
ZaEWtrP6FWMcHByBYlR/cykhWOmOQQ2zGjOaJMnVZQuVTS1I4ZCZdihhlwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFGUCJCjNMJ7BhNPcfBo9rZCpHbwqMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvWlFJa0tNMHduc0dFMDl4OEdqMnRrS2tkdkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUAKhGfxAMF
ACoR0IMDBQAqEf7GAwUAKhJMBTANBgkqhkiG9w0BAQsFAAOCAQEA2FOywL2NhZa2
JoMezkwi4ZJnnQN9PuMKay9wveij8xjBWdNVo8yGFoLiIK2mlILq6Hx/FCYIWfLc
rgC3G44rN/t0b4OqZxydy7rD9o4QOxwnvCRFn5sRV2sLXCdm27hV+p8l/HDLDjMp
QFED2ZwsLLtEuL3BZjjChRb6U1e+iQe/3/pkxVLtMohTXB8KYUMujcSSqTrzGrDD
+HznGT0X0hT4j+XwOUaAXxSDUhDNyd9tgEBJ1A6eEGQYvx2neIq12arRoPG4zH6j
FvcQnWWesorPQ36aKKmE38Z8MGHT+J/+nU9fsC23c9u5uBWbt4I+NbfpSZRQzADj
CAkiqav/sA==
-----END CERTIFICATE-----
Generated at Mon Apr 14 02:33:09 2025 by rpki-client