Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/tFfaWhEeN1tjIdbkTex99XhSusA.roa
File: tFfaWhEeN1tjIdbkTex99XhSusA.roa (raw, json)
Hash identifier: TSELE7tLzNTduluoK9zaYqmYB7+jhExQi1mopapTZOw=
Subject key identifier: B4:57:DA:5A:11:1E:37:5B:63:21:D6:E4:4D:EC:7D:F5:78:52:BA:C0
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 0196169E4036C94902FE73A410ACD0695B0E
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/tFfaWhEeN1tjIdbkTex99XhSusA.roa
Signing time: Tue 08 Apr 2025 18:16:31 +0000
ROA not before: Tue 08 Apr 2025 18:16:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209641
IP address blocks: 2a11:b780::/32 maxlen: 32
2a11:b785::/32 maxlen: 32
2a11:c441::/32 maxlen: 32
2a11:d082::/32 maxlen: 32
2a12:4c06::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 14 Apr 2025 17:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:16:9e:40:36:c9:49:02:fe:73:a4:10:ac:d0:69:5b:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Apr 8 18:16:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b457da5a111e375b6321d6e44dec7df57852bac0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:b1:6a:04:db:7f:7b:f0:c2:9a:f9:f5:da:b9:
f4:12:ad:e1:21:49:ba:56:ef:8e:c2:38:13:8a:64:
ef:af:6f:b8:b0:33:d5:94:0e:ba:fd:16:1d:2a:da:
8b:22:b0:bd:d9:8a:e0:84:59:1c:30:f1:ea:c2:63:
26:3a:e8:55:25:74:9d:37:33:93:89:e3:ae:ba:b3:
63:81:6f:05:87:5b:44:38:b7:15:04:a9:e9:c4:40:
00:ba:a9:16:e4:85:cc:1f:d9:94:0d:bc:18:02:bd:
f1:2e:6b:56:fa:f8:55:43:0b:23:63:0e:8d:8c:05:
cc:2b:b8:8e:59:78:ea:54:79:89:39:6e:43:6f:3e:
28:90:7d:44:0d:ae:5d:bf:db:37:54:3e:89:29:03:
9d:7a:60:d2:41:33:58:c4:02:01:a0:0a:e1:48:ba:
4c:82:bd:84:0b:49:2a:18:be:80:5e:81:95:9e:f2:
d7:a7:98:6b:c3:a2:1e:71:f8:bf:e6:f8:5f:4b:74:
f6:fb:a1:b4:b5:d4:01:86:3f:d9:90:6c:9a:2b:c0:
6a:14:fa:95:38:71:80:80:07:0e:30:f2:26:6d:3a:
75:c2:50:1c:4e:ea:e4:ee:3d:91:be:d8:4c:a8:04:
51:15:35:3e:5d:f0:97:38:ad:a4:98:af:74:83:c5:
0c:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:57:DA:5A:11:1E:37:5B:63:21:D6:E4:4D:EC:7D:F5:78:52:BA:C0
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/tFfaWhEeN1tjIdbkTex99XhSusA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:b780::/32
2a11:b785::/32
2a11:c441::/32
2a11:d082::/32
2a12:4c06::/32
Signature Algorithm: sha256WithRSAEncryption
d2:1d:cd:0e:38:21:d4:47:c0:37:5a:37:87:44:b9:f8:a5:47:
22:94:d9:1a:4a:a5:d0:8e:c7:2a:9c:f2:8f:1e:99:dd:e7:4a:
05:36:b2:fc:00:13:22:f9:46:22:14:1a:f2:a6:7a:12:27:bd:
54:09:bc:54:2e:d4:51:45:f8:b1:73:37:b5:7b:c9:ee:76:3b:
87:5c:e7:80:4f:f4:07:67:4f:ef:b4:cd:24:21:7c:85:79:39:
06:55:98:25:4d:05:f8:8b:00:e7:23:78:c9:df:4e:8c:a4:43:
3a:00:96:b5:d4:4e:2a:6a:23:03:56:de:35:ed:a6:58:c1:6f:
31:5b:5f:64:53:57:f1:03:bd:66:b8:cf:0a:98:e8:31:c9:c0:
22:94:2b:60:f1:f6:eb:8f:87:ef:a5:d6:11:de:00:d7:e3:08:
ef:46:38:8b:a4:25:de:ab:0c:b5:a4:a7:1b:ac:60:9d:fd:11:
08:df:e6:b2:04:45:80:ee:85:d7:ec:5d:21:ce:64:7f:df:42:
8c:62:bd:6e:f4:9c:3a:d5:b6:b4:6f:8d:db:0e:c4:37:dc:24:
3c:78:3d:63:b7:fd:71:e3:ad:96:21:f9:fd:42:d1:f1:85:10:
15:89:0b:59:bc:51:17:58:b8:95:8a:0d:a9:15:b2:b2:80:06:
f6:01:2f:f3
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZYWnkA2yUkC/nOkEKzQaVsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNDA4MTgxNjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDU3ZGE1YTExMWUzNzViNjMyMWQ2ZTQ0ZGVjN2RmNTc4NTJiYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubFqBNt/e/DCmvn12rn0Eq3hIUm6
Vu+OwjgTimTvr2+4sDPVlA66/RYdKtqLIrC92YrghFkcMPHqwmMmOuhVJXSdNzOT
ieOuurNjgW8Fh1tEOLcVBKnpxEAAuqkW5IXMH9mUDbwYAr3xLmtW+vhVQwsjYw6N
jAXMK7iOWXjqVHmJOW5Dbz4okH1EDa5dv9s3VD6JKQOdemDSQTNYxAIBoArhSLpM
gr2EC0kqGL6AXoGVnvLXp5hrw6Iecfi/5vhfS3T2+6G0tdQBhj/ZkGyaK8BqFPqV
OHGAgAcOMPImbTp1wlAcTurk7j2RvthMqARRFTU+XfCXOK2kmK90g8UMmQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFLRX2loRHjdbYyHW5E3sffV4UrrAMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvdEZmYVdoRWVOMXRqSWRia1RleDk5WGhTdXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUAKhG3gAMF
ACoRt4UDBQAqEcRBAwUAKhHQggMFACoSTAYwDQYJKoZIhvcNAQELBQADggEBANId
zQ44IdRHwDdaN4dEufilRyKU2RpKpdCOxyqc8o8emd3nSgU2svwAEyL5RiIUGvKm
ehInvVQJvFQu1FFF+LFzN7V7ye52O4dc54BP9AdnT++0zSQhfIV5OQZVmCVNBfiL
AOcjeMnfToykQzoAlrXUTipqIwNW3jXtpljBbzFbX2RTV/EDvWa4zwqY6DHJwCKU
K2Dx9uuPh++l1hHeANfjCO9GOIukJd6rDLWkpxusYJ39EQjf5rIERYDuhdfsXSHO
ZH/fQoxivW70nDrVtrRvjdsOxDfcJDx4PWO3/XHjrZYh+f1C0fGFEBWJC1m8URdY
uJWKDakVsrKABvYBL/M=
-----END CERTIFICATE-----
Generated at Mon Apr 14 02:51:05 2025 by rpki-client