Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/9dd5e3-576f-44a1-a5cc-6509cb5f27f8/1/gL_kuMaqCBJwQIMIS7ldG0BgqS0.roa
File: gL_kuMaqCBJwQIMIS7ldG0BgqS0.roa (raw, json)
Hash identifier: aP7wklS1c2nj/ZqiWpRJ5vMpKjr7pu6Ax9+m6w/ftd4=
Subject key identifier: 80:BF:E4:B8:C6:AA:08:12:70:40:83:08:4B:B9:5D:1B:40:60:A9:2D
Certificate issuer: /CN=6fa104f6a8978bb16cd05314f98a786e0d0d9564
Certificate serial: 0194228E1FE9CA66891512602535C28A8ADC
Authority key identifier: 6F:A1:04:F6:A8:97:8B:B1:6C:D0:53:14:F9:8A:78:6E:0D:0D:95:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b6EE9qiXi7Fs0FMU-Yp4bg0NlWQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/9dd5e3-576f-44a1-a5cc-6509cb5f27f8/1/gL_kuMaqCBJwQIMIS7ldG0BgqS0.roa
Signing time: Wed 01 Jan 2025 15:48:46 +0000
ROA not before: Wed 01 Jan 2025 15:48:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41327
IP address blocks: 171.22.208.0/22 maxlen: 24
2a09:3e40::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f7/9dd5e3-576f-44a1-a5cc-6509cb5f27f8/1/b6EE9qiXi7Fs0FMU-Yp4bg0NlWQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/f7/9dd5e3-576f-44a1-a5cc-6509cb5f27f8/1/b6EE9qiXi7Fs0FMU-Yp4bg0NlWQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/b6EE9qiXi7Fs0FMU-Yp4bg0NlWQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 10:07:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8e:1f:e9:ca:66:89:15:12:60:25:35:c2:8a:8a:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6fa104f6a8978bb16cd05314f98a786e0d0d9564
Validity
Not Before: Jan 1 15:48:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=80bfe4b8c6aa0812704083084bb95d1b4060a92d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:f1:c8:3a:ba:08:31:7e:23:af:89:d3:32:cf:
dc:fb:df:25:0a:3b:e8:f5:41:fd:75:67:31:76:42:
79:be:be:20:9d:75:c5:98:e6:57:c3:59:a3:0c:ed:
fd:fd:e7:6b:60:37:47:a9:3c:18:78:0d:6d:80:f1:
30:19:c1:02:e2:8c:fb:bd:25:20:9f:a9:12:be:c5:
09:16:19:08:a8:34:bd:4c:c5:55:c5:a6:60:1c:7e:
1b:a3:56:8a:65:70:81:00:f0:5d:5c:06:e9:3e:3b:
fc:47:73:27:1b:4b:b1:a0:33:79:0a:be:22:35:56:
e0:01:ee:c9:27:f1:92:b1:46:13:66:12:7e:39:20:
d4:87:18:d7:70:95:8e:79:5e:88:9a:34:89:73:89:
be:67:8c:93:2e:2c:de:4f:11:43:7d:57:4c:e3:86:
d7:1b:a8:b6:35:2f:d0:10:e5:15:ad:77:ac:4e:0f:
7a:f4:6d:63:b4:77:99:45:12:66:a2:db:18:bf:ec:
98:59:aa:77:fa:12:e7:61:2f:d4:45:35:5b:a1:72:
ad:ff:c3:39:ac:46:53:e3:db:4f:32:3f:49:e6:f6:
bb:38:6c:5c:d2:6c:59:ad:ab:a1:f3:f3:74:20:92:
3a:23:aa:e4:08:d2:cf:ea:8d:6e:b0:48:dd:f3:f8:
b8:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:BF:E4:B8:C6:AA:08:12:70:40:83:08:4B:B9:5D:1B:40:60:A9:2D
X509v3 Authority Key Identifier:
keyid:6F:A1:04:F6:A8:97:8B:B1:6C:D0:53:14:F9:8A:78:6E:0D:0D:95:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6EE9qiXi7Fs0FMU-Yp4bg0NlWQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/9dd5e3-576f-44a1-a5cc-6509cb5f27f8/1/gL_kuMaqCBJwQIMIS7ldG0BgqS0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/9dd5e3-576f-44a1-a5cc-6509cb5f27f8/1/b6EE9qiXi7Fs0FMU-Yp4bg0NlWQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.22.208.0/22
IPv6:
2a09:3e40::/29
Signature Algorithm: sha256WithRSAEncryption
52:6d:3a:86:04:16:62:10:ac:9f:81:dd:74:a7:83:94:c1:b3:
fa:a2:a0:19:11:f6:2c:58:a6:a9:aa:fc:58:23:00:67:4d:4d:
0c:50:46:de:37:aa:5c:5c:7d:88:63:4c:a4:4c:0d:9b:6f:76:
39:1c:a9:94:09:88:8d:99:d4:ef:99:61:29:98:c8:3a:11:54:
2c:6c:0b:de:f9:03:ff:ff:3a:4e:9e:6d:eb:30:1c:02:a4:94:
46:28:57:e5:a0:be:4e:4b:da:d5:86:b9:b0:80:f9:05:2f:b0:
61:6b:78:cc:d2:f9:17:f8:26:19:50:e2:71:11:a3:52:00:fd:
bd:a0:34:bf:b0:fe:60:08:ac:6b:07:2d:3b:dd:0f:13:42:90:
c5:e2:d2:c2:bf:71:9a:6c:c4:ac:b6:bc:14:09:ad:4e:6d:41:
c6:ee:06:39:81:e5:64:cd:e2:d3:6c:b2:03:be:a6:5d:50:f9:
e4:dc:d1:fc:ad:e4:b1:0f:b2:4c:85:24:ef:cd:83:4a:04:4c:
db:31:ba:03:16:f5:87:85:39:a6:ff:d9:81:da:af:65:4d:09:
36:9f:56:69:f1:75:87:da:18:7d:9e:49:38:26:ab:a6:23:da:
5e:d4:31:83:a5:0e:39:a5:74:85:98:20:20:16:d6:c9:db:c0:
7e:12:1f:68
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijh/pymaJFRJgJTXCiorcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTEwNGY2YTg5NzhiYjE2Y2QwNTMxNGY5OGE3ODZlMGQw
ZDk1NjQwHhcNMjUwMTAxMTU0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGJmZTRiOGM2YWEwODEyNzA0MDgzMDg0YmI5NWQxYjQwNjBhOTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPHIOroIMX4jr4nTMs/c+98lCjvo
9UH9dWcxdkJ5vr4gnXXFmOZXw1mjDO39/edrYDdHqTwYeA1tgPEwGcEC4oz7vSUg
n6kSvsUJFhkIqDS9TMVVxaZgHH4bo1aKZXCBAPBdXAbpPjv8R3MnG0uxoDN5Cr4i
NVbgAe7JJ/GSsUYTZhJ+OSDUhxjXcJWOeV6ImjSJc4m+Z4yTLizeTxFDfVdM44bX
G6i2NS/QEOUVrXesTg969G1jtHeZRRJmotsYv+yYWap3+hLnYS/URTVboXKt/8M5
rEZT49tPMj9J5va7OGxc0mxZrauh8/N0IJI6I6rkCNLP6o1usEjd8/i4VQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIC/5LjGqggScECDCEu5XRtAYKktMB8GA1UdIwQY
MBaAFG+hBPaol4uxbNBTFPmKeG4NDZVkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZFRTlxaVhpN0ZzMEZNVS1ZcDRiZzBObFdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy85ZGQ1ZTMtNTc2Zi00NGExLWE1Y2Mt
NjUwOWNiNWYyN2Y4LzEvZ0xfa3VNYXFDQkp3UUlNSVM3bGRHMEJncVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy85ZGQ1ZTMtNTc2Zi00NGExLWE1Y2MtNjUwOWNiNWYyN2Y4
LzEvYjZFRTlxaVhpN0ZzMEZNVS1ZcDRiZzBObFdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCqxbQMA0E
AgACMAcDBQMqCT5AMA0GCSqGSIb3DQEBCwUAA4IBAQBSbTqGBBZiEKyfgd10p4OU
wbP6oqAZEfYsWKapqvxYIwBnTU0MUEbeN6pcXH2IY0ykTA2bb3Y5HKmUCYiNmdTv
mWEpmMg6EVQsbAve+QP//zpOnm3rMBwCpJRGKFfloL5OS9rVhrmwgPkFL7Bha3jM
0vkX+CYZUOJxEaNSAP29oDS/sP5gCKxrBy073Q8TQpDF4tLCv3GabMSstrwUCa1O
bUHG7gY5geVkzeLTbLIDvqZdUPnk3NH8reSxD7JMhSTvzYNKBEzbMboDFvWHhTmm
/9mB2q9lTQk2n1Zp8XWH2hh9nkk4JqumI9pe1DGDpQ45pXSFmCAgFtbJ28B+Eh9o
-----END CERTIFICATE-----
Generated at Sun Apr 6 17:49:36 2025 by rpki-client