Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/BJRMIMLUoNWYqGJbDBSp90TMlbI.roa
File: BJRMIMLUoNWYqGJbDBSp90TMlbI.roa (raw, json)
Hash identifier: r+6EpUqWuuTXsne75OcdE3MkiyvwvTYaY51DrFP/ey0=
Subject key identifier: 04:94:4C:20:C2:D4:A0:D5:98:A8:62:5B:0C:14:A9:F7:44:CC:95:B2
Certificate issuer: /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial: 0195029C26C0ADAC74A0B9A1757A7D51EF4E
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/BJRMIMLUoNWYqGJbDBSp90TMlbI.roa
Signing time: Fri 14 Feb 2025 03:59:02 +0000
ROA not before: Fri 14 Feb 2025 03:59:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34665
IP address blocks: 2a11:4b41::/32 maxlen: 32
2a12:a340::/32 maxlen: 32
2a12:c304::/30 maxlen: 30
2a13:2980::/29 maxlen: 29
2a13:3b80::/29 maxlen: 29
2a13:8580::/29 maxlen: 29
2a13:8580::/32 maxlen: 32
2a13:93c1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 13:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:02:9c:26:c0:ad:ac:74:a0:b9:a1:75:7a:7d:51:ef:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Validity
Not Before: Feb 14 03:59:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=04944c20c2d4a0d598a8625b0c14a9f744cc95b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:c5:b8:e3:0c:c1:32:46:f1:f1:cb:41:35:9c:
b2:78:f8:68:ba:a7:a1:5c:03:6c:d4:bd:f1:a3:52:
4c:0c:97:99:a8:66:02:ca:84:2d:4d:3f:76:d0:ec:
29:f7:30:b2:ca:80:e4:67:5d:ec:5d:b5:3d:4c:2c:
a0:41:bb:31:68:f1:44:11:91:1b:57:29:22:a1:56:
8c:c7:42:38:52:49:1c:8b:65:ec:05:16:cb:26:b5:
e7:68:e3:38:75:ec:fc:e7:21:b1:1c:3a:f4:56:a1:
1f:d0:2d:aa:0b:44:90:98:bf:27:72:78:8e:1a:52:
77:22:bd:46:1e:36:8e:8d:0c:e5:6f:25:48:8f:3f:
1f:b6:25:f5:8b:bb:89:5d:ea:51:59:7d:18:fb:3a:
57:be:78:e6:2b:0e:a0:f8:29:19:d6:6b:12:ff:39:
d1:64:0f:21:9a:c1:b1:5e:fb:e6:7c:3c:43:fa:55:
c8:52:2a:5f:b1:88:de:2f:49:5d:66:79:aa:83:cb:
ee:ab:83:2c:6a:9f:46:df:be:36:ca:22:c4:d4:f1:
b0:a9:ad:0c:f2:ed:ad:21:7b:69:3c:f2:2f:9a:3e:
be:3b:72:15:fc:bd:a4:b4:cc:89:60:88:f3:49:cb:
6f:00:bd:91:31:51:e7:7f:c1:4c:1a:85:21:39:f0:
44:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:94:4C:20:C2:D4:A0:D5:98:A8:62:5B:0C:14:A9:F7:44:CC:95:B2
X509v3 Authority Key Identifier:
keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/BJRMIMLUoNWYqGJbDBSp90TMlbI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:4b41::/32
2a12:a340::/32
2a12:c304::/30
2a13:2980::/29
2a13:3b80::/29
2a13:8580::/29
2a13:93c1::/32
Signature Algorithm: sha256WithRSAEncryption
70:10:43:fe:b3:f2:fb:b5:ab:8b:4a:b1:56:04:7c:7c:20:67:
4c:28:02:89:00:82:b9:34:70:07:d3:54:56:b6:74:67:30:63:
a0:e0:0e:f8:cd:23:a1:f1:76:b2:8e:2f:88:af:db:f5:f9:0f:
22:7f:73:f6:5d:80:78:72:81:db:4d:e4:00:34:6e:8b:9e:25:
ba:27:42:1f:d7:41:81:d3:5f:69:20:e5:49:c0:50:8a:57:2d:
34:d8:52:30:84:32:db:e5:92:10:5c:49:a0:8b:12:e0:28:b6:
41:2e:03:9c:2b:c6:33:53:67:19:07:7b:d7:63:07:64:1e:20:
ff:a1:e1:01:ac:e5:6a:4b:66:08:98:c9:bb:82:4f:00:ad:d4:
d7:61:c7:29:ea:06:d4:c4:31:48:ee:44:82:24:cb:f3:26:e2:
9d:9c:11:e2:29:24:be:1c:f7:c4:9d:ce:12:dc:77:6c:c0:7a:
3f:61:37:83:2f:f8:d8:16:27:18:5f:e5:eb:37:d9:61:4f:6c:
b2:0a:c4:e5:53:c4:26:9b:02:4d:9a:b7:7c:ba:1a:17:99:88:
da:fa:f6:54:73:13:c4:44:01:16:d2:e7:cc:f7:4b:e0:64:61:
b7:80:45:d9:e6:a6:d9:bd:a2:e7:f1:f2:a7:c1:19:f0:36:bb:
52:e4:03:57
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZUCnCbArax0oLmhdXp9Ue9OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwMjE0MDM1OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDk0NGMyMGMyZDRhMGQ1OThhODYyNWIwYzE0YTlmNzQ0Y2M5NWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMW44wzBMkbx8ctBNZyyePhouqeh
XANs1L3xo1JMDJeZqGYCyoQtTT920Owp9zCyyoDkZ13sXbU9TCygQbsxaPFEEZEb
VykioVaMx0I4Ukkci2XsBRbLJrXnaOM4dez85yGxHDr0VqEf0C2qC0SQmL8ncniO
GlJ3Ir1GHjaOjQzlbyVIjz8ftiX1i7uJXepRWX0Y+zpXvnjmKw6g+CkZ1msS/znR
ZA8hmsGxXvvmfDxD+lXIUipfsYjeL0ldZnmqg8vuq4Msap9G3742yiLE1PGwqa0M
8u2tIXtpPPIvmj6+O3IV/L2ktMyJYIjzSctvAL2RMVHnf8FMGoUhOfBEuQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFASUTCDC1KDVmKhiWwwUqfdEzJWyMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvQkpSTUlNTFVvTldZcUdKYkRCU3A5MFRNbGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUAKhFLQQMF
ACoSo0ADBQIqEsMEAwUDKhMpgAMFAyoTO4ADBQMqE4WAAwUAKhOTwTANBgkqhkiG
9w0BAQsFAAOCAQEAcBBD/rPy+7Wri0qxVgR8fCBnTCgCiQCCuTRwB9NUVrZ0ZzBj
oOAO+M0jofF2so4viK/b9fkPIn9z9l2AeHKB203kADRui54luidCH9dBgdNfaSDl
ScBQilctNNhSMIQy2+WSEFxJoIsS4Ci2QS4DnCvGM1NnGQd712MHZB4g/6HhAazl
aktmCJjJu4JPAK3U12HHKeoG1MQxSO5EgiTL8ybinZwR4ikkvhz3xJ3OEtx3bMB6
P2E3gy/42BYnGF/l6zfZYU9ssgrE5VPEJpsCTZq3fLoaF5mI2vr2VHMTxEQBFtLn
zPdL4GRht4BF2eam2b2i5/Hyp8EZ8Da7UuQDVw==
-----END CERTIFICATE-----
Generated at Sat Apr 5 19:08:27 2025 by rpki-client