Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/ISu3CKnG01278gAzZ5TXbh4oeZ0.roa
File: ISu3CKnG01278gAzZ5TXbh4oeZ0.roa (raw, json)
Hash identifier: lAZS+Ip4RMA6WRO3hHfnIY86tFVS0Vo5ipjWeb7di/A=
Subject key identifier: 21:2B:B7:08:A9:C6:D3:5D:BB:F2:00:33:67:94:D7:6E:1E:28:79:9D
Certificate issuer: /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial: 0196644B2DA193D90143C478BDD885534362
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/ISu3CKnG01278gAzZ5TXbh4oeZ0.roa
Signing time: Wed 23 Apr 2025 20:16:10 +0000
ROA not before: Wed 23 Apr 2025 20:16:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209641
IP address blocks: 2a0a:c0c1::/32 maxlen: 32
2a0e:7f01::/32 maxlen: 32
2a0e:c4c1::/32 maxlen: 32
2a0e:eec1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.mft
rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Apr 2025 14:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:64:4b:2d:a1:93:d9:01:43:c4:78:bd:d8:85:53:43:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Validity
Not Before: Apr 23 20:16:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=212bb708a9c6d35dbbf200336794d76e1e28799d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:af:2f:01:37:f4:19:cf:f2:5e:63:da:7f:de:
19:f4:d6:af:f7:57:d4:06:99:9d:2f:1b:23:77:d7:
e5:67:c7:e0:95:7d:f5:b5:8d:ac:44:23:86:a4:87:
a2:f4:cc:a5:f5:10:96:fa:7d:f2:89:a8:77:20:8d:
a9:50:b4:0e:be:cd:6e:af:a5:8c:a0:52:49:9a:29:
9f:29:99:44:ba:01:e5:78:21:75:52:01:5d:a8:d4:
e2:2d:4c:dc:91:57:8c:49:64:7e:cc:75:e8:c9:fe:
13:b7:50:c8:01:7a:31:8a:f6:8a:2b:8d:45:ec:37:
d6:35:15:61:34:47:96:ee:7b:48:49:42:02:3f:5c:
fc:7c:41:1b:15:30:d5:f5:7f:14:3e:71:7b:5b:f8:
0c:48:1f:b3:16:90:a7:82:34:c6:4c:20:60:44:2b:
20:16:6d:98:6d:d8:eb:01:65:56:08:be:5b:39:89:
dc:15:e2:68:c9:67:74:ef:51:d1:f8:bf:d9:2f:e9:
c0:9c:95:56:3b:63:7a:62:9b:74:25:f5:23:57:66:
a0:e5:a4:ca:67:d0:ba:b7:18:ed:eb:b7:92:ca:c8:
f5:30:ce:16:3a:ac:74:e1:d3:7a:85:97:f8:24:dd:
7a:99:88:c7:98:30:a2:2d:76:e4:29:2a:f5:35:f5:
d9:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:2B:B7:08:A9:C6:D3:5D:BB:F2:00:33:67:94:D7:6E:1E:28:79:9D
X509v3 Authority Key Identifier:
keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/ISu3CKnG01278gAzZ5TXbh4oeZ0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0a:c0c1::/32
2a0e:7f01::/32
2a0e:c4c1::/32
2a0e:eec1::/32
Signature Algorithm: sha256WithRSAEncryption
71:d8:b7:ad:1b:37:04:49:49:c7:3f:30:a9:93:10:bc:fc:7e:
8a:04:80:07:cd:85:70:88:ff:a0:7c:ea:80:f7:c2:d8:56:3b:
e0:33:0a:ae:08:d1:c1:07:a2:5d:1b:c7:94:03:d2:9f:42:cc:
1b:d1:dd:cf:23:2d:80:6e:13:89:d9:43:f9:03:cc:5f:22:18:
43:fc:b4:9e:11:fe:a5:09:fb:f4:fe:37:6d:72:05:f3:30:d0:
7c:72:22:ed:ad:fa:1e:12:a5:e7:f7:53:b5:13:28:9d:cf:03:
98:b9:1e:5a:b2:de:c9:9b:de:10:3c:58:9f:d3:ff:83:5a:28:
52:f2:6c:91:83:90:b6:23:ac:e1:7d:8a:22:02:d8:d6:62:67:
e9:47:0a:c7:5b:db:16:de:03:4d:ed:46:62:7a:e7:be:46:9b:
fa:5a:5f:db:5f:53:ac:ab:56:0e:8f:24:22:e0:92:a7:a5:bd:
43:64:44:3c:6a:99:33:b5:d7:8a:49:a2:59:f1:5c:33:3a:d9:
16:85:3d:3c:a8:90:c9:c6:56:25:14:ff:5c:0f:fd:03:84:f7:
0c:8c:69:d8:fc:cd:11:ec:0b:e5:de:ca:0a:10:a8:47:08:d6:
1f:71:36:6b:48:02:2d:50:e8:c3:6f:a8:e1:04:f2:ba:62:50:
c9:40:73:a1
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZZkSy2hk9kBQ8R4vdiFU0NiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjUwNDIzMjAxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTJiYjcwOGE5YzZkMzVkYmJmMjAwMzM2Nzk0ZDc2ZTFlMjg3OTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo68vATf0Gc/yXmPaf94Z9Nav91fU
BpmdLxsjd9flZ8fglX31tY2sRCOGpIei9Myl9RCW+n3yiah3II2pULQOvs1ur6WM
oFJJmimfKZlEugHleCF1UgFdqNTiLUzckVeMSWR+zHXoyf4Tt1DIAXoxivaKK41F
7DfWNRVhNEeW7ntISUICP1z8fEEbFTDV9X8UPnF7W/gMSB+zFpCngjTGTCBgRCsg
Fm2YbdjrAWVWCL5bOYncFeJoyWd071HR+L/ZL+nAnJVWO2N6Ypt0JfUjV2ag5aTK
Z9C6txjt67eSysj1MM4WOqx04dN6hZf4JN16mYjHmDCiLXbkKSr1NfXZKwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCErtwipxtNdu/IAM2eU124eKHmdMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvSVN1M0NLbkcwMTI3OGdBelo1VFhiaDRvZVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUAKgrAwQMF
ACoOfwEDBQAqDsTBAwUAKg7uwTANBgkqhkiG9w0BAQsFAAOCAQEAcdi3rRs3BElJ
xz8wqZMQvPx+igSAB82FcIj/oHzqgPfC2FY74DMKrgjRwQeiXRvHlAPSn0LMG9Hd
zyMtgG4TidlD+QPMXyIYQ/y0nhH+pQn79P43bXIF8zDQfHIi7a36HhKl5/dTtRMo
nc8DmLkeWrLeyZveEDxYn9P/g1ooUvJskYOQtiOs4X2KIgLY1mJn6UcKx1vbFt4D
Te1GYnrnvkab+lpf219TrKtWDo8kIuCSp6W9Q2REPGqZM7XXikmiWfFcMzrZFoU9
PKiQycZWJRT/XA/9A4T3DIxp2PzNEewL5d7KChCoRwjWH3E2a0gCLVDow2+o4QTy
umJQyUBzoQ==
-----END CERTIFICATE-----
Generated at Sun Apr 27 22:20:09 2025 by rpki-client