Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/I_lCFRC-HTkJJ8TMCBaJw1xqt74.roa
File: I_lCFRC-HTkJJ8TMCBaJw1xqt74.roa (raw, json)
Hash identifier: impRbzDteU6j3hXcCABJ5mmbukbCH4a+46ZkbaV2omw=
Subject key identifier: 23:F9:42:15:10:BE:1D:39:09:27:C4:CC:08:16:89:C3:5C:6A:B7:BE
Certificate issuer: /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial: 0196644B2CD65D0B3B82E2D37FF7D706DCCA
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/I_lCFRC-HTkJJ8TMCBaJw1xqt74.roa
Signing time: Wed 23 Apr 2025 20:16:10 +0000
ROA not before: Wed 23 Apr 2025 20:16:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204490
IP address blocks: 2a0e:7f45::/32 maxlen: 32
2a11:2086::/32 maxlen: 32
2a11:5882::/32 maxlen: 32
2a11:c105::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.mft
rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Apr 2025 14:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:64:4b:2c:d6:5d:0b:3b:82:e2:d3:7f:f7:d7:06:dc:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Validity
Not Before: Apr 23 20:16:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=23f9421510be1d390927c4cc081689c35c6ab7be
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:17:22:15:bc:90:0e:93:8a:1c:cf:77:8f:c2:
73:2c:ff:de:84:76:48:b3:52:25:aa:be:db:fa:e8:
8a:0c:8c:6f:77:7e:41:7c:c7:bf:1d:f0:41:71:f9:
d2:0d:79:d4:66:87:ca:dc:74:bb:84:2a:4a:3b:c9:
d7:e4:98:82:67:92:48:2a:09:30:37:3d:02:40:90:
9d:f5:e8:54:2a:8d:80:e7:ba:81:83:1f:42:12:73:
56:47:db:c5:1f:50:1a:85:00:e0:12:eb:83:b3:5b:
49:ca:05:38:37:67:33:e9:d6:95:ef:1f:2d:bc:3b:
5a:2b:ac:56:f0:58:ea:b2:3f:6e:f5:60:d2:ac:d6:
ef:09:86:23:83:bd:16:45:cc:2d:5b:de:ef:a1:89:
6c:fe:5a:dd:5f:82:e1:08:45:d3:6d:86:7c:5f:ca:
eb:4e:02:60:75:c4:bb:c7:f1:09:9f:4c:45:cd:c8:
12:88:b5:b4:65:86:88:69:c7:1e:85:95:e3:13:ee:
0e:b0:d1:fa:f2:52:3a:a7:9c:ef:bf:16:38:33:c3:
5d:18:e4:ee:aa:5c:b5:53:75:9f:85:91:9f:37:8f:
d9:27:c1:5b:94:a6:36:9c:c1:81:cc:bb:15:5d:44:
7a:39:29:2e:f9:d5:3e:aa:1b:09:fd:b4:a1:58:16:
78:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:F9:42:15:10:BE:1D:39:09:27:C4:CC:08:16:89:C3:5C:6A:B7:BE
X509v3 Authority Key Identifier:
keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/I_lCFRC-HTkJJ8TMCBaJw1xqt74.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:7f45::/32
2a11:2086::/32
2a11:5882::/32
2a11:c105::/32
Signature Algorithm: sha256WithRSAEncryption
9a:cf:9e:21:85:81:eb:4a:1c:80:f2:d1:e6:9b:64:12:05:bc:
36:0e:1b:de:97:af:ff:a8:56:f7:f7:d5:90:b9:42:64:98:89:
68:85:30:65:4e:f8:39:1e:b3:17:cf:b1:2b:d2:2b:2e:ec:62:
67:ec:b7:c4:86:e1:e0:97:43:93:0d:e0:1e:be:8d:ed:0b:e0:
4b:6d:50:b5:51:c1:dc:a1:34:30:6f:18:1b:c0:0e:51:e1:f8:
19:6e:82:03:66:a8:f6:f3:98:9a:f4:bc:ac:9c:e9:41:fc:c4:
65:30:32:84:bc:49:7a:dc:40:37:17:13:af:03:17:2b:96:d1:
d2:0f:14:4c:a1:a5:c4:aa:71:1a:6b:1f:d7:a7:7f:0d:7c:7c:
a7:ac:5e:16:71:aa:31:8f:37:19:26:44:24:7a:68:d6:d6:82:
58:11:40:04:80:fd:ee:57:4d:d5:a6:c2:cc:09:4e:c0:f5:18:
00:b0:d8:0c:22:e6:b2:bc:51:a9:21:b7:4c:15:f3:45:4b:c4:
01:cb:3d:23:fd:e8:81:9e:91:0f:55:92:da:22:79:74:cd:25:
be:65:10:64:57:a9:26:85:9e:13:90:b1:b4:d2:f1:cd:27:d0:
62:47:6f:27:a9:9b:01:ce:e0:41:de:28:82:a6:7c:1e:e8:47:
0b:bd:51:2a
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZZkSyzWXQs7guLTf/fXBtzKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjUwNDIzMjAxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Y5NDIxNTEwYmUxZDM5MDkyN2M0Y2MwODE2ODljMzVjNmFiN2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhciFbyQDpOKHM93j8JzLP/ehHZI
s1Ilqr7b+uiKDIxvd35BfMe/HfBBcfnSDXnUZofK3HS7hCpKO8nX5JiCZ5JIKgkw
Nz0CQJCd9ehUKo2A57qBgx9CEnNWR9vFH1AahQDgEuuDs1tJygU4N2cz6daV7x8t
vDtaK6xW8Fjqsj9u9WDSrNbvCYYjg70WRcwtW97voYls/lrdX4LhCEXTbYZ8X8rr
TgJgdcS7x/EJn0xFzcgSiLW0ZYaIaccehZXjE+4OsNH68lI6p5zvvxY4M8NdGOTu
qly1U3WfhZGfN4/ZJ8FblKY2nMGBzLsVXUR6OSku+dU+qhsJ/bShWBZ4swIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCP5QhUQvh05CSfEzAgWicNcare+MB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvSV9sQ0ZSQy1IVGtKSjhUTUNCYUp3MXhxdDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUAKg5/RQMF
ACoRIIYDBQAqEViCAwUAKhHBBTANBgkqhkiG9w0BAQsFAAOCAQEAms+eIYWB60oc
gPLR5ptkEgW8Ng4b3pev/6hW9/fVkLlCZJiJaIUwZU74OR6zF8+xK9IrLuxiZ+y3
xIbh4JdDkw3gHr6N7QvgS21QtVHB3KE0MG8YG8AOUeH4GW6CA2ao9vOYmvS8rJzp
QfzEZTAyhLxJetxANxcTrwMXK5bR0g8UTKGlxKpxGmsf16d/DXx8p6xeFnGqMY83
GSZEJHpo1taCWBFABID97ldN1abCzAlOwPUYALDYDCLmsrxRqSG3TBXzRUvEAcs9
I/3ogZ6RD1WS2iJ5dM0lvmUQZFepJoWeE5CxtNLxzSfQYkdvJ6mbAc7gQd4ogqZ8
HuhHC71RKg==
-----END CERTIFICATE-----
Generated at Sun Apr 27 22:22:39 2025 by rpki-client