Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/xNdrsOkOTWSaFMcdVu2oG3EYsdM.roa
File: xNdrsOkOTWSaFMcdVu2oG3EYsdM.roa (raw, json)
Hash identifier: yge/2oTNSJR38ahpRwr3OZi2FA2RMTQPVFTRGbL+bGU=
Subject key identifier: C4:D7:6B:B0:E9:0E:4D:64:9A:14:C7:1D:56:ED:A8:1B:71:18:B1:D3
Certificate issuer: /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial: 019654AC276603D052BD9B2166E568CF001A
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/xNdrsOkOTWSaFMcdVu2oG3EYsdM.roa
Signing time: Sun 20 Apr 2025 19:28:10 +0000
ROA not before: Sun 20 Apr 2025 19:28:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215420
IP address blocks: 2a0f:89c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 29 Apr 2025 15:01:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:54:ac:27:66:03:d0:52:bd:9b:21:66:e5:68:cf:00:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
Validity
Not Before: Apr 20 19:28:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c4d76bb0e90e4d649a14c71d56eda81b7118b1d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:fe:2b:8a:5c:41:3a:fb:77:bb:16:c8:7b:a9:
5b:62:ad:0b:bf:7f:a5:15:11:e6:fc:05:2b:d8:ec:
4a:35:62:2b:8d:b2:fe:28:93:41:08:42:76:41:2f:
1b:71:2c:92:d5:0b:25:2b:2e:97:f3:4b:0f:53:e6:
71:6c:b9:95:fb:d0:28:fb:5e:58:91:43:51:b4:8a:
90:21:f7:58:8d:b5:c6:cc:f3:56:73:c0:30:6c:06:
05:d8:82:58:59:00:e1:69:35:b7:af:4d:af:42:8c:
b5:1d:ec:9d:e7:d2:86:e6:7e:f0:73:8b:d6:ba:83:
5e:b2:27:87:b8:b1:b2:dd:d7:7b:b4:07:ac:d5:73:
d5:b8:bf:88:79:e7:59:a9:43:e1:9b:ac:46:b7:b5:
4a:19:50:71:82:c4:da:d3:3e:1f:69:26:01:9e:9c:
a3:34:fb:d7:5a:82:b8:92:6d:16:27:b9:51:28:63:
a2:82:b6:59:32:91:ad:ac:5f:c2:58:8f:20:c7:81:
a7:3c:8e:e6:5d:70:da:bf:25:26:cc:7e:99:e1:db:
29:30:ba:c7:42:77:0c:80:68:94:e1:79:2c:38:c9:
00:5f:b0:ac:52:5a:5d:3e:2b:7a:75:9f:e8:ab:0c:
a3:06:38:71:83:07:64:54:91:f5:41:00:a6:42:1d:
d1:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:D7:6B:B0:E9:0E:4D:64:9A:14:C7:1D:56:ED:A8:1B:71:18:B1:D3
X509v3 Authority Key Identifier:
keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/xNdrsOkOTWSaFMcdVu2oG3EYsdM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:89c0::/29
Signature Algorithm: sha256WithRSAEncryption
c5:30:8f:04:13:b9:2d:7c:91:6d:b9:49:31:f2:83:fa:d0:b6:
00:10:1c:2c:b7:0f:a2:e4:94:d1:87:74:33:13:20:0f:c9:45:
cb:e2:ae:16:d1:c6:7c:26:83:c0:4b:45:bf:40:dd:60:40:e6:
0b:47:14:40:f0:e3:de:b5:be:89:58:4e:7f:a2:89:bd:6b:73:
98:ac:f8:3c:4c:06:c4:68:13:28:9b:ab:d6:4f:20:1d:51:16:
e4:fc:8d:13:60:c3:4a:f2:b5:be:1c:18:4e:c8:44:ce:48:d7:
48:e5:5f:7c:34:8e:1b:16:15:cc:ee:de:c5:7e:af:67:43:60:
42:5c:b1:3e:5f:3b:c1:57:4f:6e:1f:b9:ba:41:19:79:15:bc:
0d:7b:3c:a9:fb:2a:39:68:26:d6:31:06:c4:08:49:8b:58:23:
17:f7:bb:23:d1:fd:fe:71:ea:df:25:e2:3a:f8:c9:70:ea:42:
8f:81:73:7f:ca:1f:e7:1c:85:5d:50:47:0a:29:eb:3f:00:93:
de:23:16:53:ba:95:55:ea:dc:f7:39:85:97:ad:93:49:70:45:
a2:d9:f9:32:19:a2:e2:f6:fc:0b:53:52:76:d5:69:1d:c4:da:
61:39:b0:62:be:2f:a9:8a:f6:fa:b0:96:ef:4a:43:d7:2d:46:
51:53:8e:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZUrCdmA9BSvZshZuVozwAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNDIwMTkyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGQ3NmJiMGU5MGU0ZDY0OWExNGM3MWQ1NmVkYTgxYjcxMThiMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmv4rilxBOvt3uxbIe6lbYq0Lv3+l
FRHm/AUr2OxKNWIrjbL+KJNBCEJ2QS8bcSyS1QslKy6X80sPU+ZxbLmV+9Ao+15Y
kUNRtIqQIfdYjbXGzPNWc8AwbAYF2IJYWQDhaTW3r02vQoy1Heyd59KG5n7wc4vW
uoNesieHuLGy3dd7tAes1XPVuL+IeedZqUPhm6xGt7VKGVBxgsTa0z4faSYBnpyj
NPvXWoK4km0WJ7lRKGOigrZZMpGtrF/CWI8gx4GnPI7mXXDavyUmzH6Z4dspMLrH
QncMgGiU4XksOMkAX7CsUlpdPit6dZ/oqwyjBjhxgwdkVJH1QQCmQh3RZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMTXa7DpDk1kmhTHHVbtqBtxGLHTMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEveE5kcnNPa09UV1NhRk1jZFZ1Mm9HM0VZc2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+JwDAN
BgkqhkiG9w0BAQsFAAOCAQEAxTCPBBO5LXyRbblJMfKD+tC2ABAcLLcPouSU0Yd0
MxMgD8lFy+KuFtHGfCaDwEtFv0DdYEDmC0cUQPDj3rW+iVhOf6KJvWtzmKz4PEwG
xGgTKJur1k8gHVEW5PyNE2DDSvK1vhwYTshEzkjXSOVffDSOGxYVzO7exX6vZ0Ng
QlyxPl87wVdPbh+5ukEZeRW8DXs8qfsqOWgm1jEGxAhJi1gjF/e7I9H9/nHq3yXi
OvjJcOpCj4Fzf8of5xyFXVBHCinrPwCT3iMWU7qVVerc9zmFl62TSXBFotn5Mhmi
4vb8C1NSdtVpHcTaYTmwYr4vqYr2+rCW70pD1y1GUVOO2Q==
-----END CERTIFICATE-----
Generated at Tue Apr 29 00:39:44 2025 by rpki-client