Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/xHngG7-8SpvR4GU7uQJ9CSiwWZE.roa
File: xHngG7-8SpvR4GU7uQJ9CSiwWZE.roa (raw, json)
Hash identifier: x8ABg3/WDvKaIH/AtPmCjRuLWVLjTRbBAhvhG1rjtSo=
Subject key identifier: C4:79:E0:1B:BF:BC:4A:9B:D1:E0:65:3B:B9:02:7D:09:28:B0:59:91
Certificate issuer: /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial: 0196BCD4E295E903FCF821020742896AF64C
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/xHngG7-8SpvR4GU7uQJ9CSiwWZE.roa
Signing time: Sun 11 May 2025 00:53:10 +0000
ROA not before: Sun 11 May 2025 00:53:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213520
IP address blocks: 2a0d:d940:11::/48 maxlen: 48
2a0d:d940:100::/40 maxlen: 40
2a0d:d940:9002::/48 maxlen: 48
2a0d:d940:9007::/48 maxlen: 48
2a0d:d940:9008::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 13 May 2025 21:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:bc:d4:e2:95:e9:03:fc:f8:21:02:07:42:89:6a:f6:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Validity
Not Before: May 11 00:53:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c479e01bbfbc4a9bd1e0653bb9027d0928b05991
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:ce:4c:69:a6:8f:bc:43:a9:b1:32:e6:f1:c2:
f3:67:bd:79:aa:4f:b7:40:5b:13:39:2e:bb:a4:3d:
fc:d8:14:b3:92:89:da:da:b1:48:8b:cf:ae:65:7e:
c5:5b:07:92:85:38:35:99:b7:4b:a4:b2:e1:90:b2:
59:4d:53:fa:2c:36:54:10:cf:34:91:bb:ce:8d:ab:
1e:53:b9:79:bc:ac:df:e0:c2:ac:f4:20:d6:90:6b:
1d:f4:67:32:e7:29:ac:9d:17:cf:1a:9b:f8:6c:73:
42:78:1c:91:93:5e:1d:bb:88:05:90:b4:60:f5:14:
69:20:a3:cb:46:79:a0:90:7e:cb:5f:c9:8a:f9:b1:
b3:29:c5:05:26:53:09:46:38:ec:a8:e4:d9:71:77:
c3:84:0b:27:61:cc:28:fb:6c:c0:28:a4:f8:4e:f9:
42:0f:7a:ee:a0:23:b5:57:29:0b:ce:5f:2e:c9:78:
2e:43:26:89:dc:82:f0:96:6a:e9:6b:58:65:66:07:
6d:7e:91:a6:23:90:5d:c4:47:d2:fd:dc:a4:52:8a:
14:4c:e8:c8:1e:a9:81:83:9e:2e:07:67:f6:91:4e:
04:85:2c:ab:46:8d:ea:09:59:f9:d0:92:88:71:f3:
b0:34:a6:ad:4c:4c:4c:62:67:d0:64:ad:c2:09:df:
c1:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:79:E0:1B:BF:BC:4A:9B:D1:E0:65:3B:B9:02:7D:09:28:B0:59:91
X509v3 Authority Key Identifier:
keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/xHngG7-8SpvR4GU7uQJ9CSiwWZE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:d940:11::/48
2a0d:d940:100::/40
2a0d:d940:9002::/48
2a0d:d940:9007::-2a0d:d940:9008:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
6d:3a:8a:10:23:70:36:7e:8c:ef:30:76:db:05:46:e2:0c:ed:
da:a9:b6:f6:8e:de:40:4e:87:1c:cd:a1:fc:77:db:96:8f:49:
54:f6:ac:e4:10:40:e0:43:24:33:4b:8e:85:d6:74:61:1c:f2:
45:a8:aa:87:43:35:39:53:75:95:95:3d:d9:1f:45:e6:3b:25:
ab:ce:08:1c:4d:eb:4a:78:6a:49:69:ae:f6:79:6d:01:43:65:
97:a7:14:7d:d5:74:4b:1c:c2:56:4b:7c:0b:b9:1d:14:27:e8:
4d:40:78:a9:df:d5:9a:6a:89:1f:c7:ce:43:e0:9b:b5:43:a0:
9c:48:ce:89:7e:f3:70:5e:9a:20:3e:e7:55:1c:4c:b4:5c:9b:
67:aa:99:3d:41:f2:d0:a5:68:1d:82:eb:fe:13:87:7c:cc:e4:
a5:18:2a:46:9e:ca:b7:b2:7f:93:9c:13:b5:2f:93:9e:18:48:
93:cb:a1:95:d6:7b:57:4a:50:6e:be:f2:93:26:27:33:f0:eb:
6b:b7:1f:c4:5b:fc:14:94:56:23:68:98:a0:5f:45:07:07:53:
dd:bc:71:ed:8f:c7:e3:f9:d2:a4:b8:97:f3:44:c4:45:dc:73:
bc:86:45:4b:b1:e7:c9:c2:68:d7:7a:a4:60:15:fc:a0:cd:88:
32:a0:dd:fd
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZa81OKV6QP8+CECB0KJavZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwNTExMDA1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDc5ZTAxYmJmYmM0YTliZDFlMDY1M2JiOTAyN2QwOTI4YjA1OTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmM5MaaaPvEOpsTLm8cLzZ715qk+3
QFsTOS67pD382BSzkona2rFIi8+uZX7FWweShTg1mbdLpLLhkLJZTVP6LDZUEM80
kbvOjaseU7l5vKzf4MKs9CDWkGsd9Gcy5ymsnRfPGpv4bHNCeByRk14du4gFkLRg
9RRpIKPLRnmgkH7LX8mK+bGzKcUFJlMJRjjsqOTZcXfDhAsnYcwo+2zAKKT4TvlC
D3ruoCO1VykLzl8uyXguQyaJ3ILwlmrpa1hlZgdtfpGmI5BdxEfS/dykUooUTOjI
HqmBg54uB2f2kU4EhSyrRo3qCVn50JKIcfOwNKatTExMYmfQZK3CCd/BVQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFMR54Bu/vEqb0eBlO7kCfQkosFmRMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEveEhuZ0c3LThTcHZSNEdVN3VRSjlDU2l3V1pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAAjAuAwcAKg3ZQAAR
AwYAKg3ZQAEDBwAqDdlAkAIwEgMHACoN2UCQBwMHACoN2UCQCDANBgkqhkiG9w0B
AQsFAAOCAQEAbTqKECNwNn6M7zB22wVG4gzt2qm29o7eQE6HHM2h/Hfblo9JVPas
5BBA4EMkM0uOhdZ0YRzyRaiqh0M1OVN1lZU92R9F5jslq84IHE3rSnhqSWmu9nlt
AUNll6cUfdV0SxzCVkt8C7kdFCfoTUB4qd/VmmqJH8fOQ+CbtUOgnEjOiX7zcF6a
ID7nVRxMtFybZ6qZPUHy0KVoHYLr/hOHfMzkpRgqRp7Kt7J/k5wTtS+TnhhIk8uh
ldZ7V0pQbr7ykyYnM/Dra7cfxFv8FJRWI2iYoF9FBwdT3bxx7Y/H4/nSpLiX80TE
RdxzvIZFS7HnycJo13qkYBX8oM2IMqDd/Q==
-----END CERTIFICATE-----
Generated at Tue May 13 06:55:26 2025 by rpki-client