Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/FAFrlUopptmau95ECgggoFnFW5E.roa
File: FAFrlUopptmau95ECgggoFnFW5E.roa (raw, json)
Hash identifier: NfxJQzGh5WVV+nVV4aUJw0ze6uWzSGCJtfvUSOxHVIM=
Subject key identifier: 14:01:6B:95:4A:29:A6:D9:9A:BB:DE:44:0A:08:20:A0:59:C5:5B:91
Certificate issuer: /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial: 01967BE2E90040446DDAE4EF30D05D674029
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/FAFrlUopptmau95ECgggoFnFW5E.roa
Signing time: Mon 28 Apr 2025 10:13:10 +0000
ROA not before: Mon 28 Apr 2025 10:13:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209641
IP address blocks: 2a0e:f01::/32 maxlen: 32
2a0e:13c0::/32 maxlen: 32
2a0e:67c1::/32 maxlen: 32
2a0e:8541::/32 maxlen: 32
2a0f:bb03::/32 maxlen: 32
2a11:640::/32 maxlen: 32
2a11:3181::/32 maxlen: 32
2a11:7882::/32 maxlen: 32
2a11:8504::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 08 May 2025 13:31:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7b:e2:e9:00:40:44:6d:da:e4:ef:30:d0:5d:67:40:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Validity
Not Before: Apr 28 10:13:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=14016b954a29a6d99abbde440a0820a059c55b91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:15:27:87:94:07:1c:9c:67:27:88:e8:55:7f:
01:9b:83:bf:d4:02:97:4b:42:60:ee:a8:c1:aa:a0:
e7:c8:eb:83:e9:3e:83:71:a4:83:af:af:32:20:fb:
0a:6e:61:6e:ea:e3:08:5e:9d:7b:eb:8c:94:9e:d6:
87:3d:3e:73:98:36:3d:ef:2f:47:15:12:4e:13:65:
dc:f0:03:ac:2a:46:16:99:d1:45:0a:b1:ef:29:a1:
1b:87:76:0c:b6:11:de:2f:8f:05:a9:2d:c3:ba:a6:
ba:fa:ec:24:6a:71:1a:80:d2:81:1d:f6:56:e0:e9:
87:03:e6:91:24:a5:70:bf:d9:88:3b:fc:62:71:b9:
3d:59:4c:4f:0c:5c:6a:5e:a8:a0:05:4e:6b:d5:2b:
75:bb:05:75:1c:85:a3:53:aa:4d:13:30:02:cf:9f:
73:c5:5f:57:62:9a:8b:e7:6b:f7:be:b1:63:74:27:
fa:a6:14:96:20:6b:c3:c1:38:cf:20:21:05:8d:c3:
88:ca:27:8c:a3:79:91:97:9e:0e:4d:cf:96:56:7b:
2b:20:2a:1e:05:f3:40:3c:f2:4a:ca:e6:eb:78:89:
37:57:79:eb:58:9d:3b:72:8b:09:84:be:7f:38:56:
f5:e8:e6:5a:e6:51:7c:41:5d:d5:af:8b:a3:3e:f5:
3c:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:01:6B:95:4A:29:A6:D9:9A:BB:DE:44:0A:08:20:A0:59:C5:5B:91
X509v3 Authority Key Identifier:
keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/FAFrlUopptmau95ECgggoFnFW5E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:f01::/32
2a0e:13c0::/32
2a0e:67c1::/32
2a0e:8541::/32
2a0f:bb03::/32
2a11:640::/32
2a11:3181::/32
2a11:7882::/32
2a11:8504::/32
Signature Algorithm: sha256WithRSAEncryption
63:b2:f4:97:c1:1c:07:39:07:ac:3d:f1:0d:f4:62:f3:ac:96:
7b:f4:3d:5f:4c:7a:64:ca:09:66:4b:cd:10:e6:e8:ce:fd:de:
c6:e8:b5:0d:66:53:8c:d6:03:39:2c:dd:b2:a8:28:96:e3:bd:
61:e4:3b:32:5d:33:5d:96:8f:4f:eb:8d:34:af:57:ae:95:97:
3a:6f:eb:64:c8:48:4e:60:62:cd:da:71:64:c4:8b:8b:18:c7:
99:3f:d1:ea:24:1c:6f:95:66:0b:91:b1:d0:83:1c:16:44:3b:
d3:2d:29:0c:ef:f2:1d:eb:8f:a4:31:af:c8:b1:5e:7c:fe:9a:
60:f1:62:05:8d:75:c9:c0:93:91:d0:4d:f7:00:10:25:80:d4:
f3:8b:4e:87:3e:45:9c:bb:85:1b:a6:79:c6:87:46:78:15:02:
ed:73:aa:93:76:57:f8:27:04:d1:fc:cf:05:48:bc:b2:40:af:
65:c4:99:83:27:d9:e9:0d:36:c4:5d:01:7e:80:55:ed:8f:d7:
8f:55:4c:d1:56:95:9b:c5:3d:2d:70:53:2f:86:83:51:d3:23:
30:78:c6:58:27:ab:3b:9b:d1:af:d0:d7:75:d2:38:6b:d2:af:
65:c6:7c:4a:51:77:e3:8c:13:ef:cc:2f:2d:2f:72:85:f6:f7:
01:08:4f:85
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZZ74ukAQERt2uTvMNBdZ0ApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNDI4MTAxMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDAxNmI5NTRhMjlhNmQ5OWFiYmRlNDQwYTA4MjBhMDU5YzU1YjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xUnh5QHHJxnJ4joVX8Bm4O/1AKX
S0Jg7qjBqqDnyOuD6T6DcaSDr68yIPsKbmFu6uMIXp1764yUntaHPT5zmDY97y9H
FRJOE2Xc8AOsKkYWmdFFCrHvKaEbh3YMthHeL48FqS3Duqa6+uwkanEagNKBHfZW
4OmHA+aRJKVwv9mIO/xicbk9WUxPDFxqXqigBU5r1St1uwV1HIWjU6pNEzACz59z
xV9XYpqL52v3vrFjdCf6phSWIGvDwTjPICEFjcOIyieMo3mRl54OTc+WVnsrICoe
BfNAPPJKyubreIk3V3nrWJ07cosJhL5/OFb16OZa5lF8QV3Vr4ujPvU8HQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFBQBa5VKKabZmrveRAoIIKBZxVuRMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvRkFGcmxVb3BwdG1hdTk1RUNnZ2dvRm5GVzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUAKg4PAQMF
ACoOE8ADBQAqDmfBAwUAKg6FQQMFACoPuwMDBQAqEQZAAwUAKhExgQMFACoReIID
BQAqEYUEMA0GCSqGSIb3DQEBCwUAA4IBAQBjsvSXwRwHOQesPfEN9GLzrJZ79D1f
THpkyglmS80Q5ujO/d7G6LUNZlOM1gM5LN2yqCiW471h5DsyXTNdlo9P6400r1eu
lZc6b+tkyEhOYGLN2nFkxIuLGMeZP9HqJBxvlWYLkbHQgxwWRDvTLSkM7/Id64+k
Ma/IsV58/ppg8WIFjXXJwJOR0E33ABAlgNTzi06HPkWcu4UbpnnGh0Z4FQLtc6qT
dlf4JwTR/M8FSLyyQK9lxJmDJ9npDTbEXQF+gFXtj9ePVUzRVpWbxT0tcFMvhoNR
0yMweMZYJ6s7m9Gv0Nd10jhr0q9lxnxKUXfjjBPvzC8tL3KF9vcBCE+F
-----END CERTIFICATE-----
Generated at Wed May 7 18:46:45 2025 by rpki-client