Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e38362e3232382e302f32332d3234203d3e203538323939.roa
File: 3138352e38362e3232382e302f32332d3234203d3e203538323939.roa (raw, json)
Hash identifier: 890AdEnFU4YBNlCNp/5Ad5R0sKIy6AzHzJmChUqZzls=
Subject key identifier: A2:BA:02:B5:0D:7A:A6:02:CE:9D:97:5F:AF:73:90:84:AE:59:55:74
Certificate issuer: /CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Certificate serial: 28EE78B9A3E9A58D03187BDE941107E128CFC380
Authority key identifier: FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e38362e3232382e302f32332d3234203d3e203538323939.roa
Signing time: Fri 11 Jul 2025 13:28:12 +0000
ROA not before: Fri 11 Jul 2025 13:23:12 +0000
ROA not after: Fri 10 Jul 2026 13:28:12 +0000
asID: 58299
IP address blocks: 185.86.228.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 26 Jul 2025 19:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:ee:78:b9:a3:e9:a5:8d:03:18:7b:de:94:11:07:e1:28:cf:c3:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Validity
Not Before: Jul 11 13:23:12 2025 GMT
Not After : Jul 10 13:28:12 2026 GMT
Subject: CN=A2BA02B50D7AA602CE9D975FAF739084AE595574
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:5f:df:6f:8f:d9:4d:d3:27:b7:3c:e9:1e:c6:
3d:f5:62:76:9c:04:a9:d6:6a:b1:69:a5:8e:77:90:
ce:64:4a:fc:dc:fc:6b:6e:eb:30:37:85:6c:5f:42:
4b:ed:4a:9d:29:9c:7a:50:6b:c4:b7:21:b0:08:53:
67:5c:87:65:6b:10:c8:72:c0:2f:98:c1:c2:07:9c:
df:da:01:f5:18:64:ea:f4:d8:7e:9e:a0:3b:3c:c5:
c4:d4:3f:c9:15:54:1d:76:de:1f:86:d4:b0:50:6b:
70:60:b0:61:02:32:84:50:89:30:bb:1c:47:13:25:
f6:e8:2a:16:a1:64:40:9f:0a:04:ef:aa:4b:1e:39:
c0:ec:54:ad:e0:cf:a4:1d:bc:31:af:02:48:20:43:
17:db:46:e4:8c:06:c6:51:5f:5e:a4:2f:3e:2c:c3:
be:ac:33:eb:06:87:57:48:33:fc:cf:2a:7b:90:43:
f0:40:3a:fa:da:4b:1e:6a:71:46:b6:36:66:d5:48:
f8:70:2c:8b:a0:e7:d4:3e:c8:d6:5b:fd:07:e5:82:
60:89:94:ba:31:68:70:47:36:61:ea:23:54:53:e6:
38:e5:f4:c9:fe:e0:90:83:4e:1c:18:10:94:eb:45:
24:2f:91:d9:9b:3a:20:de:d6:fb:26:7d:2c:42:22:
e8:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:BA:02:B5:0D:7A:A6:02:CE:9D:97:5F:AF:73:90:84:AE:59:55:74
X509v3 Authority Key Identifier:
keyid:FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e38362e3232382e302f32332d3234203d3e203538323939.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.86.228.0/23
Signature Algorithm: sha256WithRSAEncryption
47:c8:6b:00:be:7c:20:39:fc:17:da:8d:52:c8:c5:85:20:86:
2c:85:06:ef:ab:9e:ef:db:c5:a8:0c:a9:61:77:c1:a5:fe:f9:
10:06:50:1a:a4:36:3d:c3:00:86:10:e9:9d:fc:58:52:d7:7c:
23:46:cf:c9:e1:63:d8:8d:d0:b8:a7:2f:2c:66:30:52:56:50:
12:cb:e7:7d:3d:65:a0:d1:ad:51:c7:db:c6:b8:81:96:87:d5:
32:99:6e:7e:2f:1b:1d:22:bf:66:b9:b9:3e:ee:a2:c0:84:8f:
48:0b:bd:61:0c:b1:3e:59:50:85:e3:61:70:e8:ef:70:b3:de:
37:07:8f:84:11:b0:a5:d0:54:f2:f4:43:19:c4:cd:d3:8a:60:
4d:3b:e9:f1:9a:59:8f:c0:e7:be:52:44:fa:e6:82:bf:09:be:
24:36:a1:fe:94:f0:06:f3:1f:9f:f7:17:cf:39:72:26:34:8e:
76:f0:01:b4:68:85:ce:73:3b:2d:91:f0:e0:84:ef:66:b5:53:
6d:f6:82:a5:dc:ce:0f:45:cd:42:7b:98:b7:56:63:d7:18:9f:
fe:02:2f:c4:34:34:b8:a3:0f:f1:ef:ee:be:fc:18:e8:a3:b5:
f7:20:52:6f:2d:4c:be:b8:bb:be:47:96:92:51:a0:c9:a5:4f:
81:12:68:12
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIUKO54uaPppY0DGHvelBEH4SjPw4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmFjNDcwOGQ3ZTI2NWRiMTA0NGY5YmIwZWU4NzI4NTg3
ZjQ4YjQ4NDAeFw0yNTA3MTExMzIzMTJaFw0yNjA3MTAxMzI4MTJaMDMxMTAvBgNV
BAMTKEEyQkEwMkI1MEQ3QUE2MDJDRTlEOTc1RkFGNzM5MDg0QUU1OTU1NzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7X99vj9lN0ye3POkexj31Ynac
BKnWarFppY53kM5kSvzc/Gtu6zA3hWxfQkvtSp0pnHpQa8S3IbAIU2dch2VrEMhy
wC+YwcIHnN/aAfUYZOr02H6eoDs8xcTUP8kVVB123h+G1LBQa3BgsGECMoRQiTC7
HEcTJfboKhahZECfCgTvqkseOcDsVK3gz6QdvDGvAkggQxfbRuSMBsZRX16kLz4s
w76sM+sGh1dIM/zPKnuQQ/BAOvraSx5qcUa2NmbVSPhwLIug59Q+yNZb/QflgmCJ
lLoxaHBHNmHqI1RT5jjl9Mn+4JCDThwYEJTrRSQvkdmbOiDe1vsmfSxCIuinAgMB
AAGjggI+MIICOjAdBgNVHQ4EFgQUoroCtQ16pgLOnZdfr3OQhK5ZVXQwHwYDVR0j
BBgwFoAU+sRwjX4mXbEET5uw7ocoWH9ItIQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNWI1OGU2NDYtZTdhMi00NjVjLTg3YzUtNDNjMzU5YWQ5
MzY5LzAvRkFDNDcwOEQ3RTI2NURCMTA0NEY5QkIwRUU4NzI4NTg3RjQ4QjQ4NC5j
cmwwZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEtc1J3alg0bVhiRUVUNXV3N29jb1dI
OUl0SVEuY2VyMIGtBggrBgEFBQcBCwSBoDCBnTCBmgYIKwYBBQUHMAuGgY1yc3lu
YzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzViNThlNjQ2
LWU3YTItNDY1Yy04N2M1LTQzYzM1OWFkOTM2OS8wLzMxMzgzNTJlMzgzNjJlMzIz
MjM4MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzUzODMyMzkzOS5yb2EwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
AblW5DANBgkqhkiG9w0BAQsFAAOCAQEAR8hrAL58IDn8F9qNUsjFhSCGLIUG76ue
79vFqAypYXfBpf75EAZQGqQ2PcMAhhDpnfxYUtd8I0bPyeFj2I3QuKcvLGYwUlZQ
EsvnfT1loNGtUcfbxriBlofVMplufi8bHSK/Zrm5Pu6iwISPSAu9YQyxPllQheNh
cOjvcLPeNwePhBGwpdBU8vRDGcTN04pgTTvp8ZpZj8DnvlJE+uaCvwm+JDah/pTw
BvMfn/cXzzlyJjSOdvABtGiFznM7LZHw4ITvZrVTbfaCpdzOD0XNQnuYt1Zj1xif
/gIvxDQ0uKMP8e/uvvwY6KO19yBSby1Mvri7vkeWklGgyaVPgRJoEg==
-----END CERTIFICATE-----
Generated at Sat Jul 26 11:37:12 2025 by rpki-client