Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230332e302f32342d3234203d3e20333937343233.roa
File: 38352e3233372e3230332e302f32342d3234203d3e20333937343233.roa (raw, json)
Hash identifier: 4ttvtsvFAtVmaGhi+UgmcXnj6PDa9yaoUsZStjy+bJ4=
Subject key identifier: 31:D1:93:44:BC:D8:B4:86:54:7C:C4:AC:9A:E7:6D:C7:74:D5:B6:52
Certificate issuer: /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial: 746AE0BB6E4A0F74A004A59EB27790CB488D76A0
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230332e302f32342d3234203d3e20333937343233.roa
Signing time: Wed 10 Sep 2025 09:55:01 +0000
ROA not before: Wed 10 Sep 2025 09:50:01 +0000
ROA not after: Wed 09 Sep 2026 09:55:01 +0000
asID: 397423
IP address blocks: 85.237.203.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 09 Oct 2025 22:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
74:6a:e0:bb:6e:4a:0f:74:a0:04:a5:9e:b2:77:90:cb:48:8d:76:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Validity
Not Before: Sep 10 09:50:01 2025 GMT
Not After : Sep 9 09:55:01 2026 GMT
Subject: CN=31D19344BCD8B486547CC4AC9AE76DC774D5B652
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:4a:3a:76:5c:4c:93:f9:b3:95:d3:a3:22:40:
81:5f:d4:2c:da:7b:2b:f8:87:5e:f3:cd:9b:59:cc:
a8:72:50:b7:4c:17:eb:f5:18:25:84:14:ae:86:72:
2e:4d:d0:a3:69:58:0d:5f:84:37:a5:aa:08:b2:be:
fb:6f:6b:96:f7:04:2d:d1:9a:e7:3a:1f:0b:b1:46:
5e:31:7d:b4:3e:2c:24:0e:03:38:f0:15:c3:3d:d3:
e0:97:58:83:39:22:9d:5b:49:e9:39:b1:01:14:44:
a5:73:86:73:6d:67:9d:f5:3c:8c:05:25:cd:79:74:
81:35:51:e7:98:37:b0:56:52:49:8e:b2:36:85:d6:
2f:19:35:83:82:8d:e3:ce:c5:b8:a3:24:44:c9:d8:
53:e9:d5:62:4e:c3:36:d9:a3:a4:21:e5:04:9f:81:
aa:79:f9:d7:c8:b1:53:5f:02:94:c8:68:c3:2e:75:
72:18:2d:a0:3b:96:f5:be:af:bd:03:ec:22:0f:9c:
af:60:83:9e:c6:a4:f4:ff:39:6b:9d:f6:2a:f2:ff:
42:e5:bb:18:69:54:6e:da:16:f5:7a:8b:5b:a2:bd:
c6:2a:de:e3:dd:32:5e:2b:35:94:f9:76:d5:69:e8:
ac:f2:8f:df:0c:c5:44:c3:4c:f5:59:d1:e3:6d:77:
1e:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:D1:93:44:BC:D8:B4:86:54:7C:C4:AC:9A:E7:6D:C7:74:D5:B6:52
X509v3 Authority Key Identifier:
keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230332e302f32342d3234203d3e20333937343233.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.237.203.0/24
Signature Algorithm: sha256WithRSAEncryption
55:ad:43:f2:96:07:c0:85:a2:d2:b8:29:66:02:82:48:fc:d5:
ff:53:41:ea:a4:ac:37:39:0c:dc:68:38:94:8f:f4:d9:b4:84:
02:ca:11:64:da:d0:93:e4:f6:40:88:40:82:2e:16:47:fd:f9:
2b:bb:1f:d4:59:61:6c:90:f8:f1:7d:39:07:1b:f4:05:ee:5c:
a4:51:b3:b8:f8:a1:8e:db:92:0d:c8:fe:d3:3a:38:3b:24:c6:
ef:73:88:17:03:1b:19:70:f9:8a:5b:ac:2e:a0:50:91:86:ca:
a2:b1:8c:44:5b:25:13:c1:90:64:4e:1f:71:9c:e2:aa:b9:60:
8e:7b:de:a8:9b:0c:e3:81:ea:07:d9:1f:18:3c:51:db:fd:6d:
b3:62:72:fd:e0:76:56:65:22:a9:2e:12:3d:55:4b:6f:71:f5:
c3:d0:67:01:c2:68:1d:54:08:21:2d:0e:6e:15:d7:23:ee:51:
8b:d5:5b:fb:f7:bd:74:7c:b7:b8:30:fb:82:d9:b1:04:0e:c8:
21:57:ec:ce:d8:1a:da:f1:19:7b:2d:65:6d:3b:01:fe:1c:57:
fc:5f:0d:b8:20:93:22:a5:c2:75:d1:19:5b:31:5e:11:ef:9e:
64:e8:3e:3b:c7:04:06:7b:32:bf:d0:2d:c5:ca:50:32:ab:74:
d2:4b:8d:5b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUdGrgu25KD3SgBKWesneQy0iNdqAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MTAwOTUwMDFaFw0yNjA5MDkwOTU1MDFaMDMxMTAvBgNV
BAMTKDMxRDE5MzQ0QkNEOEI0ODY1NDdDQzRBQzlBRTc2REM3NzRENUI2NTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOSjp2XEyT+bOV06MiQIFf1Cza
eyv4h17zzZtZzKhyULdMF+v1GCWEFK6Gci5N0KNpWA1fhDelqgiyvvtva5b3BC3R
muc6HwuxRl4xfbQ+LCQOAzjwFcM90+CXWIM5Ip1bSek5sQEURKVzhnNtZ531PIwF
Jc15dIE1UeeYN7BWUkmOsjaF1i8ZNYOCjePOxbijJETJ2FPp1WJOwzbZo6Qh5QSf
gap5+dfIsVNfApTIaMMudXIYLaA7lvW+r70D7CIPnK9gg57GpPT/OWud9iry/0Ll
uxhpVG7aFvV6i1uivcYq3uPdMl4rNZT5dtVp6Kzyj98MxUTDTPVZ0eNtdx53AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUMdGTRLzYtIZUfMSsmudtx3TVtlIwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzczNDMyMzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV7cswDQYJKoZIhvcNAQELBQADggEBAFWtQ/KWB8CFotK4KWYCgkj81f9TQeqk
rDc5DNxoOJSP9Nm0hALKEWTa0JPk9kCIQIIuFkf9+Su7H9RZYWyQ+PF9OQcb9AXu
XKRRs7j4oY7bkg3I/tM6ODskxu9ziBcDGxlw+YpbrC6gUJGGyqKxjERbJRPBkGRO
H3Gc4qq5YI573qibDOOB6gfZHxg8Udv9bbNicv3gdlZlIqkuEj1VS29x9cPQZwHC
aB1UCCEtDm4V1yPuUYvVW/v3vXR8t7gw+4LZsQQOyCFX7M7YGtrxGXstZW07Af4c
V/xfDbggkyKlwnXRGVsxXhHvnmToPjvHBAZ7Mr/QLcXKUDKrdNJLjVs=
-----END CERTIFICATE-----
Generated at Thu Oct 9 06:20:32 2025 by rpki-client