Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231372e302f32342d3234203d3e20323032373336.roa
File: 38352e3233372e3231372e302f32342d3234203d3e20323032373336.roa (raw, json)
Hash identifier: SMRGv6NAS1FOE4sd1cNtQ5ALv/Q7MpEKycA2RxJ2Yvw=
Subject key identifier: 41:04:E4:A5:F9:27:DF:E5:D2:71:EB:F0:98:62:CE:56:E2:F7:6F:CE
Certificate issuer: /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial: 20045F557D201E872824C82C2BE0915B6A0E5449
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231372e302f32342d3234203d3e20323032373336.roa
Signing time: Wed 24 Sep 2025 09:44:48 +0000
ROA not before: Wed 24 Sep 2025 09:39:48 +0000
ROA not after: Wed 23 Sep 2026 09:44:48 +0000
asID: 202736
IP address blocks: 85.237.217.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 12 Oct 2025 08:58:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:04:5f:55:7d:20:1e:87:28:24:c8:2c:2b:e0:91:5b:6a:0e:54:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Validity
Not Before: Sep 24 09:39:48 2025 GMT
Not After : Sep 23 09:44:48 2026 GMT
Subject: CN=4104E4A5F927DFE5D271EBF09862CE56E2F76FCE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:5b:19:51:05:dc:49:28:05:81:4a:0c:eb:b1:
2b:da:b8:08:da:b3:fc:36:c1:8b:09:32:d4:a5:06:
20:d2:2f:de:83:82:96:df:24:8b:af:88:63:88:d3:
40:c6:c6:5a:79:34:2c:b8:9c:ad:38:d1:d9:00:f3:
1f:4e:fa:bd:74:c7:1d:f3:01:04:2f:4d:6e:ca:cb:
bd:dc:72:e6:3d:91:f8:d0:c0:aa:bb:db:49:88:aa:
b9:f0:32:b8:c2:4b:2e:a9:f5:17:9d:5f:ba:71:4b:
7e:fa:bd:33:6e:e8:cc:d9:9b:db:e0:47:7f:4c:d8:
1e:29:20:d6:b3:72:6f:21:70:a7:2e:26:04:b1:13:
a3:26:f6:bc:72:6e:6b:2b:61:55:20:6b:a1:b0:d3:
43:ed:aa:8c:12:35:0a:2c:63:61:98:40:15:ac:d5:
14:39:f9:64:5c:0f:78:70:6c:ef:98:69:19:2b:e9:
a8:83:dc:59:5b:d0:93:b0:a5:0f:de:56:dd:c1:b4:
15:d2:36:c5:6e:e8:7e:08:27:55:36:ce:67:d6:34:
de:05:3f:e3:01:e7:2a:03:73:c7:4d:8b:b0:9b:bd:
70:ad:4c:e9:23:25:62:76:da:c4:27:e5:82:69:0d:
fe:53:b9:0d:22:a0:0e:9d:0b:45:5d:fb:19:0e:65:
80:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:04:E4:A5:F9:27:DF:E5:D2:71:EB:F0:98:62:CE:56:E2:F7:6F:CE
X509v3 Authority Key Identifier:
keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231372e302f32342d3234203d3e20323032373336.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.237.217.0/24
Signature Algorithm: sha256WithRSAEncryption
37:54:b8:9f:32:e9:9a:60:45:f6:b1:6b:92:e6:e4:ba:42:5c:
d1:cf:8c:1a:30:2f:2a:16:60:68:27:87:e5:28:1d:14:b4:25:
53:c2:19:87:64:ed:18:36:23:88:bc:5e:da:f0:fa:5b:5d:a2:
04:b2:fe:3d:c2:6b:c7:a2:6e:8b:cb:fb:ce:ce:ff:6f:a2:17:
ad:bf:3d:ba:b6:3e:d9:9e:34:90:2e:20:e0:da:84:96:fa:5c:
91:f1:36:88:33:23:93:dc:d0:54:8c:94:40:cc:0e:36:16:36:
9b:62:54:21:6c:1a:c8:07:6f:7b:2d:b6:27:2a:44:48:9d:4d:
f1:5f:b0:0e:42:ff:d1:48:67:ec:3d:70:1d:2e:1d:b4:57:e6:
fe:30:c1:bd:e4:ec:06:c7:01:3b:40:df:fe:0e:ae:24:cf:7e:
cb:45:04:36:25:9c:47:31:3a:0f:32:bd:ef:c7:68:67:3e:4d:
d7:53:31:07:0b:4f:c5:14:9d:77:fa:7d:c2:42:28:db:05:bb:
c0:6d:da:86:4d:9d:85:42:3f:9a:eb:57:fc:13:09:50:37:54:
8b:32:ef:f6:84:0a:6a:37:79:8b:08:8f:58:c2:f3:d9:dd:c2:
8e:a9:91:f2:49:b5:d9:2c:18:63:00:87:09:12:9a:3e:78:47:
1d:98:8c:3b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUIARfVX0gHocoJMgsK+CRW2oOVEkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MjQwOTM5NDhaFw0yNjA5MjMwOTQ0NDhaMDMxMTAvBgNV
BAMTKDQxMDRFNEE1RjkyN0RGRTVEMjcxRUJGMDk4NjJDRTU2RTJGNzZGQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPWxlRBdxJKAWBSgzrsSvauAja
s/w2wYsJMtSlBiDSL96DgpbfJIuviGOI00DGxlp5NCy4nK040dkA8x9O+r10xx3z
AQQvTW7Ky73ccuY9kfjQwKq720mIqrnwMrjCSy6p9RedX7pxS376vTNu6MzZm9vg
R39M2B4pINazcm8hcKcuJgSxE6Mm9rxybmsrYVUga6Gw00PtqowSNQosY2GYQBWs
1RQ5+WRcD3hwbO+YaRkr6aiD3Flb0JOwpQ/eVt3BtBXSNsVu6H4IJ1U2zmfWNN4F
P+MB5yoDc8dNi7CbvXCtTOkjJWJ22sQn5YJpDf5TuQ0ioA6dC0Vd+xkOZYBPAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUQQTkpfkn3+XScevwmGLOVuL3b84wHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMx
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzIzNzMzMzYucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV7dkwDQYJKoZIhvcNAQELBQADggEBADdUuJ8y6ZpgRfaxa5Lm5LpCXNHPjBow
LyoWYGgnh+UoHRS0JVPCGYdk7Rg2I4i8Xtrw+ltdogSy/j3Ca8eibovL+87O/2+i
F62/Pbq2PtmeNJAuIODahJb6XJHxNogzI5Pc0FSMlEDMDjYWNptiVCFsGsgHb3st
ticqREidTfFfsA5C/9FIZ+w9cB0uHbRX5v4wwb3k7AbHATtA3/4OriTPfstFBDYl
nEcxOg8yve/HaGc+TddTMQcLT8UUnXf6fcJCKNsFu8Bt2oZNnYVCP5rrV/wTCVA3
VIsy7/aECmo3eYsIj1jC89ndwo6pkfJJtdksGGMAhwkSmj54Rx2YjDs=
-----END CERTIFICATE-----
Generated at Sat Oct 11 17:32:04 2025 by rpki-client