Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS30900.roa
File: AS30900.roa (raw, json)
Hash identifier: x6KRyEz+89KZu0FP4pCprztTQz8BymO19Z9r0UYCeoc=
Subject key identifier: 84:69:FC:B2:AD:6D:ED:F0:4D:04:08:DD:E8:93:6E:D0:0D:B1:D3:A7
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 1A65F9602584D7FB6C66BA25DFFBDFA03D3CB543
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS30900.roa
Signing time: Fri 25 Jul 2025 10:49:40 +0000
ROA not before: Fri 25 Jul 2025 10:44:40 +0000
ROA not after: Fri 24 Jul 2026 10:49:40 +0000
asID: 30900
IP address blocks: 82.21.217.0/24 maxlen: 24
82.21.218.0/24 maxlen: 24
82.21.248.0/24 maxlen: 24
82.22.214.0/24 maxlen: 24
82.22.223.0/24 maxlen: 24
82.22.248.0/24 maxlen: 24
82.23.202.0/24 maxlen: 24
82.23.225.0/24 maxlen: 24
82.23.238.0/24 maxlen: 24
82.24.19.0/24 maxlen: 24
82.24.33.0/24 maxlen: 24
82.24.221.0/24 maxlen: 24
82.24.223.0/24 maxlen: 24
82.24.237.0/24 maxlen: 24
82.24.248.0/24 maxlen: 24
82.25.213.0/24 maxlen: 24
82.25.214.0/24 maxlen: 24
82.25.215.0/24 maxlen: 24
82.25.235.0/24 maxlen: 24
82.25.248.0/24 maxlen: 24
82.26.217.0/24 maxlen: 24
82.26.248.0/24 maxlen: 24
82.26.249.0/24 maxlen: 24
82.27.249.0/24 maxlen: 24
82.29.214.0/24 maxlen: 24
82.29.235.0/24 maxlen: 24
82.29.247.0/24 maxlen: 24
82.29.248.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 28 Jul 2025 03:56:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:65:f9:60:25:84:d7:fb:6c:66:ba:25:df:fb:df:a0:3d:3c:b5:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Jul 25 10:44:40 2025 GMT
Not After : Jul 24 10:49:40 2026 GMT
Subject: CN=8469FCB2AD6DEDF04D0408DDE8936ED00DB1D3A7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:61:33:f5:10:f0:4d:79:2c:c8:ae:da:17:4f:
7c:70:1a:c4:97:1f:8f:00:97:fb:99:92:f7:8f:22:
9b:1a:f9:1d:1b:8d:96:7f:2c:6a:4c:b6:b5:28:ec:
0f:dc:97:81:d5:40:00:4c:24:96:a6:df:18:d7:8e:
59:bf:4d:d4:a6:18:3b:4e:61:24:51:53:cd:fa:82:
ee:c4:8f:ce:4a:12:1b:11:11:16:aa:52:e0:37:a7:
58:33:71:4e:83:8d:90:3a:34:17:77:9d:55:42:20:
43:c0:bf:f7:09:b0:93:a4:ce:df:e6:71:7b:e3:99:
f1:76:72:de:ca:34:1f:e8:74:da:56:6e:1d:4f:5f:
6c:36:71:fd:e8:5d:fc:45:60:d8:8a:06:1f:6a:6c:
47:0c:32:f0:77:32:38:d6:a6:80:9d:f5:fe:23:7e:
30:4b:f6:d6:8c:23:f6:7a:d5:4e:8e:5e:e7:48:1a:
03:9f:e2:fc:2b:e1:54:3d:3c:62:cb:7d:5e:ed:be:
1c:fd:84:ae:0c:42:17:b1:96:f2:79:6c:f2:98:ea:
fc:35:97:b6:18:fa:ea:0a:e9:40:53:f3:f6:f5:20:
e2:74:8a:60:2e:44:5e:73:95:c5:7e:b0:ce:b7:2e:
1f:12:98:46:f4:ec:57:db:0c:a2:73:fe:1a:67:0e:
5a:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:69:FC:B2:AD:6D:ED:F0:4D:04:08:DD:E8:93:6E:D0:0D:B1:D3:A7
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS30900.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.217.0-82.21.218.255
82.21.248.0/24
82.22.214.0/24
82.22.223.0/24
82.22.248.0/24
82.23.202.0/24
82.23.225.0/24
82.23.238.0/24
82.24.19.0/24
82.24.33.0/24
82.24.221.0/24
82.24.223.0/24
82.24.237.0/24
82.24.248.0/24
82.25.213.0-82.25.215.255
82.25.235.0/24
82.25.248.0/24
82.26.217.0/24
82.26.248.0/23
82.27.249.0/24
82.29.214.0/24
82.29.235.0/24
82.29.247.0-82.29.248.255
Signature Algorithm: sha256WithRSAEncryption
40:38:72:b0:22:bb:99:30:cc:3b:01:e8:c1:1c:57:28:c9:6b:
e5:52:58:d4:dd:b7:b2:ca:52:fe:93:31:93:c7:df:b6:0c:6b:
5e:95:de:6b:59:46:7e:ce:15:92:42:89:95:25:e4:07:73:fe:
fe:fb:54:61:ca:d5:14:d1:1b:15:3e:1b:61:58:0f:6f:2a:8e:
4e:e7:d5:59:89:6b:30:cf:b2:ff:10:31:4b:66:2b:92:fd:b1:
7a:ab:4d:9b:ef:bc:1a:ad:72:09:5f:50:06:a8:07:47:26:dd:
49:92:0b:2f:a0:50:91:6b:81:b2:27:a4:ab:49:5e:3f:92:90:
11:b9:af:14:ca:bb:15:4b:8a:d2:d6:92:f8:ee:82:2a:3b:2d:
c0:33:49:04:90:d8:c3:ad:6d:36:f3:c9:12:2c:d3:ea:9c:3e:
25:fc:c1:05:fa:e3:46:f0:63:3d:7e:52:da:1d:d0:ba:89:b5:
05:cf:8c:10:ce:44:45:b1:dd:1c:c0:41:c9:ab:32:83:ea:95:
1b:9b:17:ee:99:35:65:ec:24:ac:b1:4b:ef:97:8e:52:15:a0:
8a:c2:86:c7:5c:a2:c7:9b:a6:ad:9c:c2:7f:4f:6d:dd:3e:14:
fb:5c:8c:25:ad:e1:7f:ad:da:18:64:19:e8:83:4c:67:ec:c3:
4c:a6:57:9c
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgIUGmX5YCWE1/tsZrol3/vfoD08tUMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MjUxMDQ0NDBaFw0yNjA3MjQxMDQ5NDBaMDMxMTAvBgNV
BAMTKDg0NjlGQ0IyQUQ2REVERjA0RDA0MDhEREU4OTM2RUQwMERCMUQzQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAYTP1EPBNeSzIrtoXT3xwGsSX
H48Al/uZkvePIpsa+R0bjZZ/LGpMtrUo7A/cl4HVQABMJJam3xjXjlm/TdSmGDtO
YSRRU836gu7Ej85KEhsRERaqUuA3p1gzcU6DjZA6NBd3nVVCIEPAv/cJsJOkzt/m
cXvjmfF2ct7KNB/odNpWbh1PX2w2cf3oXfxFYNiKBh9qbEcMMvB3MjjWpoCd9f4j
fjBL9taMI/Z61U6OXudIGgOf4vwr4VQ9PGLLfV7tvhz9hK4MQhexlvJ5bPKY6vw1
l7YY+uoK6UBT8/b1IOJ0imAuRF5zlcV+sM63Lh8SmEb07FfbDKJz/hpnDlp1AgMB
AAGjggKqMIICpjAdBgNVHQ4EFgQUhGn8sq1t7fBNBAjd6JNu0A2x06cwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzA5MDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgb8GCCsGAQUFBwEHAQH/BIGvMIGsMIGpBAIAATCBojAM
AwQAUhXZAwQAUhXaAwQAUhX4AwQAUhbWAwQAUhbfAwQAUhb4AwQAUhfKAwQAUhfh
AwQAUhfuAwQAUhgTAwQAUhghAwQAUhjdAwQAUhjfAwQAUhjtAwQAUhj4MAwDBABS
GdUDBANSGdADBABSGesDBABSGfgDBABSGtkDBAFSGvgDBABSG/kDBABSHdYDBABS
HeswDAMEAFId9wMEAFId+DANBgkqhkiG9w0BAQsFAAOCAQEAQDhysCK7mTDMOwHo
wRxXKMlr5VJY1N23sspS/pMxk8fftgxrXpXea1lGfs4VkkKJlSXkB3P+/vtUYcrV
FNEbFT4bYVgPbyqOTufVWYlrMM+y/xAxS2Yrkv2xeqtNm++8Gq1yCV9QBqgHRybd
SZILL6BQkWuBsiekq0leP5KQEbmvFMq7FUuK0taS+O6CKjstwDNJBJDYw61tNvPJ
EizT6pw+JfzBBfrjRvBjPX5S2h3Quom1Bc+MEM5ERbHdHMBByasyg+qVG5sX7pk1
ZewkrLFL75eOUhWgisKGx1yix5umrZzCf09t3T4U+1yMJa3hf63aGGQZ6INMZ+zD
TKZXnA==
-----END CERTIFICATE-----
Generated at Sun Jul 27 11:52:28 2025 by rpki-client