Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3231372e3134302e302f32342d3234203d3e20323133373038.roa
File: 3138352e3231372e3134302e302f32342d3234203d3e20323133373038.roa (raw, json)
Hash identifier: 7NRRwOo56x7r07IHpiB2f4GQNnrYqpmGBE3YfLt7Qh0=
Subject key identifier: 72:BA:2F:A7:44:B9:A4:05:43:DA:09:6A:43:84:D9:9F:F0:51:88:9E
Certificate issuer: /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial: 6C6A5BF155A2455399AB19C18267318A9AA3753F
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3231372e3134302e302f32342d3234203d3e20323133373038.roa
Signing time: Sat 01 Mar 2025 14:32:25 +0000
ROA not before: Sat 01 Mar 2025 14:27:25 +0000
ROA not after: Sat 28 Feb 2026 14:32:25 +0000
asID: 213708
IP address blocks: 185.217.140.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Apr 2025 13:46:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6c:6a:5b:f1:55:a2:45:53:99:ab:19:c1:82:67:31:8a:9a:a3:75:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Validity
Not Before: Mar 1 14:27:25 2025 GMT
Not After : Feb 28 14:32:25 2026 GMT
Subject: CN=72BA2FA744B9A40543DA096A4384D99FF051889E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:fa:6b:ec:5b:18:ac:3e:ec:49:38:7e:65:91:
95:7d:ca:26:b4:5a:c1:d4:95:98:d5:a4:09:97:d3:
58:42:f4:29:84:16:2d:4a:32:d9:08:59:b6:07:49:
63:3d:eb:38:df:06:c9:87:cd:7e:f2:e5:d2:07:c2:
80:5c:89:59:84:e8:8f:88:68:dc:a7:e1:64:9e:0c:
02:66:b0:f3:0b:76:5a:75:4e:1d:42:cc:17:b2:02:
85:f4:4e:33:0c:32:76:e8:1a:71:51:e1:d7:e6:ab:
1e:fd:bd:3d:fc:a2:f9:52:c4:ab:22:ff:de:2e:49:
8c:87:56:4d:63:af:fd:15:da:67:fa:96:79:68:7a:
26:f2:4b:1a:4b:e6:3c:80:44:12:67:11:0a:2d:76:
d6:fc:82:8c:67:ae:80:53:ae:07:8f:7a:e8:89:1a:
52:55:dc:5d:bf:5e:d8:64:89:72:d2:51:0d:b0:bd:
90:0d:e8:0a:46:a9:98:28:21:f9:6b:96:7e:86:df:
9b:4a:40:72:f1:59:c8:2a:33:2c:6f:88:a7:8e:24:
a8:7d:93:c5:b8:a1:b9:ec:8a:7a:44:af:ba:ca:0a:
5c:be:ac:a7:e6:b1:ba:05:f1:1e:d3:75:fd:f8:07:
59:68:66:c6:3b:d5:84:f6:b2:1a:b4:2e:29:53:d1:
48:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:BA:2F:A7:44:B9:A4:05:43:DA:09:6A:43:84:D9:9F:F0:51:88:9E
X509v3 Authority Key Identifier:
keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3138352e3231372e3134302e302f32342d3234203d3e20323133373038.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.217.140.0/24
Signature Algorithm: sha256WithRSAEncryption
73:11:f4:c3:9d:e8:0b:b6:88:f8:59:6b:7e:ac:83:7a:8c:51:
14:91:16:eb:97:df:02:9d:2e:5f:cb:47:2a:47:62:7a:93:fd:
e5:5f:fa:88:28:f7:83:f4:d9:09:5f:29:53:93:85:1b:fb:73:
fa:6d:b9:fa:1f:df:99:d3:10:99:fd:06:d5:00:92:05:41:9c:
f1:d6:ee:96:59:09:b9:47:fd:dc:06:35:f5:10:34:7c:94:b0:
41:2a:d0:d8:6b:f8:60:98:43:db:35:cd:28:e3:c2:3b:d5:02:
95:74:b0:fa:a2:15:69:27:aa:e9:c9:f3:1d:1f:fc:79:e0:b7:
ad:32:3b:df:96:32:27:ae:d1:f6:e4:f1:50:50:8f:73:24:22:
1b:21:99:e7:21:24:69:db:14:ad:4c:36:a2:5b:0b:1c:41:b2:
ba:fa:95:99:8d:24:24:87:e2:81:e7:42:c5:98:6b:53:55:d5:
98:fa:6f:d8:0d:2e:86:ba:1a:b4:23:3a:7f:23:20:50:0b:f9:
65:24:02:fa:c5:12:74:ea:70:72:43:43:77:08:44:94:c1:58:
33:ca:e2:fe:34:f8:2b:64:02:6e:4a:2a:4a:06:08:8f:d2:16:
a9:f2:e9:77:6f:42:eb:8c:1a:8f:30:af:74:57:02:cf:39:d4:
eb:e3:22:8c
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUbGpb8VWiRVOZqxnBgmcxipqjdT8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNTAzMDExNDI3MjVaFw0yNjAyMjgxNDMyMjVaMDMxMTAvBgNV
BAMTKDcyQkEyRkE3NDRCOUE0MDU0M0RBMDk2QTQzODREOTlGRjA1MTg4OUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN+mvsWxisPuxJOH5lkZV9yia0
WsHUlZjVpAmX01hC9CmEFi1KMtkIWbYHSWM96zjfBsmHzX7y5dIHwoBciVmE6I+I
aNyn4WSeDAJmsPMLdlp1Th1CzBeyAoX0TjMMMnboGnFR4dfmqx79vT38ovlSxKsi
/94uSYyHVk1jr/0V2mf6lnloeibySxpL5jyARBJnEQotdtb8goxnroBTrgePeuiJ
GlJV3F2/XthkiXLSUQ2wvZAN6ApGqZgoIflrln6G35tKQHLxWcgqMyxviKeOJKh9
k8W4obnsinpEr7rKCly+rKfmsboF8R7Tdf34B1loZsY71YT2shq0LilT0UgzAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUcrovp0S5pAVD2glqQ4TZn/BRiJ4wHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzEzODM1MmUzMjMxMzcyZTMx
MzQzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMzM3MzAzOC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnZjDANBgkqhkiG9w0BAQsFAAOCAQEAcxH0w53oC7aI+FlrfqyDeoxRFJEW
65ffAp0uX8tHKkdiepP95V/6iCj3g/TZCV8pU5OFG/tz+m25+h/fmdMQmf0G1QCS
BUGc8dbullkJuUf93AY19RA0fJSwQSrQ2Gv4YJhD2zXNKOPCO9UClXSw+qIVaSeq
6cnzHR/8eeC3rTI735YyJ67R9uTxUFCPcyQiGyGZ5yEkadsUrUw2olsLHEGyuvqV
mY0kJIfigedCxZhrU1XVmPpv2A0uhroatCM6fyMgUAv5ZSQC+sUSdOpwckNDdwhE
lMFYM8ri/jT4K2QCbkoqSgYIj9IWqfLpd29C64wajzCvdFcCzznU6+MijA==
-----END CERTIFICATE-----
Generated at Mon Apr 21 22:23:05 2025 by rpki-client