Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132302e302f32342d3234203d3e20313337343039.roa
File: 3231372e3231372e3132302e302f32342d3234203d3e20313337343039.roa (raw, json)
Hash identifier: bKP0Z4wehwHC4Kydg2HSPV23tiwQP3rZJz2tlZFEKDk=
Subject key identifier: 8F:16:AD:1D:19:7C:AC:DD:7F:2A:E9:15:0B:08:F9:DA:A4:43:37:67
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 6ACA1D8B93C56E5EAB64D277280EC8984D1C670E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132302e302f32342d3234203d3e20313337343039.roa
Signing time: Fri 11 Jul 2025 19:29:57 +0000
ROA not before: Fri 11 Jul 2025 19:24:57 +0000
ROA not after: Fri 10 Jul 2026 19:29:57 +0000
asID: 137409
IP address blocks: 217.217.120.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 20:00:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6a:ca:1d:8b:93:c5:6e:5e:ab:64:d2:77:28:0e:c8:98:4d:1c:67:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Jul 11 19:24:57 2025 GMT
Not After : Jul 10 19:29:57 2026 GMT
Subject: CN=8F16AD1D197CACDD7F2AE9150B08F9DAA4433767
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:81:ec:f2:04:47:80:71:56:43:7e:68:7d:e7:
5e:1c:a9:dc:ec:05:bf:5b:20:ef:c5:8d:9a:cd:c0:
e3:7f:fa:7a:ce:d2:bf:f0:5d:f5:0c:dc:aa:c0:ae:
fa:7b:12:73:94:4d:1b:92:10:32:39:cc:72:c0:01:
6b:8b:4d:1d:3e:bc:18:cb:b8:81:94:87:09:9c:94:
eb:9a:6a:24:68:de:6d:60:2e:12:2f:b2:3d:3e:99:
18:0b:fb:ea:0e:cb:4d:94:39:4f:87:18:bb:52:fa:
23:3a:89:49:80:8e:d3:61:66:d0:2b:8d:78:6b:3d:
75:23:45:36:08:4a:c6:47:84:16:5f:f2:ad:68:4d:
2e:bb:f9:dd:49:92:2e:45:d9:7a:6c:c3:91:d8:f4:
75:a0:88:6a:0e:67:38:8c:7a:ac:01:2c:ae:ec:e1:
9f:0b:21:0a:06:61:59:3e:cb:40:06:0e:5e:53:3d:
4a:b3:da:7f:12:04:97:1c:8b:68:f1:66:49:91:d7:
d9:30:be:39:f9:21:ae:46:ad:1d:ab:2c:f5:f9:ce:
84:1e:e6:3c:93:c8:91:59:95:b6:93:78:57:ce:99:
ec:2b:93:30:04:1d:1a:bd:48:1b:c1:d4:39:20:df:
df:bb:ea:28:c2:e1:32:98:21:a1:1d:4c:d4:61:81:
72:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:16:AD:1D:19:7C:AC:DD:7F:2A:E9:15:0B:08:F9:DA:A4:43:37:67
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132302e302f32342d3234203d3e20313337343039.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.120.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:39:9a:f3:28:28:c3:3b:09:54:52:5a:f2:e7:aa:2b:95:0b:
13:db:12:90:d5:e2:ce:a6:4e:ef:7e:b7:d4:dc:f9:07:aa:d9:
e7:47:a9:0b:64:5f:9d:d9:6e:cf:51:d2:9e:70:c9:40:93:ec:
97:b9:1e:e0:a2:8e:2f:e2:cf:19:20:08:19:89:2e:81:ac:39:
a0:0a:f2:4e:4f:67:1b:e8:ea:9f:2b:6f:f5:47:3f:f4:f8:c8:
93:cb:07:f6:18:ae:c7:d5:80:91:4f:0f:4e:38:2a:72:e7:04:
3d:72:15:2b:2b:77:48:b4:0c:81:b2:74:84:ac:c0:c1:c5:ba:
ed:ea:1b:47:12:5b:05:f2:c3:80:0f:c1:09:4f:4b:0e:d2:25:
a2:d3:d7:42:8a:ed:a2:a8:d9:09:19:ca:03:6a:20:10:8f:7a:
9d:f2:5c:a3:29:1e:07:7d:82:0b:dc:10:63:35:2a:a5:63:5c:
13:14:6b:15:75:e4:54:1a:bf:68:32:c7:c9:0a:a7:ca:b9:e5:
21:e0:5b:e7:1b:d3:92:b1:29:20:d2:3b:24:60:9d:73:a3:07:
e2:c3:ec:e4:6d:d7:06:63:a9:ad:5b:dd:65:ac:ca:9a:39:da:
5e:3f:85:49:75:84:56:ec:90:1e:bf:09:99:cf:64:38:8e:3d:
6a:fc:42:7e
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUasodi5PFbl6rZNJ3KA7ImE0cZw4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTExOTI0NTdaFw0yNjA3MTAxOTI5NTdaMDMxMTAvBgNV
BAMTKDhGMTZBRDFEMTk3Q0FDREQ3RjJBRTkxNTBCMDhGOURBQTQ0MzM3NjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDgezyBEeAcVZDfmh9514cqdzs
Bb9bIO/FjZrNwON/+nrO0r/wXfUM3KrArvp7EnOUTRuSEDI5zHLAAWuLTR0+vBjL
uIGUhwmclOuaaiRo3m1gLhIvsj0+mRgL++oOy02UOU+HGLtS+iM6iUmAjtNhZtAr
jXhrPXUjRTYISsZHhBZf8q1oTS67+d1Jki5F2Xpsw5HY9HWgiGoOZziMeqwBLK7s
4Z8LIQoGYVk+y0AGDl5TPUqz2n8SBJcci2jxZkmR19kwvjn5Ia5GrR2rLPX5zoQe
5jyTyJFZlbaTeFfOmewrkzAEHRq9SBvB1Dkg39+76ijC4TKYIaEdTNRhgXI/AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUjxatHRl8rN1/KukVCwj52qRDN2cwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMx
MzIzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNzM0MzAzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnZeDANBgkqhkiG9w0BAQsFAAOCAQEATzma8ygowzsJVFJa8ueqK5ULE9sS
kNXizqZO73631Nz5B6rZ50epC2Rfndluz1HSnnDJQJPsl7ke4KKOL+LPGSAIGYku
gaw5oAryTk9nG+jqnytv9Uc/9PjIk8sH9hiux9WAkU8PTjgqcucEPXIVKyt3SLQM
gbJ0hKzAwcW67eobRxJbBfLDgA/BCU9LDtIlotPXQortoqjZCRnKA2ogEI96nfJc
oykeB32CC9wQYzUqpWNcExRrFXXkVBq/aDLHyQqnyrnlIeBb5xvTkrEpINI7JGCd
c6MH4sPs5G3XBmOprVvdZazKmjnaXj+FSXWEVuyQHr8Jmc9kOI49avxCfg==
-----END CERTIFICATE-----
Generated at Mon Jul 21 02:06:29 2025 by rpki-client