Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132312e302f32342d3234203d3e20313337343039.roa
File: 3231372e3231372e3132312e302f32342d3234203d3e20313337343039.roa (raw, json)
Hash identifier: APIAY59TYmmGQmy/pRpQZZlRNemi7mJD8AZeWGrBqjE=
Subject key identifier: 28:19:6C:6C:90:36:71:27:67:C4:74:BD:C4:77:76:26:7E:B6:67:86
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 21324B62364A451A861E96A59786FA1DE5DD383F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132312e302f32342d3234203d3e20313337343039.roa
Signing time: Fri 11 Jul 2025 19:30:06 +0000
ROA not before: Fri 11 Jul 2025 19:25:06 +0000
ROA not after: Fri 10 Jul 2026 19:30:06 +0000
asID: 137409
IP address blocks: 217.217.121.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 20:00:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:32:4b:62:36:4a:45:1a:86:1e:96:a5:97:86:fa:1d:e5:dd:38:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Jul 11 19:25:06 2025 GMT
Not After : Jul 10 19:30:06 2026 GMT
Subject: CN=28196C6C9036712767C474BDC47776267EB66786
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:79:c2:2d:8a:16:ad:77:37:59:02:4c:7a:c2:
e5:c5:b8:11:e6:fb:50:5c:ad:db:d4:75:1c:eb:88:
f6:30:3b:2e:f1:e6:35:ff:2d:a8:ef:ed:88:9a:cf:
8e:47:54:f6:35:e1:c2:73:df:c2:35:9c:8b:2a:fa:
25:f3:33:38:7d:40:1e:41:27:bf:a3:97:13:cf:76:
a7:65:a1:d8:9a:6e:96:b7:b7:73:61:a0:13:75:4b:
25:e1:c2:2e:8b:dd:39:0d:8f:a3:6c:52:53:61:37:
c9:d2:1a:a7:ee:6d:6a:ce:cf:7a:09:4f:d6:e6:37:
65:18:4e:82:dc:e8:a0:7b:c2:90:cb:9c:c1:41:e5:
a2:1c:a1:9a:13:7e:ce:a6:e2:82:d0:72:ec:91:31:
cf:dd:61:17:6f:87:43:b1:98:87:e6:07:9b:13:57:
48:a8:0e:bc:03:fc:c8:e5:d2:bb:d5:9a:7b:86:ba:
60:74:0e:71:cf:60:5a:f8:a1:e7:61:9f:9c:21:a8:
d1:43:ba:1b:27:f8:f5:88:41:35:9f:9b:04:c3:c1:
04:77:79:3a:06:86:fb:42:0e:1f:a3:8d:52:93:fc:
61:ae:d9:b8:8d:fd:28:65:e1:9c:fa:f3:14:d1:a1:
01:33:9d:c4:6b:4b:cf:f3:a2:db:1d:fc:e9:a6:6a:
54:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:19:6C:6C:90:36:71:27:67:C4:74:BD:C4:77:76:26:7E:B6:67:86
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132312e302f32342d3234203d3e20313337343039.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.121.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:27:17:66:25:2e:38:a5:ba:37:11:22:98:55:d1:82:ac:cf:
d2:20:85:f5:ac:31:d3:b3:36:22:5b:fb:d8:fc:0d:84:f0:a9:
6e:27:7a:fc:7a:b7:59:84:8b:08:7a:e7:07:a4:ba:8f:44:85:
51:70:14:16:74:6c:0d:37:4c:fd:db:e1:4d:a5:77:d8:37:96:
e0:0a:73:ae:cc:58:e9:48:ff:2f:fc:a0:a7:85:85:dc:a0:4d:
f1:ce:7f:07:e8:f1:13:4b:bb:0a:56:55:f2:85:83:fd:3f:46:
63:68:40:af:95:28:aa:31:1c:23:2a:84:79:88:12:a0:f9:00:
3b:3f:43:07:9f:0e:b6:ab:62:81:0d:3b:fe:0a:d1:f4:e0:40:
b9:dc:7f:12:f0:d2:c0:e3:ef:0d:ac:09:e5:ab:53:4d:99:33:
e0:74:3a:6f:ce:8b:40:4a:7e:2b:c4:fd:6f:ce:40:dd:4e:69:
23:20:2d:2b:8d:ab:04:bb:89:af:5f:e0:62:38:01:95:a6:cc:
1e:20:d7:f3:98:92:66:9d:f2:59:1a:a7:e4:9c:78:9a:61:41:
a0:cf:1f:a2:96:73:8d:cc:22:6d:df:b4:62:e6:27:e2:ea:36:
c9:1e:03:88:c6:6f:63:8f:23:4d:c5:b2:78:03:ae:40:70:ee:
09:61:5a:75
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUITJLYjZKRRqGHpall4b6HeXdOD8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTExOTI1MDZaFw0yNjA3MTAxOTMwMDZaMDMxMTAvBgNV
BAMTKDI4MTk2QzZDOTAzNjcxMjc2N0M0NzRCREM0Nzc3NjI2N0VCNjY3ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDecItihatdzdZAkx6wuXFuBHm
+1BcrdvUdRzriPYwOy7x5jX/Lajv7Yiaz45HVPY14cJz38I1nIsq+iXzMzh9QB5B
J7+jlxPPdqdlodiabpa3t3NhoBN1SyXhwi6L3TkNj6NsUlNhN8nSGqfubWrOz3oJ
T9bmN2UYToLc6KB7wpDLnMFB5aIcoZoTfs6m4oLQcuyRMc/dYRdvh0OxmIfmB5sT
V0ioDrwD/Mjl0rvVmnuGumB0DnHPYFr4oedhn5whqNFDuhsn+PWIQTWfmwTDwQR3
eToGhvtCDh+jjVKT/GGu2biN/Shl4Zz68xTRoQEzncRrS8/zotsd/OmmalTFAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUKBlsbJA2cSdnxHS9xHd2Jn62Z4YwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMx
MzIzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNzM0MzAzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnZeTANBgkqhkiG9w0BAQsFAAOCAQEAWycXZiUuOKW6NxEimFXRgqzP0iCF
9awx07M2Ilv72PwNhPCpbid6/Hq3WYSLCHrnB6S6j0SFUXAUFnRsDTdM/dvhTaV3
2DeW4ApzrsxY6Uj/L/ygp4WF3KBN8c5/B+jxE0u7ClZV8oWD/T9GY2hAr5UoqjEc
IyqEeYgSoPkAOz9DB58OtqtigQ07/grR9OBAudx/EvDSwOPvDawJ5atTTZkz4HQ6
b86LQEp+K8T9b85A3U5pIyAtK42rBLuJr1/gYjgBlabMHiDX85iSZp3yWRqn5Jx4
mmFBoM8fopZzjcwibd+0YuYn4uo2yR4DiMZvY48jTcWyeAOuQHDuCWFadQ==
-----END CERTIFICATE-----
Generated at Mon Jul 21 02:06:25 2025 by rpki-client