Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132332e302f32342d3234203d3e20313336373837.roa
File: 3231372e3231372e3132332e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier: NdAPGChgvynvWyl0tjGKgyEGwStln3bomS60w85kRg0=
Subject key identifier: 1D:4B:61:86:B9:71:C5:68:93:A4:E2:13:DB:1F:66:F9:0E:B0:2C:97
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 482DD119CF4E00B3EE4C0BBDF59FAA4048A4B0A8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132332e302f32342d3234203d3e20313336373837.roa
Signing time: Wed 16 Jul 2025 17:39:52 +0000
ROA not before: Wed 16 Jul 2025 17:34:52 +0000
ROA not after: Wed 15 Jul 2026 17:39:52 +0000
asID: 136787
IP address blocks: 217.217.123.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 20:00:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
48:2d:d1:19:cf:4e:00:b3:ee:4c:0b:bd:f5:9f:aa:40:48:a4:b0:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Jul 16 17:34:52 2025 GMT
Not After : Jul 15 17:39:52 2026 GMT
Subject: CN=1D4B6186B971C56893A4E213DB1F66F90EB02C97
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:18:f8:ee:b1:30:cf:6a:b4:81:c4:94:a9:81:
e6:b5:92:10:30:81:08:4d:16:18:b2:ad:04:7e:2d:
3d:70:98:15:93:de:5e:c9:63:fc:11:5e:d3:9e:99:
9b:bf:c0:d3:50:55:06:5b:23:e7:8f:ca:a4:72:83:
99:ea:46:f3:ee:be:1e:32:a0:db:e1:94:db:a0:63:
db:ed:75:ec:ee:61:32:0a:1d:e3:7a:d8:02:75:94:
ba:16:eb:aa:ba:3c:ca:1b:fa:f0:74:ae:63:b8:83:
98:ac:58:92:d6:71:0e:ff:8f:b7:a5:f1:d5:3c:5f:
86:41:37:be:a8:73:c0:d5:96:b2:00:05:02:70:86:
b6:b8:a1:14:8c:b5:d0:52:96:6b:75:ec:6b:37:8d:
57:0f:1e:2b:8e:e3:7e:f8:8f:ec:77:6f:6b:e4:d0:
9c:5c:20:80:02:c0:cf:61:6f:48:54:70:45:1c:c0:
49:13:33:ed:7e:e2:28:73:de:46:86:99:0e:bb:06:
4d:6c:ad:71:c5:5a:0a:02:c5:41:d0:b6:79:4c:dd:
b4:45:1e:4d:c0:d6:61:c8:0b:c6:ef:66:52:d9:36:
ad:e5:d3:6e:59:0e:fc:c5:6b:c4:64:d5:c3:48:73:
b7:85:97:3c:45:b8:f7:0e:7a:25:26:a4:cb:9f:83:
60:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:4B:61:86:B9:71:C5:68:93:A4:E2:13:DB:1F:66:F9:0E:B0:2C:97
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132332e302f32342d3234203d3e20313336373837.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.123.0/24
Signature Algorithm: sha256WithRSAEncryption
42:fd:40:3a:03:36:0d:04:f7:0a:51:d9:36:e1:73:db:4b:21:
81:51:be:87:2e:67:59:ca:5c:f3:f8:73:09:00:6d:14:4b:5c:
f5:c6:dc:f2:5a:db:7e:b2:39:9f:c3:e3:f2:41:b9:97:28:c2:
22:70:43:15:55:61:74:75:ca:cf:df:5c:6d:a9:0e:b0:ae:b9:
73:c4:34:68:65:b4:4c:d1:a6:e6:73:60:30:41:7c:26:63:c9:
22:97:b9:1c:78:d7:78:60:d0:27:cf:bc:e8:01:24:3a:e5:66:
43:f5:88:32:14:4f:c1:81:1f:08:50:68:ee:e5:66:01:05:1e:
e8:4c:69:a6:7e:36:c7:76:14:3d:32:fb:96:f0:bb:ef:d2:07:
52:b0:3d:b2:bd:86:c9:b3:ff:49:e6:35:42:0e:a1:79:f2:c6:
e9:76:99:9e:a7:23:66:af:13:2e:c9:fc:e9:cc:07:88:3c:f0:
c8:c1:5a:30:36:a0:c6:31:1a:ee:d8:ea:d1:55:af:6d:51:4d:
35:9d:11:16:19:7c:59:a9:a8:c9:91:cb:18:cb:36:c2:3b:42:
94:a7:49:8b:00:30:87:2b:27:0b:c7:45:f2:be:43:2e:ca:ec:
2c:3d:a3:16:61:16:f5:34:1b:ba:36:4b:cb:62:38:d1:3c:4a:
55:6f:e3:7e
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUSC3RGc9OALPuTAu99Z+qQEiksKgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MTYxNzM0NTJaFw0yNjA3MTUxNzM5NTJaMDMxMTAvBgNV
BAMTKDFENEI2MTg2Qjk3MUM1Njg5M0E0RTIxM0RCMUY2NkY5MEVCMDJDOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzGPjusTDParSBxJSpgea1khAw
gQhNFhiyrQR+LT1wmBWT3l7JY/wRXtOemZu/wNNQVQZbI+ePyqRyg5nqRvPuvh4y
oNvhlNugY9vtdezuYTIKHeN62AJ1lLoW66q6PMob+vB0rmO4g5isWJLWcQ7/j7el
8dU8X4ZBN76oc8DVlrIABQJwhra4oRSMtdBSlmt17Gs3jVcPHiuO4374j+x3b2vk
0JxcIIACwM9hb0hUcEUcwEkTM+1+4ihz3kaGmQ67Bk1srXHFWgoCxUHQtnlM3bRF
Hk3A1mHIC8bvZlLZNq3l025ZDvzFa8Rk1cNIc7eFlzxFuPcOeiUmpMufg2C/AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUHUthhrlxxWiTpOIT2x9m+Q6wLJcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMx
MzIzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnZezANBgkqhkiG9w0BAQsFAAOCAQEAQv1AOgM2DQT3ClHZNuFz20shgVG+
hy5nWcpc8/hzCQBtFEtc9cbc8lrbfrI5n8Pj8kG5lyjCInBDFVVhdHXKz99cbakO
sK65c8Q0aGW0TNGm5nNgMEF8JmPJIpe5HHjXeGDQJ8+86AEkOuVmQ/WIMhRPwYEf
CFBo7uVmAQUe6Exppn42x3YUPTL7lvC779IHUrA9sr2GybP/SeY1Qg6hefLG6XaZ
nqcjZq8TLsn86cwHiDzwyMFaMDagxjEa7tjq0VWvbVFNNZ0RFhl8WamoyZHLGMs2
wjtClKdJiwAwhysnC8dF8r5DLsrsLD2jFmEW9TQbujZLy2I40TxKVW/jfg==
-----END CERTIFICATE-----
Generated at Mon Jul 21 02:08:05 2025 by rpki-client