Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397423.roa
File: AS397423.roa (raw, json)
Hash identifier: QLq0tW6knTxyJbo+kqQLViIlh8uLG7QVG9fu+l5SbHg=
Subject key identifier: 01:D1:DF:BF:CC:1A:4C:EF:89:89:9E:BF:55:97:4D:11:71:16:B2:18
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 226649DC05ECA7006DA4C4A9EDB93EE13C769F1D
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397423.roa
Signing time: Mon 12 May 2025 12:06:31 +0000
ROA not before: Mon 12 May 2025 12:01:31 +0000
ROA not after: Mon 11 May 2026 12:06:31 +0000
asID: 397423
IP address blocks: 145.223.44.0/24 maxlen: 24
145.223.54.0/24 maxlen: 24
145.223.58.0/24 maxlen: 24
146.103.5.0/24 maxlen: 24
150.241.226.0/23 maxlen: 24
155.117.232.0/22 maxlen: 22
155.117.246.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 12:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:66:49:dc:05:ec:a7:00:6d:a4:c4:a9:ed:b9:3e:e1:3c:76:9f:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: May 12 12:01:31 2025 GMT
Not After : May 11 12:06:31 2026 GMT
Subject: CN=01D1DFBFCC1A4CEF89899EBF55974D117116B218
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:3a:8c:ad:69:92:0d:a0:c7:9f:a1:b2:b1:ff:
06:dc:d2:89:a7:e9:34:15:20:ac:e8:85:ba:a7:48:
fa:a3:ea:53:e5:de:cd:03:3c:ad:c6:bf:cc:c1:c6:
64:31:33:d2:e9:61:8a:38:72:b2:9c:91:18:6a:c2:
c4:78:a0:b1:d4:c3:c4:61:8e:2c:87:1b:e5:2b:b7:
ab:66:93:dd:c2:80:d3:b1:91:2d:7b:08:2e:89:3e:
9c:71:31:aa:ea:85:48:c5:c9:a8:d7:c5:5b:e5:ab:
61:29:87:5d:f8:b3:25:d5:16:91:ef:4a:e1:f6:b0:
ac:15:d3:3a:a5:50:54:bb:cd:6b:19:b8:11:96:c0:
5e:1e:fd:3a:1b:a9:65:0c:c6:85:00:3c:2e:04:79:
8d:fd:7a:78:44:11:c5:ad:c3:2f:30:d3:bf:58:42:
b3:33:08:92:6d:8e:d0:16:4b:a9:57:5d:de:65:97:
c2:ae:4a:28:ff:24:11:71:f7:2d:48:63:86:f2:80:
6b:0f:eb:6a:d1:c8:00:aa:36:03:1b:9e:e2:57:e7:
16:2d:34:78:4d:a6:10:c4:fa:12:7a:d3:5e:d9:27:
aa:e7:af:08:87:49:1c:a8:76:0f:c5:17:bb:0d:0b:
92:a9:71:c9:66:c3:34:d5:24:be:63:9b:de:d7:1f:
d8:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:D1:DF:BF:CC:1A:4C:EF:89:89:9E:BF:55:97:4D:11:71:16:B2:18
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397423.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.223.44.0/24
145.223.54.0/24
145.223.58.0/24
146.103.5.0/24
150.241.226.0/23
155.117.232.0/22
155.117.246.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:00:e1:4f:b7:1e:41:7b:41:fd:0f:cf:58:93:30:d9:eb:eb:
1a:3f:09:f3:68:88:d8:a4:a2:3f:78:ae:ee:49:9e:a0:89:cd:
bf:8a:f3:4b:5f:02:0c:d5:45:43:55:ee:8a:fd:34:a0:ac:45:
0f:7c:0d:e6:92:6d:56:5f:90:94:a9:23:30:00:9a:15:da:91:
1f:36:91:01:95:12:34:3b:2a:e2:40:4a:4a:a8:6c:02:d9:49:
59:19:6e:f0:d9:9a:d2:be:32:6e:98:92:b0:2c:76:63:6f:f3:
a5:10:31:ef:4e:ba:73:1b:d1:d3:92:34:a6:32:f0:b3:b5:7e:
47:16:f7:d4:2b:06:72:0a:a0:f8:92:64:a0:bb:02:b1:d4:1b:
ad:8a:f4:67:92:3a:03:4d:a5:0e:f3:3a:d6:6f:41:3e:4d:27:
db:8d:b2:5b:11:a2:d6:5e:b2:28:d0:3f:1c:6d:c0:a8:16:e4:
e7:25:b9:0c:41:bf:5a:99:31:9e:e5:fb:da:72:22:45:f1:f2:
dd:99:e1:92:1b:17:70:ad:25:88:a0:7f:89:87:04:7c:32:40:
a8:05:26:bd:d9:7a:48:77:24:10:a1:70:92:33:ab:a4:50:9a:
06:0b:60:68:f9:13:50:ad:7c:57:bb:ed:44:8e:4c:bc:c1:75:
91:b0:35:84
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgIUImZJ3AXspwBtpMSp7bk+4Tx2nx0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MTIxMjAxMzFaFw0yNjA1MTExMjA2MzFaMDMxMTAvBgNV
BAMTKDAxRDFERkJGQ0MxQTRDRUY4OTg5OUVCRjU1OTc0RDExNzExNkIyMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQOoytaZINoMefobKx/wbc0omn
6TQVIKzohbqnSPqj6lPl3s0DPK3Gv8zBxmQxM9LpYYo4crKckRhqwsR4oLHUw8Rh
jiyHG+Urt6tmk93CgNOxkS17CC6JPpxxMarqhUjFyajXxVvlq2Eph134syXVFpHv
SuH2sKwV0zqlUFS7zWsZuBGWwF4e/TobqWUMxoUAPC4EeY39enhEEcWtwy8w079Y
QrMzCJJtjtAWS6lXXd5ll8KuSij/JBFx9y1IY4bygGsP62rRyACqNgMbnuJX5xYt
NHhNphDE+hJ6017ZJ6rnrwiHSRyodg/FF7sNC5KpcclmwzTVJL5jm97XH9iXAgMB
AAGjggIuMIICKjAdBgNVHQ4EFgQUAdHfv8waTO+JiZ6/VZdNEXEWshgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk3NDIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAkd8s
AwQAkd82AwQAkd86AwQAkmcFAwQBlvHiAwQCm3XoAwQAm3X2MA0GCSqGSIb3DQEB
CwUAA4IBAQB/AOFPtx5Be0H9D89YkzDZ6+saPwnzaIjYpKI/eK7uSZ6gic2/ivNL
XwIM1UVDVe6K/TSgrEUPfA3mkm1WX5CUqSMwAJoV2pEfNpEBlRI0OyriQEpKqGwC
2UlZGW7w2ZrSvjJumJKwLHZjb/OlEDHvTrpzG9HTkjSmMvCztX5HFvfUKwZyCqD4
kmSguwKx1ButivRnkjoDTaUO8zrWb0E+TSfbjbJbEaLWXrIo0D8cbcCoFuTnJbkM
Qb9amTGe5fvaciJF8fLdmeGSGxdwrSWIoH+JhwR8MkCoBSa92XpIdyQQoXCSM6uk
UJoGC2Bo+RNQrXxXu+1Ejky8wXWRsDWE
-----END CERTIFICATE-----
Generated at Thu Jun 5 18:17:48 2025 by rpki-client