Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3230392e302f32342d3234203d3e20333935373933.roa
File: 3130392e3233342e3230392e302f32342d3234203d3e20333935373933.roa (raw, json)
Hash identifier: o3GE/oY8MCJAGEjtcPLWPVhOZbFRZAMmde/X42j4j+s=
Subject key identifier: 25:95:E9:DA:53:27:75:D4:5A:16:D6:7E:9E:A5:C5:70:51:65:6E:95
Certificate issuer: /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial: 410A1B10AF8C9FD93832FCC73DB7F22FAACE5B9E
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3230392e302f32342d3234203d3e20333935373933.roa
Signing time: Sun 14 Sep 2025 11:56:09 +0000
ROA not before: Sun 14 Sep 2025 11:51:09 +0000
ROA not after: Sun 13 Sep 2026 11:56:09 +0000
asID: 395793
IP address blocks: 109.234.209.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:0a:1b:10:af:8c:9f:d9:38:32:fc:c7:3d:b7:f2:2f:aa:ce:5b:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Validity
Not Before: Sep 14 11:51:09 2025 GMT
Not After : Sep 13 11:56:09 2026 GMT
Subject: CN=2595E9DA532775D45A16D67E9EA5C57051656E95
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:d1:f6:d5:6a:4c:aa:6b:f9:35:cb:9a:07:31:
c3:25:10:19:f9:88:78:b2:99:01:ac:5c:a1:c8:2e:
98:4d:62:94:32:38:d7:f7:d8:05:22:58:86:72:f9:
99:6c:f3:16:20:c7:99:a8:cc:f4:dc:4b:c3:7c:a6:
fe:00:0a:6d:b9:6f:99:ea:b6:f1:b0:2e:3a:7f:82:
5f:53:72:62:b4:04:bb:99:95:94:90:d0:af:d5:47:
30:99:4a:26:9c:e8:f4:ba:4c:a7:59:7e:f0:e3:8d:
26:cf:74:fd:98:26:e8:9e:bf:e4:d8:56:4c:9a:72:
18:fc:d1:4a:59:b2:6a:bc:cb:c7:74:5d:28:95:ca:
60:9f:90:45:24:33:6c:7d:5f:39:d7:8f:b0:74:8f:
fb:70:93:6f:b8:cd:81:54:c4:9b:4d:78:37:74:54:
65:6d:0f:16:94:3a:22:6c:ac:2d:b1:e6:92:c2:be:
dc:aa:8f:6d:ac:ab:40:88:e3:e0:ec:b8:5e:4e:2d:
77:f7:0b:ad:65:d7:eb:a5:3b:2d:69:62:ae:76:80:
42:c4:5a:d2:57:e9:e5:77:13:95:57:0c:44:d9:89:
35:a1:5d:a8:d7:10:0e:b6:8a:a8:02:b8:36:bb:2a:
7e:aa:00:bc:88:8b:85:6d:14:8a:0e:d1:0b:93:f4:
79:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:95:E9:DA:53:27:75:D4:5A:16:D6:7E:9E:A5:C5:70:51:65:6E:95
X509v3 Authority Key Identifier:
keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3230392e302f32342d3234203d3e20333935373933.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.234.209.0/24
Signature Algorithm: sha256WithRSAEncryption
8e:32:a5:a7:f3:de:3a:28:28:3f:83:b5:59:02:2d:08:f4:6d:
6a:bd:32:c8:12:9f:56:bd:7f:cd:05:73:c3:b3:0b:d9:be:9d:
40:a9:3d:cd:a2:43:9a:45:03:10:9b:7b:87:13:db:f8:5f:bb:
b4:3f:22:7b:12:6c:64:97:36:c5:80:16:f0:be:2e:76:1c:6f:
8c:a5:a1:00:bf:65:dc:ac:8e:c8:a8:fd:56:21:ce:7b:22:cd:
91:c0:49:c0:01:2b:5d:5e:2f:e0:d3:95:0d:b5:a0:83:db:c1:
9f:d4:70:2b:41:52:70:07:c1:b4:96:7d:34:52:64:03:7c:ac:
9d:81:d6:54:a8:7d:78:45:ed:c3:e8:21:31:cf:e6:54:90:d0:
99:b2:fe:4a:c6:c2:2d:8b:58:4e:83:7c:ba:e3:14:b7:98:15:
71:81:c8:d6:64:ae:4d:76:06:56:00:c5:18:c6:63:e7:4f:b1:
83:e2:cc:aa:f7:14:8a:8d:9b:7e:1b:da:4e:24:5c:f5:13:65:
a5:da:2d:9d:1a:94:4d:b2:5c:22:44:ff:40:f8:b4:06:11:e8:
2b:16:ba:f6:8e:fa:78:5b:64:cc:ae:ba:dd:17:8d:be:bf:48:
44:a3:17:6c:39:ef:c7:4b:0c:06:79:c2:1d:4e:b3:73:93:16:
77:32:d9:d5
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUQQobEK+Mn9k4MvzHPbfyL6rOW54wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTA5MTQxMTUxMDlaFw0yNjA5MTMxMTU2MDlaMDMxMTAvBgNV
BAMTKDI1OTVFOURBNTMyNzc1RDQ1QTE2RDY3RTlFQTVDNTcwNTE2NTZFOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN0fbVakyqa/k1y5oHMcMlEBn5
iHiymQGsXKHILphNYpQyONf32AUiWIZy+Zls8xYgx5mozPTcS8N8pv4ACm25b5nq
tvGwLjp/gl9TcmK0BLuZlZSQ0K/VRzCZSiac6PS6TKdZfvDjjSbPdP2YJuiev+TY
Vkyachj80UpZsmq8y8d0XSiVymCfkEUkM2x9XznXj7B0j/twk2+4zYFUxJtNeDd0
VGVtDxaUOiJsrC2x5pLCvtyqj22sq0CI4+DsuF5OLXf3C61l1+ulOy1pYq52gELE
WtJX6eV3E5VXDETZiTWhXajXEA62iqgCuDa7Kn6qALyIi4VtFIoO0QuT9HnXAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUJZXp2lMnddRaFtZ+nqXFcFFlbpUwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzMDM5MmUzMjMzMzQyZTMy
MzAzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzNTM3MzkzMy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAG3q0TANBgkqhkiG9w0BAQsFAAOCAQEAjjKlp/PeOigoP4O1WQItCPRtar0y
yBKfVr1/zQVzw7ML2b6dQKk9zaJDmkUDEJt7hxPb+F+7tD8iexJsZJc2xYAW8L4u
dhxvjKWhAL9l3KyOyKj9ViHOeyLNkcBJwAErXV4v4NOVDbWgg9vBn9RwK0FScAfB
tJZ9NFJkA3ysnYHWVKh9eEXtw+ghMc/mVJDQmbL+SsbCLYtYToN8uuMUt5gVcYHI
1mSuTXYGVgDFGMZj50+xg+LMqvcUio2bfhvaTiRc9RNlpdotnRqUTbJcIkT/QPi0
BhHoKxa69o76eFtkzK663ReNvr9IRKMXbDnvx0sMBnnCHU6zc5MWdzLZ1Q==
-----END CERTIFICATE-----
Generated at Sun Oct 19 16:05:30 2025 by rpki-client