Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e203432383331.roa
File: 38352e3230392e3232392e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier: vjpMNqLq25F9up6mT05GhHQJMJ0KbktUxvDSn9v6kBA=
Subject key identifier: 89:16:64:5F:43:6C:F4:D4:CE:8B:D6:8C:A1:D9:6E:1E:3A:BC:3D:49
Certificate issuer: /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial: 0C0352557E8DACBA233BE116CF7856DB444C48A3
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e203432383331.roa
Signing time: Mon 10 Nov 2025 01:05:16 +0000
ROA not before: Mon 10 Nov 2025 01:00:16 +0000
ROA not after: Mon 09 Nov 2026 01:05:16 +0000
asID: 42831
IP address blocks: 85.209.229.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:03:52:55:7e:8d:ac:ba:23:3b:e1:16:cf:78:56:db:44:4c:48:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Validity
Not Before: Nov 10 01:00:16 2025 GMT
Not After : Nov 9 01:05:16 2026 GMT
Subject: CN=8916645F436CF4D4CE8BD68CA1D96E1E3ABC3D49
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:ed:e3:64:e4:b5:24:bf:52:2d:e3:5f:6a:be:
19:c4:6e:78:20:3b:2c:96:0a:e9:84:8d:fe:94:29:
80:99:70:30:91:31:67:13:21:45:6c:57:aa:fd:a8:
8d:2b:39:22:54:8a:31:0f:f0:45:ee:40:d7:47:10:
96:de:59:9c:98:1b:76:86:54:33:07:13:13:83:15:
ba:84:17:48:59:4f:71:86:fd:89:6d:80:0b:86:5b:
df:07:6c:20:d2:a1:ee:87:00:b7:91:8c:f6:02:2a:
0e:72:b1:42:a4:7b:32:16:5a:9e:d3:79:b4:80:19:
40:41:cf:a7:ac:81:5c:53:40:90:e1:6c:48:ce:3f:
01:fb:85:59:cd:41:9d:c8:97:ce:fc:d6:67:41:f3:
70:cf:e0:2a:3a:45:20:9d:04:84:58:6f:2e:aa:d0:
e1:be:2a:49:8c:c9:45:7e:51:54:ff:43:32:66:5c:
d5:b0:e4:b2:cf:93:00:9d:70:a0:8e:de:26:c8:ba:
bb:28:4b:b9:71:e5:a5:c8:0f:22:b0:cf:3a:9e:04:
30:46:2e:79:24:b9:a4:b0:c3:0a:c4:19:5b:6e:eb:
4f:32:1b:ab:1f:3d:63:62:ca:04:c1:66:67:7e:6f:
21:10:d7:9b:9b:e4:ee:72:de:45:6e:70:94:c3:f8:
ef:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:16:64:5F:43:6C:F4:D4:CE:8B:D6:8C:A1:D9:6E:1E:3A:BC:3D:49
X509v3 Authority Key Identifier:
keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232392e302f32342d3234203d3e203432383331.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.229.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:da:29:7a:d1:e9:13:48:02:29:4f:4b:1f:5e:56:d9:1c:57:
43:ea:12:a9:e9:58:c7:e0:3c:f5:7b:7c:90:49:3f:e9:bb:d5:
75:45:43:7e:67:25:1a:fd:77:1d:a1:52:85:37:d7:4e:6a:0c:
78:f2:48:ea:32:ed:ab:8c:0b:3f:53:23:50:c0:f7:e6:0e:14:
03:d8:09:3e:98:54:cb:8a:ed:b5:8a:1e:82:03:30:0e:82:4e:
c8:4a:e0:0e:8a:a6:96:ed:82:4f:6c:f4:38:75:d6:cf:72:ab:
f1:4e:a9:b7:f0:76:22:47:c7:e9:96:3b:78:ec:29:89:de:1c:
8d:6e:87:e5:e6:61:05:fe:92:f3:93:54:41:15:69:b4:99:dd:
e5:6a:74:00:69:44:6e:2b:07:79:87:7c:04:68:2a:44:66:2b:
35:31:e2:37:bd:c3:c4:e1:72:7f:cf:58:27:26:c5:a0:7e:a3:
b7:a2:3a:94:b8:9d:38:a5:46:4e:e6:1b:f7:b1:8a:e2:d1:da:
ea:3f:2d:51:78:24:58:cd:21:0a:2b:95:ca:28:5e:e8:57:03:
c2:fa:0a:43:9f:eb:df:6f:f2:ad:12:65:ea:2b:43:8f:b1:44:
72:f3:31:0a:0b:38:3e:83:b3:58:70:96:1a:c1:1d:dc:2f:c7:
40:ab:b4:06
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUDANSVX6NrLojO+EWz3hW20RMSKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTExMTAwMTAwMTZaFw0yNjExMDkwMTA1MTZaMDMxMTAvBgNV
BAMTKDg5MTY2NDVGNDM2Q0Y0RDRDRThCRDY4Q0ExRDk2RTFFM0FCQzNENDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDs7eNk5LUkv1It419qvhnEbngg
OyyWCumEjf6UKYCZcDCRMWcTIUVsV6r9qI0rOSJUijEP8EXuQNdHEJbeWZyYG3aG
VDMHExODFbqEF0hZT3GG/YltgAuGW98HbCDSoe6HALeRjPYCKg5ysUKkezIWWp7T
ebSAGUBBz6esgVxTQJDhbEjOPwH7hVnNQZ3Il8781mdB83DP4Co6RSCdBIRYby6q
0OG+KkmMyUV+UVT/QzJmXNWw5LLPkwCdcKCO3ibIursoS7lx5aXIDyKwzzqeBDBG
LnkkuaSwwwrEGVtu608yG6sfPWNiygTBZmd+byEQ15ub5O5y3kVucJTD+O9zAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUiRZkX0Ns9NTOi9aModluHjq8PUkwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzgzNTJlMzIzMDM5MmUzMjMy
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMyMzgzMzMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
VdHlMA0GCSqGSIb3DQEBCwUAA4IBAQB/2il60ekTSAIpT0sfXlbZHFdD6hKp6VjH
4Dz1e3yQST/pu9V1RUN+ZyUa/XcdoVKFN9dOagx48kjqMu2rjAs/UyNQwPfmDhQD
2Ak+mFTLiu21ih6CAzAOgk7ISuAOiqaW7YJPbPQ4ddbPcqvxTqm38HYiR8fpljt4
7CmJ3hyNbofl5mEF/pLzk1RBFWm0md3lanQAaURuKwd5h3wEaCpEZis1MeI3vcPE
4XJ/z1gnJsWgfqO3ojqUuJ04pUZO5hv3sYri0drqPy1ReCRYzSEKK5XKKF7oVwPC
+gpDn+vfb/KtEmXqK0OPsURy8zEKCzg+g7NYcJYawR3cL8dAq7QG
-----END CERTIFICATE-----
Generated at Tue Nov 11 16:16:04 2025 by rpki-client