Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130643a6163303a3a2f32392d3239203d3e203432363839.roa
File: 326130643a6163303a3a2f32392d3239203d3e203432363839.roa (raw, json)
Hash identifier: NIHIdpsycw7XXcLDP2mNeSGh+DiJV+LyBdPeUXVzgzE=
Subject key identifier: 8F:F3:4F:0F:8D:E6:13:CB:2E:B1:2E:9F:28:8B:07:F6:94:C6:FB:B1
Certificate issuer: /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial: 737A9EDA21FF74EDE6F7EFDE03725915557402E5
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130643a6163303a3a2f32392d3239203d3e203432363839.roa
Signing time: Tue 18 Feb 2025 11:21:32 +0000
ROA not before: Tue 18 Feb 2025 11:16:32 +0000
ROA not after: Tue 17 Feb 2026 11:21:32 +0000
asID: 42689
IP address blocks: 2a0d:ac0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 09 Apr 2025 22:00:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
73:7a:9e:da:21:ff:74:ed:e6:f7:ef:de:03:72:59:15:55:74:02:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Validity
Not Before: Feb 18 11:16:32 2025 GMT
Not After : Feb 17 11:21:32 2026 GMT
Subject: CN=8FF34F0F8DE613CB2EB12E9F288B07F694C6FBB1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:8e:14:57:b8:c9:b7:b9:36:ea:53:6f:9e:85:
fd:7e:86:b4:9a:fb:f0:74:44:2e:f2:b4:92:0d:75:
46:ed:63:9e:ec:45:7a:bd:ae:2e:7c:9e:2a:df:a3:
77:f1:bb:c6:d0:35:65:d3:ad:84:06:26:2d:69:fc:
39:1d:17:df:cf:7e:83:4e:f8:18:a8:59:c6:07:60:
f3:e4:de:38:b1:d2:a9:5a:a6:2f:71:ce:19:3f:39:
a5:cc:93:1e:f9:c9:fe:2f:17:48:c7:03:e9:7d:78:
63:bc:0e:a6:90:2b:e0:e2:80:48:a0:03:8f:b0:7f:
2b:9d:60:4d:30:56:f5:1d:fa:33:b7:f4:4a:84:b3:
ed:a3:63:af:d4:f7:15:63:6c:1a:1d:d6:53:f0:3c:
86:b7:7a:84:b3:14:47:0f:4c:5b:ae:33:99:d0:e1:
c4:9b:47:34:b0:1e:81:72:85:ce:3d:13:a7:8e:e0:
f7:5b:7a:40:8a:bd:92:00:ca:3c:20:53:aa:78:b3:
78:f0:9e:a0:14:e2:43:4a:19:8a:fa:fe:59:ad:1f:
d3:0a:90:a4:ea:e0:89:77:6c:bb:6f:6a:1a:05:87:
5f:96:c3:a1:7b:04:a3:76:e5:54:f0:31:2a:5c:b8:
62:0d:c9:51:7b:88:bd:a6:b5:dd:fa:96:ff:9f:3e:
8d:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:F3:4F:0F:8D:E6:13:CB:2E:B1:2E:9F:28:8B:07:F6:94:C6:FB:B1
X509v3 Authority Key Identifier:
keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/326130643a6163303a3a2f32392d3239203d3e203432363839.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:ac0::/29
Signature Algorithm: sha256WithRSAEncryption
64:22:13:a2:c3:07:32:00:fc:58:c5:e1:7c:d7:3c:ea:fb:a7:
8b:1d:37:19:04:f5:91:63:31:d9:67:de:02:eb:9d:9e:cc:20:
7e:92:9f:2d:32:a0:fd:42:a6:77:0b:e6:dc:60:c2:6c:61:11:
03:b5:c5:ba:e3:f3:f3:a2:c2:17:b4:24:67:87:4b:3c:44:8e:
85:9a:8d:d8:40:66:54:b6:aa:84:7c:53:89:94:5d:67:31:bc:
9f:16:1d:b2:01:cc:8e:49:6b:d5:19:68:98:cc:82:17:4c:29:
2d:37:2f:10:89:6d:40:b0:77:5d:92:7c:bf:94:d6:06:56:69:
2a:e7:4e:d3:dc:af:68:2d:df:4c:b6:27:f7:1a:77:d6:52:44:
19:06:83:19:33:f8:1e:f6:15:00:2e:ce:ac:c5:7d:c6:4d:4d:
e3:05:92:64:c9:3a:7d:41:e9:f5:d4:9b:22:8f:01:64:a5:8d:
a6:59:04:cc:58:a2:10:fa:a7:65:91:56:cd:f6:6f:e4:c0:79:
34:0f:70:8c:9d:3f:0d:b9:34:b8:1e:3f:dc:7e:ea:cc:fb:e3:
95:2f:74:19:f7:3b:53:fc:fe:cb:e0:4c:34:b1:d9:e3:43:09:
f7:3b:96:9f:51:47:9a:ae:49:7e:c6:45:85:02:11:11:27:0b:
67:f6:87:2e
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUc3qe2iH/dO3m9+/eA3JZFVV0AuUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNTAyMTgxMTE2MzJaFw0yNjAyMTcxMTIxMzJaMDMxMTAvBgNV
BAMTKDhGRjM0RjBGOERFNjEzQ0IyRUIxMkU5RjI4OEIwN0Y2OTRDNkZCQjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0jhRXuMm3uTbqU2+ehf1+hrSa
+/B0RC7ytJINdUbtY57sRXq9ri58nirfo3fxu8bQNWXTrYQGJi1p/DkdF9/PfoNO
+BioWcYHYPPk3jix0qlapi9xzhk/OaXMkx75yf4vF0jHA+l9eGO8DqaQK+DigEig
A4+wfyudYE0wVvUd+jO39EqEs+2jY6/U9xVjbBod1lPwPIa3eoSzFEcPTFuuM5nQ
4cSbRzSwHoFyhc49E6eO4PdbekCKvZIAyjwgU6p4s3jwnqAU4kNKGYr6/lmtH9MK
kKTq4Il3bLtvahoFh1+Ww6F7BKN25VTwMSpcuGINyVF7iL2mtd36lv+fPo0lAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUj/NPD43mE8susS6fKIsH9pTG+7EwHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzI2MTMwNjQzYTYxNjMzMDNh
M2EyZjMyMzkyZDMyMzkyMDNkM2UyMDM0MzIzNjM4Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqDQrA
MA0GCSqGSIb3DQEBCwUAA4IBAQBkIhOiwwcyAPxYxeF81zzq+6eLHTcZBPWRYzHZ
Z94C652ezCB+kp8tMqD9QqZ3C+bcYMJsYREDtcW64/PzosIXtCRnh0s8RI6Fmo3Y
QGZUtqqEfFOJlF1nMbyfFh2yAcyOSWvVGWiYzIIXTCktNy8QiW1AsHddkny/lNYG
Vmkq507T3K9oLd9Mtif3GnfWUkQZBoMZM/ge9hUALs6sxX3GTU3jBZJkyTp9Qen1
1JsijwFkpY2mWQTMWKIQ+qdlkVbN9m/kwHk0D3CMnT8NuTS4Hj/cfurM++OVL3QZ
9ztT/P7L4Ew0sdnjQwn3O5afUUearkl+xkWFAhERJwtn9ocu
-----END CERTIFICATE-----
Generated at Wed Apr 9 03:01:59 2025 by rpki-client