Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3139392e302f32342d3234203d3e20323030303838.roa
File: 38352e3233372e3139392e302f32342d3234203d3e20323030303838.roa (raw, json)
Hash identifier: T9jGmdeHc+LZBGXgmO1+maNyl9HuYm5qHlJGKSLHurc=
Subject key identifier: EC:4F:E0:9C:37:BB:58:91:EA:DF:07:73:C0:74:B6:54:27:65:5D:64
Certificate issuer: /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial: 42D5043FD3E4A9F743743C3D950CE686754C5840
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3139392e302f32342d3234203d3e20323030303838.roa
Signing time: Wed 10 Sep 2025 09:55:00 +0000
ROA not before: Wed 10 Sep 2025 09:50:00 +0000
ROA not after: Wed 09 Sep 2026 09:55:00 +0000
asID: 200088
IP address blocks: 85.237.199.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 19 Sep 2025 09:41:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:d5:04:3f:d3:e4:a9:f7:43:74:3c:3d:95:0c:e6:86:75:4c:58:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Validity
Not Before: Sep 10 09:50:00 2025 GMT
Not After : Sep 9 09:55:00 2026 GMT
Subject: CN=EC4FE09C37BB5891EADF0773C074B65427655D64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:76:fe:77:12:fe:10:53:8d:b4:c1:dd:fd:6c:
87:b5:c2:33:9c:6e:aa:d6:77:12:0b:7c:e5:04:58:
9f:10:0a:50:3c:ae:72:19:d3:25:6a:5c:dc:e1:d5:
ba:4f:07:b1:4e:41:ca:06:f6:af:0f:db:84:72:34:
20:8d:4e:70:88:64:f8:fc:99:10:86:0e:51:a7:dd:
14:07:59:f9:8e:83:79:78:11:32:99:a3:d7:dc:13:
75:05:33:63:31:32:14:d6:fd:c2:e2:11:9a:42:f3:
f1:9a:9a:a6:5a:b6:4e:0b:7a:1b:89:b9:4f:af:ee:
af:ca:c2:f5:88:5b:0d:0a:f6:bf:80:e5:69:4f:34:
97:32:20:d2:9e:0d:bc:21:63:4e:a2:ce:a8:0a:bd:
fa:fc:18:5a:30:07:4c:ea:3d:a1:db:98:43:f7:bd:
7a:c8:45:20:2a:4b:80:37:71:16:30:29:fe:03:f6:
c2:81:ee:9d:41:ed:d6:55:e7:78:89:64:99:9f:61:
c3:ef:c4:af:99:b1:30:d9:98:c2:1c:12:50:35:f6:
4f:3b:1e:f1:b8:0a:eb:66:3d:ca:24:6f:30:ac:89:
58:24:e9:c0:89:21:47:e5:6c:a7:a5:f0:5b:79:ef:
e2:ce:63:75:2e:1a:ae:19:0d:fd:da:55:ca:3b:92:
97:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:4F:E0:9C:37:BB:58:91:EA:DF:07:73:C0:74:B6:54:27:65:5D:64
X509v3 Authority Key Identifier:
keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3139392e302f32342d3234203d3e20323030303838.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.237.199.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:2e:49:ec:46:b9:5a:89:f1:ae:9c:fc:e3:bc:a8:fe:a8:97:
a6:69:5a:0c:a7:74:40:73:aa:09:3a:e4:2c:ae:d9:3e:cf:73:
46:b7:d9:37:6d:c1:39:a5:8d:f3:d2:9d:a6:38:de:36:02:16:
d4:78:a4:41:91:5f:b1:cb:98:51:c7:97:0d:8f:76:6a:a7:58:
5f:00:ba:3b:27:5c:37:5a:c3:cc:27:1f:22:c7:f8:0a:74:b1:
35:fc:b1:bb:2a:7f:1d:ce:26:35:79:70:48:a9:d5:81:55:93:
c7:12:a9:e6:e3:66:46:4c:38:98:3b:89:06:53:4a:fc:f7:ba:
36:44:41:b5:5e:5e:c3:34:ca:ad:f0:67:ef:79:c9:7e:7f:fe:
00:f1:c5:eb:d7:6e:f1:7b:66:eb:38:c0:49:dd:a9:1c:d6:a2:
54:b9:ae:c2:59:e7:56:fc:3c:41:71:83:3f:2b:5a:bc:df:0e:
b6:0a:0f:27:82:d6:cc:c1:ef:c2:fc:25:7c:dd:90:08:72:e2:
3e:45:d5:ea:88:34:f8:9e:75:33:c3:0c:16:10:f1:5b:a1:07:
be:e5:3a:87:c6:a1:a3:73:11:a5:36:a9:3e:a5:1a:27:13:f9:
f1:0f:43:c1:c5:d9:74:b9:35:59:31:19:58:95:47:fe:90:19:
23:c1:bb:69
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUQtUEP9PkqfdDdDw9lQzmhnVMWEAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MTAwOTUwMDBaFw0yNjA5MDkwOTU1MDBaMDMxMTAvBgNV
BAMTKEVDNEZFMDlDMzdCQjU4OTFFQURGMDc3M0MwNzRCNjU0Mjc2NTVENjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbdv53Ev4QU420wd39bIe1wjOc
bqrWdxILfOUEWJ8QClA8rnIZ0yVqXNzh1bpPB7FOQcoG9q8P24RyNCCNTnCIZPj8
mRCGDlGn3RQHWfmOg3l4ETKZo9fcE3UFM2MxMhTW/cLiEZpC8/GamqZatk4LehuJ
uU+v7q/KwvWIWw0K9r+A5WlPNJcyINKeDbwhY06izqgKvfr8GFowB0zqPaHbmEP3
vXrIRSAqS4A3cRYwKf4D9sKB7p1B7dZV53iJZJmfYcPvxK+ZsTDZmMIcElA19k87
HvG4CutmPcokbzCsiVgk6cCJIUflbKel8Ft57+LOY3UuGq4ZDf3aVco7kpdZAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU7E/gnDe7WJHq3wdzwHS2VCdlXWQwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMTM5
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzAzMDM4Mzgucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV7ccwDQYJKoZIhvcNAQELBQADggEBAH4uSexGuVqJ8a6c/OO8qP6ol6ZpWgyn
dEBzqgk65Cyu2T7Pc0a32TdtwTmljfPSnaY43jYCFtR4pEGRX7HLmFHHlw2Pdmqn
WF8AujsnXDdaw8wnHyLH+Ap0sTX8sbsqfx3OJjV5cEip1YFVk8cSqebjZkZMOJg7
iQZTSvz3ujZEQbVeXsM0yq3wZ+95yX5//gDxxevXbvF7Zus4wEndqRzWolS5rsJZ
51b8PEFxgz8rWrzfDrYKDyeC1szB78L8JXzdkAhy4j5F1eqINPiedTPDDBYQ8Vuh
B77lOofGoaNzEaU2qT6lGicT+fEPQ8HF2XS5NVkxGViVR/6QGSPBu2k=
-----END CERTIFICATE-----
Generated at Thu Sep 18 22:32:32 2025 by rpki-client