Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230362e302f32332d3233203d3e20313938313030.roa
File: 38352e3233372e3230362e302f32332d3233203d3e20313938313030.roa (raw, json)
Hash identifier: SK5pFq7D/UN1T009nq5Uk5jt71hsor05ytGxXBCHWvg=
Subject key identifier: B4:5A:FB:71:52:FA:6A:F6:48:F7:52:81:7B:66:72:AB:DC:4E:E2:36
Certificate issuer: /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial: 4AD353B7CF20B493FD04E2F5F4563369ADB53748
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230362e302f32332d3233203d3e20313938313030.roa
Signing time: Wed 10 Sep 2025 09:55:00 +0000
ROA not before: Wed 10 Sep 2025 09:50:00 +0000
ROA not after: Wed 09 Sep 2026 09:55:00 +0000
asID: 198100
IP address blocks: 85.237.206.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Sep 2025 00:06:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:d3:53:b7:cf:20:b4:93:fd:04:e2:f5:f4:56:33:69:ad:b5:37:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Validity
Not Before: Sep 10 09:50:00 2025 GMT
Not After : Sep 9 09:55:00 2026 GMT
Subject: CN=B45AFB7152FA6AF648F752817B6672ABDC4EE236
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:e9:65:17:6b:d1:b4:b7:a6:5a:45:05:bb:c6:
3a:b5:35:94:b1:cd:fd:ea:ec:cc:5a:65:4c:c1:3b:
d2:e4:3b:41:66:76:48:97:bc:96:1a:b0:53:84:ff:
0e:04:2d:5d:c1:26:00:30:15:6e:9d:ae:ee:fd:f9:
62:36:17:11:4c:3f:ba:e6:fa:18:15:4b:88:2d:11:
30:e1:3c:3a:27:ed:b4:42:9a:0f:f5:60:b4:05:2f:
e3:82:01:be:c2:4d:40:82:ad:19:25:09:2d:c6:71:
39:2d:43:33:45:11:b6:24:82:0f:d1:2b:20:01:0d:
bf:b7:eb:5c:2b:54:66:54:fb:11:ec:2e:8f:84:50:
ef:51:31:c6:74:d8:f7:d8:89:4d:85:5c:31:3d:f7:
f8:bc:89:46:0a:d2:9d:5d:4e:ed:9f:df:90:3d:23:
a6:0d:4d:c8:37:f1:67:9c:66:f6:29:aa:74:a2:4f:
1f:10:5e:ee:5e:a5:65:77:45:5e:55:ae:4d:6e:de:
07:4c:48:b7:6c:a4:ca:44:bd:47:62:30:60:db:ef:
73:83:0f:eb:f2:60:d9:7e:9d:18:e1:dc:67:6f:51:
20:1b:23:db:57:26:8b:d6:9e:54:e6:ba:0c:6e:6e:
56:82:07:4f:7d:be:2d:08:f2:9a:ce:fb:0f:6a:d9:
d8:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:5A:FB:71:52:FA:6A:F6:48:F7:52:81:7B:66:72:AB:DC:4E:E2:36
X509v3 Authority Key Identifier:
keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230362e302f32332d3233203d3e20313938313030.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.237.206.0/23
Signature Algorithm: sha256WithRSAEncryption
66:6c:ad:ed:24:10:a3:b9:b8:b4:e7:00:e0:a9:ce:b6:5c:13:
c1:91:fc:fd:d3:df:46:9d:8b:4e:d2:e4:45:55:88:85:fd:e8:
1b:6c:4c:b4:ec:c9:61:87:54:84:32:56:51:67:28:7c:21:32:
dc:d0:12:fa:49:d9:07:1b:17:5a:72:41:98:11:ca:8b:8b:c8:
ca:85:d5:9c:6a:a5:9f:6a:f4:40:57:5c:3d:59:a5:10:fb:f1:
cd:3d:16:45:a3:ea:ca:b8:23:76:7c:62:79:d1:b3:c1:0b:97:
91:7a:34:bd:2c:c5:07:f7:55:71:ef:cc:42:29:bc:d4:c2:f7:
8c:e7:9f:b2:4e:20:5f:7d:d5:d2:ee:75:86:9b:44:97:c7:0f:
21:90:3e:f4:e6:2f:8a:a9:6f:82:31:c3:6e:83:e3:e2:df:e8:
fe:53:c7:e0:f1:13:27:9d:24:56:37:ae:8c:87:61:2b:06:b2:
1b:6e:a8:48:3a:de:c5:f6:6d:1b:b5:36:cd:cb:d0:a7:1c:d5:
89:33:0c:9a:e2:06:bd:dc:84:84:dd:57:e7:38:4b:4d:1a:29:
1a:66:36:fa:97:36:1f:be:e4:e7:a5:cf:cc:3d:8a:ca:dd:13:
90:fb:71:74:68:18:94:de:60:f8:c2:db:b4:39:f6:4e:64:32:
cc:fe:fd:47
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUStNTt88gtJP9BOL19FYzaa21N0gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MTAwOTUwMDBaFw0yNjA5MDkwOTU1MDBaMDMxMTAvBgNV
BAMTKEI0NUFGQjcxNTJGQTZBRjY0OEY3NTI4MTdCNjY3MkFCREM0RUUyMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq6WUXa9G0t6ZaRQW7xjq1NZSx
zf3q7MxaZUzBO9LkO0FmdkiXvJYasFOE/w4ELV3BJgAwFW6dru79+WI2FxFMP7rm
+hgVS4gtETDhPDon7bRCmg/1YLQFL+OCAb7CTUCCrRklCS3GcTktQzNFEbYkgg/R
KyABDb+361wrVGZU+xHsLo+EUO9RMcZ02PfYiU2FXDE99/i8iUYK0p1dTu2f35A9
I6YNTcg38WecZvYpqnSiTx8QXu5epWV3RV5Vrk1u3gdMSLdspMpEvUdiMGDb73OD
D+vyYNl+nRjh3GdvUSAbI9tXJovWnlTmugxublaCB099vi0I8prO+w9q2dgvAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUtFr7cVL6avZI91KBe2Zyq9xO4jYwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzYyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzMTM5MzgzMTMwMzAucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAFV7c4wDQYJKoZIhvcNAQELBQADggEBAGZsre0kEKO5uLTnAOCpzrZcE8GR/P3T
30adi07S5EVViIX96BtsTLTsyWGHVIQyVlFnKHwhMtzQEvpJ2QcbF1pyQZgRyouL
yMqF1ZxqpZ9q9EBXXD1ZpRD78c09FkWj6sq4I3Z8YnnRs8ELl5F6NL0sxQf3VXHv
zEIpvNTC94znn7JOIF991dLudYabRJfHDyGQPvTmL4qpb4Ixw26D4+Lf6P5Tx+Dx
EyedJFY3royHYSsGshtuqEg63sX2bRu1Ns3L0Kcc1YkzDJriBr3chITdV+c4S00a
KRpmNvqXNh++5Oelz8w9isrdE5D7cXRoGJTeYPjC27Q59k5kMsz+/Uc=
-----END CERTIFICATE-----
Generated at Wed Sep 17 17:36:49 2025 by rpki-client