Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231332e302f32342d3234203d3e20323131333733.roa
File: 38352e3233372e3231332e302f32342d3234203d3e20323131333733.roa (raw, json)
Hash identifier: EfkRqRcyqfb47Po7cSiQc7wbaUn8wF7Ony7LF+aYnYw=
Subject key identifier: 66:10:F9:1E:44:71:34:BF:24:C6:5A:E5:CA:66:02:D5:78:36:56:58
Certificate issuer: /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial: 7BA5E72C57D5CC7BD17AEC12A7C42526FF18D268
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231332e302f32342d3234203d3e20323131333733.roa
Signing time: Wed 10 Sep 2025 09:55:01 +0000
ROA not before: Wed 10 Sep 2025 09:50:01 +0000
ROA not after: Wed 09 Sep 2026 09:55:01 +0000
asID: 211373
IP address blocks: 85.237.213.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 16 Sep 2025 10:03:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7b:a5:e7:2c:57:d5:cc:7b:d1:7a:ec:12:a7:c4:25:26:ff:18:d2:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Validity
Not Before: Sep 10 09:50:01 2025 GMT
Not After : Sep 9 09:55:01 2026 GMT
Subject: CN=6610F91E447134BF24C65AE5CA6602D578365658
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:47:5a:71:bd:cc:77:1b:9e:5c:37:b0:24:bd:
b6:67:26:41:e9:b9:e7:3b:18:b0:9a:cd:39:ad:50:
4c:e0:98:12:7f:c3:8a:1f:b0:51:8b:0e:5f:72:fd:
a1:db:a3:ef:e9:6f:cc:9a:2b:5a:cb:87:fc:ac:07:
60:f9:86:25:9b:fb:7d:4e:53:a4:e6:a2:00:15:1f:
17:b9:7c:37:31:18:d6:48:cb:7a:d5:2d:94:7a:56:
58:7f:15:3c:b1:5d:e0:b8:14:2f:bf:55:dc:75:32:
d2:59:55:39:50:37:bc:38:98:e1:39:f4:5d:12:6d:
0e:3a:bd:2a:51:36:0a:82:c7:9d:70:bb:03:f7:11:
ef:48:f5:26:83:13:00:9a:2e:9f:48:09:a0:71:05:
1f:d5:5a:57:72:7e:66:41:ce:da:23:d1:a0:af:fe:
65:2b:72:5c:b5:ed:11:cf:e6:8b:72:84:25:a9:40:
0d:95:55:18:df:5a:83:24:5c:b4:a3:04:14:e4:bc:
9f:05:b4:98:2e:25:97:de:d2:c9:40:7c:9a:dd:3b:
39:6c:1a:e7:f0:b4:c5:10:ce:4d:e8:4b:bb:19:38:
78:8d:10:ca:5f:aa:3c:c1:33:c2:69:3d:e8:07:55:
0b:1f:4f:fe:ed:12:44:8b:0d:d2:3f:ec:47:67:8c:
eb:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:10:F9:1E:44:71:34:BF:24:C6:5A:E5:CA:66:02:D5:78:36:56:58
X509v3 Authority Key Identifier:
keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3231332e302f32342d3234203d3e20323131333733.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.237.213.0/24
Signature Algorithm: sha256WithRSAEncryption
73:42:7e:a3:1c:19:ac:80:0b:31:36:e8:d3:4b:8f:7d:cd:16:
ce:77:47:fb:2d:d2:18:65:a1:0f:1d:e4:a1:52:7c:ef:23:d0:
d1:33:99:fe:b5:f8:55:a3:d3:66:50:8b:8f:af:aa:ca:ca:62:
25:d7:6f:cc:0a:a1:24:a8:fa:6b:78:41:ef:4c:1f:a0:04:35:
aa:0a:e6:ff:90:02:ed:a5:76:36:10:d1:db:30:39:86:59:87:
dd:ec:61:3d:26:f2:fd:ef:ca:da:91:1a:ce:72:52:99:8e:da:
b1:08:b1:c9:a1:02:6c:89:6c:95:a2:d7:07:12:ad:7e:70:1e:
82:35:20:1e:2a:02:8e:a3:56:8b:55:44:90:f8:8a:c4:98:5a:
6c:1b:be:f1:f9:0f:49:5c:84:76:04:0e:51:68:f3:1e:11:3c:
f4:35:2b:d8:79:4b:24:aa:d6:36:29:e8:ac:58:2d:e4:12:00:
e0:2c:11:a0:94:e1:68:82:46:f1:dc:f1:aa:56:2d:b8:2e:d8:
15:33:16:aa:93:6a:8c:14:8c:34:bf:f4:fc:2b:f0:19:f0:9c:
27:e2:f0:32:3f:32:47:7d:2c:78:f5:39:d9:cb:98:d4:29:0b:
52:f5:85:ec:f9:ff:ed:cb:aa:48:ad:6a:67:b4:98:02:20:9a:
b1:d7:ce:f6
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUe6XnLFfVzHvReuwSp8QlJv8Y0mgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTA5MTAwOTUwMDFaFw0yNjA5MDkwOTU1MDFaMDMxMTAvBgNV
BAMTKDY2MTBGOTFFNDQ3MTM0QkYyNEM2NUFFNUNBNjYwMkQ1NzgzNjU2NTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIR1pxvcx3G55cN7AkvbZnJkHp
uec7GLCazTmtUEzgmBJ/w4ofsFGLDl9y/aHbo+/pb8yaK1rLh/ysB2D5hiWb+31O
U6TmogAVHxe5fDcxGNZIy3rVLZR6Vlh/FTyxXeC4FC+/Vdx1MtJZVTlQN7w4mOE5
9F0SbQ46vSpRNgqCx51wuwP3Ee9I9SaDEwCaLp9ICaBxBR/VWldyfmZBztoj0aCv
/mUrcly17RHP5otyhCWpQA2VVRjfWoMkXLSjBBTkvJ8FtJguJZfe0slAfJrdOzls
GufwtMUQzk3oS7sZOHiNEMpfqjzBM8JpPegHVQsfT/7tEkSLDdI/7EdnjOvtAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUZhD5HkRxNL8kxlrlymYC1Xg2VlgwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMx
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzEzMzM3MzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV7dUwDQYJKoZIhvcNAQELBQADggEBAHNCfqMcGayACzE26NNLj33NFs53R/st
0hhloQ8d5KFSfO8j0NEzmf61+FWj02ZQi4+vqsrKYiXXb8wKoSSo+mt4Qe9MH6AE
NaoK5v+QAu2ldjYQ0dswOYZZh93sYT0m8v3vytqRGs5yUpmO2rEIscmhAmyJbJWi
1wcSrX5wHoI1IB4qAo6jVotVRJD4isSYWmwbvvH5D0lchHYEDlFo8x4RPPQ1K9h5
SySq1jYp6KxYLeQSAOAsEaCU4WiCRvHc8apWLbgu2BUzFqqTaowUjDS/9Pwr8Bnw
nCfi8DI/Mkd9LHj1OdnLmNQpC1L1hez5/+3Lqkitame0mAIgmrHXzvY=
-----END CERTIFICATE-----
Generated at Mon Sep 15 21:07:21 2025 by rpki-client