Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3320.roa
File: AS3320.roa (raw, json)
Hash identifier: lDGZ/RwDFvuccrkepHBG/jM8U8QjcoGx7ML7gGUejoU=
Subject key identifier: 54:2D:43:25:64:F1:35:C2:F0:98:B6:2D:E7:42:FC:27:16:81:55:E1
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 304A4C97063C705C524FB301903669B2DBE29A01
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3320.roa
Signing time: Thu 30 Jan 2025 22:53:26 +0000
ROA not before: Thu 30 Jan 2025 22:48:26 +0000
ROA not after: Thu 29 Jan 2026 22:53:26 +0000
asID: 3320
IP address blocks: 82.21.57.0/24 maxlen: 24
82.21.69.0/24 maxlen: 24
82.21.75.0/24 maxlen: 24
82.21.153.0/24 maxlen: 24
82.21.184.0/24 maxlen: 24
82.22.161.0/24 maxlen: 24
82.22.187.0/24 maxlen: 24
82.22.191.0/24 maxlen: 24
82.22.194.0/24 maxlen: 24
82.23.168.0/24 maxlen: 24
82.23.197.0/24 maxlen: 24
82.24.52.0/24 maxlen: 24
82.24.190.0/24 maxlen: 24
82.25.197.0/24 maxlen: 24
82.25.202.0/24 maxlen: 24
82.26.111.0/24 maxlen: 24
82.26.123.0/24 maxlen: 24
82.26.197.0/24 maxlen: 24
82.27.10.0/24 maxlen: 24
82.29.23.0/24 maxlen: 24
82.29.29.0/24 maxlen: 24
82.29.36.0/24 maxlen: 24
82.29.39.0/24 maxlen: 24
82.29.45.0/24 maxlen: 24
82.29.49.0/24 maxlen: 24
82.29.51.0/24 maxlen: 24
82.29.65.0/24 maxlen: 24
82.29.70.0/24 maxlen: 24
82.29.73.0/24 maxlen: 24
82.29.76.0/24 maxlen: 24
82.29.79.0/24 maxlen: 24
82.29.120.0/24 maxlen: 24
82.29.121.0/24 maxlen: 24
2a13:9500:2::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:4a:4c:97:06:3c:70:5c:52:4f:b3:01:90:36:69:b2:db:e2:9a:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Jan 30 22:48:26 2025 GMT
Not After : Jan 29 22:53:26 2026 GMT
Subject: CN=542D432564F135C2F098B62DE742FC27168155E1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:cc:c9:35:92:dd:84:03:5c:02:fb:bf:f5:3c:
3d:4d:19:38:a4:56:08:05:0f:6e:d0:0b:e8:c8:ec:
95:bf:8b:73:86:af:07:39:54:44:da:8d:3a:2d:90:
a5:94:6d:88:15:9b:4d:b2:16:19:29:f6:57:e0:09:
b1:66:a3:e2:c4:8b:71:8f:e7:4f:22:39:ed:4a:f8:
38:76:7e:33:fe:1f:14:47:9b:e1:b1:4e:44:6e:94:
7d:f7:e0:45:62:2b:a1:2e:c5:7c:e7:fc:a6:bd:e4:
27:3d:af:02:a8:c7:d1:ad:b3:a0:a3:4d:95:b6:cd:
66:ac:f1:e3:cb:e0:4b:36:81:9a:77:c0:4d:aa:0e:
a0:00:28:ed:40:80:91:76:56:6b:07:ca:a9:8b:fe:
e2:f1:27:23:7c:87:2f:98:bd:ca:4e:4f:36:07:51:
49:cd:44:39:7c:19:40:71:3f:f4:7d:c4:92:27:10:
2c:2c:ae:9b:99:6c:97:68:cc:4e:4a:4e:9b:50:9b:
ef:3a:06:3f:be:d1:05:93:11:b0:61:6a:a4:eb:c3:
bf:bb:2b:e9:1f:26:32:9d:3c:d3:f6:d2:95:91:39:
19:ca:1b:b9:21:55:bf:14:70:86:a5:f3:33:a6:03:
b1:40:39:86:3a:35:00:61:52:8e:36:90:e4:2a:ba:
b6:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:2D:43:25:64:F1:35:C2:F0:98:B6:2D:E7:42:FC:27:16:81:55:E1
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3320.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.57.0/24
82.21.69.0/24
82.21.75.0/24
82.21.153.0/24
82.21.184.0/24
82.22.161.0/24
82.22.187.0/24
82.22.191.0/24
82.22.194.0/24
82.23.168.0/24
82.23.197.0/24
82.24.52.0/24
82.24.190.0/24
82.25.197.0/24
82.25.202.0/24
82.26.111.0/24
82.26.123.0/24
82.26.197.0/24
82.27.10.0/24
82.29.23.0/24
82.29.29.0/24
82.29.36.0/24
82.29.39.0/24
82.29.45.0/24
82.29.49.0/24
82.29.51.0/24
82.29.65.0/24
82.29.70.0/24
82.29.73.0/24
82.29.76.0/24
82.29.79.0/24
82.29.120.0/23
IPv6:
2a13:9500:2::/48
Signature Algorithm: sha256WithRSAEncryption
7d:fb:54:b6:0a:91:69:c2:3a:6c:a3:eb:5d:d2:3a:e5:e0:9f:
70:e8:cd:0b:fa:8b:a1:57:c8:65:ce:2d:69:bc:25:5b:ea:1b:
27:dd:31:e7:a2:57:09:e3:36:f6:2e:9f:29:2c:27:a2:e4:35:
4c:cc:3b:cb:d2:d5:e9:f2:12:15:78:1d:17:e6:b8:d7:da:9d:
0d:bf:3f:bb:5d:49:67:68:0b:5a:36:f4:5b:eb:5c:48:4f:c8:
f2:ed:41:69:4d:35:1f:1e:cb:82:88:4a:b5:9e:55:03:d9:24:
94:a8:8c:b4:c6:06:ca:f1:24:7b:66:a3:8f:d6:be:11:c4:4a:
8c:9e:5a:78:2c:16:b9:3f:6d:7b:63:48:5a:22:5f:6c:af:8c:
c2:3f:40:83:91:f1:ed:20:7f:09:57:fe:82:a4:eb:a9:bb:d0:
4d:cd:ba:8d:3f:03:a5:3b:21:6a:03:95:f8:84:25:07:98:35:
4f:ee:d5:96:58:f0:72:06:aa:df:fc:b0:21:91:48:28:20:7e:
50:e6:e3:51:7d:88:9f:b6:57:ac:ac:4e:f2:33:bd:d9:e2:fd:
dd:ad:08:bb:55:f5:2b:8d:cb:20:dc:60:ce:e8:07:8a:c2:6b:
68:16:e1:60:0c:a1:40:80:22:07:5a:ca:c5:f0:45:3a:f5:45:
12:8e:9a:c4
-----BEGIN CERTIFICATE-----
MIIFzjCCBLagAwIBAgIUMEpMlwY8cFxST7MBkDZpstvimgEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMzAyMjQ4MjZaFw0yNjAxMjkyMjUzMjZaMDMxMTAvBgNV
BAMTKDU0MkQ0MzI1NjRGMTM1QzJGMDk4QjYyREU3NDJGQzI3MTY4MTU1RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAzMk1kt2EA1wC+7/1PD1NGTik
VggFD27QC+jI7JW/i3OGrwc5VETajTotkKWUbYgVm02yFhkp9lfgCbFmo+LEi3GP
508iOe1K+Dh2fjP+HxRHm+GxTkRulH334EViK6EuxXzn/Ka95Cc9rwKox9Gts6Cj
TZW2zWas8ePL4Es2gZp3wE2qDqAAKO1AgJF2VmsHyqmL/uLxJyN8hy+YvcpOTzYH
UUnNRDl8GUBxP/R9xJInECwsrpuZbJdozE5KTptQm+86Bj++0QWTEbBhaqTrw7+7
K+kfJjKdPNP20pWRORnKG7khVb8UcIal8zOmA7FAOYY6NQBhUo42kOQqurYBAgMB
AAGjggLYMIIC1DAdBgNVHQ4EFgQUVC1DJWTxNcLwmLYt50L8JxaBVeEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzMyMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCB7gYIKwYBBQUHAQcBAf8Egd4wgdswgccEAgABMIHAAwQA
UhU5AwQAUhVFAwQAUhVLAwQAUhWZAwQAUhW4AwQAUhahAwQAUha7AwQAUha/AwQA
UhbCAwQAUheoAwQAUhfFAwQAUhg0AwQAUhi+AwQAUhnFAwQAUhnKAwQAUhpvAwQA
Uhp7AwQAUhrFAwQAUhsKAwQAUh0XAwQAUh0dAwQAUh0kAwQAUh0nAwQAUh0tAwQA
Uh0xAwQAUh0zAwQAUh1BAwQAUh1GAwQAUh1JAwQAUh1MAwQAUh1PAwQBUh14MA8E
AgACMAkDBwAqE5UAAAIwDQYJKoZIhvcNAQELBQADggEBAH37VLYKkWnCOmyj613S
OuXgn3DozQv6i6FXyGXOLWm8JVvqGyfdMeeiVwnjNvYunyksJ6LkNUzMO8vS1eny
EhV4HRfmuNfanQ2/P7tdSWdoC1o29FvrXEhPyPLtQWlNNR8ey4KISrWeVQPZJJSo
jLTGBsrxJHtmo4/WvhHESoyeWngsFrk/bXtjSFoiX2yvjMI/QIOR8e0gfwlX/oKk
66m70E3Nuo0/A6U7IWoDlfiEJQeYNU/u1ZZY8HIGqt/8sCGRSCggflDm41F9iJ+2
V6ysTvIzvdni/d2tCLtV9SuNyyDcYM7oB4rCa2gW4WAMoUCAIgdaysXwRTr1RRKO
msQ=
-----END CERTIFICATE-----
Generated at Sun Feb 2 10:09:37 2025 by rpki-client