Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233302e302f32342d3234203d3e20323037333838.roa
File: 38352e3131372e3233302e302f32342d3234203d3e20323037333838.roa (raw, json)
Hash identifier: NLXB2mTDGa3YDb/AnnW0XQvfnA0Ouchpu/TPvnHlwaA=
Subject key identifier: 98:CE:21:68:34:FF:58:51:39:BE:A5:DD:0F:C4:88:A8:B5:05:DC:A3
Certificate issuer: /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial: 43C67BE851D056DA8418683BA881022DF96C44FA
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233302e302f32342d3234203d3e20323037333838.roa
Signing time: Fri 10 Jan 2025 14:56:32 +0000
ROA not before: Fri 10 Jan 2025 14:51:32 +0000
ROA not after: Fri 09 Jan 2026 14:56:32 +0000
asID: 207388
IP address blocks: 85.117.230.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 03 Feb 2025 00:00:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:c6:7b:e8:51:d0:56:da:84:18:68:3b:a8:81:02:2d:f9:6c:44:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Validity
Not Before: Jan 10 14:51:32 2025 GMT
Not After : Jan 9 14:56:32 2026 GMT
Subject: CN=98CE216834FF585139BEA5DD0FC488A8B505DCA3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:4c:76:38:a5:29:86:48:bc:fe:3b:42:5b:08:
2a:41:e6:b5:c0:a4:4f:44:8a:b6:a3:2a:a3:dc:f4:
b0:3f:be:78:24:80:ba:c7:a5:25:10:07:25:5a:96:
ba:62:38:89:3d:bd:c1:a2:87:88:b3:41:28:88:92:
f8:a2:ba:55:89:a8:d7:f9:d5:6f:fe:f3:55:23:f4:
83:9e:fc:3b:cf:a0:6c:85:d2:5c:47:46:6f:a8:f5:
67:90:0f:f1:b5:a2:94:61:cb:aa:61:cc:3f:2d:02:
c4:28:6b:97:61:72:d0:65:d3:4b:56:a0:43:b8:d1:
ae:0c:3e:ff:4f:e9:a1:18:7d:02:5f:fa:d8:ab:ab:
75:5f:3c:c0:12:d8:2d:23:53:bd:74:d7:bb:0c:4f:
62:a0:6f:ad:58:fc:0a:d8:9b:89:f4:5a:b3:f8:2a:
50:1c:4b:ca:2d:db:2f:7c:05:85:b0:64:0c:84:e3:
a8:6b:92:6e:7c:76:d3:9c:c7:a9:74:d9:49:1a:4c:
4f:f7:1a:06:76:39:74:7c:45:3a:b9:9d:ca:7a:cb:
86:1a:0a:ef:cb:d3:65:e2:e5:7a:ad:a7:eb:f0:ef:
76:81:05:e4:7f:ae:ff:18:69:41:3f:1d:97:39:ad:
6a:71:53:89:6b:82:a1:9e:61:b2:96:bb:7b:dc:d2:
0e:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:CE:21:68:34:FF:58:51:39:BE:A5:DD:0F:C4:88:A8:B5:05:DC:A3
X509v3 Authority Key Identifier:
keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/38352e3131372e3233302e302f32342d3234203d3e20323037333838.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.117.230.0/24
Signature Algorithm: sha256WithRSAEncryption
78:8c:7e:26:b8:73:25:fa:cc:3d:4c:7a:14:30:ae:07:16:08:
32:43:0b:61:bb:3b:a2:a5:80:a7:37:b5:ab:c6:23:0a:b5:59:
bf:6b:02:a2:a0:a3:7d:74:b4:cb:66:e9:18:18:35:3c:64:23:
e2:e3:54:5e:83:fa:f4:b4:ca:e7:f7:e9:55:65:f6:2a:1a:29:
cd:77:5a:71:03:88:84:8b:ce:4f:55:98:4f:9d:48:48:f5:ae:
c2:c8:a9:e7:dd:df:01:b8:a8:08:05:e1:4f:70:ba:b7:3d:06:
83:00:1a:a3:83:ba:b6:12:84:47:f0:74:43:72:c2:f1:77:ba:
1b:2f:23:1e:8d:6a:0c:eb:fc:de:be:41:d9:06:6f:6f:e1:65:
53:59:f1:0a:92:24:8c:8d:b7:52:54:0a:bb:77:b9:b8:74:d7:
f9:a1:9f:41:ec:4e:8e:4c:39:d8:51:65:d8:d7:b1:04:be:bd:
fb:5a:14:55:2e:65:2a:7e:32:ad:3b:c4:25:eb:b3:c5:ce:f8:
ef:c6:6a:e0:57:d2:ae:2a:37:6a:03:63:6b:36:7b:df:19:70:
19:79:0b:36:b6:1f:42:b3:0d:ec:3b:c3:f0:41:ae:0c:84:4b:
2e:c1:89:b6:83:93:73:c9:98:85:67:5f:56:04:07:9a:53:61:
23:f4:90:79
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUQ8Z76FHQVtqEGGg7qIECLflsRPowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNTAxMTAxNDUxMzJaFw0yNjAxMDkxNDU2MzJaMDMxMTAvBgNV
BAMTKDk4Q0UyMTY4MzRGRjU4NTEzOUJFQTVERDBGQzQ4OEE4QjUwNURDQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPTHY4pSmGSLz+O0JbCCpB5rXA
pE9EirajKqPc9LA/vngkgLrHpSUQByValrpiOIk9vcGih4izQSiIkviiulWJqNf5
1W/+81Uj9IOe/DvPoGyF0lxHRm+o9WeQD/G1opRhy6phzD8tAsQoa5dhctBl00tW
oEO40a4MPv9P6aEYfQJf+tirq3VfPMAS2C0jU71017sMT2Kgb61Y/ArYm4n0WrP4
KlAcS8ot2y98BYWwZAyE46hrkm58dtOcx6l02UkaTE/3GgZ2OXR8RTq5ncp6y4Ya
Cu/L02Xi5Xqtp+vw73aBBeR/rv8YaUE/HZc5rWpxU4lrgqGeYbKWu3vc0g5vAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUmM4haDT/WFE5vqXdD8SIqLUF3KMwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzgzNTJlMzEzMTM3MmUzMjMz
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzczMzM4Mzgucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABVdeYwDQYJKoZIhvcNAQELBQADggEBAHiMfia4cyX6zD1MehQwrgcWCDJDC2G7
O6KlgKc3tavGIwq1Wb9rAqKgo310tMtm6RgYNTxkI+LjVF6D+vS0yuf36VVl9ioa
Kc13WnEDiISLzk9VmE+dSEj1rsLIqefd3wG4qAgF4U9wurc9BoMAGqODurYShEfw
dENywvF3uhsvIx6Nagzr/N6+QdkGb2/hZVNZ8QqSJIyNt1JUCrt3ubh01/mhn0Hs
To5MOdhRZdjXsQS+vftaFFUuZSp+Mq07xCXrs8XO+O/GauBX0q4qN2oDY2s2e98Z
cBl5Cza2H0KzDew7w/BBrgyESy7BibaDk3PJmIVnX1YEB5pTYSP0kHk=
-----END CERTIFICATE-----
Generated at Sun Feb 2 08:52:58 2025 by rpki-client