Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS0.roa
File: AS0.roa (raw, json)
Hash identifier: GACD5wm/0t+VGtRlFY0+yL/BfkqumDu24Osz4yBKAbY=
Subject key identifier: 77:EC:E0:28:17:4A:59:0A:36:5C:F5:BB:61:61:E7:AF:EB:C7:A7:A1
Certificate issuer: /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial: 6F32CB88A6F7A4F5DB193389EBF849704B3B8440
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS0.roa
Signing time: Thu 27 Mar 2025 03:48:10 +0000
ROA not before: Thu 27 Mar 2025 03:43:10 +0000
ROA not after: Thu 26 Mar 2026 03:48:10 +0000
asID: 0
IP address blocks: 2a0f:85c1:295::/48 maxlen: 48
2a0f:85c1:340::/48 maxlen: 48
2a0f:85c1:343::/48 maxlen: 48
2a0f:85c1:354::/48 maxlen: 48
2a0f:85c1:35a::/48 maxlen: 48
2a0f:85c1:362::/48 maxlen: 48
2a0f:85c1:396::/48 maxlen: 48
2a0f:85c1:399::/48 maxlen: 48
2a0f:85c1:39a::/48 maxlen: 48
2a0f:85c1:3a0::/48 maxlen: 48
2a0f:85c1:3a7::/48 maxlen: 48
2a0f:85c1:3b2::/48 maxlen: 48
2a0f:85c1:3bb::/48 maxlen: 48
2a0f:85c1:3c8::/48 maxlen: 48
2a0f:85c1:3d0::/48 maxlen: 48
2a0f:85c1:3f3::/48 maxlen: 48
2a0f:85c1:834::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 13:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6f:32:cb:88:a6:f7:a4:f5:db:19:33:89:eb:f8:49:70:4b:3b:84:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Validity
Not Before: Mar 27 03:43:10 2025 GMT
Not After : Mar 26 03:48:10 2026 GMT
Subject: CN=77ECE028174A590A365CF5BB6161E7AFEBC7A7A1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:f0:8b:ef:88:2a:d7:9d:25:55:04:ac:8f:8c:
1d:72:2b:ff:84:11:c1:80:13:de:70:fa:af:41:68:
09:1e:5d:9e:12:b1:fe:0c:69:a6:94:bd:9d:67:0e:
82:c3:9b:52:9c:6b:e5:60:f4:4e:06:fe:d9:2a:69:
0b:6a:e9:d8:80:54:07:61:48:30:82:ef:25:c0:4e:
f3:54:b2:97:ab:5c:5a:ce:ca:a2:b5:1f:8c:eb:49:
bb:f9:65:70:dc:77:c5:be:39:eb:99:7f:53:ee:29:
74:a7:3f:90:65:da:68:5b:0c:68:e0:53:26:3c:e9:
28:2b:f9:af:b4:77:48:49:eb:fe:d1:50:8c:d4:8b:
36:ab:8e:b4:11:25:ce:32:ae:3c:20:c4:d6:5e:82:
6d:a8:27:d6:b5:20:c2:88:a1:1b:9c:16:1e:94:b4:
df:ca:7a:ed:f2:c1:9c:2a:20:8a:07:ca:6b:81:2a:
af:c9:3b:1e:15:6f:e6:a6:5a:1d:4a:0d:6b:26:fe:
c8:e2:c7:ab:2f:38:f7:28:53:dc:7a:37:d0:0c:3f:
65:a1:5d:ae:7a:02:89:ee:13:5b:17:0e:b9:32:8b:
f3:be:7c:d1:f3:a7:f9:05:c6:03:11:dd:f4:f6:ba:
42:5a:15:3c:e5:b8:d2:7c:3b:b3:02:bb:aa:49:c8:
77:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:EC:E0:28:17:4A:59:0A:36:5C:F5:BB:61:61:E7:AF:EB:C7:A7:A1
X509v3 Authority Key Identifier:
keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS0.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:85c1:295::/48
2a0f:85c1:340::/48
2a0f:85c1:343::/48
2a0f:85c1:354::/48
2a0f:85c1:35a::/48
2a0f:85c1:362::/48
2a0f:85c1:396::/48
2a0f:85c1:399::-2a0f:85c1:39a:ffff:ffff:ffff:ffff:ffff
2a0f:85c1:3a0::/48
2a0f:85c1:3a7::/48
2a0f:85c1:3b2::/48
2a0f:85c1:3bb::/48
2a0f:85c1:3c8::/48
2a0f:85c1:3d0::/48
2a0f:85c1:3f3::/48
2a0f:85c1:834::/48
Signature Algorithm: sha256WithRSAEncryption
e2:b4:ed:99:44:5c:0f:bf:30:15:bc:02:6c:c6:cf:1b:65:84:
63:39:46:d5:1c:84:97:6f:15:23:57:a2:ab:1b:1a:c1:43:11:
79:52:90:41:f5:2b:23:5f:4d:29:0b:13:04:f1:e2:69:dd:33:
c3:91:a7:e5:b9:80:cb:42:4c:eb:a1:c7:70:47:22:7c:de:63:
3b:1e:a3:dd:23:af:df:17:e3:5e:73:ba:30:d1:9c:2f:b8:4d:
0f:91:7d:6c:c9:d0:9f:a3:8d:71:53:c2:f8:2e:92:b5:8c:00:
55:d4:48:9f:0d:b3:60:12:37:5a:df:f9:73:61:d9:90:b1:cb:
01:be:35:27:a1:54:e8:c7:04:83:6a:ee:55:69:5e:ab:a2:5b:
00:af:0e:02:42:ac:08:74:ff:27:91:ae:29:b0:ce:bb:2b:24:
4a:67:08:5f:eb:56:28:14:26:42:08:26:42:4e:32:5b:c6:c3:
74:cf:b9:96:25:79:d6:aa:3a:75:01:1f:a8:3b:23:11:b9:6d:
0a:87:73:b0:e9:31:b5:22:bf:22:5a:a7:ce:86:fd:d2:79:87:
09:a6:13:f5:e6:4a:71:8b:a4:9a:6f:bf:82:23:23:c7:dd:b8:
bb:45:c4:8f:61:02:c9:ad:f7:8d:31:ae:ab:7d:74:21:76:56:
4c:6d:2c:6a
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgIUbzLLiKb3pPXbGTOJ6/hJcEs7hEAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAzMjcwMzQzMTBaFw0yNjAzMjYwMzQ4MTBaMDMxMTAvBgNV
BAMTKDc3RUNFMDI4MTc0QTU5MEEzNjVDRjVCQjYxNjFFN0FGRUJDN0E3QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX8IvviCrXnSVVBKyPjB1yK/+E
EcGAE95w+q9BaAkeXZ4Ssf4MaaaUvZ1nDoLDm1Kca+Vg9E4G/tkqaQtq6diAVAdh
SDCC7yXATvNUsperXFrOyqK1H4zrSbv5ZXDcd8W+OeuZf1PuKXSnP5Bl2mhbDGjg
UyY86Sgr+a+0d0hJ6/7RUIzUizarjrQRJc4yrjwgxNZegm2oJ9a1IMKIoRucFh6U
tN/Keu3ywZwqIIoHymuBKq/JOx4Vb+amWh1KDWsm/sjix6svOPcoU9x6N9AMP2Wh
Xa56AonuE1sXDrkyi/O+fNHzp/kFxgMR3fT2ukJaFTzluNJ8O7MCu6pJyHcFAgMB
AAGjggKfMIICmzAdBgNVHQ4EFgQUd+zgKBdKWQo2XPW7YWHnr+vHp6EwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwdgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjCBuAYIKwYBBQUHAQcBAf8EgagwgaUwgaIEAgACMIGbAwcAKg+F
wQKVAwcAKg+FwQNAAwcAKg+FwQNDAwcAKg+FwQNUAwcAKg+FwQNaAwcAKg+FwQNi
AwcAKg+FwQOWMBIDBwAqD4XBA5kDBwAqD4XBA5oDBwAqD4XBA6ADBwAqD4XBA6cD
BwAqD4XBA7IDBwAqD4XBA7sDBwAqD4XBA8gDBwAqD4XBA9ADBwAqD4XBA/MDBwAq
D4XBCDQwDQYJKoZIhvcNAQELBQADggEBAOK07ZlEXA+/MBW8AmzGzxtlhGM5RtUc
hJdvFSNXoqsbGsFDEXlSkEH1KyNfTSkLEwTx4mndM8ORp+W5gMtCTOuhx3BHInze
Yzseo90jr98X415zujDRnC+4TQ+RfWzJ0J+jjXFTwvgukrWMAFXUSJ8Ns2ASN1rf
+XNh2ZCxywG+NSehVOjHBINq7lVpXquiWwCvDgJCrAh0/yeRrimwzrsrJEpnCF/r
VigUJkIIJkJOMlvGw3TPuZYledaqOnUBH6g7IxG5bQqHc7DpMbUivyJap86G/dJ5
hwmmE/XmSnGLpJpvv4IjI8fduLtFxI9hAsmt940xrqt9dCF2VkxtLGo=
-----END CERTIFICATE-----
Generated at Sat Apr 5 18:05:51 2025 by rpki-client