Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/39312e3230392e3137392e302f32342d3234203d3e20343031313633.roa
File: 39312e3230392e3137392e302f32342d3234203d3e20343031313633.roa (raw, json)
Hash identifier: XN8GAPXC19Eh6eKL4A3IEBDE4WdIBcjjGqwJyeYDhuE=
Subject key identifier: C5:97:DE:31:0E:7A:2C:C6:81:EF:53:87:FE:9B:92:38:77:A2:A8:1B
Certificate issuer: /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial: 4000E05E4C71817E712EDA33DE40CEDF7D85DE52
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/39312e3230392e3137392e302f32342d3234203d3e20343031313633.roa
Signing time: Mon 18 Aug 2025 18:42:33 +0000
ROA not before: Mon 18 Aug 2025 18:37:33 +0000
ROA not after: Mon 17 Aug 2026 18:42:33 +0000
asID: 401163
IP address blocks: 91.209.179.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 16:22:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:00:e0:5e:4c:71:81:7e:71:2e:da:33:de:40:ce:df:7d:85:de:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Validity
Not Before: Aug 18 18:37:33 2025 GMT
Not After : Aug 17 18:42:33 2026 GMT
Subject: CN=C597DE310E7A2CC681EF5387FE9B923877A2A81B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:93:ce:4a:bb:4e:ab:1b:18:b9:57:7a:c3:ff:
e7:fa:d3:5b:32:98:62:d9:7b:04:e7:a5:f4:78:5e:
bf:02:48:ef:b3:33:00:45:ab:eb:ca:6d:6a:ea:94:
28:05:ad:94:ce:ea:13:12:22:62:5b:c9:af:66:70:
1f:e1:1f:aa:18:93:9e:05:02:aa:82:86:5c:79:ad:
5a:9b:1b:86:f3:53:e9:cb:c3:66:fe:ec:44:6b:f8:
82:b4:22:99:de:b4:47:a5:74:37:35:7b:aa:a2:2b:
3f:5a:78:cf:95:c0:ae:63:20:86:9a:2e:66:d6:7f:
a6:b3:be:7a:30:a0:af:0e:0e:76:b0:0c:48:8a:21:
9f:c7:2e:9f:0a:9b:7b:29:68:a5:aa:36:e9:71:22:
97:a4:8c:88:c0:b4:d9:58:83:5c:83:ac:7f:1c:7c:
86:3a:3e:9f:b8:cf:93:75:30:5b:a5:41:b1:b8:b0:
96:e7:ef:b6:54:8a:ff:c6:0c:af:75:97:17:86:51:
52:33:df:d1:3f:e1:2d:89:8d:68:f2:17:da:30:a5:
df:bb:2e:68:5a:2a:5e:d6:0c:19:14:cd:32:52:5b:
05:2e:6e:84:d9:a6:18:90:11:7d:fd:a7:75:24:77:
b7:9c:0d:51:5e:f7:94:b5:28:50:f7:bb:63:db:ff:
ad:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:97:DE:31:0E:7A:2C:C6:81:EF:53:87:FE:9B:92:38:77:A2:A8:1B
X509v3 Authority Key Identifier:
keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/39312e3230392e3137392e302f32342d3234203d3e20343031313633.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.209.179.0/24
Signature Algorithm: sha256WithRSAEncryption
8e:6c:55:1e:47:66:ca:9d:8c:e7:57:01:d4:ba:b2:48:7e:9b:
23:03:6b:00:02:b0:c9:d8:b9:57:f1:4b:37:b8:fc:db:0b:68:
ce:fb:e3:c9:d1:65:9d:e2:a0:b3:d5:05:80:4e:d1:5d:94:67:
65:e8:a9:e6:e8:58:f5:00:1d:d3:96:76:50:a9:91:7d:12:93:
11:82:ce:bf:46:b7:5d:da:cb:7d:06:3a:96:85:c3:83:bb:a9:
e9:54:af:da:83:b2:81:aa:b9:bc:ae:32:86:67:67:dd:1b:0d:
bf:80:1f:ec:66:b0:87:a0:1f:10:cf:ef:92:8f:87:cd:e9:9b:
06:69:21:d1:d2:71:81:5e:8f:76:01:c7:24:97:21:6e:bb:e2:
13:52:f8:4c:1c:60:e6:e9:a0:60:3b:a4:93:a9:4b:33:16:ae:
91:6f:5d:b4:14:c7:a3:71:43:85:a6:9f:9b:9a:0e:5f:ee:10:
4b:89:53:93:a4:b6:10:24:41:ba:f4:3b:ae:7b:c4:de:67:08:
aa:1f:41:15:53:d9:1b:13:75:d9:77:dd:a7:d2:49:b3:57:26:
2a:56:79:b2:f1:c7:bf:01:bf:f0:43:7d:2e:f8:fb:b6:3b:6d:
5c:eb:a5:63:3a:51:60:58:77:3d:92:de:c5:77:cc:f8:eb:c9:
a2:f6:c8:14
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUQADgXkxxgX5xLtoz3kDO332F3lIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNTA4MTgxODM3MzNaFw0yNjA4MTcxODQyMzNaMDMxMTAvBgNV
BAMTKEM1OTdERTMxMEU3QTJDQzY4MUVGNTM4N0ZFOUI5MjM4NzdBMkE4MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0k85Ku06rGxi5V3rD/+f601sy
mGLZewTnpfR4Xr8CSO+zMwBFq+vKbWrqlCgFrZTO6hMSImJbya9mcB/hH6oYk54F
AqqChlx5rVqbG4bzU+nLw2b+7ERr+IK0IpnetEeldDc1e6qiKz9aeM+VwK5jIIaa
LmbWf6azvnowoK8ODnawDEiKIZ/HLp8Km3spaKWqNulxIpekjIjAtNlYg1yDrH8c
fIY6Pp+4z5N1MFulQbG4sJbn77ZUiv/GDK91lxeGUVIz39E/4S2JjWjyF9owpd+7
LmhaKl7WDBkUzTJSWwUuboTZphiQEX39p3Ukd7ecDVFe95S1KFD3u2Pb/60fAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUxZfeMQ56LMaB71OH/puSOHeiqBswHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzkzMTJlMzIzMDM5MmUzMTM3
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMwMzEzMTM2MzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABb0bMwDQYJKoZIhvcNAQELBQADggEBAI5sVR5HZsqdjOdXAdS6skh+myMDawAC
sMnYuVfxSze4/NsLaM7748nRZZ3ioLPVBYBO0V2UZ2XoqeboWPUAHdOWdlCpkX0S
kxGCzr9Gt13ay30GOpaFw4O7qelUr9qDsoGqubyuMoZnZ90bDb+AH+xmsIegHxDP
75KPh83pmwZpIdHScYFej3YBxySXIW674hNS+EwcYObpoGA7pJOpSzMWrpFvXbQU
x6NxQ4Wmn5uaDl/uEEuJU5OkthAkQbr0O657xN5nCKofQRVT2RsTddl33afSSbNX
JipWebLxx78Bv/BDfS74+7Y7bVzrpWM6UWBYdz2S3sV3zPjryaL2yBQ=
-----END CERTIFICATE-----
Generated at Thu Aug 21 05:02:02 2025 by rpki-client