Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37332e302f32342d3234203d3e20333936333536.roa
File: 3231332e3133392e37332e302f32342d3234203d3e20333936333536.roa (raw, json)
Hash identifier: NieT5UxeWR+2krT0/d2wF19mZVPdkNXKgQ2OYS8di+w=
Subject key identifier: 90:9F:A8:EE:A0:8B:07:84:54:16:CC:3F:7B:47:2C:FA:40:53:12:52
Certificate issuer: /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial: 29C038B0E5E2A4B20D1785DDBEB3DB97D9E785EF
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37332e302f32342d3234203d3e20333936333536.roa
Signing time: Tue 02 Sep 2025 08:48:24 +0000
ROA not before: Tue 02 Sep 2025 08:43:24 +0000
ROA not after: Tue 01 Sep 2026 08:48:24 +0000
asID: 396356
IP address blocks: 213.139.73.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 04:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
29:c0:38:b0:e5:e2:a4:b2:0d:17:85:dd:be:b3:db:97:d9:e7:85:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Validity
Not Before: Sep 2 08:43:24 2025 GMT
Not After : Sep 1 08:48:24 2026 GMT
Subject: CN=909FA8EEA08B07845416CC3F7B472CFA40531252
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:86:4b:af:3e:42:33:43:68:5c:be:6b:a0:6f:
09:3d:6a:98:3a:5c:02:7f:46:e7:f0:7d:b2:de:44:
4d:b6:9f:f5:20:76:93:62:46:a5:7d:cd:88:55:80:
c7:dd:5c:0d:92:3a:22:65:2f:b0:b2:95:46:ba:13:
1c:e5:a0:c4:1a:bd:1f:bc:b3:6c:cb:af:b0:3b:6d:
51:e0:b3:36:49:de:ff:6d:07:b8:71:b4:1d:d9:72:
d4:42:9e:a3:07:c7:98:0e:8e:ed:5b:29:92:a0:4d:
63:23:2f:7b:4b:44:30:ea:0a:21:1d:4c:98:30:c8:
60:13:f9:2f:58:26:d1:18:34:a8:37:74:77:58:81:
0c:40:59:dc:37:25:09:27:9f:49:4e:64:f0:62:38:
a2:43:43:8c:19:5e:a6:75:27:fd:6c:f7:d2:54:94:
e0:37:ee:76:dc:21:16:4b:35:67:b5:45:f5:fb:09:
8b:ea:98:f4:f2:32:54:e9:17:69:7a:18:62:56:cd:
42:46:e3:d8:49:b2:56:5e:c4:e9:07:99:ed:5c:a8:
be:80:8a:2b:0b:b6:bc:2c:4f:bc:ab:70:c2:ac:8d:
dd:a2:df:b5:8c:c4:6a:0c:e2:aa:60:96:50:9e:7e:
f2:b1:3a:bb:cc:54:6e:5d:9b:fb:d3:21:71:29:c4:
01:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:9F:A8:EE:A0:8B:07:84:54:16:CC:3F:7B:47:2C:FA:40:53:12:52
X509v3 Authority Key Identifier:
keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37332e302f32342d3234203d3e20333936333536.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.139.73.0/24
Signature Algorithm: sha256WithRSAEncryption
4b:af:c4:ee:6d:ac:3b:9d:d5:ea:86:4f:c6:5d:ff:5a:89:35:
90:06:41:13:09:61:ae:98:5b:09:a5:7b:b3:45:aa:3d:b3:9f:
55:5e:31:7e:89:fd:cd:c4:d4:b2:4a:02:0a:99:7f:ce:c7:78:
53:32:21:64:bf:ef:9e:cc:9e:fc:e0:6f:16:54:c8:62:c5:f0:
8e:28:4b:ff:8e:8a:64:4f:c6:9e:a1:3d:93:c1:fb:f6:60:29:
7e:d4:d8:fe:24:ba:d9:e1:2f:f3:56:37:94:b2:5f:bc:bc:f8:
fa:49:b3:a1:95:ae:e4:d6:f3:63:03:6e:7c:54:a4:a7:2d:48:
77:ff:79:98:4b:1c:33:64:cc:3b:2d:57:40:7b:22:33:0e:06:
59:0b:9f:36:ed:7a:64:9e:41:79:90:a4:a8:42:b0:69:c4:29:
ae:ed:44:a6:e5:ba:c0:34:54:be:86:ae:6d:1a:ee:32:87:e1:
fc:5d:6f:9c:b7:f5:d8:59:93:88:17:4d:2d:a9:5f:22:a3:d8:
a4:15:c9:38:cc:2f:28:8e:a1:78:f6:55:13:44:69:03:e1:b1:
d9:c8:66:fd:ad:54:3c:e3:69:5a:31:eb:2d:e1:a5:f9:2b:77:
31:66:10:69:3d:16:d1:81:da:47:9c:12:8c:fb:f4:f0:05:30:
ea:3c:9a:d2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUKcA4sOXipLINF4XdvrPbl9nnhe8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTA5MDIwODQzMjRaFw0yNjA5MDEwODQ4MjRaMDMxMTAvBgNV
BAMTKDkwOUZBOEVFQTA4QjA3ODQ1NDE2Q0MzRjdCNDcyQ0ZBNDA1MzEyNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKhkuvPkIzQ2hcvmugbwk9apg6
XAJ/RufwfbLeRE22n/UgdpNiRqV9zYhVgMfdXA2SOiJlL7CylUa6ExzloMQavR+8
s2zLr7A7bVHgszZJ3v9tB7hxtB3ZctRCnqMHx5gOju1bKZKgTWMjL3tLRDDqCiEd
TJgwyGAT+S9YJtEYNKg3dHdYgQxAWdw3JQknn0lOZPBiOKJDQ4wZXqZ1J/1s99JU
lOA37nbcIRZLNWe1RfX7CYvqmPTyMlTpF2l6GGJWzUJG49hJslZexOkHme1cqL6A
iisLtrwsT7yrcMKsjd2i37WMxGoM4qpgllCefvKxOrvMVG5dm/vTIXEpxAG7AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUkJ+o7qCLB4RUFsw/e0cs+kBTElIwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM3
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzYzMzM1MzYucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADVi0kwDQYJKoZIhvcNAQELBQADggEBAEuvxO5trDud1eqGT8Zd/1qJNZAGQRMJ
Ya6YWwmle7NFqj2zn1VeMX6J/c3E1LJKAgqZf87HeFMyIWS/757MnvzgbxZUyGLF
8I4oS/+OimRPxp6hPZPB+/ZgKX7U2P4kutnhL/NWN5SyX7y8+PpJs6GVruTW82MD
bnxUpKctSHf/eZhLHDNkzDstV0B7IjMOBlkLnzbtemSeQXmQpKhCsGnEKa7tRKbl
usA0VL6Grm0a7jKH4fxdb5y39dhZk4gXTS2pXyKj2KQVyTjMLyiOoXj2VRNEaQPh
sdnIZv2tVDzjaVox6y3hpfkrdzFmEGk9FtGB2kecEoz79PAFMOo8mtI=
-----END CERTIFICATE-----
Generated at Sat Sep 6 13:45:21 2025 by rpki-client