Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3138352e3137322e3137342e302f32342d3234203d3e20313335333931.roa
File: 3138352e3137322e3137342e302f32342d3234203d3e20313335333931.roa (raw, json)
Hash identifier: XWfYttRkAZso5GbVk2723NlLdwsYUU+IjmLNUF+VIpE=
Subject key identifier: 5F:DB:94:0F:03:F5:D9:C8:E7:0B:3E:0F:D9:60:02:8B:34:08:BE:27
Certificate issuer: /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial: 1E9B40B41A8D3862270086B1D81F0EDBA42E83FD
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3138352e3137322e3137342e302f32342d3234203d3e20313335333931.roa
Signing time: Wed 21 May 2025 10:54:08 +0000
ROA not before: Wed 21 May 2025 10:49:08 +0000
ROA not after: Wed 20 May 2026 10:54:08 +0000
asID: 135391
IP address blocks: 185.172.174.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 06:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:9b:40:b4:1a:8d:38:62:27:00:86:b1:d8:1f:0e:db:a4:2e:83:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Validity
Not Before: May 21 10:49:08 2025 GMT
Not After : May 20 10:54:08 2026 GMT
Subject: CN=5FDB940F03F5D9C8E70B3E0FD960028B3408BE27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:22:5c:60:ad:6b:f3:82:0a:82:23:e1:bd:9c:
7c:27:f3:66:df:0f:c0:2e:a6:b5:67:27:b9:20:a0:
08:b6:ec:11:2e:60:4d:82:23:48:9e:7c:5c:a7:e8:
43:cb:6d:9d:d1:e6:30:e9:7a:a0:35:5a:57:11:01:
b6:5d:c4:d5:a5:b6:2c:d5:4f:7e:23:0f:6e:4b:88:
fc:b1:1f:09:57:0b:10:4f:c1:90:a6:07:43:f4:79:
64:a2:fe:04:63:a9:c5:b6:b3:a4:85:2d:df:56:fb:
d1:93:9e:79:d3:c5:d2:75:bb:be:78:16:9a:b2:62:
1c:b4:a3:61:59:a9:2b:70:b4:12:bb:96:40:24:44:
97:0f:d2:aa:3a:12:76:42:81:db:a1:86:0b:b8:67:
af:03:d8:9a:c0:23:76:4d:54:d2:ca:25:62:69:f6:
12:07:0b:16:f6:13:1f:e3:49:b9:64:48:f9:62:a8:
a4:90:91:12:91:fa:b2:cd:85:0b:4b:20:c1:51:84:
a9:06:e6:b8:a7:f9:ca:20:ed:6f:95:07:d1:f1:7f:
7b:c0:6a:ca:53:71:ea:9c:b1:18:6a:c5:0f:df:82:
50:b9:e1:16:75:6b:06:da:31:c1:b9:98:07:73:dc:
3c:42:b5:36:b9:9a:4a:f0:08:67:f7:e1:3d:9d:c5:
5e:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:DB:94:0F:03:F5:D9:C8:E7:0B:3E:0F:D9:60:02:8B:34:08:BE:27
X509v3 Authority Key Identifier:
keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3138352e3137322e3137342e302f32342d3234203d3e20313335333931.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.172.174.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:33:f3:aa:7b:7b:f0:20:ae:23:fa:ab:6d:8f:d7:a4:14:f5:
e5:56:52:df:bf:a9:3b:c2:e4:27:b3:ba:cf:1e:c1:49:69:1f:
23:0b:5f:af:db:69:8d:1b:ce:32:35:c0:92:dc:08:ed:15:e5:
3d:ce:2a:f6:56:3c:6e:2f:a6:18:45:39:53:49:b6:ad:ef:65:
53:20:5d:71:8b:44:44:7f:6a:9e:53:0f:f1:d2:cf:ac:c4:48:
1f:72:12:a0:d7:d0:31:f9:3f:5b:9e:ef:d6:4e:0e:a7:24:9b:
f0:cd:2f:99:99:25:44:75:8c:41:cc:f0:70:f4:90:b0:73:0d:
21:7a:11:07:7b:6f:b8:95:bb:59:ae:32:f2:9f:93:8a:e3:76:
95:a6:ae:91:1c:74:59:ed:3d:3d:cd:0e:fc:5f:79:cd:06:f7:
e5:0a:1e:00:ad:e0:ca:08:5d:da:fd:cc:94:fe:62:45:71:f1:
32:e0:19:74:9f:12:e9:5f:d3:f3:ab:dd:e0:0d:a4:ce:a0:9b:
41:2b:b6:2b:58:82:1f:99:13:99:20:15:fb:ed:47:59:b7:4b:
01:a8:eb:df:2b:ad:36:e8:e2:4f:d4:7f:e1:75:83:04:62:ae:
86:da:89:1a:c5:18:2f:1a:80:34:84:38:32:98:ed:2f:31:16:
1f:7b:fe:55
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUHptAtBqNOGInAIax2B8O26Qug/0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA1MjExMDQ5MDhaFw0yNjA1MjAxMDU0MDhaMDMxMTAvBgNV
BAMTKDVGREI5NDBGMDNGNUQ5QzhFNzBCM0UwRkQ5NjAwMjhCMzQwOEJFMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdIlxgrWvzggqCI+G9nHwn82bf
D8AuprVnJ7kgoAi27BEuYE2CI0iefFyn6EPLbZ3R5jDpeqA1WlcRAbZdxNWltizV
T34jD25LiPyxHwlXCxBPwZCmB0P0eWSi/gRjqcW2s6SFLd9W+9GTnnnTxdJ1u754
FpqyYhy0o2FZqStwtBK7lkAkRJcP0qo6EnZCgduhhgu4Z68D2JrAI3ZNVNLKJWJp
9hIHCxb2Ex/jSblkSPliqKSQkRKR+rLNhQtLIMFRhKkG5rin+cog7W+VB9Hxf3vA
aspTceqcsRhqxQ/fglC54RZ1awbaMcG5mAdz3DxCtTa5mkrwCGf34T2dxV7RAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUX9uUDwP12cjnCz4P2WACizQIvicwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzODM1MmUzMTM3MzIyZTMx
MzczNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNTMzMzkzMS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALmsrjANBgkqhkiG9w0BAQsFAAOCAQEAHDPzqnt78CCuI/qrbY/XpBT15VZS
37+pO8LkJ7O6zx7BSWkfIwtfr9tpjRvOMjXAktwI7RXlPc4q9lY8bi+mGEU5U0m2
re9lUyBdcYtERH9qnlMP8dLPrMRIH3ISoNfQMfk/W57v1k4OpySb8M0vmZklRHWM
QczwcPSQsHMNIXoRB3tvuJW7Wa4y8p+TiuN2laaukRx0We09Pc0O/F95zQb35Qoe
AK3gyghd2v3MlP5iRXHxMuAZdJ8S6V/T86vd4A2kzqCbQSu2K1iCH5kTmSAV++1H
WbdLAajr3yutNujiT9R/4XWDBGKuhtqJGsUYLxqANIQ4MpjtLzEWH3v+VQ==
-----END CERTIFICATE-----
Generated at Fri Jun 6 16:53:17 2025 by rpki-client