Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133382e302f32342d3234203d3e203231383430.roa
File: 34352e39312e3133382e302f32342d3234203d3e203231383430.roa (raw, json)
Hash identifier: CU81Z63FBhwThYdBcU5ZPY1uLkp1gmBGPHX1B6Knrw4=
Subject key identifier: 90:F1:64:92:FA:C8:F3:C5:BE:21:0C:81:29:B5:79:27:68:3A:F9:0B
Certificate issuer: /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial: 12546C2CDDB127497087C4E6BD3AC3D1AF05F0EE
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133382e302f32342d3234203d3e203231383430.roa
Signing time: Wed 04 Jun 2025 13:11:35 +0000
ROA not before: Wed 04 Jun 2025 13:06:35 +0000
ROA not after: Wed 03 Jun 2026 13:11:35 +0000
asID: 21840
IP address blocks: 45.91.138.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 06:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
12:54:6c:2c:dd:b1:27:49:70:87:c4:e6:bd:3a:c3:d1:af:05:f0:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Validity
Not Before: Jun 4 13:06:35 2025 GMT
Not After : Jun 3 13:11:35 2026 GMT
Subject: CN=90F16492FAC8F3C5BE210C8129B57927683AF90B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:4f:64:c2:48:2c:c9:97:f1:83:4d:a0:d6:f2:
0e:17:08:94:aa:03:eb:d9:19:d1:08:d9:e9:0a:a7:
2b:7a:ad:4f:bd:df:45:f8:3f:51:cf:1b:73:24:cd:
a7:0b:1f:2f:9c:ec:e4:d2:65:e5:61:52:f6:84:67:
69:cf:44:76:b6:0e:0e:d4:d8:05:24:e1:25:eb:ec:
df:4f:89:21:f5:24:53:b4:61:df:42:ea:26:77:12:
00:87:cb:4c:06:c9:3d:b2:c9:0a:81:b2:42:27:f6:
d6:7a:3b:fe:c4:67:8a:23:6a:44:f8:01:2f:9b:a0:
9e:44:e9:97:2a:4f:24:58:16:34:3f:86:f5:71:28:
70:44:4f:e6:80:c1:df:b8:0d:69:ed:b5:be:08:e6:
f6:dc:93:2f:d1:4e:89:00:fa:9e:a6:11:3c:6a:eb:
84:3e:0c:17:87:c4:2f:4f:4d:51:7f:f3:5a:48:eb:
e8:be:cd:f8:b9:18:d4:17:4d:b7:20:00:a8:24:8f:
ed:83:2b:86:a5:b3:66:e4:f4:b9:6f:6b:87:f9:68:
0b:3f:35:8b:51:cc:31:6d:46:93:6e:c4:bd:65:3f:
5e:23:85:2b:35:ef:d9:83:80:68:2f:c3:84:48:ed:
40:65:9f:5f:c9:52:69:4a:17:92:d2:83:c5:83:92:
89:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:F1:64:92:FA:C8:F3:C5:BE:21:0C:81:29:B5:79:27:68:3A:F9:0B
X509v3 Authority Key Identifier:
keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133382e302f32342d3234203d3e203231383430.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.91.138.0/24
Signature Algorithm: sha256WithRSAEncryption
ac:82:38:c8:81:e8:b5:cc:c7:9c:b2:f4:0d:63:75:69:cd:d3:
1b:0e:9e:6b:e1:c8:f3:6c:f0:1b:a8:cf:c9:bb:37:cd:ed:09:
4b:e9:76:40:29:4d:e6:91:b4:8d:53:ee:3e:f6:46:c3:26:0b:
00:af:ee:79:32:59:8f:b6:27:25:6f:e7:2d:84:2e:72:a0:44:
cf:9e:7d:99:4a:0b:73:1b:80:bb:e8:6f:0b:e4:16:d0:73:0c:
79:ea:ce:d5:f0:b9:d9:d8:cc:7d:47:dc:7a:c5:c8:0b:08:a5:
83:78:b1:92:d5:f1:ae:c9:5e:0b:60:8c:44:0d:a0:93:bb:4d:
f4:ca:c8:19:71:cb:63:c7:2e:21:30:c0:98:a3:0b:2d:b3:05:
70:2b:6e:9d:71:ad:46:23:e8:17:82:4c:b1:a2:8a:11:e7:f1:
79:8f:29:50:93:24:64:cb:4e:a5:c1:80:53:17:43:2a:c1:c8:
18:39:59:71:bf:f8:14:11:76:61:b3:c8:7d:4d:3e:0d:b0:81:
22:07:0a:ea:38:bb:f6:e3:a2:ca:a9:60:bf:a9:ac:ba:d3:75:
9c:ba:6d:7c:30:f9:02:91:e5:38:79:6d:93:c9:85:a5:67:07:
f4:de:ea:a0:4d:54:77:3d:39:57:fc:9f:0f:b4:af:aa:b8:fe:
fd:10:74:6f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUElRsLN2xJ0lwh8TmvTrD0a8F8O4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA2MDQxMzA2MzVaFw0yNjA2MDMxMzExMzVaMDMxMTAvBgNV
BAMTKDkwRjE2NDkyRkFDOEYzQzVCRTIxMEM4MTI5QjU3OTI3NjgzQUY5MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8T2TCSCzJl/GDTaDW8g4XCJSq
A+vZGdEI2ekKpyt6rU+930X4P1HPG3MkzacLHy+c7OTSZeVhUvaEZ2nPRHa2Dg7U
2AUk4SXr7N9PiSH1JFO0Yd9C6iZ3EgCHy0wGyT2yyQqBskIn9tZ6O/7EZ4ojakT4
AS+boJ5E6ZcqTyRYFjQ/hvVxKHBET+aAwd+4DWnttb4I5vbcky/RTokA+p6mETxq
64Q+DBeHxC9PTVF/81pI6+i+zfi5GNQXTbcgAKgkj+2DK4als2bk9Llva4f5aAs/
NYtRzDFtRpNuxL1lP14jhSs179mDgGgvw4RI7UBln1/JUmlKF5LSg8WDkokXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkPFkkvrI88W+IQyBKbV5J2g6+QswHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzkzMTJlMzEzMzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM4MzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1b
ijANBgkqhkiG9w0BAQsFAAOCAQEArII4yIHotczHnLL0DWN1ac3TGw6ea+HI82zw
G6jPybs3ze0JS+l2QClN5pG0jVPuPvZGwyYLAK/ueTJZj7YnJW/nLYQucqBEz559
mUoLcxuAu+hvC+QW0HMMeerO1fC52djMfUfcesXICwilg3ixktXxrsleC2CMRA2g
k7tN9MrIGXHLY8cuITDAmKMLLbMFcCtunXGtRiPoF4JMsaKKEefxeY8pUJMkZMtO
pcGAUxdDKsHIGDlZcb/4FBF2YbPIfU0+DbCBIgcK6ji79uOiyqlgv6msutN1nLpt
fDD5ApHlOHltk8mFpWcH9N7qoE1Udz05V/yfD7Svqrj+/RB0bw==
-----END CERTIFICATE-----
Generated at Fri Jun 6 16:53:25 2025 by rpki-client