Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e20323036323236.roa
File: 38352e3230392e3232332e302f32342d3234203d3e20323036323236.roa (raw, json)
Hash identifier: GzXCiN+ftxEDsC+cmsu9v/3O7RJ9va48n5lv98EXle4=
Subject key identifier: E1:9D:56:C2:65:66:C8:A7:36:B9:27:56:B8:AB:4C:EA:5B:5B:F4:7A
Certificate issuer: /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial: 75DB272A09917A6B762D4D450BDBB07FF6043907
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e20323036323236.roa
Signing time: Wed 05 Nov 2025 16:18:26 +0000
ROA not before: Wed 05 Nov 2025 16:13:26 +0000
ROA not after: Wed 04 Nov 2026 16:18:26 +0000
asID: 206226
IP address blocks: 85.209.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 04:17:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:db:27:2a:09:91:7a:6b:76:2d:4d:45:0b:db:b0:7f:f6:04:39:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Validity
Not Before: Nov 5 16:13:26 2025 GMT
Not After : Nov 4 16:18:26 2026 GMT
Subject: CN=E19D56C26566C8A736B92756B8AB4CEA5B5BF47A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:8b:4b:42:58:e9:ee:2d:f0:d2:6f:d6:e5:8d:
75:a8:e2:b6:61:19:3e:82:02:d6:a1:dd:07:c9:dd:
79:a1:bc:4d:92:22:83:93:4d:33:54:59:9b:fc:16:
73:16:0f:ec:71:0a:b7:b0:ee:ad:9e:7a:a2:1d:c9:
ab:56:63:a6:7a:b9:b4:d4:25:1e:5f:6c:95:09:74:
03:22:61:3f:f4:64:f9:c6:65:24:34:df:69:80:41:
fc:f7:1e:7d:e3:43:c8:53:f5:4c:aa:c1:d6:9c:9e:
cd:2f:f8:2f:22:a0:35:d9:75:08:c2:e1:8c:b2:2f:
e0:25:9d:61:05:6e:1a:6d:b6:ce:ca:7f:a3:37:32:
8e:4b:06:a4:59:ad:8d:fb:2f:c4:2e:04:ca:0c:67:
0e:b8:08:cb:ce:54:0e:ae:27:99:0d:c3:ea:e4:23:
92:f9:aa:23:64:89:28:69:ab:28:86:4e:44:87:9d:
8e:21:ce:50:03:7a:d3:2b:97:b2:70:84:8f:a1:60:
11:23:8b:b4:0d:71:61:50:e2:7c:48:00:62:b8:8a:
95:8a:2a:56:55:e0:c8:6b:ee:ad:3e:a0:a9:43:20:
06:3c:db:c1:e1:d1:9d:a5:e5:52:1b:71:70:eb:1c:
a5:66:a8:c0:80:b6:1b:44:75:35:e6:86:92:5d:66:
33:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:9D:56:C2:65:66:C8:A7:36:B9:27:56:B8:AB:4C:EA:5B:5B:F4:7A
X509v3 Authority Key Identifier:
keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e20323036323236.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.223.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:46:51:aa:e1:f1:f9:6b:52:cc:c3:94:1c:04:d3:fb:00:08:
49:e5:5c:bc:bf:31:c8:b4:59:54:b0:61:2b:90:67:90:d9:c4:
c2:ba:d6:6e:d4:ba:26:7f:d1:4f:c9:c6:1b:e4:3c:c2:2e:c6:
65:ea:09:00:11:69:1d:f2:59:72:fa:c4:a0:f9:ff:cf:c5:56:
31:4c:57:4c:63:60:1b:a7:d8:c6:19:40:81:db:48:7d:af:23:
94:70:f0:19:3e:06:02:65:43:a5:4f:00:5d:7c:4d:3e:6a:87:
02:4b:ba:47:71:d9:82:57:92:b3:0f:db:a4:ab:5a:fc:d1:6d:
7e:86:23:3a:14:1d:10:dd:d4:66:60:ac:b5:2f:8a:03:57:7d:
db:62:cf:fc:e5:2b:24:f5:22:1c:ce:a4:e6:77:9e:db:21:82:
f5:ad:23:ae:57:4c:64:98:08:48:c4:46:12:57:b6:24:2b:9a:
c3:b4:0a:53:24:97:77:6b:df:e3:bf:0f:3c:cd:12:52:85:65:
3d:8c:81:1c:bb:0b:60:98:1a:f0:7c:c5:19:aa:4c:6f:46:e1:
34:45:b0:12:12:a3:22:68:ee:aa:56:77:26:cd:3f:d6:f4:1a:
61:80:e2:81:03:e7:60:35:3d:8a:b4:1a:27:da:e5:8e:b8:0e:
34:29:3f:9b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUddsnKgmRemt2LU1FC9uwf/YEOQcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTExMDUxNjEzMjZaFw0yNjExMDQxNjE4MjZaMDMxMTAvBgNV
BAMTKEUxOUQ1NkMyNjU2NkM4QTczNkI5Mjc1NkI4QUI0Q0VBNUI1QkY0N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWi0tCWOnuLfDSb9bljXWo4rZh
GT6CAtah3QfJ3XmhvE2SIoOTTTNUWZv8FnMWD+xxCrew7q2eeqIdyatWY6Z6ubTU
JR5fbJUJdAMiYT/0ZPnGZSQ032mAQfz3Hn3jQ8hT9Uyqwdacns0v+C8ioDXZdQjC
4YyyL+AlnWEFbhptts7Kf6M3Mo5LBqRZrY37L8QuBMoMZw64CMvOVA6uJ5kNw+rk
I5L5qiNkiShpqyiGTkSHnY4hzlADetMrl7JwhI+hYBEji7QNcWFQ4nxIAGK4ipWK
KlZV4Mhr7q0+oKlDIAY828Hh0Z2l5VIbcXDrHKVmqMCAthtEdTXmhpJdZjOdAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU4Z1WwmVmyKc2uSdWuKtM6ltb9HowHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzgzNTJlMzIzMDM5MmUzMjMy
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzYzMjMyMzYucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV0d8wDQYJKoZIhvcNAQELBQADggEBABtGUarh8flrUszDlBwE0/sACEnlXLy/
Mci0WVSwYSuQZ5DZxMK61m7UuiZ/0U/JxhvkPMIuxmXqCQARaR3yWXL6xKD5/8/F
VjFMV0xjYBun2MYZQIHbSH2vI5Rw8Bk+BgJlQ6VPAF18TT5qhwJLukdx2YJXkrMP
26SrWvzRbX6GIzoUHRDd1GZgrLUvigNXfdtiz/zlKyT1IhzOpOZ3ntshgvWtI65X
TGSYCEjERhJXtiQrmsO0ClMkl3dr3+O/DzzNElKFZT2MgRy7C2CYGvB8xRmqTG9G
4TRFsBISoyJo7qpWdybNP9b0GmGA4oED52A1PYq0Gifa5Y64DjQpP5s=
-----END CERTIFICATE-----
Generated at Tue Nov 11 19:48:08 2025 by rpki-client