Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e20383334.roa
File: 38352e3230392e3232332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier: GnflqdbdMfhsqV82mjG1jWanCiBCByj4TARMB1yXao8=
Subject key identifier: A8:EC:26:83:0E:CF:8A:58:2F:6F:A3:7E:C7:20:BC:5A:4A:6F:A6:DB
Certificate issuer: /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial: 01A401CFF599C74D8824EAF96B7D0B685D87ECA5
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e20383334.roa
Signing time: Fri 23 May 2025 00:02:32 +0000
ROA not before: Thu 22 May 2025 23:57:32 +0000
ROA not after: Fri 22 May 2026 00:02:32 +0000
asID: 834
IP address blocks: 85.209.223.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 12:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:a4:01:cf:f5:99:c7:4d:88:24:ea:f9:6b:7d:0b:68:5d:87:ec:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Validity
Not Before: May 22 23:57:32 2025 GMT
Not After : May 22 00:02:32 2026 GMT
Subject: CN=A8EC26830ECF8A582F6FA37EC720BC5A4A6FA6DB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:71:c7:5c:af:45:50:d9:e0:c3:5e:33:1a:8c:
bc:4b:60:05:ca:e3:72:8d:f3:b8:ee:d6:d5:c9:01:
47:9e:47:a3:34:bb:43:99:1e:14:5e:c8:bc:e3:1c:
52:ab:a6:91:8f:e3:84:6a:c4:12:89:f1:40:1c:d6:
34:36:3b:82:56:08:b4:6e:8f:23:53:4c:20:fa:02:
ab:60:e9:78:43:d1:ec:29:9e:cb:dd:90:90:4a:a7:
3b:69:36:7f:36:c2:36:f8:ac:5c:b2:9d:b9:da:52:
63:9e:83:a4:b6:21:3e:3a:58:c3:4b:13:fc:37:cc:
ea:ea:2c:dd:0c:5d:e1:a4:d9:a4:d5:a3:81:b5:6c:
0a:89:61:15:82:fb:ad:9d:c8:e8:aa:c0:c1:03:36:
77:68:f1:5c:48:f2:35:93:97:b9:15:a2:97:47:3c:
53:ba:d0:b9:52:3d:01:d9:0b:66:db:ae:f0:e6:64:
d5:59:41:7e:cc:97:0d:95:d0:10:47:c4:fc:f5:8f:
dd:33:45:b2:cd:7b:07:bb:11:e8:f1:8f:26:5c:97:
fc:ee:ab:b0:d1:e5:86:8a:5f:a4:8b:1f:f0:7c:c0:
77:1c:b3:53:b1:e3:8b:3a:48:db:25:2f:cf:31:60:
18:d4:eb:dd:5c:bf:b5:3d:de:8a:0f:db:dd:fc:d3:
b1:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:EC:26:83:0E:CF:8A:58:2F:6F:A3:7E:C7:20:BC:5A:4A:6F:A6:DB
X509v3 Authority Key Identifier:
keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232332e302f32342d3234203d3e20383334.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.223.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:77:98:7f:05:b3:c5:5f:80:b4:5a:72:0f:f5:d3:66:26:ae:
ec:d9:31:fc:40:f7:28:f8:91:48:39:54:72:3a:ef:d6:15:4a:
c6:34:ef:c6:dd:e6:d4:31:70:e9:f0:29:10:0f:d5:b2:4d:e5:
5c:ee:b7:fe:e4:02:47:cf:5b:2f:21:53:9e:5d:44:51:f4:9e:
53:e2:12:af:2f:da:a7:98:e7:f1:2f:4d:44:f4:a6:c0:52:01:
0d:77:00:3b:cb:0a:1a:f8:b8:49:dd:86:ac:01:75:05:47:2d:
f3:c1:2a:39:16:c7:d8:10:bc:e0:30:fa:6a:41:e1:f8:1f:a2:
c1:7c:0f:76:3c:14:99:f9:9d:8f:36:37:8f:d7:70:82:f5:dc:
84:76:55:c9:44:95:78:04:d5:e8:ef:19:44:ea:85:a0:51:d9:
d1:6e:66:08:8d:79:e1:cb:e2:43:02:dd:56:85:e4:d8:a3:ad:
63:53:f4:bd:85:fb:90:d6:1c:b4:1e:53:ea:f4:3f:be:70:1b:
30:6e:94:42:30:4c:b3:c5:b4:5f:92:02:e3:63:f3:1e:22:a8:
8a:5f:1b:d5:43:ed:0f:fc:49:ca:c4:95:c0:d2:e3:8f:0a:13:
76:6d:19:07:9e:4d:e0:35:3e:1b:08:b0:17:88:9d:a6:f5:43:
c7:c7:5d:24
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUAaQBz/WZx02IJOr5a30LaF2H7KUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA1MjIyMzU3MzJaFw0yNjA1MjIwMDAyMzJaMDMxMTAvBgNV
BAMTKEE4RUMyNjgzMEVDRjhBNTgyRjZGQTM3RUM3MjBCQzVBNEE2RkE2REIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbccdcr0VQ2eDDXjMajLxLYAXK
43KN87ju1tXJAUeeR6M0u0OZHhReyLzjHFKrppGP44RqxBKJ8UAc1jQ2O4JWCLRu
jyNTTCD6Aqtg6XhD0ewpnsvdkJBKpztpNn82wjb4rFyynbnaUmOeg6S2IT46WMNL
E/w3zOrqLN0MXeGk2aTVo4G1bAqJYRWC+62dyOiqwMEDNndo8VxI8jWTl7kVopdH
PFO60LlSPQHZC2bbrvDmZNVZQX7Mlw2V0BBHxPz1j90zRbLNewe7EejxjyZcl/zu
q7DR5YaKX6SLH/B8wHccs1Ox44s6SNslL88xYBjU691cv7U93ooP293807EFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUqOwmgw7Pilgvb6N+xyC8WkpvptswHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzgzNTJlMzIzMDM5MmUzMjMy
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV0d8w
DQYJKoZIhvcNAQELBQADggEBAHp3mH8Fs8VfgLRacg/102YmruzZMfxA9yj4kUg5
VHI679YVSsY078bd5tQxcOnwKRAP1bJN5Vzut/7kAkfPWy8hU55dRFH0nlPiEq8v
2qeY5/EvTUT0psBSAQ13ADvLChr4uEndhqwBdQVHLfPBKjkWx9gQvOAw+mpB4fgf
osF8D3Y8FJn5nY82N4/XcIL13IR2VclElXgE1ejvGUTqhaBR2dFuZgiNeeHL4kMC
3VaF5NijrWNT9L2F+5DWHLQeU+r0P75wGzBulEIwTLPFtF+SAuNj8x4iqIpfG9VD
7Q/8ScrElcDS448KE3ZtGQeeTeA1PhsIsBeInab1Q8fHXSQ=
-----END CERTIFICATE-----
Generated at Thu Jun 5 18:44:52 2025 by rpki-client