Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131342e302f32342d3234203d3e203437353835.roa
File: 3134332e32302e3131342e302f32342d3234203d3e203437353835.roa (raw, json)
Hash identifier: 4Hi7weSnH//2eoGIeeEcQIu9FHYQOBz5YnZcS8OfiX4=
Subject key identifier: AB:71:49:38:5C:19:4B:85:89:E4:5D:71:A2:B4:7F:17:33:0F:84:0C
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 7128E877FA4C8B741DB5BCBA404931FAE784A407
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131342e302f32342d3234203d3e203437353835.roa
Signing time: Tue 03 Jun 2025 18:40:43 +0000
ROA not before: Tue 03 Jun 2025 18:35:43 +0000
ROA not after: Tue 02 Jun 2026 18:40:43 +0000
asID: 47585
IP address blocks: 143.20.114.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 12:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:28:e8:77:fa:4c:8b:74:1d:b5:bc:ba:40:49:31:fa:e7:84:a4:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Jun 3 18:35:43 2025 GMT
Not After : Jun 2 18:40:43 2026 GMT
Subject: CN=AB7149385C194B8589E45D71A2B47F17330F840C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:68:cb:e7:36:86:1c:96:93:ff:8f:36:9f:7a:
ab:8c:91:c2:5d:b5:38:7c:b1:38:23:45:5f:ac:fd:
46:0f:95:b4:42:28:fe:2e:26:f6:a7:34:a3:79:4a:
4a:5e:07:07:b4:c8:9b:d2:9c:95:6f:68:8f:a2:a7:
ad:2a:0d:00:ab:db:96:62:94:34:af:f4:de:e4:f4:
1c:e9:47:47:cf:24:6e:8b:dd:39:18:2c:3a:31:da:
00:f4:25:23:df:08:d8:22:2d:ee:11:d3:c2:0e:8b:
62:ce:bc:d0:82:99:09:9b:50:2a:ad:3f:dc:44:8c:
f3:06:7d:fd:80:e1:b9:24:3e:1a:6c:db:d8:3a:0d:
a6:52:5c:a3:fc:8a:ac:95:7b:23:9e:de:4a:f6:fa:
3a:54:34:21:59:6a:df:93:9f:a8:fc:66:3d:c5:04:
f0:7a:0c:07:f1:42:55:08:f8:ba:05:e9:8f:5a:69:
40:3d:01:ad:78:52:b6:a2:8e:a7:64:d7:56:91:7a:
b1:07:57:cf:ff:6e:a1:b1:6b:40:a0:2c:3c:dc:88:
96:8c:68:47:fb:ca:e1:cd:b1:ce:30:d9:76:13:89:
2d:e8:d9:5e:6f:6c:df:88:9f:1b:20:ec:b6:72:ef:
e2:bc:8b:7a:f2:a0:6b:7b:e5:7b:8b:35:de:9a:cd:
3c:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:71:49:38:5C:19:4B:85:89:E4:5D:71:A2:B4:7F:17:33:0F:84:0C
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3131342e302f32342d3234203d3e203437353835.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.114.0/24
Signature Algorithm: sha256WithRSAEncryption
a7:08:63:1b:3d:bb:7c:c7:a5:51:f9:7b:d7:be:b2:37:14:64:
3d:c9:7e:ce:3a:fe:cd:83:6b:9c:52:55:5e:66:2d:7b:ee:42:
70:f1:f5:ef:59:6d:31:cc:5e:c7:54:5e:55:42:f2:35:c2:21:
42:63:ad:6e:1f:7b:96:76:84:d9:16:4b:df:58:87:34:9e:03:
16:a4:fb:76:c2:24:fc:d6:39:e5:a1:94:0f:15:a2:2f:48:91:
d8:c7:a7:27:3c:ca:76:6c:95:14:09:54:9c:45:c4:09:34:7c:
60:20:5e:3c:0e:92:17:74:44:fa:be:c3:f1:67:c7:9b:b1:22:
cc:b2:cb:49:f0:76:48:b2:cd:95:19:d3:78:4f:44:00:a6:dd:
21:8b:58:78:49:40:59:df:db:2e:c9:29:2b:13:eb:0c:dc:f8:
be:2a:1d:ff:b2:e6:7c:6f:6c:0a:15:ca:80:c4:ad:89:ab:87:
f8:3d:1b:6e:cf:c4:44:46:28:1d:5c:27:e6:06:2e:3d:61:8d:
4e:d9:86:24:07:28:e3:75:af:dc:7b:3b:64:7a:72:a8:b2:af:
7c:22:69:33:18:ec:07:d3:7e:a5:cc:6b:ff:b3:7e:97:81:bd:
5f:7b:c2:da:ef:64:b9:e9:4d:c8:54:37:3f:33:ca:30:a9:2b:
51:11:26:e6
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUcSjod/pMi3Qdtby6QEkx+ueEpAcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDMxODM1NDNaFw0yNjA2MDIxODQwNDNaMDMxMTAvBgNV
BAMTKEFCNzE0OTM4NUMxOTRCODU4OUU0NUQ3MUEyQjQ3RjE3MzMwRjg0MEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0aMvnNoYclpP/jzafequMkcJd
tTh8sTgjRV+s/UYPlbRCKP4uJvanNKN5SkpeBwe0yJvSnJVvaI+ip60qDQCr25Zi
lDSv9N7k9BzpR0fPJG6L3TkYLDox2gD0JSPfCNgiLe4R08IOi2LOvNCCmQmbUCqt
P9xEjPMGff2A4bkkPhps29g6DaZSXKP8iqyVeyOe3kr2+jpUNCFZat+Tn6j8Zj3F
BPB6DAfxQlUI+LoF6Y9aaUA9Aa14Uraijqdk11aRerEHV8//bqGxa0CgLDzciJaM
aEf7yuHNsc4w2XYTiS3o2V5vbN+Inxsg7LZy7+K8i3ryoGt75XuLNd6azTzpAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUq3FJOFwZS4WJ5F1xorR/FzMPhAwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTMx
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM3MzUzODM1LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
jxRyMA0GCSqGSIb3DQEBCwUAA4IBAQCnCGMbPbt8x6VR+XvXvrI3FGQ9yX7OOv7N
g2ucUlVeZi177kJw8fXvWW0xzF7HVF5VQvI1wiFCY61uH3uWdoTZFkvfWIc0ngMW
pPt2wiT81jnloZQPFaIvSJHYx6cnPMp2bJUUCVScRcQJNHxgIF48DpIXdET6vsPx
Z8ebsSLMsstJ8HZIss2VGdN4T0QApt0hi1h4SUBZ39suySkrE+sM3Pi+Kh3/suZ8
b2wKFcqAxK2Jq4f4PRtuz8RERigdXCfmBi49YY1O2YYkByjjda/ceztkenKosq98
ImkzGOwH036lzGv/s36Xgb1fe8La72S56U3IVDc/M8owqStRESbm
-----END CERTIFICATE-----
Generated at Thu Jun 5 18:25:59 2025 by rpki-client