Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3134332e302f32342d3234203d3e20313336353031.roa
File: 3134332e32302e3134332e302f32342d3234203d3e20313336353031.roa (raw, json)
Hash identifier: nvZuw9+IFPwOkjNeymQIJKE8ooJH1NVjbUPMCZCGeEk=
Subject key identifier: 2A:F4:B2:22:63:B8:7A:30:AB:B7:5F:90:3E:E3:E5:57:8A:6F:F7:50
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 4538FEC459D354AE5F6D394E045AACE3408BFD8F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3134332e302f32342d3234203d3e20313336353031.roa
Signing time: Tue 13 May 2025 06:36:04 +0000
ROA not before: Tue 13 May 2025 06:31:04 +0000
ROA not after: Tue 12 May 2026 06:36:04 +0000
asID: 136501
IP address blocks: 143.20.143.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 12:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:38:fe:c4:59:d3:54:ae:5f:6d:39:4e:04:5a:ac:e3:40:8b:fd:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: May 13 06:31:04 2025 GMT
Not After : May 12 06:36:04 2026 GMT
Subject: CN=2AF4B22263B87A30ABB75F903EE3E5578A6FF750
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:66:2a:70:02:d5:bd:52:11:b4:0f:1a:78:5b:
0a:22:00:f1:59:83:87:ec:b5:f4:04:de:0d:19:41:
a9:25:42:d2:ed:c3:38:52:dd:8c:3f:92:db:14:c4:
70:d9:2b:02:c0:77:33:ea:08:eb:8e:93:de:79:65:
4c:30:89:5a:dc:a0:ab:6e:ff:86:49:64:06:89:22:
6d:f9:16:69:70:db:26:2a:7b:fe:c5:f5:68:9c:9d:
1e:20:7b:15:9a:1b:10:1a:0d:0b:bb:84:f5:9a:be:
d8:e7:4a:5c:4a:71:47:15:ff:0f:31:58:05:5a:e7:
50:45:7c:13:1d:c0:08:9b:03:85:3f:df:ae:43:d7:
d4:79:50:4d:af:2a:85:45:19:9e:cb:bc:f5:1c:ad:
75:97:79:cc:1d:97:13:16:ca:69:5e:c0:97:1d:cd:
c3:4b:ad:6b:c8:e5:38:42:13:d6:8f:e4:40:7d:19:
3f:3e:11:4a:48:22:43:c6:14:fc:46:0b:d9:20:e3:
6e:fd:0b:03:37:b8:cd:90:df:5d:b7:9f:b9:21:50:
64:a2:c7:d1:7c:5d:25:02:98:a8:a1:13:4e:2e:c5:
54:81:5e:2e:61:e5:b2:6d:70:ed:ea:a8:4d:75:ab:
88:3d:a2:59:93:29:3f:28:ba:89:b3:a8:d8:09:48:
f7:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:F4:B2:22:63:B8:7A:30:AB:B7:5F:90:3E:E3:E5:57:8A:6F:F7:50
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e3134332e302f32342d3234203d3e20313336353031.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.143.0/24
Signature Algorithm: sha256WithRSAEncryption
19:a8:5a:f8:08:de:64:ae:dd:57:12:52:ea:03:4c:97:f5:1a:
b2:95:da:44:fa:20:ef:20:99:e8:0f:b8:70:cf:b1:01:0f:1d:
4c:fc:a7:58:2b:15:18:d3:7b:92:73:4e:96:c1:b6:58:43:a6:
b5:7a:04:5e:fe:0a:25:eb:2f:8a:8e:82:6e:0c:a8:31:24:ec:
f5:3c:9f:36:58:58:22:0b:6d:7d:df:23:ae:c7:88:ca:c7:76:
10:72:46:2e:ef:71:ae:a9:c3:b8:b4:06:86:57:7d:50:a3:b0:
25:ac:5f:7c:14:e9:ff:f0:33:10:cb:8a:5a:e2:a2:51:45:13:
28:5f:57:d5:04:5f:71:ec:f3:23:92:a0:93:1f:7b:35:c7:05:
16:20:08:3f:1a:4f:bd:39:f1:e2:66:3d:ae:97:fd:00:8c:2e:
bd:e0:4d:6c:ba:08:1d:03:c6:c4:f4:64:0e:4d:a6:e3:af:ec:
a6:29:dc:31:ee:0b:fd:32:83:04:03:d6:e0:af:25:5f:5f:0c:
3a:2d:80:75:82:9e:1f:63:c4:f5:3e:3b:e3:a4:ff:7e:3c:25:
10:01:6d:a8:5b:a5:0b:c2:45:ba:cc:8f:a6:43:ed:02:3f:68:
f5:3a:2e:d4:73:83:45:12:f6:d1:e1:68:0f:b7:1a:33:e8:4b:
db:15:62:d8
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIURTj+xFnTVK5fbTlOBFqs40CL/Y8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MTMwNjMxMDRaFw0yNjA1MTIwNjM2MDRaMDMxMTAvBgNV
BAMTKDJBRjRCMjIyNjNCODdBMzBBQkI3NUY5MDNFRTNFNTU3OEE2RkY3NTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGZipwAtW9UhG0Dxp4WwoiAPFZ
g4fstfQE3g0ZQaklQtLtwzhS3Yw/ktsUxHDZKwLAdzPqCOuOk955ZUwwiVrcoKtu
/4ZJZAaJIm35Fmlw2yYqe/7F9WicnR4gexWaGxAaDQu7hPWavtjnSlxKcUcV/w8x
WAVa51BFfBMdwAibA4U/365D19R5UE2vKoVFGZ7LvPUcrXWXecwdlxMWymlewJcd
zcNLrWvI5ThCE9aP5EB9GT8+EUpIIkPGFPxGC9kg4279CwM3uM2Q3123n7khUGSi
x9F8XSUCmKihE04uxVSBXi5h5bJtcO3qqE11q4g9olmTKT8ouomzqNgJSPetAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUKvSyImO4ejCrt1+QPuPlV4pv91AwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMTM0
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNTMwMzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BACPFI8wDQYJKoZIhvcNAQELBQADggEBABmoWvgI3mSu3VcSUuoDTJf1GrKV2kT6
IO8gmegPuHDPsQEPHUz8p1grFRjTe5JzTpbBtlhDprV6BF7+CiXrL4qOgm4MqDEk
7PU8nzZYWCILbX3fI67HiMrHdhByRi7vca6pw7i0BoZXfVCjsCWsX3wU6f/wMxDL
ilriolFFEyhfV9UEX3Hs8yOSoJMfezXHBRYgCD8aT7058eJmPa6X/QCMLr3gTWy6
CB0DxsT0ZA5NpuOv7KYp3DHuC/0ygwQD1uCvJV9fDDotgHWCnh9jxPU+O+Ok/348
JRABbahbpQvCRbrMj6ZD7QI/aPU6LtRzg0US9tHhaA+3GjPoS9sVYtg=
-----END CERTIFICATE-----
Generated at Thu Jun 5 18:39:14 2025 by rpki-client