Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e35362e302f32312d3234203d3e20383334.roa
File: 3134332e32302e35362e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier: BULLHsUgevdwo8g39MPGAjFhbeVTCIWbSDd3pwlyRl8=
Subject key identifier: C9:A7:A2:02:E9:CE:4E:B6:B9:72:42:B4:72:A2:B9:1A:84:26:0C:ED
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 1A458A132538E641368B62282ABF0B1A8B1CAB7B
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e35362e302f32312d3234203d3e20383334.roa
Signing time: Fri 30 May 2025 13:09:10 +0000
ROA not before: Fri 30 May 2025 13:04:10 +0000
ROA not after: Fri 29 May 2026 13:09:10 +0000
asID: 834
IP address blocks: 143.20.56.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 12:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:45:8a:13:25:38:e6:41:36:8b:62:28:2a:bf:0b:1a:8b:1c:ab:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: May 30 13:04:10 2025 GMT
Not After : May 29 13:09:10 2026 GMT
Subject: CN=C9A7A202E9CE4EB6B97242B472A2B91A84260CED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:9c:a1:9c:79:b7:57:0e:3d:33:32:2f:00:54:
08:cf:14:8a:38:e6:b9:c6:6f:50:3a:9b:dd:cc:f8:
15:76:80:8d:90:80:b0:16:77:0b:a8:db:85:31:0d:
be:cb:25:1e:3a:27:75:dd:c9:4e:d8:50:f2:35:23:
7a:bd:8b:e8:8c:11:db:bf:c2:d0:23:c4:58:f8:0b:
6e:c5:a8:c2:9d:7a:92:1a:d0:05:e7:77:10:28:70:
81:50:7d:e1:2b:1f:15:30:8f:24:93:71:6d:37:ea:
dc:b4:be:9f:64:df:5e:8a:6b:f9:12:c1:84:da:71:
a9:1f:12:0d:fc:49:44:76:c6:73:68:2b:96:1e:f3:
d2:ec:f7:ad:65:ce:ee:aa:ec:20:ea:73:dd:74:41:
8c:50:bc:53:59:fd:ca:0b:19:de:ca:ce:ff:00:05:
fa:47:88:ab:c2:48:2a:05:07:a9:fa:28:95:77:0b:
be:a3:b5:89:47:75:83:e3:e8:a5:33:b7:b8:03:d7:
cf:d1:f0:4e:6b:5a:58:d5:4b:ac:5c:be:f1:4b:5f:
ea:f6:47:15:f7:38:c2:65:f4:b0:e5:25:79:dc:5e:
a2:17:eb:b8:a4:46:5f:72:43:c5:2c:3a:1c:3f:f8:
d1:62:51:8b:46:07:02:ed:50:27:8f:95:31:b6:f8:
30:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:A7:A2:02:E9:CE:4E:B6:B9:72:42:B4:72:A2:B9:1A:84:26:0C:ED
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e35362e302f32312d3234203d3e20383334.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.56.0/21
Signature Algorithm: sha256WithRSAEncryption
2a:e1:18:b4:be:e2:2e:98:10:01:13:53:8e:67:0b:34:67:e7:
83:07:4e:3a:0d:4e:85:a6:b7:67:40:96:a2:72:a6:47:15:b1:
67:34:19:f6:9b:4e:3b:b0:61:a5:74:62:8e:97:91:cc:90:ea:
e6:b4:ea:d1:07:7c:7a:09:1a:6c:2e:e3:7d:9d:43:06:98:2e:
54:ea:4b:e2:d8:49:11:93:34:58:9e:67:31:6d:92:c8:ff:56:
d5:79:af:1f:ee:9c:91:b0:76:c2:aa:60:8b:8a:48:b5:35:30:
8b:2f:da:c2:61:8f:b5:97:bb:17:ea:78:35:70:a9:72:4d:1c:
f5:0b:de:d8:0d:cb:7d:2a:6c:d1:bd:f7:07:4e:c2:82:de:37:
81:88:ac:a6:91:a2:b2:27:4d:2e:f6:62:e3:5e:ca:9f:2b:9c:
d1:f4:58:91:f3:2a:06:b2:b8:0b:90:58:2c:de:2b:e7:17:72:
93:d5:1f:3f:71:fb:4a:0a:9c:55:2c:3a:cb:bd:61:cd:3b:a6:
f6:59:15:32:fd:d6:b9:8a:5f:77:f9:25:b8:03:ce:eb:7a:ab:
c0:1d:fc:7d:bd:2a:bd:87:cb:3a:7c:ae:18:08:6f:dc:67:88:
6f:78:d9:ab:97:cf:9c:42:06:12:81:15:94:9e:5a:b9:fc:5a:
8b:5a:dc:f3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUGkWKEyU45kE2i2IoKr8LGoscq3swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MzAxMzA0MTBaFw0yNjA1MjkxMzA5MTBaMDMxMTAvBgNV
BAMTKEM5QTdBMjAyRTlDRTRFQjZCOTcyNDJCNDcyQTJCOTFBODQyNjBDRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQnKGcebdXDj0zMi8AVAjPFIo4
5rnGb1A6m93M+BV2gI2QgLAWdwuo24UxDb7LJR46J3XdyU7YUPI1I3q9i+iMEdu/
wtAjxFj4C27FqMKdepIa0AXndxAocIFQfeErHxUwjySTcW036ty0vp9k316Ka/kS
wYTacakfEg38SUR2xnNoK5Ye89Ls961lzu6q7CDqc910QYxQvFNZ/coLGd7Kzv8A
BfpHiKvCSCoFB6n6KJV3C76jtYlHdYPj6KUzt7gD18/R8E5rWljVS6xcvvFLX+r2
RxX3OMJl9LDlJXncXqIX67ikRl9yQ8UsOhw/+NFiUYtGBwLtUCePlTG2+DBtAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUyaeiAunOTra5ckK0cqK5GoQmDO0wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzNTM2
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDjxQ4MA0G
CSqGSIb3DQEBCwUAA4IBAQAq4Ri0vuIumBABE1OOZws0Z+eDB046DU6FprdnQJai
cqZHFbFnNBn2m047sGGldGKOl5HMkOrmtOrRB3x6CRpsLuN9nUMGmC5U6kvi2EkR
kzRYnmcxbZLI/1bVea8f7pyRsHbCqmCLiki1NTCLL9rCYY+1l7sX6ng1cKlyTRz1
C97YDct9KmzRvfcHTsKC3jeBiKymkaKyJ00u9mLjXsqfK5zR9FiR8yoGsrgLkFgs
3ivnF3KT1R8/cftKCpxVLDrLvWHNO6b2WRUy/da5il93+SW4A87reqvAHfx9vSq9
h8s6fK4YCG/cZ4hveNmrl8+cQgYSgRWUnlq5/FqLWtzz
-----END CERTIFICATE-----
Generated at Thu Jun 5 18:15:43 2025 by rpki-client