Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e362e302f32332d3234203d3e20383334.roa
File: 3134332e32302e362e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier: 9InP6TMdeS2iecDfM/iO6PvJgRB0spX/E2WKJPZz8WI=
Subject key identifier: 44:3F:44:A8:39:14:1C:95:93:EB:7E:F3:40:27:38:C6:67:DD:52:65
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 7BB07354B9C8D390B9077ADA7DB10E97EA50E196
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e362e302f32332d3234203d3e20383334.roa
Signing time: Tue 13 May 2025 06:01:39 +0000
ROA not before: Tue 13 May 2025 05:56:39 +0000
ROA not after: Tue 12 May 2026 06:01:39 +0000
asID: 834
IP address blocks: 143.20.6.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 12:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7b:b0:73:54:b9:c8:d3:90:b9:07:7a:da:7d:b1:0e:97:ea:50:e1:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: May 13 05:56:39 2025 GMT
Not After : May 12 06:01:39 2026 GMT
Subject: CN=443F44A839141C9593EB7EF3402738C667DD5265
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:fc:8a:4c:6a:a8:82:4a:39:ce:2a:23:76:73:
4a:ab:9b:03:3b:e5:c3:12:df:c3:54:50:ce:e5:3a:
39:53:a1:ad:22:2a:03:cf:8f:70:2a:ae:ca:81:01:
53:37:c7:88:8c:4d:0e:4a:71:be:fc:b5:79:a4:fd:
b4:98:a8:05:4a:9c:64:db:87:a2:5f:e8:46:d5:14:
4f:b3:0f:48:10:08:ea:9c:5a:83:2e:9a:4f:35:3e:
05:c7:98:7f:a5:07:3b:69:0b:e4:f7:51:5f:66:56:
72:04:3e:56:f7:62:03:3c:f2:b9:42:c1:0a:79:54:
02:f0:ff:b1:d1:cd:52:b8:17:ef:54:c3:04:ef:e0:
cc:f2:6d:89:b1:1d:c9:97:fb:ba:81:e7:3e:d0:de:
33:a9:a7:ea:a4:cb:4d:ac:7a:3a:21:7b:18:4c:d6:
84:93:f7:3b:75:6b:ef:15:54:aa:95:92:8b:62:27:
e9:4f:2d:55:e1:63:21:c7:4f:a2:c2:f0:ee:60:5e:
98:11:01:f2:ff:1f:0b:93:fb:ee:32:35:c3:64:82:
a8:20:34:e6:eb:cd:20:d3:c0:ce:a7:a8:8f:4b:5f:
de:1b:cd:d0:ec:d0:ae:bb:fb:83:50:0f:55:98:3a:
6f:78:96:24:4d:94:f2:db:ce:cb:ee:b8:8d:2b:28:
44:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:3F:44:A8:39:14:1C:95:93:EB:7E:F3:40:27:38:C6:67:DD:52:65
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e362e302f32332d3234203d3e20383334.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.6.0/23
Signature Algorithm: sha256WithRSAEncryption
9c:19:4a:c1:f5:87:f8:a2:e9:72:d6:06:5f:20:a2:99:0e:1d:
a9:1d:9b:ff:c7:59:90:3e:92:e3:f4:61:f3:f3:61:5a:84:30:
60:9e:36:2e:7a:73:e6:ad:b8:74:79:d3:59:ad:46:91:d8:6e:
35:e7:ca:84:01:37:3b:4e:6e:a1:b3:a3:e0:74:08:58:07:61:
1b:08:32:d5:e4:00:06:c9:5f:62:fc:b0:67:3c:06:78:72:ef:
58:ac:da:97:b6:ad:d9:7b:7d:0b:b7:4a:f3:2f:38:1e:e6:03:
8e:fd:c7:5d:43:9e:e2:55:e4:eb:aa:b7:34:ce:97:4d:9f:c9:
60:05:87:16:94:a5:a6:26:1f:39:c0:c3:d9:f7:2a:8f:ba:99:
fd:0c:ec:fb:4f:6d:14:86:76:79:a9:b6:6d:05:ef:f1:bf:70:
ac:33:e1:a8:b2:a4:86:a2:ea:59:01:0b:30:e6:0b:99:6a:d7:
7a:9d:95:5c:2e:ce:f7:a1:b9:18:a0:05:d2:6e:08:18:e3:34:
d3:63:37:c3:a2:f8:6a:87:39:38:f1:86:23:88:0e:1b:ce:75:
eb:f1:89:16:6a:09:67:cb:06:cb:69:9a:57:9d:7f:6d:42:0c:
85:aa:9b:03:f7:14:d8:0d:5e:2f:5e:1e:d9:b2:8f:b8:4e:30:
84:e4:fd:c3
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUe7BzVLnI05C5B3rafbEOl+pQ4ZYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MTMwNTU2MzlaFw0yNjA1MTIwNjAxMzlaMDMxMTAvBgNV
BAMTKDQ0M0Y0NEE4MzkxNDFDOTU5M0VCN0VGMzQwMjczOEM2NjdERDUyNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm/IpMaqiCSjnOKiN2c0qrmwM7
5cMS38NUUM7lOjlToa0iKgPPj3AqrsqBAVM3x4iMTQ5Kcb78tXmk/bSYqAVKnGTb
h6Jf6EbVFE+zD0gQCOqcWoMumk81PgXHmH+lBztpC+T3UV9mVnIEPlb3YgM88rlC
wQp5VALw/7HRzVK4F+9UwwTv4MzybYmxHcmX+7qB5z7Q3jOpp+qky02sejohexhM
1oST9zt1a+8VVKqVkotiJ+lPLVXhYyHHT6LC8O5gXpgRAfL/HwuT++4yNcNkgqgg
NObrzSDTwM6nqI9LX94bzdDs0K67+4NQD1WYOm94liRNlPLbzsvuuI0rKEQfAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQURD9EqDkUHJWT637zQCc4xmfdUmUwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzNjJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAY8UBjANBgkq
hkiG9w0BAQsFAAOCAQEAnBlKwfWH+KLpctYGXyCimQ4dqR2b/8dZkD6S4/Rh8/Nh
WoQwYJ42Lnpz5q24dHnTWa1GkdhuNefKhAE3O05uobOj4HQIWAdhGwgy1eQABslf
YvywZzwGeHLvWKzal7at2Xt9C7dK8y84HuYDjv3HXUOe4lXk66q3NM6XTZ/JYAWH
FpSlpiYfOcDD2fcqj7qZ/Qzs+09tFIZ2eam2bQXv8b9wrDPhqLKkhqLqWQELMOYL
mWrXep2VXC7O96G5GKAF0m4IGOM002M3w6L4aoc5OPGGI4gOG8516/GJFmoJZ8sG
y2maV51/bUIMhaqbA/cU2A1eL14e2bKPuE4whOT9ww==
-----END CERTIFICATE-----
Generated at Thu Jun 5 18:17:03 2025 by rpki-client