Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e38382e302f32312d3234203d3e20383334.roa
File: 3134332e32302e38382e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier: +ej5WOrCAMXs5/i0cjYolfK55LQYllX+D9EiSN3TkJI=
Subject key identifier: 47:7D:FF:91:F5:AD:96:2B:DB:37:40:F7:F4:54:72:3A:BD:7A:AF:6F
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 409E3A854DAE39FE86142D5BBA23A0AA5D344777
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e38382e302f32312d3234203d3e20383334.roa
Signing time: Fri 30 May 2025 08:08:45 +0000
ROA not before: Fri 30 May 2025 08:03:45 +0000
ROA not after: Fri 29 May 2026 08:08:45 +0000
asID: 834
IP address blocks: 143.20.88.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Jun 2025 12:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:9e:3a:85:4d:ae:39:fe:86:14:2d:5b:ba:23:a0:aa:5d:34:47:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: May 30 08:03:45 2025 GMT
Not After : May 29 08:08:45 2026 GMT
Subject: CN=477DFF91F5AD962BDB3740F7F454723ABD7AAF6F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:4c:a8:35:16:7d:dc:bf:50:04:47:d3:4f:7f:
68:89:cb:f4:2f:f5:82:4b:2c:d3:56:b7:f8:65:65:
15:da:59:60:4d:f1:db:d9:e1:dc:13:f6:97:a3:f8:
d2:67:57:c8:1d:07:55:ae:c2:14:83:a3:82:bf:68:
6a:41:cc:22:c8:92:72:f8:b4:af:b6:6a:06:94:df:
d1:db:b5:71:ae:6a:22:fe:ba:22:8b:f1:58:1b:c0:
2c:bc:e3:e7:92:39:6c:31:22:58:24:f6:27:c9:de:
17:2b:be:3d:af:00:5d:aa:86:43:16:32:c3:59:9b:
4e:ff:ae:9e:3a:12:a7:3b:bf:e4:33:2d:f4:3d:28:
f9:4a:d1:fe:41:73:a6:e4:04:4a:80:77:67:af:ef:
13:36:1e:9b:63:40:a2:e7:fa:cd:12:98:5b:61:54:
4f:f6:c0:43:e0:8d:36:a9:e5:59:a2:81:99:d1:67:
c5:66:61:76:a9:2f:42:f6:48:72:a5:19:73:eb:6c:
90:7f:ee:28:e0:e3:47:22:72:5c:2e:54:c3:87:b3:
f1:36:66:e2:e7:5d:d1:63:84:ef:19:18:97:81:25:
56:fa:40:5c:18:20:2f:13:7e:c8:5a:1e:25:29:8f:
3e:e3:71:46:8e:ea:dc:14:b0:08:0c:ea:ca:a6:04:
a3:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:7D:FF:91:F5:AD:96:2B:DB:37:40:F7:F4:54:72:3A:BD:7A:AF:6F
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e38382e302f32312d3234203d3e20383334.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.88.0/21
Signature Algorithm: sha256WithRSAEncryption
b6:1c:d3:79:cc:cf:d6:d6:c1:8b:23:cb:fa:4a:76:2c:3e:c1:
f5:09:81:25:49:42:6c:15:5a:ad:40:e4:61:03:47:df:e3:9e:
05:0e:dc:71:4d:7c:28:59:59:e0:79:3b:0d:b0:19:d6:74:51:
6d:b7:5f:df:68:f7:45:c5:07:36:88:0b:db:e8:78:22:39:a7:
9f:95:3d:1b:bf:78:77:40:e8:6c:fd:5c:80:e1:a4:3e:fd:79:
6f:d2:1f:b7:45:51:18:71:02:bf:7d:20:7c:c8:4f:e7:a6:76:
8d:46:19:f1:38:92:65:bc:01:26:02:2c:4c:7e:4e:24:04:d4:
b4:ef:a2:f5:0f:d2:82:07:60:19:6b:c1:5d:3b:ba:ff:bc:70:
88:47:86:ba:01:cb:96:c7:43:17:38:7f:14:97:21:cc:3f:07:
a6:6e:6b:3e:ac:b5:46:b5:e0:50:51:fe:79:33:10:10:00:1c:
d2:ad:b7:e1:4a:b0:06:1a:3d:be:e9:9e:91:67:a9:21:3c:b1:
bc:3e:85:2c:68:84:98:c7:ea:cf:92:d5:91:6b:b2:f4:73:82:
69:4f:de:80:68:64:70:36:12:ad:33:b7:b6:ee:d3:ea:e6:d9:
82:ea:8f:ab:7a:26:e2:f1:c6:be:bc:a4:ae:99:95:f7:42:4b:
b1:8c:bc:c8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUQJ46hU2uOf6GFC1buiOgql00R3cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA1MzAwODAzNDVaFw0yNjA1MjkwODA4NDVaMDMxMTAvBgNV
BAMTKDQ3N0RGRjkxRjVBRDk2MkJEQjM3NDBGN0Y0NTQ3MjNBQkQ3QUFGNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/TKg1Fn3cv1AER9NPf2iJy/Qv
9YJLLNNWt/hlZRXaWWBN8dvZ4dwT9pej+NJnV8gdB1WuwhSDo4K/aGpBzCLIknL4
tK+2agaU39HbtXGuaiL+uiKL8VgbwCy84+eSOWwxIlgk9ifJ3hcrvj2vAF2qhkMW
MsNZm07/rp46Eqc7v+QzLfQ9KPlK0f5Bc6bkBEqAd2ev7xM2HptjQKLn+s0SmFth
VE/2wEPgjTap5VmigZnRZ8VmYXapL0L2SHKlGXPrbJB/7ijg40ciclwuVMOHs/E2
ZuLnXdFjhO8ZGJeBJVb6QFwYIC8TfshaHiUpjz7jcUaO6twUsAgM6sqmBKMxAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUR33/kfWtlivbN0D39FRyOr16r28wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzODM4
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDjxRYMA0G
CSqGSIb3DQEBCwUAA4IBAQC2HNN5zM/W1sGLI8v6SnYsPsH1CYElSUJsFVqtQORh
A0ff454FDtxxTXwoWVngeTsNsBnWdFFtt1/faPdFxQc2iAvb6HgiOaeflT0bv3h3
QOhs/VyA4aQ+/Xlv0h+3RVEYcQK/fSB8yE/npnaNRhnxOJJlvAEmAixMfk4kBNS0
76L1D9KCB2AZa8FdO7r/vHCIR4a6AcuWx0MXOH8UlyHMPwembms+rLVGteBQUf55
MxAQABzSrbfhSrAGGj2+6Z6RZ6khPLG8PoUsaISYx+rPktWRa7L0c4JpT96AaGRw
NhKtM7e27tPq5tmC6o+reibi8ca+vKSumZX3QkuxjLzI
-----END CERTIFICATE-----
Generated at Thu Jun 5 18:17:25 2025 by rpki-client