Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398465.roa
File: AS398465.roa (raw, json)
Hash identifier: ewVIScKrn5zUF7FGm7Nu6QVXHgFsMBTrbyCl5+UMYh4=
Subject key identifier: 47:08:42:D2:10:43:0C:1C:27:B3:0D:5A:DB:E0:5E:BB:81:B3:DC:B8
Certificate issuer: /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial: 65F818425BA2500BD2CD7D83C40465E860293BB7
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398465.roa
Signing time: Mon 10 Nov 2025 23:17:49 +0000
ROA not before: Mon 10 Nov 2025 23:12:49 +0000
ROA not after: Mon 09 Nov 2026 23:17:49 +0000
asID: 398465
IP address blocks: 91.124.0.0/24 maxlen: 24
91.124.2.0/24 maxlen: 24
91.124.3.0/24 maxlen: 24
91.124.16.0/24 maxlen: 24
91.124.59.0/24 maxlen: 24
91.124.82.0/24 maxlen: 24
91.124.90.0/24 maxlen: 24
91.124.208.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:f8:18:42:5b:a2:50:0b:d2:cd:7d:83:c4:04:65:e8:60:29:3b:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Validity
Not Before: Nov 10 23:12:49 2025 GMT
Not After : Nov 9 23:17:49 2026 GMT
Subject: CN=470842D210430C1C27B30D5ADBE05EBB81B3DCB8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:69:e2:e8:31:29:14:d7:d8:91:96:6e:a5:9d:
3b:c6:a9:6c:c9:40:33:d3:e7:9a:d5:ee:a9:b6:93:
07:a6:54:98:4e:aa:a8:8c:ea:b3:8c:14:d4:69:55:
91:da:93:57:20:cf:1b:2c:1f:75:79:8d:46:10:80:
4f:77:3a:7a:f3:d0:7e:1e:f8:28:2a:ad:58:62:7b:
9a:2f:17:a9:48:26:d1:90:52:02:74:4f:c6:a6:74:
e5:85:ae:60:8e:78:7a:fa:a2:65:05:dd:dd:45:95:
ab:4e:83:68:c2:b2:90:9f:f1:3f:86:fd:8d:d2:8d:
ff:f1:8d:03:ca:1e:70:d9:ce:b2:fe:e8:f8:9e:68:
4a:af:82:68:b1:f1:93:21:2a:53:c6:ed:10:6d:4f:
c1:ec:b0:98:08:ab:e4:f7:ea:5d:67:1a:b9:14:2a:
94:a8:65:84:54:39:fd:28:44:89:82:78:d9:57:d4:
2d:7a:f3:ca:4f:93:63:28:3c:2f:44:3e:b9:98:97:
f3:00:a7:75:2b:50:2b:66:fd:e2:34:1a:8d:0b:57:
82:3a:0c:71:83:32:94:9e:1c:c7:b2:01:19:65:92:
ae:e1:2f:f6:f1:ab:fc:b2:8a:c0:f5:b5:b2:01:f4:
44:07:33:61:a3:31:68:63:e2:d6:90:8c:cb:52:4e:
0a:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:08:42:D2:10:43:0C:1C:27:B3:0D:5A:DB:E0:5E:BB:81:B3:DC:B8
X509v3 Authority Key Identifier:
keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398465.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.124.0.0/24
91.124.2.0/23
91.124.16.0/24
91.124.59.0/24
91.124.82.0/24
91.124.90.0/24
91.124.208.0/24
Signature Algorithm: sha256WithRSAEncryption
18:2d:a0:d0:f6:f8:07:19:e3:e5:64:8e:e2:3f:48:84:84:0b:
a7:a1:7a:ca:83:98:29:fa:c9:58:62:f8:33:19:ea:c7:86:8b:
ce:4d:89:43:89:94:e4:bf:96:e2:71:15:4a:e9:29:27:57:26:
51:3a:4b:3e:ca:5f:53:cd:b3:18:4e:83:06:09:2e:23:de:c8:
56:7b:66:f5:4e:5f:f4:59:da:1b:ec:7c:06:11:67:b8:73:73:
e5:a4:fc:87:0c:de:5d:b2:82:66:59:cd:ea:24:bc:39:9e:5e:
92:7d:0c:78:4f:43:d9:21:9f:14:72:f5:82:8a:cd:a3:57:46:
c7:4e:2a:43:b4:70:23:f8:df:9a:c6:8c:8e:b6:08:eb:62:d5:
fa:22:25:e5:2d:27:06:9e:f5:04:f5:05:c6:3c:7d:50:86:a4:
b6:ea:00:8d:dd:b0:02:b8:34:b4:47:4d:16:b0:8a:e4:7b:02:
ac:be:2f:a0:73:d5:06:c8:83:62:01:92:cc:ee:bc:b9:bc:fd:
d2:22:76:85:11:03:c6:69:cb:af:e4:2d:39:29:2d:88:af:ac:
ff:95:d9:99:0a:8a:33:d2:ce:4b:91:c6:38:6f:fe:d7:7d:e7:
6e:36:25:4f:8f:20:de:32:5f:4d:1e:60:eb:60:90:4c:7e:78:
c5:bd:a3:d4
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgIUZfgYQluiUAvSzX2DxARl6GApO7cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTExMTAyMzEyNDlaFw0yNjExMDkyMzE3NDlaMDMxMTAvBgNV
BAMTKDQ3MDg0MkQyMTA0MzBDMUMyN0IzMEQ1QURCRTA1RUJCODFCM0RDQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2aeLoMSkU19iRlm6lnTvGqWzJ
QDPT55rV7qm2kwemVJhOqqiM6rOMFNRpVZHak1cgzxssH3V5jUYQgE93Onrz0H4e
+CgqrVhie5ovF6lIJtGQUgJ0T8amdOWFrmCOeHr6omUF3d1FlatOg2jCspCf8T+G
/Y3Sjf/xjQPKHnDZzrL+6PieaEqvgmix8ZMhKlPG7RBtT8HssJgIq+T36l1nGrkU
KpSoZYRUOf0oRImCeNlX1C1688pPk2MoPC9EPrmYl/MAp3UrUCtm/eI0Go0LV4I6
DHGDMpSeHMeyARllkq7hL/bxq/yyisD1tbIB9EQHM2GjMWhj4taQjMtSTgoLAgMB
AAGjggIuMIICKjAdBgNVHQ4EFgQURwhC0hBDDBwnsw1a2+Beu4Gz3LgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk4NDY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAW3wA
AwQBW3wCAwQAW3wQAwQAW3w7AwQAW3xSAwQAW3xaAwQAW3zQMA0GCSqGSIb3DQEB
CwUAA4IBAQAYLaDQ9vgHGePlZI7iP0iEhAunoXrKg5gp+slYYvgzGerHhovOTYlD
iZTkv5bicRVK6SknVyZROks+yl9TzbMYToMGCS4j3shWe2b1Tl/0Wdob7HwGEWe4
c3PlpPyHDN5dsoJmWc3qJLw5nl6SfQx4T0PZIZ8UcvWCis2jV0bHTipDtHAj+N+a
xoyOtgjrYtX6IiXlLScGnvUE9QXGPH1QhqS26gCN3bACuDS0R00WsIrkewKsvi+g
c9UGyINiAZLM7ry5vP3SInaFEQPGacuv5C05KS2Ir6z/ldmZCooz0s5LkcY4b/7X
feduNiVPjyDeMl9NHmDrYJBMfnjFvaPU
-----END CERTIFICATE-----
Generated at Tue Nov 11 18:29:36 2025 by rpki-client