Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232312e302f32342d3234203d3e20323039383534.roa
File: 3138352e3230392e3232312e302f32342d3234203d3e20323039383534.roa (raw, json)
Hash identifier: FjwwuSLGB13BTn/j4yjXyNj23DEQkyFzNmWxN/yzEpI=
Subject key identifier: BF:79:DC:69:69:68:47:D8:81:B4:39:65:36:93:50:BD:7E:15:43:F0
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 7071BFB4071B8CB88CC3000C00A05339DB02207B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232312e302f32342d3234203d3e20323039383534.roa
Signing time: Mon 03 Feb 2025 09:45:38 +0000
ROA not before: Mon 03 Feb 2025 09:40:38 +0000
ROA not after: Mon 02 Feb 2026 09:45:38 +0000
asID: 209854
IP address blocks: 185.209.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 10:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
70:71:bf:b4:07:1b:8c:b8:8c:c3:00:0c:00:a0:53:39:db:02:20:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Feb 3 09:40:38 2025 GMT
Not After : Feb 2 09:45:38 2026 GMT
Subject: CN=BF79DC69696847D881B43965369350BD7E1543F0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:99:bd:9b:36:9f:84:60:7d:38:b7:ea:67:e5:
c2:74:02:4e:16:c8:36:27:ac:5a:4e:aa:32:8c:64:
f2:54:a1:54:ec:06:67:17:39:81:3e:4c:50:94:50:
20:84:4f:0b:91:52:13:87:c6:8b:ce:c6:bc:cc:8e:
66:2d:01:55:a3:0c:e3:08:5d:13:3a:16:3c:4c:14:
1e:74:cf:ea:aa:53:2f:9d:18:10:e1:e3:1e:6c:3f:
3d:d2:db:a7:82:8c:98:39:1b:6f:bc:97:c6:1f:64:
97:62:86:96:61:2a:d2:ae:0d:a4:c3:9c:86:ee:74:
fa:fc:5e:9e:fc:f1:9f:da:4e:71:56:98:80:3c:da:
e7:26:28:d7:e7:5e:72:29:d8:c3:2d:a9:97:ee:9c:
a4:38:1f:44:30:9f:05:b2:e5:5b:55:35:7d:f5:21:
16:20:e4:a8:7a:55:71:4f:dc:be:b5:d4:28:f6:41:
55:b6:f1:a2:6a:43:9d:c9:9b:e7:2d:7a:de:bb:28:
ba:ab:5f:1a:bb:f9:c1:30:ed:33:01:e2:64:d3:f9:
75:8a:6c:eb:f6:8d:3c:71:b3:f9:ab:68:1f:a4:e8:
b8:15:a3:97:a6:17:44:38:f6:f4:6b:bc:9d:6b:16:
dd:cc:51:fa:58:ec:8d:41:13:5f:1d:c6:62:66:e3:
cd:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:79:DC:69:69:68:47:D8:81:B4:39:65:36:93:50:BD:7E:15:43:F0
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232312e302f32342d3234203d3e20323039383534.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.209.221.0/24
Signature Algorithm: sha256WithRSAEncryption
60:33:07:c7:fa:5f:11:de:50:3f:92:22:4c:77:e2:b3:f9:d2:
4e:8c:ae:a4:9d:7a:e5:65:a6:c5:26:be:f4:5b:ed:95:92:fc:
77:c1:79:46:b0:e0:98:d5:89:e9:2d:b6:2d:31:fa:8b:d3:bd:
87:ee:08:f4:99:3f:0a:aa:d7:98:51:8c:e4:bd:16:6c:17:d7:
dd:3b:5c:61:fc:68:2f:74:29:cc:f2:6b:99:09:91:ed:3c:3c:
fb:25:d0:e6:c9:f1:79:35:da:f8:56:50:28:9f:c2:a4:e1:d4:
81:90:8a:d9:e8:3c:b4:be:99:27:f8:a3:0a:4d:e9:c2:27:89:
db:57:48:fd:06:72:81:96:79:40:df:9e:4b:b3:11:f9:ae:c4:
4e:fc:48:16:38:f0:d9:fe:f6:37:eb:4a:7d:1a:f1:e8:33:c2:
80:51:b1:ba:e5:11:7d:03:b2:3b:e3:81:d5:56:76:82:b1:76:
1c:6a:db:61:66:20:89:56:b0:40:14:b6:e6:2a:33:1d:f1:d8:
7e:22:96:6b:4c:e3:6b:93:49:ce:97:91:c9:53:e3:98:f5:d4:
19:8e:a0:cf:5a:e3:ab:f9:2d:80:2a:73:8c:15:7c:60:af:e5:
80:bc:a6:15:bf:8b:c6:9b:81:e1:59:a9:b9:cb:54:d6:93:cd:
8b:34:f5:05
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUcHG/tAcbjLiMwwAMAKBTOdsCIHswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAyMDMwOTQwMzhaFw0yNjAyMDIwOTQ1MzhaMDMxMTAvBgNV
BAMTKEJGNzlEQzY5Njk2ODQ3RDg4MUI0Mzk2NTM2OTM1MEJEN0UxNTQzRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmb2bNp+EYH04t+pn5cJ0Ak4W
yDYnrFpOqjKMZPJUoVTsBmcXOYE+TFCUUCCETwuRUhOHxovOxrzMjmYtAVWjDOMI
XRM6FjxMFB50z+qqUy+dGBDh4x5sPz3S26eCjJg5G2+8l8YfZJdihpZhKtKuDaTD
nIbudPr8Xp788Z/aTnFWmIA82ucmKNfnXnIp2MMtqZfunKQ4H0QwnwWy5VtVNX31
IRYg5Kh6VXFP3L611Cj2QVW28aJqQ53Jm+ctet67KLqrXxq7+cEw7TMB4mTT+XWK
bOv2jTxxs/mraB+k6LgVo5emF0Q49vRrvJ1rFt3MUfpY7I1BE18dxmJm4829AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUv3ncaWloR9iBtDllNpNQvX4VQ/AwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMwMzkyZTMy
MzIzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTM4MzUzNC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnR3TANBgkqhkiG9w0BAQsFAAOCAQEAYDMHx/pfEd5QP5IiTHfis/nSToyu
pJ165WWmxSa+9FvtlZL8d8F5RrDgmNWJ6S22LTH6i9O9h+4I9Jk/CqrXmFGM5L0W
bBfX3TtcYfxoL3QpzPJrmQmR7Tw8+yXQ5snxeTXa+FZQKJ/CpOHUgZCK2eg8tL6Z
J/ijCk3pwieJ21dI/QZygZZ5QN+eS7MR+a7ETvxIFjjw2f72N+tKfRrx6DPCgFGx
uuURfQOyO+OB1VZ2grF2HGrbYWYgiVawQBS25iozHfHYfiKWa0zja5NJzpeRyVPj
mPXUGY6gz1rjq/ktgCpzjBV8YK/lgLymFb+LxpuB4VmpuctU1pPNizT1BQ==
-----END CERTIFICATE-----
Generated at Fri Apr 4 16:18:36 2025 by rpki-client