Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3136382e302f32312d3231203d3e203134363138.roa
File: 3231372e3231372e3136382e302f32312d3231203d3e203134363138.roa (raw, json)
Hash identifier: 10QwNCCp7tlnZyBfMBbH6yCUxTNIBHJU8S96i70ZJfs=
Subject key identifier: 9F:B4:0B:D0:7E:DF:94:AF:27:82:6C:93:F8:87:D2:21:F6:26:3A:2E
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 4E14D40B571EF281DB9D8355431149E1D364985D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3136382e302f32312d3231203d3e203134363138.roa
Signing time: Tue 05 Aug 2025 11:35:17 +0000
ROA not before: Tue 05 Aug 2025 11:30:17 +0000
ROA not after: Tue 04 Aug 2026 11:35:17 +0000
asID: 14618
IP address blocks: 217.217.168.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 22 Aug 2025 11:45:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4e:14:d4:0b:57:1e:f2:81:db:9d:83:55:43:11:49:e1:d3:64:98:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Aug 5 11:30:17 2025 GMT
Not After : Aug 4 11:35:17 2026 GMT
Subject: CN=9FB40BD07EDF94AF27826C93F887D221F6263A2E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:20:82:dd:56:7f:02:0d:87:c8:2a:3b:26:1c:
71:53:73:e9:64:de:1f:91:b9:23:a1:22:4e:bd:5c:
43:cf:18:8c:a4:82:3a:34:f3:19:80:71:a6:86:c6:
20:0e:d9:5e:af:64:4b:3a:28:dc:4c:e4:1a:43:c1:
3a:96:12:d7:be:a5:b6:5b:42:cb:60:a5:47:ea:9b:
56:23:5f:8d:b0:25:bb:bc:25:c5:3b:d6:5f:53:96:
b0:4b:b2:d4:91:fe:51:40:d0:71:32:47:23:62:d3:
1d:91:77:c5:08:56:ad:b2:b2:b2:5e:7a:21:6c:cc:
57:1d:81:81:e3:2e:15:c2:b0:3c:f2:4c:70:69:6d:
72:57:c4:b0:c7:93:bc:d4:a6:b2:f1:35:31:a0:21:
d5:6d:64:e9:04:52:7d:94:52:14:29:9c:b1:8b:ae:
aa:73:e1:c1:74:31:3a:af:1d:69:a5:8a:3a:0f:d7:
46:ad:0f:45:6e:4d:11:7d:c2:78:bf:cf:3f:e0:42:
1b:10:54:f8:9e:c4:76:94:8e:aa:e9:c4:b2:62:a7:
9e:26:6d:d5:d8:0a:99:92:a5:1e:2e:02:89:36:0f:
0d:a7:40:60:ec:61:b3:62:0e:7b:b4:ea:37:d4:3a:
aa:49:d5:17:d4:22:9f:1c:a4:97:82:2f:c9:ca:a9:
3c:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:B4:0B:D0:7E:DF:94:AF:27:82:6C:93:F8:87:D2:21:F6:26:3A:2E
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3136382e302f32312d3231203d3e203134363138.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.168.0/21
Signature Algorithm: sha256WithRSAEncryption
5a:98:c8:b5:cc:a3:2c:bc:c4:dc:27:bd:b5:f2:b8:78:dd:6d:
24:89:92:5a:4e:89:53:dc:3c:d9:f0:d7:ff:02:3a:0e:82:e2:
0c:5a:ab:5d:30:19:49:9f:ec:7f:6d:81:57:e8:be:4c:43:80:
73:21:b9:e4:fd:47:ef:2e:3c:2d:09:30:14:f9:58:86:69:9d:
ea:c7:f8:65:cc:a6:e4:44:72:b1:0a:0b:d1:3c:86:40:a1:4d:
08:25:c7:ee:7a:88:29:99:ac:21:40:ef:43:3f:e7:c1:c4:8a:
f2:cf:70:c2:89:45:65:8c:91:79:0b:9e:1a:6d:04:1c:c7:b7:
ad:67:58:c1:f5:c4:58:08:b6:4f:32:b1:b7:ce:3f:d2:94:f0:
7b:d7:7f:32:34:9d:d7:39:d5:d6:d9:98:c6:01:70:71:76:20:
8c:c0:68:64:54:f1:47:aa:db:9f:e3:3d:65:c3:7d:56:b7:4f:
67:4f:93:b3:9d:1f:2d:d9:01:c9:4c:46:b5:81:9a:92:02:7e:
3e:0f:24:ac:e4:a1:1a:e6:51:64:8f:6d:9c:4a:07:17:48:90:
6d:49:da:90:fb:a2:45:2d:81:49:78:a2:fd:87:24:ac:e4:e2:
ef:6a:b0:84:4a:7a:88:e8:fe:e2:a3:bf:97:69:fd:d6:6d:17:
2f:8e:bc:c6
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUThTUC1ce8oHbnYNVQxFJ4dNkmF0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MDUxMTMwMTdaFw0yNjA4MDQxMTM1MTdaMDMxMTAvBgNV
BAMTKDlGQjQwQkQwN0VERjk0QUYyNzgyNkM5M0Y4ODdEMjIxRjYyNjNBMkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiIILdVn8CDYfIKjsmHHFTc+lk
3h+RuSOhIk69XEPPGIykgjo08xmAcaaGxiAO2V6vZEs6KNxM5BpDwTqWEte+pbZb
QstgpUfqm1YjX42wJbu8JcU71l9TlrBLstSR/lFA0HEyRyNi0x2Rd8UIVq2ysrJe
eiFszFcdgYHjLhXCsDzyTHBpbXJXxLDHk7zUprLxNTGgIdVtZOkEUn2UUhQpnLGL
rqpz4cF0MTqvHWmlijoP10atD0VuTRF9wni/zz/gQhsQVPiexHaUjqrpxLJip54m
bdXYCpmSpR4uAok2Dw2nQGDsYbNiDnu06jfUOqpJ1RfUIp8cpJeCL8nKqTwNAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUn7QL0H7flK8ngmyT+IfSIfYmOi4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMx
MzYzODJlMzAyZjMyMzEyZDMyMzEyMDNkM2UyMDMxMzQzNjMxMzgucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAPZ2agwDQYJKoZIhvcNAQELBQADggEBAFqYyLXMoyy8xNwnvbXyuHjdbSSJklpO
iVPcPNnw1/8COg6C4gxaq10wGUmf7H9tgVfovkxDgHMhueT9R+8uPC0JMBT5WIZp
nerH+GXMpuREcrEKC9E8hkChTQglx+56iCmZrCFA70M/58HEivLPcMKJRWWMkXkL
nhptBBzHt61nWMH1xFgItk8ysbfOP9KU8HvXfzI0ndc51dbZmMYBcHF2IIzAaGRU
8Ueq25/jPWXDfVa3T2dPk7OdHy3ZAclMRrWBmpICfj4PJKzkoRrmUWSPbZxKBxdI
kG1J2pD7okUtgUl4ov2HJKzk4u9qsIRKeojo/uKjv5dp/dZtFy+OvMY=
-----END CERTIFICATE-----
Generated at Thu Aug 21 18:54:07 2025 by rpki-client