Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3139352e302f32342d3234203d3e2033323537.roa
File: 3231372e3231372e3139352e302f32342d3234203d3e2033323537.roa (raw, json)
Hash identifier: zYGX0PCDSx/PWRNcieJOCOIKfJWMxQayR7YFT+6y0UQ=
Subject key identifier: D2:AD:91:43:0E:5E:E5:B4:C5:69:4E:D0:DA:3F:9A:A9:03:39:36:03
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 4AD36062768EE597CCC819987B8200DE380D3D13
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3139352e302f32342d3234203d3e2033323537.roa
Signing time: Thu 04 Sep 2025 07:03:43 +0000
ROA not before: Thu 04 Sep 2025 06:58:43 +0000
ROA not after: Thu 03 Sep 2026 07:03:43 +0000
asID: 3257
IP address blocks: 217.217.195.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 18:29:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:d3:60:62:76:8e:e5:97:cc:c8:19:98:7b:82:00:de:38:0d:3d:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Sep 4 06:58:43 2025 GMT
Not After : Sep 3 07:03:43 2026 GMT
Subject: CN=D2AD91430E5EE5B4C5694ED0DA3F9AA903393603
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:08:f4:8e:cf:41:f1:4d:6c:94:46:02:dc:b8:
57:77:11:76:0e:81:48:4a:cc:58:97:ae:f4:2f:c7:
b0:82:d2:9a:7f:f8:74:5f:79:f2:c6:9e:3a:13:fe:
57:93:28:a5:bb:ab:4c:2b:8c:fc:f0:91:10:7e:e0:
d7:1b:f3:8d:df:19:17:79:14:4c:b6:c7:bd:56:c9:
be:af:f9:48:9c:b9:4c:7b:a0:40:f7:c7:2a:e3:0e:
cc:2a:e8:ef:b4:01:c4:fc:bd:c9:b7:81:57:e5:ef:
4a:40:b5:a8:98:a0:31:6f:7c:76:96:61:1b:27:3c:
fc:e7:d1:99:e4:c4:56:f9:79:d5:d9:8a:25:09:c0:
6a:99:01:28:2e:6e:cb:33:b2:f1:14:4d:33:7e:2f:
e3:b0:e5:52:45:bb:d1:60:dc:ba:1f:db:23:e1:82:
67:90:2a:89:40:ac:c8:59:af:73:2f:f2:f7:7e:5b:
64:2f:14:c4:9e:0a:b6:32:71:8c:af:35:cb:9f:1a:
f5:c2:15:d1:94:79:e5:fa:f1:c1:ff:41:15:dc:38:
76:7d:2b:46:0c:9e:4a:1e:bb:21:d7:38:23:5c:20:
ef:73:12:c8:de:42:8b:a0:92:48:78:71:81:d3:c9:
28:d5:e5:c7:7f:bd:71:a8:c9:b8:ba:12:dd:1f:08:
4f:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:AD:91:43:0E:5E:E5:B4:C5:69:4E:D0:DA:3F:9A:A9:03:39:36:03
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3139352e302f32342d3234203d3e2033323537.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.195.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:be:d5:2d:83:96:d2:c1:04:c3:44:dc:fb:f3:c9:4f:8f:65:
3d:f5:5a:08:d6:b5:13:01:a1:b0:0f:2e:3f:f2:43:8a:dc:54:
5e:e8:83:bf:cf:06:d8:f0:83:2b:d0:f7:0c:6a:5d:bb:10:93:
4e:eb:e3:b8:10:80:38:57:f0:32:38:0c:c7:4e:18:07:3b:98:
73:1b:39:16:09:26:d9:72:c7:f0:ba:0b:38:e4:fc:1b:ae:e0:
2b:f1:3c:13:01:e9:30:9f:78:f1:2f:75:df:91:f0:78:f5:c2:
50:58:05:0b:9f:3a:06:4b:3b:6b:8d:2c:0f:d1:77:22:f1:96:
12:61:51:2e:60:20:db:99:93:21:64:c3:f4:f3:5b:b5:4b:51:
3f:b1:15:e9:52:62:78:1b:2b:0c:5e:20:23:09:6d:e8:c7:89:
cf:11:fb:81:56:fb:95:e0:6c:8c:14:6f:62:0f:66:96:22:01:
d3:e5:9b:66:c4:15:e6:e2:7d:56:35:e6:d6:7b:d6:06:db:da:
9e:bf:56:fe:ac:91:9e:62:9a:8c:90:ca:e1:ab:8b:8a:56:62:
47:de:e1:9b:a0:9b:47:5e:1b:18:af:36:8b:15:f8:1f:d3:ab:
96:17:6b:57:2f:f4:f9:e0:88:20:bf:e7:0b:5a:b0:25:bd:12:
88:60:3e:2b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUStNgYnaO5ZfMyBmYe4IA3jgNPRMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MDQwNjU4NDNaFw0yNjA5MDMwNzAzNDNaMDMxMTAvBgNV
BAMTKEQyQUQ5MTQzMEU1RUU1QjRDNTY5NEVEMERBM0Y5QUE5MDMzOTM2MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/CPSOz0HxTWyURgLcuFd3EXYO
gUhKzFiXrvQvx7CC0pp/+HRfefLGnjoT/leTKKW7q0wrjPzwkRB+4Ncb843fGRd5
FEy2x71Wyb6v+UicuUx7oED3xyrjDswq6O+0AcT8vcm3gVfl70pAtaiYoDFvfHaW
YRsnPPzn0ZnkxFb5edXZiiUJwGqZASgubsszsvEUTTN+L+Ow5VJFu9Fg3Lof2yPh
gmeQKolArMhZr3Mv8vd+W2QvFMSeCrYycYyvNcufGvXCFdGUeeX68cH/QRXcOHZ9
K0YMnkoeuyHXOCNcIO9zEsjeQougkkh4cYHTySjV5cd/vXGoybi6Et0fCE+TAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU0q2RQw5e5bTFaU7Q2j+aqQM5NgMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMx
MzkzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzIzNTM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
2dnDMA0GCSqGSIb3DQEBCwUAA4IBAQBfvtUtg5bSwQTDRNz788lPj2U99VoI1rUT
AaGwDy4/8kOK3FRe6IO/zwbY8IMr0PcMal27EJNO6+O4EIA4V/AyOAzHThgHO5hz
GzkWCSbZcsfwugs45PwbruAr8TwTAekwn3jxL3XfkfB49cJQWAULnzoGSztrjSwP
0Xci8ZYSYVEuYCDbmZMhZMP081u1S1E/sRXpUmJ4GysMXiAjCW3ox4nPEfuBVvuV
4GyMFG9iD2aWIgHT5ZtmxBXm4n1WNebWe9YG29qev1b+rJGeYpqMkMrhq4uKVmJH
3uGboJtHXhsYrzaLFfgf06uWF2tXL/T54Iggv+cLWrAlvRKIYD4r
-----END CERTIFICATE-----
Generated at Mon Sep 8 08:52:05 2025 by rpki-client