Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3230392e302f32342d3234203d3e2033323537.roa
File: 3231372e3231372e3230392e302f32342d3234203d3e2033323537.roa (raw, json)
Hash identifier: NgZWalAhSLJN4Qd2MGqnnO2iSf/sPZWFtk9548vo3mM=
Subject key identifier: 85:31:35:BC:4D:72:0C:60:83:35:FB:59:62:98:8A:88:F7:77:64:DE
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 483094F58EE63F2B747CB27C35113735B1B86967
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3230392e302f32342d3234203d3e2033323537.roa
Signing time: Thu 04 Sep 2025 07:03:32 +0000
ROA not before: Thu 04 Sep 2025 06:58:32 +0000
ROA not after: Thu 03 Sep 2026 07:03:32 +0000
asID: 3257
IP address blocks: 217.217.209.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 01:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
48:30:94:f5:8e:e6:3f:2b:74:7c:b2:7c:35:11:37:35:b1:b8:69:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Sep 4 06:58:32 2025 GMT
Not After : Sep 3 07:03:32 2026 GMT
Subject: CN=853135BC4D720C608335FB5962988A88F77764DE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:c9:a1:0f:38:16:02:6e:d1:9b:d2:9d:2d:42:
8d:51:9b:b6:26:cc:bb:87:82:4e:b4:1b:59:34:e7:
80:9b:52:2a:96:e3:08:50:b6:5d:ab:0b:e6:76:1b:
5e:06:45:76:01:a6:ed:fb:7f:27:ea:52:69:7a:c1:
9c:7a:f9:55:d4:c7:19:51:a1:b7:2d:ed:3d:8a:bb:
10:e9:04:11:74:44:a2:e2:de:6a:e3:d1:9b:c5:61:
f8:b1:ce:8f:7f:27:6d:9a:bf:d0:d9:8c:3c:2e:a6:
60:de:c8:8a:4f:45:ba:09:e4:26:24:d0:8f:04:10:
97:56:d2:c0:c8:fe:20:fe:bd:e1:ec:4f:18:7b:a8:
cc:48:a7:c8:03:5a:c4:6e:81:87:8c:ab:4a:89:87:
4d:b7:72:05:39:74:ff:27:ae:89:f2:72:5b:09:98:
6c:f0:f3:3e:cc:19:8d:9f:c8:37:f9:df:b3:36:20:
91:86:4a:d6:ca:b2:f7:1d:21:8d:03:39:e7:0a:36:
18:3e:b6:42:31:c5:ea:a5:07:1d:64:8e:1b:f0:e4:
b7:c8:36:bb:3e:91:2a:a0:a3:3c:29:d8:45:1d:da:
26:df:a3:4c:5a:03:58:83:3e:ae:ef:2e:16:27:9d:
f9:44:0b:76:9b:60:fc:88:cd:4e:2b:d8:b7:20:77:
49:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:31:35:BC:4D:72:0C:60:83:35:FB:59:62:98:8A:88:F7:77:64:DE
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3230392e302f32342d3234203d3e2033323537.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.209.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:01:a3:21:cc:e4:ff:2e:57:4a:e5:d3:85:9e:9c:55:68:01:
96:cb:dd:13:71:50:7e:8a:31:0d:37:8e:ea:2d:ff:b8:d4:be:
7c:21:67:95:b5:c4:4a:ad:38:23:88:4e:cd:90:f2:da:2e:d1:
26:f5:32:8b:80:53:a3:09:c3:2d:73:40:3d:e9:6c:fd:33:4e:
d3:72:2e:f2:75:53:c1:66:be:3e:08:fc:b6:b6:b7:39:d8:d0:
09:55:49:26:f5:80:d3:c2:e6:64:e4:bc:d4:f9:a3:66:89:cc:
44:93:56:56:fe:fe:86:41:32:1c:00:05:04:53:19:54:11:82:
ef:fb:30:4f:42:61:df:94:19:d2:f5:1e:98:3e:6c:2d:03:08:
80:66:96:3a:ad:39:ee:7f:99:6d:3e:be:be:57:8c:47:b0:82:
e1:c7:c3:52:d2:ea:cc:ab:d1:05:40:65:d3:9b:03:55:d2:17:
99:ea:89:8a:9f:6d:f7:2a:ca:2f:a8:14:35:d3:bd:95:6d:da:
18:52:93:c2:d2:ce:8a:fa:67:0d:2c:46:4b:ac:d7:a4:b1:c1:
ac:0f:8a:87:df:fe:e9:ea:0e:56:cb:30:2a:f8:45:0a:9b:ba:
ae:63:09:e7:66:fe:fa:28:78:dd:88:14:90:df:58:de:a5:92:
dc:ba:96:15
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUSDCU9Y7mPyt0fLJ8NRE3NbG4aWcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MDQwNjU4MzJaFw0yNjA5MDMwNzAzMzJaMDMxMTAvBgNV
BAMTKDg1MzEzNUJDNEQ3MjBDNjA4MzM1RkI1OTYyOTg4QTg4Rjc3NzY0REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJyaEPOBYCbtGb0p0tQo1Rm7Ym
zLuHgk60G1k054CbUiqW4whQtl2rC+Z2G14GRXYBpu37fyfqUml6wZx6+VXUxxlR
obct7T2KuxDpBBF0RKLi3mrj0ZvFYfixzo9/J22av9DZjDwupmDeyIpPRboJ5CYk
0I8EEJdW0sDI/iD+veHsTxh7qMxIp8gDWsRugYeMq0qJh023cgU5dP8nronyclsJ
mGzw8z7MGY2fyDf537M2IJGGStbKsvcdIY0DOecKNhg+tkIxxeqlBx1kjhvw5LfI
Nrs+kSqgozwp2EUd2ibfo0xaA1iDPq7vLhYnnflEC3abYPyIzU4r2Lcgd0lDAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUhTE1vE1yDGCDNftZYpiKiPd3ZN4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMy
MzAzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzIzNTM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
2dnRMA0GCSqGSIb3DQEBCwUAA4IBAQCLAaMhzOT/LldK5dOFnpxVaAGWy90TcVB+
ijENN47qLf+41L58IWeVtcRKrTgjiE7NkPLaLtEm9TKLgFOjCcMtc0A96Wz9M07T
ci7ydVPBZr4+CPy2trc52NAJVUkm9YDTwuZk5LzU+aNmicxEk1ZW/v6GQTIcAAUE
UxlUEYLv+zBPQmHflBnS9R6YPmwtAwiAZpY6rTnuf5ltPr6+V4xHsILhx8NS0urM
q9EFQGXTmwNV0heZ6omKn233KsovqBQ1072VbdoYUpPC0s6K+mcNLEZLrNekscGs
D4qH3/7p6g5WyzAq+EUKm7quYwnnZv76KHjdiBSQ31jepZLcupYV
-----END CERTIFICATE-----
Generated at Mon Sep 8 08:51:13 2025 by rpki-client