Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3231332e302f32342d3234203d3e2033323537.roa
File: 3231372e3231372e3231332e302f32342d3234203d3e2033323537.roa (raw, json)
Hash identifier: sr3s8A7562p90V+TjMsM/ThMMrlyz6v6OCgfVT5Y9uw=
Subject key identifier: DD:D8:97:BB:0F:F0:95:5C:25:95:46:74:B1:E6:08:CE:B6:CE:9C:60
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 368ACC19A41E079A16B3E670E19F7FFC7C28E84D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3231332e302f32342d3234203d3e2033323537.roa
Signing time: Thu 04 Sep 2025 07:03:29 +0000
ROA not before: Thu 04 Sep 2025 06:58:29 +0000
ROA not after: Thu 03 Sep 2026 07:03:29 +0000
asID: 3257
IP address blocks: 217.217.213.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 01:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
36:8a:cc:19:a4:1e:07:9a:16:b3:e6:70:e1:9f:7f:fc:7c:28:e8:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Sep 4 06:58:29 2025 GMT
Not After : Sep 3 07:03:29 2026 GMT
Subject: CN=DDD897BB0FF0955C25954674B1E608CEB6CE9C60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:a2:78:fe:c3:fa:d8:83:81:aa:f9:05:aa:6e:
b4:67:93:b2:2f:73:da:4c:5e:b6:84:d3:e0:d2:19:
af:ff:4f:63:88:c1:be:8d:0f:35:ef:f5:4b:0b:f2:
bb:cf:ef:02:32:e7:8d:58:bb:5f:5e:d7:76:d4:19:
2e:ee:b0:38:bb:a4:98:e5:37:ce:92:e5:31:2c:cb:
de:d1:a0:0b:cc:25:02:0b:70:71:1b:36:25:4a:f2:
6a:2f:a6:51:38:32:93:58:da:b7:e8:a1:66:14:5a:
b8:a4:84:7f:ec:49:0b:7c:64:cd:a4:19:b1:01:df:
4a:2d:b4:66:df:5d:0b:30:4a:c9:fb:0e:5c:dc:a2:
8d:6c:a2:15:5a:b9:7b:13:95:e4:a5:da:c9:5b:8f:
7e:b2:7d:20:69:1b:91:a6:60:b8:5e:80:d3:16:e0:
06:41:e7:94:b9:2b:f0:86:c3:bf:79:24:0a:45:d9:
4d:96:f0:65:2c:ef:a1:12:5b:84:c4:57:a6:9b:c4:
08:f5:f6:10:bd:e2:28:36:dd:08:9a:dd:7c:ba:83:
4d:90:db:74:fe:86:90:25:6a:83:01:82:fc:a5:b1:
4d:f2:41:12:c0:5e:b7:2b:2d:21:bb:99:f5:89:e2:
c1:b5:14:20:bd:07:7d:f4:24:29:56:be:51:b8:97:
59:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:D8:97:BB:0F:F0:95:5C:25:95:46:74:B1:E6:08:CE:B6:CE:9C:60
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3231332e302f32342d3234203d3e2033323537.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.213.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:f4:4b:bf:ab:11:5d:4b:76:cb:2e:e5:eb:c3:9f:5a:41:4d:
e6:b0:45:95:36:18:dd:25:bc:69:6c:1c:60:67:f1:fd:41:8f:
d7:13:a2:48:9c:82:3f:5b:6a:70:f0:7b:b3:03:7d:41:94:c9:
2a:6e:fe:49:04:98:cd:e5:4e:d6:9a:4a:f5:f3:6b:41:fd:f9:
c7:89:fe:17:d9:02:13:79:80:73:ec:71:5c:1f:e2:14:86:f4:
75:70:7a:f1:1e:9c:ab:ef:ec:40:38:52:0c:48:83:68:e4:46:
fb:8e:58:f8:b3:59:90:b8:37:2a:03:f2:6c:7a:85:51:fe:96:
4e:7d:4f:be:26:d6:7d:d2:f7:ad:9a:37:72:c6:d5:15:db:07:
7f:78:61:32:b2:39:97:f2:29:bd:1c:60:50:55:95:e7:e7:54:
1b:31:4b:43:f0:05:b3:23:57:ba:d3:ab:8b:4a:a1:5f:9d:1b:
00:2d:ec:04:70:35:81:b1:c5:4c:d6:48:0c:8c:b8:0f:72:68:
e4:67:3a:71:7a:ac:45:06:73:e4:29:c1:d8:92:84:4e:a5:7b:
81:3d:c5:a0:81:de:62:b6:0d:c7:cb:cd:ca:d6:fd:2e:0c:f6:
2e:63:ea:a3:95:de:65:97:fa:b0:ca:c6:a9:bc:7b:42:38:61:
fc:81:35:37
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUNorMGaQeB5oWs+Zw4Z9//Hwo6E0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MDQwNjU4MjlaFw0yNjA5MDMwNzAzMjlaMDMxMTAvBgNV
BAMTKERERDg5N0JCMEZGMDk1NUMyNTk1NDY3NEIxRTYwOENFQjZDRTlDNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvonj+w/rYg4Gq+QWqbrRnk7Iv
c9pMXraE0+DSGa//T2OIwb6NDzXv9UsL8rvP7wIy541Yu19e13bUGS7usDi7pJjl
N86S5TEsy97RoAvMJQILcHEbNiVK8movplE4MpNY2rfooWYUWrikhH/sSQt8ZM2k
GbEB30ottGbfXQswSsn7Dlzcoo1sohVauXsTleSl2slbj36yfSBpG5GmYLhegNMW
4AZB55S5K/CGw795JApF2U2W8GUs76ESW4TEV6abxAj19hC94ig23Qia3Xy6g02Q
23T+hpAlaoMBgvylsU3yQRLAXrcrLSG7mfWJ4sG1FCC9B330JClWvlG4l1mdAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU3diXuw/wlVwllUZ0seYIzrbOnGAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMy
MzEzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzIzNTM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
2dnVMA0GCSqGSIb3DQEBCwUAA4IBAQAO9Eu/qxFdS3bLLuXrw59aQU3msEWVNhjd
JbxpbBxgZ/H9QY/XE6JInII/W2pw8HuzA31BlMkqbv5JBJjN5U7Wmkr182tB/fnH
if4X2QITeYBz7HFcH+IUhvR1cHrxHpyr7+xAOFIMSINo5Eb7jlj4s1mQuDcqA/Js
eoVR/pZOfU++JtZ90vetmjdyxtUV2wd/eGEysjmX8im9HGBQVZXn51QbMUtD8AWz
I1e606uLSqFfnRsALewEcDWBscVM1kgMjLgPcmjkZzpxeqxFBnPkKcHYkoROpXuB
PcWggd5itg3Hy83K1v0uDPYuY+qjld5ll/qwysapvHtCOGH8gTU3
-----END CERTIFICATE-----
Generated at Mon Sep 8 08:52:08 2025 by rpki-client