Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3231392e302f32342d3234203d3e2033323537.roa
File: 3231372e3231372e3231392e302f32342d3234203d3e2033323537.roa (raw, json)
Hash identifier: TXkPXTtw98y3BXnmifXRY37/Tamvv6LSUlTxXrgRp0w=
Subject key identifier: 2A:6D:87:CB:60:C3:33:D3:A3:DE:E5:B8:33:65:51:FC:4F:95:07:5D
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 4CD4AF1BD56141C36D49B5E4396AD81A24080F3D
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3231392e302f32342d3234203d3e2033323537.roa
Signing time: Thu 04 Sep 2025 07:03:25 +0000
ROA not before: Thu 04 Sep 2025 06:58:25 +0000
ROA not after: Thu 03 Sep 2026 07:03:25 +0000
asID: 3257
IP address blocks: 217.217.219.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 18:29:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:d4:af:1b:d5:61:41:c3:6d:49:b5:e4:39:6a:d8:1a:24:08:0f:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Sep 4 06:58:25 2025 GMT
Not After : Sep 3 07:03:25 2026 GMT
Subject: CN=2A6D87CB60C333D3A3DEE5B8336551FC4F95075D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:67:f0:7c:ee:d3:2e:2d:e6:e8:48:87:82:9b:
1d:e6:48:56:5b:4f:2f:f0:b2:35:4f:4b:ae:96:02:
d3:22:7f:0e:ee:2b:fb:ca:36:7b:78:14:5a:33:4e:
4c:e3:bc:c4:dc:b0:e7:7e:b5:c2:6c:46:07:73:4c:
8c:4a:77:c0:36:4c:49:71:1f:84:36:43:d6:19:75:
32:93:0e:19:e8:af:26:e9:d7:03:ff:8c:aa:23:28:
ff:0e:82:de:cd:94:a3:3a:b9:a1:3d:60:9f:69:df:
3d:3e:c5:0e:f6:26:6b:3a:f9:4c:fe:d4:db:72:9c:
2e:0d:87:d5:1f:ce:f6:40:0b:2a:f6:d6:92:dd:27:
12:76:62:d0:15:0f:dc:98:7c:17:fa:f7:24:85:ba:
e1:00:8c:b0:7b:0f:e8:d3:60:d9:24:cc:f3:4f:41:
5a:0f:c0:68:3b:92:5c:0b:ca:45:a9:4e:35:4d:ae:
38:31:2b:eb:7c:26:ae:7b:cd:2b:ea:be:2d:ff:d5:
34:97:0e:ec:92:36:a9:3d:b1:09:63:f8:cd:06:a9:
19:24:b4:32:38:ad:8e:b9:29:80:34:e3:ab:15:a6:
70:a6:61:2c:6e:45:5f:2c:7b:34:b4:1c:5f:26:c5:
9e:42:48:e7:08:72:af:a6:fd:7c:8f:3a:2e:d5:8b:
dc:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:6D:87:CB:60:C3:33:D3:A3:DE:E5:B8:33:65:51:FC:4F:95:07:5D
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3231392e302f32342d3234203d3e2033323537.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.219.0/24
Signature Algorithm: sha256WithRSAEncryption
69:fb:da:b1:b2:de:c3:3b:12:a9:e6:82:00:37:61:83:be:f6:
81:5a:1a:ef:6e:6f:13:c7:47:9c:e6:07:2c:05:47:60:15:0a:
54:f0:53:20:26:f6:94:0a:9c:28:97:fb:72:f6:eb:4b:d1:83:
c3:ed:d5:c5:9d:5d:62:4e:6f:63:38:8f:53:f1:09:7d:a9:2f:
4f:b3:c9:12:2b:14:eb:84:76:ba:5e:6b:19:01:ed:7a:d0:0d:
7c:8d:da:f6:1f:a9:fa:8f:69:3b:cc:36:ee:98:bb:73:96:95:
ef:8d:35:49:e9:ea:c6:bd:7a:e2:c5:c5:d0:15:2a:16:ab:95:
fb:7b:4a:d5:98:ef:09:07:e9:88:6a:8a:b8:45:25:ed:36:99:
0a:e7:62:d2:cd:27:03:01:bf:3f:89:dc:a4:ab:c8:0b:40:3e:
a6:0f:8f:28:72:bd:49:fd:f0:f9:32:5c:83:e5:a5:d3:d1:99:
57:c8:f9:35:9e:dd:ab:b4:c2:3a:fe:72:5f:aa:fc:82:27:20:
38:9c:4c:c8:28:80:95:e0:b9:25:fc:b7:f8:1f:d6:0f:bf:74:
15:28:50:9d:13:36:32:b0:7f:da:9d:09:18:92:14:3e:f9:01:
44:fd:c3:13:ff:2f:91:c1:f6:53:91:ce:70:d3:01:a5:e6:04:
45:5a:14:1f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUTNSvG9VhQcNtSbXkOWrYGiQIDz0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MDQwNjU4MjVaFw0yNjA5MDMwNzAzMjVaMDMxMTAvBgNV
BAMTKDJBNkQ4N0NCNjBDMzMzRDNBM0RFRTVCODMzNjU1MUZDNEY5NTA3NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZZ/B87tMuLeboSIeCmx3mSFZb
Ty/wsjVPS66WAtMifw7uK/vKNnt4FFozTkzjvMTcsOd+tcJsRgdzTIxKd8A2TElx
H4Q2Q9YZdTKTDhnorybp1wP/jKojKP8Ogt7NlKM6uaE9YJ9p3z0+xQ72Jms6+Uz+
1NtynC4Nh9UfzvZACyr21pLdJxJ2YtAVD9yYfBf69ySFuuEAjLB7D+jTYNkkzPNP
QVoPwGg7klwLykWpTjVNrjgxK+t8Jq57zSvqvi3/1TSXDuySNqk9sQlj+M0GqRkk
tDI4rY65KYA046sVpnCmYSxuRV8sezS0HF8mxZ5CSOcIcq+m/XyPOi7Vi9yZAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUKm2Hy2DDM9Oj3uW4M2VR/E+VB10wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMy
MzEzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzIzNTM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
2dnbMA0GCSqGSIb3DQEBCwUAA4IBAQBp+9qxst7DOxKp5oIAN2GDvvaBWhrvbm8T
x0ec5gcsBUdgFQpU8FMgJvaUCpwol/ty9utL0YPD7dXFnV1iTm9jOI9T8Ql9qS9P
s8kSKxTrhHa6XmsZAe160A18jdr2H6n6j2k7zDbumLtzlpXvjTVJ6erGvXrixcXQ
FSoWq5X7e0rVmO8JB+mIaoq4RSXtNpkK52LSzScDAb8/idykq8gLQD6mD48ocr1J
/fD5MlyD5aXT0ZlXyPk1nt2rtMI6/nJfqvyCJyA4nEzIKICV4Lkl/Lf4H9YPv3QV
KFCdEzYysH/anQkYkhQ++QFE/cMT/y+RwfZTkc5w0wGl5gRFWhQf
-----END CERTIFICATE-----
Generated at Mon Sep 8 08:44:28 2025 by rpki-client