Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3135312e302f32342d3234203d3e20323132323338.roa
File: 38342e33392e3135312e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier: 2SI20SGeR+djR0huD89yhcw0c1qCxfjCUP3ai8fiL5o=
Subject key identifier: 0E:21:EE:74:4D:67:A5:07:35:4B:87:97:4A:C7:A6:AB:A6:BA:5B:24
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 16AC3D4497A1F0CF7BF4E94B6C844FD4D10CCDBB
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3135312e302f32342d3234203d3e20323132323338.roa
Signing time: Thu 28 Aug 2025 20:49:56 +0000
ROA not before: Thu 28 Aug 2025 20:44:56 +0000
ROA not after: Thu 27 Aug 2026 20:49:56 +0000
asID: 212238
IP address blocks: 84.39.151.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Sep 2025 01:00:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:ac:3d:44:97:a1:f0:cf:7b:f4:e9:4b:6c:84:4f:d4:d1:0c:cd:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Aug 28 20:44:56 2025 GMT
Not After : Aug 27 20:49:56 2026 GMT
Subject: CN=0E21EE744D67A507354B87974AC7A6ABA6BA5B24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:e8:b0:fc:1e:43:a2:d7:cc:82:ac:60:6b:7b:
7a:db:30:4f:db:e7:7e:5f:63:9e:bf:32:a7:f8:d4:
a5:32:50:d8:b7:25:a8:5d:18:9d:4c:0c:c3:04:9f:
7a:06:db:cf:cd:f5:00:1a:09:4b:71:01:59:29:69:
88:a9:91:22:49:79:8f:f3:b8:c6:d9:96:97:5e:c7:
24:50:e9:9c:62:14:15:65:de:3a:2d:db:a9:a9:a4:
98:c7:0a:aa:96:6b:28:ae:34:58:0c:e5:9e:e2:55:
00:f1:4f:fb:0f:da:0a:4b:9a:1a:a1:2e:fe:77:18:
b6:a7:88:af:cf:fd:52:f2:12:24:6d:48:4b:a8:8b:
06:71:67:be:ee:4e:b0:e3:a8:d5:09:39:e7:56:18:
9b:8f:99:1b:c3:fb:ef:b9:a5:74:39:5f:ef:58:24:
ca:71:ae:74:03:b5:a8:38:86:95:65:5b:6d:0d:37:
de:e8:7b:22:4f:17:ad:34:a3:48:c4:c5:97:1f:3b:
7a:d5:67:2f:cd:04:84:7e:69:5d:a8:40:7d:19:87:
65:4a:bc:a1:dd:74:4f:0d:88:cb:b5:cd:85:49:90:
e2:b8:90:32:b2:61:ba:2a:01:d8:34:b4:a6:d5:68:
cf:34:d0:5d:09:70:45:c3:fc:9a:22:13:7d:7f:5b:
ce:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:21:EE:74:4D:67:A5:07:35:4B:87:97:4A:C7:A6:AB:A6:BA:5B:24
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38342e33392e3135312e302f32342d3234203d3e20323132323338.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.39.151.0/24
Signature Algorithm: sha256WithRSAEncryption
64:49:51:dc:1b:20:cc:95:94:53:71:73:fb:6f:33:43:61:2c:
66:f1:f5:21:45:1c:97:e6:bd:15:f2:15:97:6c:6a:0d:74:75:
3e:c4:66:f3:56:63:bc:77:83:23:db:ac:17:1c:b9:54:16:1f:
c6:b8:b1:d7:e1:d0:7e:7b:fc:bd:dc:b6:41:d3:cf:50:bc:91:
9c:14:03:01:0c:81:f2:00:e3:46:dd:43:e9:0e:f2:84:31:08:
13:ec:f9:7d:ac:61:b5:98:03:a4:ab:2e:fe:d6:f4:31:53:04:
8c:b0:b0:03:60:c8:2b:55:bd:6f:11:79:59:aa:9a:0e:59:e4:
23:54:ec:c8:ac:2e:3b:53:3b:74:8e:ce:49:e3:3d:39:d9:93:
a2:99:a1:79:9c:71:02:e8:cc:ba:db:50:c4:2d:e5:63:7d:7d:
3a:4b:d2:2d:3f:d6:26:4b:ae:eb:d4:58:14:2b:bc:98:d0:53:
0f:ca:ce:4f:8e:e7:d2:43:7f:35:22:3a:d1:19:9a:a0:89:46:
b6:a1:16:e6:b5:33:68:4c:a3:8f:e6:bb:61:b1:2b:05:27:e2:
a4:ed:d8:eb:bd:f6:ec:67:7a:47:79:b0:00:ae:5f:04:49:1b:
36:53:29:23:9f:3c:03:70:1c:c4:30:50:61:4b:9b:99:d8:6f:
81:2e:98:eb
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUFqw9RJeh8M979OlLbIRP1NEMzbswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjgyMDQ0NTZaFw0yNjA4MjcyMDQ5NTZaMDMxMTAvBgNV
BAMTKDBFMjFFRTc0NEQ2N0E1MDczNTRCODc5NzRBQzdBNkFCQTZCQTVCMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU6LD8HkOi18yCrGBre3rbME/b
535fY56/Mqf41KUyUNi3JahdGJ1MDMMEn3oG28/N9QAaCUtxAVkpaYipkSJJeY/z
uMbZlpdexyRQ6ZxiFBVl3jot26mppJjHCqqWayiuNFgM5Z7iVQDxT/sP2gpLmhqh
Lv53GLaniK/P/VLyEiRtSEuoiwZxZ77uTrDjqNUJOedWGJuPmRvD+++5pXQ5X+9Y
JMpxrnQDtag4hpVlW20NN97oeyJPF600o0jExZcfO3rVZy/NBIR+aV2oQH0Zh2VK
vKHddE8NiMu1zYVJkOK4kDKyYboqAdg0tKbVaM800F0JcEXD/JoiE31/W84JAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUDiHudE1npQc1S4eXSsemq6a6WyQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNDJlMzMzOTJlMzEzNTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMyMzIzMzM4LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
VCeXMA0GCSqGSIb3DQEBCwUAA4IBAQBkSVHcGyDMlZRTcXP7bzNDYSxm8fUhRRyX
5r0V8hWXbGoNdHU+xGbzVmO8d4Mj26wXHLlUFh/GuLHX4dB+e/y93LZB089QvJGc
FAMBDIHyAONG3UPpDvKEMQgT7Pl9rGG1mAOkqy7+1vQxUwSMsLADYMgrVb1vEXlZ
qpoOWeQjVOzIrC47Uzt0js5J4z052ZOimaF5nHEC6My621DELeVjfX06S9ItP9Ym
S67r1FgUK7yY0FMPys5PjufSQ381IjrRGZqgiUa2oRbmtTNoTKOP5rthsSsFJ+Kk
7djrvfbsZ3pHebAArl8ESRs2UykjnzwDcBzEMFBhS5uZ2G+BLpjr
-----END CERTIFICATE-----
Generated at Fri Sep 5 07:51:42 2025 by rpki-client