Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3233392e3234302e302f32312d3332203d3e203531313637.roa
File: 38352e3233392e3234302e302f32312d3332203d3e203531313637.roa (raw, json)
Hash identifier: wcWjDx6M8Alc5iZg1xM6kjdIEwG3KhpA1RkHwTFZ7nQ=
Subject key identifier: D9:FF:EB:21:1B:63:58:EC:EA:5D:22:A3:27:0C:9C:29:7D:6E:53:46
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 5DF1816CF51FE1DDD2830EFFF4E6575695CA5897
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3233392e3234302e302f32312d3332203d3e203531313637.roa
Signing time: Fri 23 May 2025 08:46:26 +0000
ROA not before: Fri 23 May 2025 08:41:26 +0000
ROA not after: Fri 22 May 2026 08:46:26 +0000
asID: 51167
IP address blocks: 85.239.240.0/21 maxlen: 32
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 12:43:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:f1:81:6c:f5:1f:e1:dd:d2:83:0e:ff:f4:e6:57:56:95:ca:58:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: May 23 08:41:26 2025 GMT
Not After : May 22 08:46:26 2026 GMT
Subject: CN=D9FFEB211B6358ECEA5D22A3270C9C297D6E5346
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:32:11:81:0c:62:03:a1:85:2a:bb:40:9a:84:
91:91:53:d1:7c:fb:f4:71:94:59:5e:d1:46:68:0d:
89:bc:91:56:5b:62:c8:c2:db:6e:41:37:0e:22:f2:
51:d8:37:dc:bf:51:53:85:d2:c6:c8:64:68:b3:89:
6d:cb:15:2b:85:db:6d:3a:09:a9:f4:49:a7:84:fe:
5c:6d:d0:66:ed:fb:cd:f8:48:f1:e1:6a:37:ee:8d:
42:2b:a3:b5:40:1c:fd:42:42:b6:ea:e5:28:26:e9:
78:68:0b:f5:19:fa:ce:da:a2:ad:5e:a3:0a:7a:be:
82:be:9d:97:94:82:da:21:dd:2f:63:fd:63:52:f9:
8d:55:69:33:52:55:f6:d3:0f:de:f5:ea:6a:ba:98:
c4:33:07:d5:14:ef:9b:ff:4a:ec:62:1c:ee:af:9a:
7a:2e:69:4d:fa:db:65:a7:67:94:69:d2:5c:aa:1d:
54:e2:89:10:27:d1:11:ac:9f:3d:50:11:b1:bc:bb:
5a:93:67:60:1b:e2:2a:7a:5f:a6:82:98:23:ca:3b:
a6:a4:65:26:7d:aa:40:ed:e9:2e:69:85:a0:d1:b8:
4a:ea:11:d2:f0:45:1d:e4:d0:cb:25:cf:33:f8:09:
17:4f:2e:a2:1b:7d:c0:de:53:99:e5:d0:a3:52:63:
4d:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:FF:EB:21:1B:63:58:EC:EA:5D:22:A3:27:0C:9C:29:7D:6E:53:46
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3233392e3234302e302f32312d3332203d3e203531313637.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.239.240.0/21
Signature Algorithm: sha256WithRSAEncryption
2f:ee:ed:9e:89:dd:0b:46:1a:39:d2:81:4e:c9:9c:21:39:89:
23:7e:de:81:59:40:8b:7b:d7:59:c2:c3:88:7e:37:e1:e3:78:
f7:a7:dd:5b:63:5d:87:06:0e:88:23:97:2a:55:82:94:5b:63:
8b:c1:a4:91:55:8a:27:4b:b9:f0:12:0b:24:fb:91:4e:70:05:
40:1e:ea:c6:3a:4c:09:33:1f:88:a3:f9:a1:04:4e:44:06:a3:
a3:d2:52:40:18:ba:10:17:d7:bb:12:fe:f0:69:04:13:40:78:
16:de:39:f6:d6:55:1b:29:99:3a:6f:23:f5:e0:3d:4d:77:e4:
f7:61:38:9c:6b:12:5b:0c:ca:41:0b:67:5e:69:4e:2b:3c:06:
65:c3:31:21:24:64:cd:40:33:10:b0:43:94:96:34:c8:a7:bc:
19:19:e8:85:00:5a:12:d0:a5:8d:39:6f:9c:ff:92:47:11:c8:
b9:75:d8:f6:e0:0e:5f:4b:e7:70:55:9f:70:3e:8a:85:b0:ee:
06:9c:e9:e3:3f:c3:24:17:56:d0:65:f4:0a:52:de:82:67:38:
e8:7b:79:9c:f7:e0:5a:eb:77:a4:0e:46:1d:d0:57:cb:d0:56:
1e:97:b8:91:fd:bc:34:47:80:f7:f0:69:15:f8:a2:33:a4:d9:
67:d3:88:ee
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUXfGBbPUf4d3Sgw7/9OZXVpXKWJcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MjMwODQxMjZaFw0yNjA1MjIwODQ2MjZaMDMxMTAvBgNV
BAMTKEQ5RkZFQjIxMUI2MzU4RUNFQTVEMjJBMzI3MEM5QzI5N0Q2RTUzNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrMhGBDGIDoYUqu0CahJGRU9F8
+/RxlFle0UZoDYm8kVZbYsjC225BNw4i8lHYN9y/UVOF0sbIZGiziW3LFSuF2206
Can0SaeE/lxt0Gbt+834SPHhajfujUIro7VAHP1CQrbq5Sgm6XhoC/UZ+s7aoq1e
owp6voK+nZeUgtoh3S9j/WNS+Y1VaTNSVfbTD9716mq6mMQzB9UU75v/SuxiHO6v
mnouaU3622WnZ5Rp0lyqHVTiiRAn0RGsnz1QEbG8u1qTZ2Ab4ip6X6aCmCPKO6ak
ZSZ9qkDt6S5phaDRuErqEdLwRR3k0MslzzP4CRdPLqIbfcDeU5nl0KNSY033AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU2f/rIRtjWOzqXSKjJwycKX1uU0YwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzIzMzM5MmUzMjM0
MzAyZTMwMmYzMjMxMmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD
Ve/wMA0GCSqGSIb3DQEBCwUAA4IBAQAv7u2eid0LRho50oFOyZwhOYkjft6BWUCL
e9dZwsOIfjfh43j3p91bY12HBg6II5cqVYKUW2OLwaSRVYonS7nwEgsk+5FOcAVA
HurGOkwJMx+Io/mhBE5EBqOj0lJAGLoQF9e7Ev7waQQTQHgW3jn21lUbKZk6byP1
4D1Nd+T3YTicaxJbDMpBC2deaU4rPAZlwzEhJGTNQDMQsEOUljTIp7wZGeiFAFoS
0KWNOW+c/5JHEci5ddj24A5fS+dwVZ9wPoqFsO4GnOnjP8MkF1bQZfQKUt6CZzjo
e3mc9+Ba63ekDkYd0FfL0FYel7iR/bw0R4D38GkV+KIzpNln04ju
-----END CERTIFICATE-----
Generated at Sat Jun 7 04:11:57 2025 by rpki-client