Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135342e302f32342d3234203d3e203434373731.roa
File: 3138352e3134392e3135342e302f32342d3234203d3e203434373731.roa (raw, json)
Hash identifier: Pgs5ueHQXHOzRUAnFpUKAel9Ig4WE+HMpXX4wHeR3SY=
Subject key identifier: EC:CA:8B:A4:FC:D0:1F:24:6F:C0:5C:8F:3B:7F:F4:76:83:74:FA:CB
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 0AAEE35923170758EC85FA930D58E07C8CD3BF50
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135342e302f32342d3234203d3e203434373731.roa
Signing time: Fri 09 May 2025 09:37:57 +0000
ROA not before: Fri 09 May 2025 09:32:57 +0000
ROA not after: Fri 08 May 2026 09:37:57 +0000
asID: 44771
IP address blocks: 185.149.154.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 13 May 2025 14:31:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:ae:e3:59:23:17:07:58:ec:85:fa:93:0d:58:e0:7c:8c:d3:bf:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: May 9 09:32:57 2025 GMT
Not After : May 8 09:37:57 2026 GMT
Subject: CN=ECCA8BA4FCD01F246FC05C8F3B7FF4768374FACB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:23:4b:35:56:78:ac:a9:55:b6:4c:1c:2e:77:
bc:d1:16:55:dd:6c:60:92:2c:5e:15:cb:0e:ca:c6:
a4:b9:58:6c:b4:94:26:9d:4d:fc:84:8f:f5:08:91:
80:1d:4c:36:b6:cb:39:3e:9a:97:36:75:7a:66:7f:
c8:eb:a7:83:e0:8b:23:6c:4f:e1:d7:7b:2f:b4:8c:
95:a6:6d:64:a7:ac:4f:4b:6b:08:2e:90:82:48:cc:
28:03:72:a5:fa:f0:2e:e3:e1:3b:24:5e:ff:5a:02:
77:90:90:30:e7:fc:9b:ba:2a:ad:7f:b2:7f:e9:bc:
61:44:d9:3d:f5:43:72:fb:da:ca:7b:61:ca:bc:6b:
bb:86:cc:75:8b:79:b3:bd:10:01:c6:1e:c6:40:8c:
88:bc:dc:6a:9f:e0:b6:c4:eb:0c:dd:fa:1f:77:d3:
77:20:66:3e:f8:54:40:6e:74:66:a8:1f:58:55:b3:
6b:4d:34:e6:fe:70:8b:b8:ee:57:f9:74:fb:49:26:
36:72:0a:3a:a4:ec:a6:62:53:4b:23:e6:34:37:03:
0c:a6:61:44:7a:9c:da:bc:bc:86:b3:40:79:d5:9b:
8d:dc:f2:94:5d:ad:4f:44:af:59:17:5a:59:8c:bd:
c3:a6:a7:c9:9c:0a:39:a6:7e:72:b8:c4:b5:c1:45:
74:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:CA:8B:A4:FC:D0:1F:24:6F:C0:5C:8F:3B:7F:F4:76:83:74:FA:CB
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135342e302f32342d3234203d3e203434373731.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.149.154.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:16:a1:4c:1a:8f:25:da:f7:60:99:14:2b:49:a3:7b:7b:a4:
03:66:55:0b:e1:36:09:e5:42:8f:cf:14:4e:5b:25:94:59:74:
49:d9:3e:81:7d:cb:8c:83:f8:ef:92:dd:2d:5c:21:51:cf:43:
9d:ea:71:18:29:e3:d4:f2:c0:45:9d:85:6e:0e:70:01:fa:32:
44:33:1f:a5:73:a1:a7:2a:32:01:13:83:d5:0b:86:62:a0:a1:
5b:c9:2f:50:fe:f0:91:e3:e0:a6:ac:0d:dc:b4:ba:88:96:33:
57:43:e1:33:7f:37:9f:a5:21:1a:5e:e9:63:0e:6d:28:0c:64:
dd:cc:9c:db:5c:33:48:02:c6:ac:ff:19:cc:fc:ba:4b:ba:b0:
9f:82:ef:b1:6e:4c:31:ac:cd:e4:73:fb:3c:45:f9:0e:28:37:
37:df:84:11:62:eb:d9:2e:95:6b:75:c6:1f:e8:32:ae:34:7e:
cc:60:01:99:09:1b:82:04:f6:57:c1:0d:02:df:3b:de:73:a2:
ae:65:09:ae:be:6c:3f:9f:49:0f:10:fd:ea:bc:3b:7a:b1:ce:
29:fd:5a:4b:35:94:b0:e1:bc:03:c7:e7:86:95:4b:1b:04:64:
c9:56:5c:02:5f:4a:27:0f:9f:52:d6:a9:09:c3:80:db:b8:66:
78:14:e4:d6
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUCq7jWSMXB1jshfqTDVjgfIzTv1AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNTA1MDkwOTMyNTdaFw0yNjA1MDgwOTM3NTdaMDMxMTAvBgNV
BAMTKEVDQ0E4QkE0RkNEMDFGMjQ2RkMwNUM4RjNCN0ZGNDc2ODM3NEZBQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9I0s1VnisqVW2TBwud7zRFlXd
bGCSLF4Vyw7KxqS5WGy0lCadTfyEj/UIkYAdTDa2yzk+mpc2dXpmf8jrp4PgiyNs
T+HXey+0jJWmbWSnrE9LawgukIJIzCgDcqX68C7j4TskXv9aAneQkDDn/Ju6Kq1/
sn/pvGFE2T31Q3L72sp7Ycq8a7uGzHWLebO9EAHGHsZAjIi83Gqf4LbE6wzd+h93
03cgZj74VEBudGaoH1hVs2tNNOb+cIu47lf5dPtJJjZyCjqk7KZiU0sj5jQ3Awym
YUR6nNq8vIazQHnVm43c8pRdrU9Er1kXWlmMvcOmp8mcCjmmfnK4xLXBRXQvAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU7MqLpPzQHyRvwFyPO3/0doN0+sswHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzEzODM1MmUzMTM0MzkyZTMx
MzUzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzQzNzM3MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5lZowDQYJKoZIhvcNAQELBQADggEBAH0WoUwajyXa92CZFCtJo3t7pANmVQvh
NgnlQo/PFE5bJZRZdEnZPoF9y4yD+O+S3S1cIVHPQ53qcRgp49TywEWdhW4OcAH6
MkQzH6VzoacqMgETg9ULhmKgoVvJL1D+8JHj4KasDdy0uoiWM1dD4TN/N5+lIRpe
6WMObSgMZN3MnNtcM0gCxqz/Gcz8uku6sJ+C77FuTDGszeRz+zxF+Q4oNzffhBFi
69kulWt1xh/oMq40fsxgAZkJG4IE9lfBDQLfO95zoq5lCa6+bD+fSQ8Q/eq8O3qx
zin9Wks1lLDhvAPH54aVSxsEZMlWXAJfSicPn1LWqQnDgNu4ZngU5NY=
-----END CERTIFICATE-----
Generated at Mon May 12 20:37:41 2025 by rpki-client