Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234312e302f32342d3234203d3e203135343139.roa
File: 3231372e392e3234312e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier: hFAW06mmhAPSV/HJ4B8aC2PvIR5CrcKx3FcqsTikSiM=
Subject key identifier: 42:86:2F:28:99:92:F8:6E:2C:1B:8B:3F:D5:EE:BF:CD:8D:7D:21:1C
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 3254A6609348DD07DAD91EC19B68409D6285CF13
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234312e302f32342d3234203d3e203135343139.roa
Signing time: Fri 09 May 2025 09:37:57 +0000
ROA not before: Fri 09 May 2025 09:32:57 +0000
ROA not after: Fri 08 May 2026 09:37:57 +0000
asID: 15419
IP address blocks: 217.9.241.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 12 May 2025 20:38:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
32:54:a6:60:93:48:dd:07:da:d9:1e:c1:9b:68:40:9d:62:85:cf:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: May 9 09:32:57 2025 GMT
Not After : May 8 09:37:57 2026 GMT
Subject: CN=42862F289992F86E2C1B8B3FD5EEBFCD8D7D211C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:0e:86:dd:04:4b:0b:24:f6:eb:61:ac:59:f2:
e6:53:6d:84:15:a5:7a:a4:0b:65:d4:b5:43:94:af:
db:7a:aa:35:0e:d6:31:0c:e5:57:77:e5:69:c6:42:
f1:38:eb:94:97:b6:08:06:41:d0:37:cd:b6:d9:49:
2a:a9:c3:92:30:bb:1d:dd:44:86:40:f4:e9:57:4d:
fb:8a:5c:d3:9e:3e:a7:0e:c7:13:1f:80:b5:0b:31:
ae:6a:9e:f2:e1:22:a5:e2:04:f8:f3:74:82:ef:70:
0d:4a:2c:9f:b4:3e:a9:12:67:59:28:17:f0:61:06:
07:bd:95:62:fa:60:6c:78:cc:4a:89:30:7d:69:0c:
ae:54:27:4e:41:64:df:10:bd:05:04:45:c4:7a:03:
db:a5:dd:79:97:8b:1a:00:7d:f6:05:d8:bb:db:49:
c5:c3:1c:d8:4f:67:bf:46:a4:53:f7:ab:db:0b:3a:
9a:ec:c6:5e:9a:3a:60:e5:44:1b:7c:06:a7:98:09:
a8:66:5f:a0:c3:38:9a:91:5f:9e:f2:f0:93:eb:70:
54:23:01:47:1d:e4:15:fb:e8:3c:f1:9e:19:2f:ae:
0f:ea:31:ed:ba:70:0f:9b:d0:6c:fe:7f:16:b1:4a:
23:a3:32:b1:20:ee:ed:52:d3:1b:ef:80:3b:f4:51:
9f:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:86:2F:28:99:92:F8:6E:2C:1B:8B:3F:D5:EE:BF:CD:8D:7D:21:1C
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234312e302f32342d3234203d3e203135343139.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.9.241.0/24
Signature Algorithm: sha256WithRSAEncryption
4d:cd:64:a8:d3:40:ed:99:e5:84:65:20:f3:24:10:7a:f6:d8:
68:b2:9e:7a:c5:15:d5:b7:16:dc:80:99:22:30:e7:9f:e2:f0:
ca:e5:90:9d:31:6a:b3:e3:1a:31:fe:14:88:a2:a6:bb:93:8a:
80:b2:37:ff:98:ab:0f:45:ba:45:ea:67:16:3d:1a:b4:8a:c9:
c4:57:f8:3b:58:e5:48:12:a8:f5:c6:05:99:68:5c:c2:34:1b:
77:7c:2c:4c:2f:17:f0:c9:9a:e4:9b:39:34:5b:70:76:35:0d:
85:45:01:88:4d:f3:30:24:5a:97:d2:04:f4:8a:74:c1:e4:d5:
fc:0b:fc:ab:e7:f3:fc:28:77:39:97:e8:15:3a:22:e7:93:12:
4c:70:96:db:18:ff:e1:3e:c6:bb:d2:22:50:5e:06:47:41:8d:
30:2c:db:96:6c:5b:21:62:df:9f:a3:28:ae:99:a1:8f:1e:dc:
34:23:39:3b:0f:a5:fc:b6:d1:3c:6d:bb:b0:54:2c:c8:de:65:
de:b2:ee:1b:d2:12:2d:c4:5f:6c:04:a9:3d:55:e4:2f:a0:bb:
27:60:52:bb:c8:c4:da:06:a0:3e:3d:b9:a7:00:20:8f:c8:43:
99:08:b6:88:02:b3:8b:81:13:5a:ed:67:6a:08:8a:82:d6:40:
6b:5a:a8:05
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMlSmYJNI3Qfa2R7Bm2hAnWKFzxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNTA1MDkwOTMyNTdaFw0yNjA1MDgwOTM3NTdaMDMxMTAvBgNV
BAMTKDQyODYyRjI4OTk5MkY4NkUyQzFCOEIzRkQ1RUVCRkNEOEQ3RDIxMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRDobdBEsLJPbrYaxZ8uZTbYQV
pXqkC2XUtUOUr9t6qjUO1jEM5Vd35WnGQvE465SXtggGQdA3zbbZSSqpw5Iwux3d
RIZA9OlXTfuKXNOePqcOxxMfgLULMa5qnvLhIqXiBPjzdILvcA1KLJ+0PqkSZ1ko
F/BhBge9lWL6YGx4zEqJMH1pDK5UJ05BZN8QvQUERcR6A9ul3XmXixoAffYF2Lvb
ScXDHNhPZ79GpFP3q9sLOprsxl6aOmDlRBt8BqeYCahmX6DDOJqRX57y8JPrcFQj
AUcd5BX76Dzxnhkvrg/qMe26cA+b0Gz+fxaxSiOjMrEg7u1S0xvvgDv0UZ+rAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQoYvKJmS+G4sG4s/1e6/zY19IRwwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzIzMTM3MmUzOTJlMzIzNDMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkJ
8TANBgkqhkiG9w0BAQsFAAOCAQEATc1kqNNA7ZnlhGUg8yQQevbYaLKeesUV1bcW
3ICZIjDnn+LwyuWQnTFqs+MaMf4UiKKmu5OKgLI3/5irD0W6RepnFj0atIrJxFf4
O1jlSBKo9cYFmWhcwjQbd3wsTC8X8Mma5Js5NFtwdjUNhUUBiE3zMCRal9IE9Ip0
weTV/Av8q+fz/Ch3OZfoFToi55MSTHCW2xj/4T7Gu9IiUF4GR0GNMCzblmxbIWLf
n6Morpmhjx7cNCM5Ow+l/LbRPG27sFQsyN5l3rLuG9ISLcRfbASpPVXkL6C7J2BS
u8jE2gagPj25pwAgj8hDmQi2iAKzi4ETWu1nagiKgtZAa1qoBQ==
-----END CERTIFICATE-----
Generated at Mon May 12 11:28:54 2025 by rpki-client