Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234322e302f32342d3234203d3e203135343139.roa
File: 3231372e392e3234322e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier: mOAttZBNx/CTeO/Z3xtwFj9TNAzOHD7wWSzttDopHBY=
Subject key identifier: 01:34:CF:50:52:EF:B7:E9:BE:9D:85:EA:71:D0:0B:47:42:56:BE:D8
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 2021283D9687D77BC96F7F1DFEDF7B4FCCCD4794
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234322e302f32342d3234203d3e203135343139.roa
Signing time: Fri 09 May 2025 09:37:54 +0000
ROA not before: Fri 09 May 2025 09:32:54 +0000
ROA not after: Fri 08 May 2026 09:37:54 +0000
asID: 15419
IP address blocks: 217.9.242.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 12 May 2025 20:38:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:21:28:3d:96:87:d7:7b:c9:6f:7f:1d:fe:df:7b:4f:cc:cd:47:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: May 9 09:32:54 2025 GMT
Not After : May 8 09:37:54 2026 GMT
Subject: CN=0134CF5052EFB7E9BE9D85EA71D00B474256BED8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:d6:21:b4:ae:86:23:1a:34:c3:9d:93:34:f9:
ae:74:bd:17:e6:c0:f5:db:c8:4d:ff:27:fc:73:07:
63:68:c5:4c:c4:cf:ed:05:0c:81:67:3e:df:17:22:
48:c4:2e:d7:a0:0b:75:90:b2:c8:70:1a:c2:bb:20:
c3:97:2d:d9:01:4e:30:bc:d6:4a:51:69:43:63:b6:
ea:d9:bb:91:18:b3:27:b8:1d:7f:63:de:ca:36:f7:
28:7d:64:60:bc:e6:59:79:47:2b:43:ee:59:69:29:
c2:23:dd:a0:f6:ec:6c:a5:93:53:b6:ca:10:c4:f0:
33:59:dd:ec:4c:46:01:d4:0e:5e:e0:34:85:f9:67:
7e:5a:b4:43:38:10:5e:8d:86:4e:d3:7c:a7:71:8e:
74:d0:4d:0a:6a:10:28:4f:4a:66:4c:ed:92:df:c6:
d4:d1:8c:ab:78:7a:e1:2d:c1:3a:11:27:4c:5c:ef:
58:ce:fa:e4:f5:61:5c:4e:d9:e7:ab:2d:42:30:68:
87:be:a2:d2:4a:5c:1b:47:95:2c:88:2a:40:72:00:
c7:40:c9:ac:f2:5c:a4:f5:f5:1e:65:6d:0f:2f:a7:
ad:0c:73:9d:21:38:e0:c1:58:d7:d1:bc:e3:ab:cc:
0c:30:bc:6d:c4:c5:d2:d4:97:27:b5:26:b7:20:ad:
29:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:34:CF:50:52:EF:B7:E9:BE:9D:85:EA:71:D0:0B:47:42:56:BE:D8
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234322e302f32342d3234203d3e203135343139.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.9.242.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:12:d3:d1:c8:a4:32:a2:43:5d:f8:f8:4f:43:c1:36:9b:e0:
3a:c5:88:ec:13:0a:3d:95:1d:9a:df:75:11:83:3d:0f:de:30:
83:ea:31:cb:60:25:c4:90:bd:ad:e1:c9:45:fb:c1:21:5d:35:
4b:3d:38:c6:c1:b1:2f:a2:fb:20:3d:30:04:99:f9:1f:af:48:
25:07:65:b6:0b:60:64:b4:61:92:c9:35:24:02:38:48:29:8f:
82:3e:db:92:a2:93:a7:cd:c1:1c:3d:09:e1:88:4e:5c:df:24:
a1:3a:a6:57:5b:e1:40:37:8a:d1:90:fe:a0:92:06:d2:9c:d5:
91:b3:7e:82:eb:82:aa:ab:cf:d3:69:94:6a:fa:3d:cd:d9:89:
16:09:84:3c:aa:f3:59:37:80:66:fe:64:c4:00:f3:28:e4:01:
07:10:ad:9c:87:c7:f4:6c:93:df:61:c2:b0:26:e4:c6:28:0a:
ef:c5:37:82:5f:90:81:d0:5d:98:d1:5b:fc:c0:23:73:8d:ce:
e0:fb:e1:f6:26:af:c0:9b:6c:95:c9:83:17:7a:65:dd:18:68:
96:85:1d:da:00:3e:15:8b:2a:f4:0b:59:e7:86:1e:cb:2c:cb:
17:ad:d6:11:50:2f:94:e5:1e:71:8f:37:42:6e:10:b0:75:be:
bb:52:1b:02
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUICEoPZaH13vJb38d/t97T8zNR5QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNTA1MDkwOTMyNTRaFw0yNjA1MDgwOTM3NTRaMDMxMTAvBgNV
BAMTKDAxMzRDRjUwNTJFRkI3RTlCRTlEODVFQTcxRDAwQjQ3NDI1NkJFRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu1iG0roYjGjTDnZM0+a50vRfm
wPXbyE3/J/xzB2NoxUzEz+0FDIFnPt8XIkjELtegC3WQsshwGsK7IMOXLdkBTjC8
1kpRaUNjturZu5EYsye4HX9j3so29yh9ZGC85ll5RytD7llpKcIj3aD27Gylk1O2
yhDE8DNZ3exMRgHUDl7gNIX5Z35atEM4EF6Nhk7TfKdxjnTQTQpqEChPSmZM7ZLf
xtTRjKt4euEtwToRJ0xc71jO+uT1YVxO2eerLUIwaIe+otJKXBtHlSyIKkByAMdA
yazyXKT19R5lbQ8vp60Mc50hOODBWNfRvOOrzAwwvG3ExdLUlye1JrcgrSn5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUATTPUFLvt+m+nYXqcdALR0JWvtgwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzIzMTM3MmUzOTJlMzIzNDMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkJ
8jANBgkqhkiG9w0BAQsFAAOCAQEADxLT0cikMqJDXfj4T0PBNpvgOsWI7BMKPZUd
mt91EYM9D94wg+oxy2AlxJC9reHJRfvBIV01Sz04xsGxL6L7ID0wBJn5H69IJQdl
tgtgZLRhksk1JAI4SCmPgj7bkqKTp83BHD0J4YhOXN8koTqmV1vhQDeK0ZD+oJIG
0pzVkbN+guuCqqvP02mUavo9zdmJFgmEPKrzWTeAZv5kxADzKOQBBxCtnIfH9GyT
32HCsCbkxigK78U3gl+QgdBdmNFb/MAjc43O4Pvh9iavwJtslcmDF3pl3RholoUd
2gA+FYsq9AtZ54YeyyzLF63WEVAvlOUecY83Qm4QsHW+u1IbAg==
-----END CERTIFICATE-----
Generated at Mon May 12 11:30:14 2025 by rpki-client