Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e342e302f32322d3232203d3e203135343139.roa
File: 38392e3131362e342e302f32322d3232203d3e203135343139.roa (raw, json)
Hash identifier: S7PYQmgyaS+nUukOrNi+7gU0SVsm2vupfOTXwPtPOXM=
Subject key identifier: 26:7A:DC:E5:6C:F4:45:82:CA:C7:5B:5B:A6:42:3A:9F:6D:F9:41:54
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 3A556BB0DFD0B537D5C3A1C4207F80641040278E
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e342e302f32322d3232203d3e203135343139.roa
Signing time: Fri 09 May 2025 09:37:56 +0000
ROA not before: Fri 09 May 2025 09:32:56 +0000
ROA not after: Fri 08 May 2026 09:37:56 +0000
asID: 15419
IP address blocks: 89.116.4.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 12 May 2025 20:38:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3a:55:6b:b0:df:d0:b5:37:d5:c3:a1:c4:20:7f:80:64:10:40:27:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: May 9 09:32:56 2025 GMT
Not After : May 8 09:37:56 2026 GMT
Subject: CN=267ADCE56CF44582CAC75B5BA6423A9F6DF94154
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:2f:8e:af:16:8e:6a:6d:5b:a7:36:09:96:ed:
61:d5:fc:68:6c:84:66:6e:16:b7:dc:d3:f5:3a:69:
80:48:52:99:55:6e:4f:bb:23:10:e2:e2:1b:0b:e4:
79:11:b0:42:06:b7:de:03:ff:1b:fa:8a:0a:07:55:
3e:37:a1:99:32:86:e5:54:35:fd:99:cb:a8:e1:35:
b5:5f:a6:68:77:ee:35:78:2f:44:24:45:57:d4:f4:
e6:46:42:4b:f1:32:25:56:23:46:81:10:d1:cd:ce:
cb:e2:20:96:5c:b9:06:4d:9e:f5:02:8a:d4:ab:72:
ce:88:fe:87:3d:c2:92:e2:16:06:9e:92:36:75:56:
30:62:78:9a:fe:3a:7d:3f:ab:1f:15:26:5a:7d:6f:
20:be:e1:c0:91:12:ea:09:26:ef:07:20:65:a5:02:
83:26:3a:de:01:76:74:1c:c0:bf:e5:7a:2f:89:30:
68:c7:5d:d3:ce:d6:a0:50:49:ce:eb:6d:0e:f6:d1:
32:52:a1:e9:4d:2d:1f:53:21:3c:24:69:0b:32:fd:
a4:be:28:50:10:64:f6:a0:bc:f2:c0:da:bd:2c:17:
58:b0:75:fd:c1:bd:9f:05:8e:9a:3e:47:9f:d5:8c:
a0:04:5a:aa:6a:68:92:b0:a5:21:12:c1:a8:f4:aa:
0d:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:7A:DC:E5:6C:F4:45:82:CA:C7:5B:5B:A6:42:3A:9F:6D:F9:41:54
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e342e302f32322d3232203d3e203135343139.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.116.4.0/22
Signature Algorithm: sha256WithRSAEncryption
9a:ca:fa:76:23:6c:15:e1:6e:c6:4f:5c:be:1b:c4:1d:e6:f0:
94:7e:52:64:8c:cb:32:c1:f6:fc:35:3e:c2:d9:d9:df:0e:c4:
1c:85:df:cd:70:29:2c:f9:21:84:98:5e:a8:8b:fd:ef:37:d8:
be:d3:d9:37:68:c5:42:81:be:1e:48:18:23:6d:2a:88:8f:97:
50:56:6e:99:a3:b4:ff:19:3e:7c:d2:bc:5c:64:ab:7a:a7:2e:
4a:ca:6b:52:54:46:ed:f8:55:bf:9c:fc:7d:32:df:f4:ce:c6:
c0:bb:0d:bb:b9:34:fd:5d:0f:5c:c3:53:41:78:19:37:aa:a5:
26:7b:fb:10:5f:96:ce:75:9f:78:43:dd:97:5d:8c:d6:81:a4:
1d:ee:d7:2a:78:b3:43:a9:9e:56:e1:9c:bc:e6:88:5e:c2:2c:
16:fc:06:0e:28:ee:c7:06:81:08:52:1e:60:91:96:6e:61:c7:
c8:6f:17:1d:3d:5c:f8:27:ec:a0:8a:37:b8:94:c4:4e:d2:8e:
38:51:ea:bc:43:86:49:e7:54:9a:89:5a:f8:5e:5b:91:7f:4c:
8d:53:8f:b5:55:96:2c:31:06:74:68:6d:b5:19:ce:ad:b7:2b:
93:62:f1:1f:b4:ce:5e:04:bf:28:1b:97:51:d3:a9:b1:f7:1c:
26:c3:d4:ce
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUOlVrsN/QtTfVw6HEIH+AZBBAJ44wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNTA1MDkwOTMyNTZaFw0yNjA1MDgwOTM3NTZaMDMxMTAvBgNV
BAMTKDI2N0FEQ0U1NkNGNDQ1ODJDQUM3NUI1QkE2NDIzQTlGNkRGOTQxNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4L46vFo5qbVunNgmW7WHV/Ghs
hGZuFrfc0/U6aYBIUplVbk+7IxDi4hsL5HkRsEIGt94D/xv6igoHVT43oZkyhuVU
Nf2Zy6jhNbVfpmh37jV4L0QkRVfU9OZGQkvxMiVWI0aBENHNzsviIJZcuQZNnvUC
itSrcs6I/oc9wpLiFgaekjZ1VjBieJr+On0/qx8VJlp9byC+4cCREuoJJu8HIGWl
AoMmOt4BdnQcwL/lei+JMGjHXdPO1qBQSc7rbQ720TJSoelNLR9TITwkaQsy/aS+
KFAQZPagvPLA2r0sF1iwdf3BvZ8Fjpo+R5/VjKAEWqpqaJKwpSESwaj0qg1BAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJnrc5Wz0RYLKx1tbpkI6n235QVQwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzOTJlMzEzMTM2MmUzNDJl
MzAyZjMyMzIyZDMyMzIyMDNkM2UyMDMxMzUzNDMxMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJZdAQw
DQYJKoZIhvcNAQELBQADggEBAJrK+nYjbBXhbsZPXL4bxB3m8JR+UmSMyzLB9vw1
PsLZ2d8OxByF381wKSz5IYSYXqiL/e832L7T2TdoxUKBvh5IGCNtKoiPl1BWbpmj
tP8ZPnzSvFxkq3qnLkrKa1JURu34Vb+c/H0y3/TOxsC7Dbu5NP1dD1zDU0F4GTeq
pSZ7+xBfls51n3hD3ZddjNaBpB3u1yp4s0OpnlbhnLzmiF7CLBb8Bg4o7scGgQhS
HmCRlm5hx8hvFx09XPgn7KCKN7iUxE7SjjhR6rxDhknnVJqJWvheW5F/TI1Tj7VV
liwxBnRobbUZzq23K5Ni8R+0zl4Evygbl1HTqbH3HCbD1M4=
-----END CERTIFICATE-----
Generated at Mon May 12 11:06:22 2025 by rpki-client