Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS3320.roa
File: AS3320.roa (raw, json)
Hash identifier: 9pTPwvorPyFIpDzVkoivnyR32iGkI5e18HJxFQufFUQ=
Subject key identifier: 3D:BA:96:32:F3:FD:BA:FD:6F:C5:50:E3:48:92:5F:59:21:5D:F4:5B
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 336988E95CAFC1BDA55BE44200598E38A8B0552D
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS3320.roa
Signing time: Fri 18 Apr 2025 10:54:23 +0000
ROA not before: Fri 18 Apr 2025 10:49:23 +0000
ROA not after: Fri 17 Apr 2026 10:54:23 +0000
asID: 3320
IP address blocks: 140.233.192.0/18 maxlen: 24
140.233.192.0/24 maxlen: 24
147.79.8.0/21 maxlen: 24
147.79.48.0/24 maxlen: 24
147.79.49.0/24 maxlen: 24
147.79.50.0/24 maxlen: 24
147.79.51.0/24 maxlen: 24
148.135.192.0/24 maxlen: 24
150.241.192.0/24 maxlen: 24
150.241.193.0/24 maxlen: 24
150.241.194.0/24 maxlen: 24
150.241.195.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 10 May 2025 16:09:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:69:88:e9:5c:af:c1:bd:a5:5b:e4:42:00:59:8e:38:a8:b0:55:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Apr 18 10:49:23 2025 GMT
Not After : Apr 17 10:54:23 2026 GMT
Subject: CN=3DBA9632F3FDBAFD6FC550E348925F59215DF45B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:7c:c9:48:9d:53:93:84:80:c6:bd:2c:4a:8c:
1b:8f:c7:d3:32:27:79:80:51:03:da:bc:87:05:a2:
de:b7:de:fe:42:16:6b:bb:57:ed:dc:68:0f:00:76:
4a:ef:65:08:81:7a:29:0c:3b:ee:dd:f2:04:8a:9b:
4d:d9:e6:d0:24:23:fd:ec:26:6f:7f:74:64:db:ac:
f3:8b:35:a7:9c:14:d7:ad:c9:aa:ca:3e:16:cd:26:
a9:1d:e2:c1:94:39:3b:53:4c:4c:db:01:b6:02:40:
28:19:7a:28:de:cc:3d:30:9f:26:60:fc:84:f7:50:
b5:ae:38:3b:81:1f:ec:92:71:29:5a:3e:57:5a:e6:
77:b6:17:fe:11:ff:3a:fd:39:47:33:c9:82:1b:61:
2a:5b:bb:e5:c7:18:9a:32:a3:0e:a6:17:46:e5:b8:
97:21:7f:e7:6e:10:e3:13:d0:f1:39:27:4a:85:01:
b6:7e:15:af:8e:36:db:16:d5:f4:15:9f:f5:b3:71:
28:5e:e3:9c:33:20:70:47:0d:3f:df:c7:b7:4c:d7:
90:b2:c8:c2:9a:48:93:e4:82:7a:32:4e:6b:73:05:
c8:7f:63:7f:a0:75:74:37:98:0b:cb:fd:5f:78:2c:
c6:d2:36:27:7a:c0:8c:cb:8a:cd:ba:e4:e5:56:68:
44:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:BA:96:32:F3:FD:BA:FD:6F:C5:50:E3:48:92:5F:59:21:5D:F4:5B
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS3320.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.233.192.0/18
147.79.8.0/21
147.79.48.0/22
148.135.192.0/24
150.241.192.0/22
Signature Algorithm: sha256WithRSAEncryption
4c:44:3b:77:43:c5:cf:f9:66:42:e9:a4:45:67:e8:e3:5b:2f:
b6:52:56:05:e5:92:92:a1:ab:79:5b:ae:4a:27:3e:86:3c:02:
5c:38:32:5d:b9:c1:0d:eb:04:63:b3:01:a4:86:e0:02:69:df:
03:7b:a7:db:e6:30:ad:f0:e6:67:09:7d:13:11:a1:2c:41:f4:
e7:9a:89:bc:16:f7:94:3c:42:7b:4a:b2:a0:c1:ec:7f:e4:dd:
6c:f6:be:57:02:3c:df:f1:ab:56:3f:ef:ac:36:fd:4f:58:af:
02:3c:45:bf:ad:7d:6b:5e:77:cd:d1:94:70:3f:90:d9:07:b5:
94:e6:16:cd:a9:14:48:a1:d1:82:45:2e:52:a7:2d:f1:79:61:
08:dc:c7:b5:29:d9:43:96:f1:a1:64:8c:c1:52:c5:0b:c7:e0:
a0:c6:59:de:55:ad:85:9b:91:f5:b1:e1:80:ce:03:1d:7d:4d:
23:b6:e2:22:d8:1e:8d:3e:11:13:21:b9:3e:98:3d:69:63:34:
59:14:4c:c8:45:60:62:98:20:5b:af:a7:3e:29:cf:33:8b:53:
de:25:4d:92:31:f6:5e:7b:76:00:96:4e:f9:2a:b9:fa:f3:14:
49:85:9a:13:60:ba:0f:6a:80:dc:a6:11:0d:2f:3e:f4:c2:ce:
69:7e:8a:17
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUM2mI6Vyvwb2lW+RCAFmOOKiwVS0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MTgxMDQ5MjNaFw0yNjA0MTcxMDU0MjNaMDMxMTAvBgNV
BAMTKDNEQkE5NjMyRjNGREJBRkQ2RkM1NTBFMzQ4OTI1RjU5MjE1REY0NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/fMlInVOThIDGvSxKjBuPx9My
J3mAUQPavIcFot633v5CFmu7V+3caA8AdkrvZQiBeikMO+7d8gSKm03Z5tAkI/3s
Jm9/dGTbrPOLNaecFNetyarKPhbNJqkd4sGUOTtTTEzbAbYCQCgZeijezD0wnyZg
/IT3ULWuODuBH+yScSlaPlda5ne2F/4R/zr9OUczyYIbYSpbu+XHGJoyow6mF0bl
uJchf+duEOMT0PE5J0qFAbZ+Fa+ONtsW1fQVn/WzcShe45wzIHBHDT/fx7dM15Cy
yMKaSJPkgnoyTmtzBch/Y3+gdXQ3mAvL/V94LMbSNid6wIzLis265OVWaESZAgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQUPbqWMvP9uv1vxVDjSJJfWSFd9FswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzMyMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA3BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEBozpwAME
A5NPCAMEApNPMAMEAJSHwAMEApbxwDANBgkqhkiG9w0BAQsFAAOCAQEATEQ7d0PF
z/lmQumkRWfo41svtlJWBeWSkqGreVuuSic+hjwCXDgyXbnBDesEY7MBpIbgAmnf
A3un2+YwrfDmZwl9ExGhLEH055qJvBb3lDxCe0qyoMHsf+TdbPa+VwI83/GrVj/v
rDb9T1ivAjxFv619a153zdGUcD+Q2Qe1lOYWzakUSKHRgkUuUqct8XlhCNzHtSnZ
Q5bxoWSMwVLFC8fgoMZZ3lWthZuR9bHhgM4DHX1NI7biItgejT4REyG5Ppg9aWM0
WRRMyEVgYpggW6+nPinPM4tT3iVNkjH2Xnt2AJZO+Sq5+vMUSYWaE2C6D2qA3KYR
DS8+9MLOaX6KFw==
-----END CERTIFICATE-----
Generated at Sat May 10 08:17:06 2025 by rpki-client