Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3257.roa
File: AS3257.roa (raw, json)
Hash identifier: IHD6y47RSHCrmlbpT9n1tcjMwCx/t6OHpSdIFIQHii8=
Subject key identifier: 2B:7B:CA:C5:47:C7:5D:5A:DE:7F:0F:A9:5A:C0:4A:48:79:1B:A1:66
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 4A2436F7B7DC336D71CDF364ED06F1094CC1AA9C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3257.roa
Signing time: Tue 23 Sep 2025 10:28:10 +0000
ROA not before: Tue 23 Sep 2025 10:23:10 +0000
ROA not after: Tue 22 Sep 2026 10:28:10 +0000
asID: 3257
IP address blocks: 5.252.77.0/24 maxlen: 24
5.253.202.0/24 maxlen: 24
45.93.47.0/24 maxlen: 24
45.95.23.0/24 maxlen: 24
45.137.30.0/24 maxlen: 24
149.62.43.0/24 maxlen: 24
179.61.163.0/24 maxlen: 24
181.214.8.0/24 maxlen: 24
181.214.186.0/24 maxlen: 24
181.214.206.0/24 maxlen: 24
191.96.48.0/24 maxlen: 24
191.101.209.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:24:36:f7:b7:dc:33:6d:71:cd:f3:64:ed:06:f1:09:4c:c1:aa:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Sep 23 10:23:10 2025 GMT
Not After : Sep 22 10:28:10 2026 GMT
Subject: CN=2B7BCAC547C75D5ADE7F0FA95AC04A48791BA166
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:47:28:b8:d6:40:2e:8a:40:13:29:ab:9b:01:
9c:42:67:e0:e3:f8:3f:ca:86:e1:78:5f:b1:eb:29:
07:b7:b4:ff:d1:ce:bd:e7:13:51:68:b8:7c:02:ba:
ff:0c:be:44:2a:b8:be:ab:a9:da:93:8d:79:26:09:
43:21:a0:ef:0d:1e:16:eb:36:e7:da:ea:8b:e9:9c:
2e:3c:34:61:a0:9f:b6:3c:fb:71:98:3c:8d:0a:f7:
04:fc:61:fe:be:7b:21:84:68:44:e6:e5:0e:fa:9d:
11:19:a5:c5:ce:40:04:a4:26:0d:f2:0b:7e:69:32:
1d:02:85:24:c0:23:5d:5b:04:ec:a0:c3:80:0d:c3:
06:56:c5:1f:81:62:99:c6:37:3e:ae:f0:8a:d7:7b:
10:21:0c:35:3f:33:ca:fb:e5:52:4a:0f:7e:22:c1:
54:c7:f8:a9:92:78:32:46:8b:3c:d7:6b:42:bb:77:
7f:95:62:73:2b:71:b6:e4:3c:8a:b7:d0:59:6f:df:
e0:3b:60:7d:f9:38:c0:e8:d5:83:dd:a3:a4:c8:6d:
b4:e5:90:6f:48:2b:96:7a:5a:78:cf:8c:2e:58:4b:
3b:9d:43:67:5f:af:35:ae:0c:b9:3f:5f:de:74:8e:
18:ba:a5:88:73:cb:bb:c5:bc:73:d7:04:ac:78:cd:
37:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:7B:CA:C5:47:C7:5D:5A:DE:7F:0F:A9:5A:C0:4A:48:79:1B:A1:66
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3257.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.77.0/24
5.253.202.0/24
45.93.47.0/24
45.95.23.0/24
45.137.30.0/24
149.62.43.0/24
179.61.163.0/24
181.214.8.0/24
181.214.186.0/24
181.214.206.0/24
191.96.48.0/24
191.101.209.0/24
Signature Algorithm: sha256WithRSAEncryption
64:c8:5c:26:7e:57:14:3a:55:47:fc:08:88:6e:b9:89:72:c8:
18:6e:66:12:dd:3f:39:ff:17:69:e6:d0:b7:e1:2a:76:f0:87:
5e:36:4c:cd:d1:5c:60:c8:dd:1d:87:0e:30:fc:0d:a9:75:a9:
54:3f:44:94:38:dc:c9:75:14:45:95:76:ad:f1:e2:c7:78:04:
53:21:07:b8:5e:08:c9:d9:72:42:ba:7c:52:e9:b5:bd:85:51:
ac:e8:89:69:34:d5:84:01:fe:48:49:16:58:97:c6:57:73:56:
9d:74:3e:3a:d3:b2:af:9c:91:a2:6c:21:56:29:4a:3d:ae:63:
05:d3:57:ef:53:7d:38:fe:0b:14:d1:e1:70:dd:86:30:5b:44:
5b:77:b3:1b:04:7f:0b:59:eb:ce:eb:f5:d7:f5:4d:b6:d8:fe:
fe:35:cb:7b:ba:4f:a4:c8:47:fc:79:f2:f0:fd:91:23:34:ba:
3a:00:34:d3:8b:d3:3a:ae:09:75:72:27:2d:ca:66:d0:da:2a:
b2:fc:46:05:2f:31:2d:9e:99:85:3f:02:7a:86:96:2b:9e:31:
e8:79:66:12:a0:8b:e8:d5:43:24:60:a2:c0:40:69:3f:04:e5:
dc:e5:f1:87:06:ca:89:e7:d2:85:7c:a8:bb:66:54:bd:bd:d7:
99:36:93:6a
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIUSiQ297fcM21xzfNk7QbxCUzBqpwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MjMxMDIzMTBaFw0yNjA5MjIxMDI4MTBaMDMxMTAvBgNV
BAMTKDJCN0JDQUM1NDdDNzVENUFERTdGMEZBOTVBQzA0QTQ4NzkxQkExNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSRyi41kAuikATKaubAZxCZ+Dj
+D/KhuF4X7HrKQe3tP/Rzr3nE1FouHwCuv8MvkQquL6rqdqTjXkmCUMhoO8NHhbr
Nufa6ovpnC48NGGgn7Y8+3GYPI0K9wT8Yf6+eyGEaETm5Q76nREZpcXOQASkJg3y
C35pMh0ChSTAI11bBOygw4ANwwZWxR+BYpnGNz6u8IrXexAhDDU/M8r75VJKD34i
wVTH+KmSeDJGizzXa0K7d3+VYnMrcbbkPIq30Flv3+A7YH35OMDo1YPdo6TIbbTl
kG9IK5Z6WnjPjC5YSzudQ2dfrzWuDLk/X950jhi6pYhzy7vFvHPXBKx4zTeTAgMB
AAGjggJKMIICRjAdBgNVHQ4EFgQUK3vKxUfHXVrefw+pWsBKSHkboWYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzI1Ny5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBhBggrBgEFBQcBBwEB/wRSMFAwTgQCAAEwSAMEAAX8TQME
AAX9ygMEAC1dLwMEAC1fFwMEAC2JHgMEAJU+KwMEALM9owMEALXWCAMEALXWugME
ALXWzgMEAL9gMAMEAL9l0TANBgkqhkiG9w0BAQsFAAOCAQEAZMhcJn5XFDpVR/wI
iG65iXLIGG5mEt0/Of8XaebQt+EqdvCHXjZMzdFcYMjdHYcOMPwNqXWpVD9ElDjc
yXUURZV2rfHix3gEUyEHuF4IydlyQrp8Uum1vYVRrOiJaTTVhAH+SEkWWJfGV3NW
nXQ+OtOyr5yRomwhVilKPa5jBdNX71N9OP4LFNHhcN2GMFtEW3ezGwR/C1nrzuv1
1/VNttj+/jXLe7pPpMhH/Hny8P2RIzS6OgA004vTOq4JdXInLcpm0NoqsvxGBS8x
LZ6ZhT8CeoaWK54x6HlmEqCL6NVDJGCiwEBpPwTl3OXxhwbKiefShXyou2ZUvb3X
mTaTag==
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:13:36 2025 by rpki-client