Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398704.roa
File: AS398704.roa (raw, json)
Hash identifier: tWS9NLwes/05Vk2cMe1tWo/THQBjL4ZwmnESMk/q0+w=
Subject key identifier: C4:E9:6F:03:83:A6:D0:98:A8:8A:29:32:77:0B:E7:DC:E2:A7:6A:2C
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 5B9279D64D5A215F3FAB4B37936F5AB75F232F43
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398704.roa
Signing time: Tue 12 Aug 2025 10:37:57 +0000
ROA not before: Tue 12 Aug 2025 10:32:57 +0000
ROA not after: Tue 11 Aug 2026 10:37:57 +0000
asID: 398704
IP address blocks: 181.214.119.0/24 maxlen: 24
181.214.216.0/24 maxlen: 24
181.215.22.0/24 maxlen: 24
181.215.23.0/24 maxlen: 24
181.215.41.0/24 maxlen: 24
181.215.58.0/24 maxlen: 24
181.215.88.0/24 maxlen: 24
181.215.186.0/23 maxlen: 24
191.96.111.0/24 maxlen: 24
191.101.9.0/24 maxlen: 24
191.101.39.0/24 maxlen: 24
191.101.63.0/24 maxlen: 24
191.101.88.0/24 maxlen: 24
191.101.123.0/24 maxlen: 24
191.101.135.0/24 maxlen: 24
191.101.144.0/23 maxlen: 24
191.101.148.0/24 maxlen: 24
191.101.206.0/24 maxlen: 24
191.101.212.0/22 maxlen: 24
191.101.238.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:92:79:d6:4d:5a:21:5f:3f:ab:4b:37:93:6f:5a:b7:5f:23:2f:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Aug 12 10:32:57 2025 GMT
Not After : Aug 11 10:37:57 2026 GMT
Subject: CN=C4E96F0383A6D098A88A2932770BE7DCE2A76A2C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:de:bd:a9:71:b7:05:05:5e:9a:51:32:d6:63:
3e:ce:87:2a:7a:2a:f6:6e:99:aa:fb:25:b7:16:b5:
35:67:b2:48:41:ed:43:ed:5d:d4:69:f0:76:e9:49:
92:cc:2b:61:7d:82:21:f2:4c:7a:58:19:41:dd:f3:
a3:49:4a:55:4c:8e:19:f0:3e:2a:7b:9e:3e:21:41:
66:37:e1:55:15:9c:2f:20:29:b1:ef:c9:79:b6:be:
8a:4a:06:c7:69:49:e3:a4:7e:dc:97:8b:ee:b7:c7:
f4:5b:d4:f5:f8:8f:bf:0f:d7:76:4a:05:f5:ff:6a:
f4:ea:e7:79:db:86:84:59:c9:26:11:ba:ee:56:e5:
d6:77:22:0b:1b:f4:19:8b:5d:1a:0e:17:8f:e6:0d:
aa:76:af:b8:73:58:ea:e1:fe:51:23:05:be:4d:2f:
cd:d9:d4:a8:31:0f:ce:6e:b9:d8:b5:4e:73:42:ed:
3c:d3:43:98:6f:5e:c5:bd:c6:9c:56:8d:2b:69:88:
82:5c:0a:db:28:48:c2:91:53:19:d7:61:b8:66:28:
72:78:30:96:f4:3b:11:59:cd:dd:4f:a9:e8:95:d2:
f7:45:fb:77:e0:fb:df:6e:5e:f8:d0:6b:dc:a5:b6:
b0:f9:e1:7d:07:5f:aa:82:a7:68:c4:93:4c:d8:dc:
bc:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:E9:6F:03:83:A6:D0:98:A8:8A:29:32:77:0B:E7:DC:E2:A7:6A:2C
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398704.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
181.214.119.0/24
181.214.216.0/24
181.215.22.0/23
181.215.41.0/24
181.215.58.0/24
181.215.88.0/24
181.215.186.0/23
191.96.111.0/24
191.101.9.0/24
191.101.39.0/24
191.101.63.0/24
191.101.88.0/24
191.101.123.0/24
191.101.135.0/24
191.101.144.0/23
191.101.148.0/24
191.101.206.0/24
191.101.212.0/22
191.101.238.0/23
Signature Algorithm: sha256WithRSAEncryption
9c:e1:f2:9a:f5:dc:5a:9c:16:ca:ca:c9:4f:40:a9:8a:28:e0:
39:b8:a4:6b:ae:97:f4:e0:39:be:00:27:93:4c:fe:4e:00:8b:
13:c9:61:40:91:59:d7:29:2f:c2:73:e6:30:0a:81:fc:36:65:
df:88:84:fa:cf:8f:70:94:c1:a5:bb:bb:e9:8a:f8:d6:17:ab:
6e:ca:2e:d0:95:40:4f:e8:30:9e:6c:8e:69:e6:86:73:5e:14:
27:10:e7:2a:5a:74:6d:54:da:af:fb:a5:8a:34:0c:23:f8:50:
6d:1a:2e:bf:52:d9:3d:ec:df:be:34:c2:39:5d:2b:3f:64:83:
f1:16:8d:09:14:75:af:17:31:84:48:c5:1b:17:76:ab:9b:98:
05:b9:82:ea:1e:8c:1b:bb:7b:05:31:7b:02:50:5b:fe:8c:2e:
7e:cf:03:59:16:b8:23:01:f1:2f:17:37:c9:e1:d3:c8:aa:b4:
90:13:54:76:38:4e:2d:44:75:46:be:c2:ec:b1:35:85:65:8b:
5b:6a:c1:c4:4f:98:68:36:0b:be:fd:37:aa:0b:97:94:0c:82:
37:a9:67:63:d4:b5:21:6d:72:91:3f:f3:a8:71:c7:2f:cb:c1:
5e:fc:c2:56:16:9c:cc:76:89:b6:c0:bb:13:24:db:3a:f7:74:
82:33:2b:a3
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgIUW5J51k1aIV8/q0s3k29at18jL0MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MTIxMDMyNTdaFw0yNjA4MTExMDM3NTdaMDMxMTAvBgNV
BAMTKEM0RTk2RjAzODNBNkQwOThBODhBMjkzMjc3MEJFN0RDRTJBNzZBMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT3r2pcbcFBV6aUTLWYz7Ohyp6
KvZumar7JbcWtTVnskhB7UPtXdRp8HbpSZLMK2F9giHyTHpYGUHd86NJSlVMjhnw
Pip7nj4hQWY34VUVnC8gKbHvyXm2vopKBsdpSeOkftyXi+63x/Rb1PX4j78P13ZK
BfX/avTq53nbhoRZySYRuu5W5dZ3Igsb9BmLXRoOF4/mDap2r7hzWOrh/lEjBb5N
L83Z1KgxD85uudi1TnNC7TzTQ5hvXsW9xpxWjStpiIJcCtsoSMKRUxnXYbhmKHJ4
MJb0OxFZzd1PqeiV0vdF+3fg+99uXvjQa9yltrD54X0HX6qCp2jEk0zY3Lw5AgMB
AAGjggJ3MIICczAdBgNVHQ4EFgQUxOlvA4Om0Jioiikydwvn3OKnaiwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk4NzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHoweAQCAAEwcgMEALXW
dwMEALXW2AMEAbXXFgMEALXXKQMEALXXOgMEALXXWAMEAbXXugMEAL9gbwMEAL9l
CQMEAL9lJwMEAL9lPwMEAL9lWAMEAL9lewMEAL9lhwMEAb9lkAMEAL9llAMEAL9l
zgMEAr9l1AMEAb9l7jANBgkqhkiG9w0BAQsFAAOCAQEAnOHymvXcWpwWysrJT0Cp
iijgObika66X9OA5vgAnk0z+TgCLE8lhQJFZ1ykvwnPmMAqB/DZl34iE+s+PcJTB
pbu76Yr41herbsou0JVAT+gwnmyOaeaGc14UJxDnKlp0bVTar/ulijQMI/hQbRou
v1LZPezfvjTCOV0rP2SD8RaNCRR1rxcxhEjFGxd2q5uYBbmC6h6MG7t7BTF7AlBb
/owufs8DWRa4IwHxLxc3yeHTyKq0kBNUdjhOLUR1Rr7C7LE1hWWLW2rBxE+YaDYL
vv03qguXlAyCN6lnY9S1IW1ykT/zqHHHL8vBXvzCVhaczHaJtsC7EyTbOvd0gjMr
ow==
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:41:27 2025 by rpki-client