Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9002.roa
File: AS9002.roa (raw, json)
Hash identifier: WUnsbMm0IiMOojGiLI2l+BpPvQe8VDD9PIuAnLXyb4U=
Subject key identifier: F1:05:85:68:BD:A2:95:33:0D:7F:00:73:FA:24:16:E1:66:D2:9C:24
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 6DE2667B4F7C285A008D17BE153C2043D67BF46E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9002.roa
Signing time: Sat 18 Oct 2025 20:29:35 +0000
ROA not before: Sat 18 Oct 2025 20:24:35 +0000
ROA not after: Sat 17 Oct 2026 20:29:35 +0000
asID: 9002
IP address blocks: 82.22.12.0/23 maxlen: 24
82.23.136.0/24 maxlen: 24
82.23.137.0/24 maxlen: 24
82.23.142.0/24 maxlen: 24
82.23.151.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 05:35:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:e2:66:7b:4f:7c:28:5a:00:8d:17:be:15:3c:20:43:d6:7b:f4:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Oct 18 20:24:35 2025 GMT
Not After : Oct 17 20:29:35 2026 GMT
Subject: CN=F1058568BDA295330D7F0073FA2416E166D29C24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:8e:f8:dc:02:4e:5e:f9:09:ac:f1:1b:2d:b0:
37:69:46:79:ce:95:b5:35:2e:6d:b1:dd:df:cf:02:
8f:fd:f4:fa:53:47:4a:92:b7:07:25:ef:dc:fe:58:
97:e1:1a:b7:dd:cf:b3:1e:e1:d4:35:c2:3a:58:aa:
25:81:bb:95:df:5c:f4:8e:1c:3c:59:6f:bc:8d:64:
64:ed:cd:0d:2f:52:f9:90:13:75:17:41:c7:33:5e:
f8:92:0e:63:28:ca:70:fe:d6:9c:26:8c:15:16:c8:
cc:1d:0a:0c:7a:fb:84:a9:31:76:56:d3:a3:55:d7:
3a:99:d2:71:f8:7c:14:85:5d:31:63:e1:d7:31:5c:
38:bc:62:e6:e5:5b:2d:4c:11:05:d0:80:08:72:6b:
3b:f3:7b:aa:eb:c3:37:8f:19:7c:8d:7a:6b:14:cb:
73:13:9e:85:90:d3:c2:2d:3d:2a:e8:8a:31:dc:05:
22:69:da:62:0b:56:88:20:6a:b0:93:f3:0f:a6:44:
ad:12:c8:80:51:91:b9:01:3c:9a:18:b1:7f:ee:d0:
43:ee:ff:f4:d2:1f:37:b9:92:24:90:5f:9b:e7:96:
98:a2:3e:06:6a:02:e1:14:0e:1e:43:9c:6d:07:b4:
0e:f1:83:a3:39:51:20:5c:f2:99:1d:96:5b:7a:03:
a4:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:05:85:68:BD:A2:95:33:0D:7F:00:73:FA:24:16:E1:66:D2:9C:24
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS9002.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.22.12.0/23
82.23.136.0/23
82.23.142.0/24
82.23.151.0/24
Signature Algorithm: sha256WithRSAEncryption
82:1c:f7:af:cc:70:bd:90:3a:ed:72:ab:5a:64:eb:dd:88:b0:
41:cf:8d:db:c6:75:40:25:04:59:85:eb:da:8a:73:22:ee:80:
c0:47:d4:83:37:f9:bf:bd:42:ee:28:f6:b4:c3:be:3d:3b:e3:
9c:1e:81:12:b8:33:0a:4d:eb:76:6d:ef:c4:08:f1:12:be:07:
f5:d5:20:d3:f4:22:70:05:c1:9b:3c:89:cd:6d:9f:da:56:4b:
8b:0a:57:fe:86:fc:80:51:ee:d4:56:82:5e:13:43:67:91:82:
cb:34:2a:9a:08:40:e3:db:8e:0c:05:5c:c7:3c:f7:5a:50:90:
98:9e:11:29:4f:d0:65:b5:24:f3:74:7f:78:d0:c6:e9:fb:c2:
11:07:d6:f5:c3:88:7a:3a:92:90:b4:68:05:9b:08:ed:73:f5:
39:0e:f6:c9:06:cf:19:14:26:d2:69:b7:cc:ee:0f:11:17:0a:
e9:e0:76:63:85:fb:74:62:2e:43:79:89:8f:46:d6:ea:61:b5:
b8:b4:de:4b:00:6e:21:33:33:91:ab:eb:c7:2c:43:53:a0:70:
af:a4:82:cd:e6:51:06:75:7e:82:29:77:1c:97:42:3d:a3:4a:
d5:bb:41:f7:6f:d9:de:17:32:21:0e:00:2d:d9:aa:b3:44:5d:
1b:99:34:1a
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIUbeJme098KFoAjRe+FTwgQ9Z79G4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMTgyMDI0MzVaFw0yNjEwMTcyMDI5MzVaMDMxMTAvBgNV
BAMTKEYxMDU4NTY4QkRBMjk1MzMwRDdGMDA3M0ZBMjQxNkUxNjZEMjlDMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKjvjcAk5e+Qms8RstsDdpRnnO
lbU1Lm2x3d/PAo/99PpTR0qStwcl79z+WJfhGrfdz7Me4dQ1wjpYqiWBu5XfXPSO
HDxZb7yNZGTtzQ0vUvmQE3UXQcczXviSDmMoynD+1pwmjBUWyMwdCgx6+4SpMXZW
06NV1zqZ0nH4fBSFXTFj4dcxXDi8YublWy1MEQXQgAhyazvze6rrwzePGXyNemsU
y3MTnoWQ08ItPSroijHcBSJp2mILVoggarCT8w+mRK0SyIBRkbkBPJoYsX/u0EPu
//TSHze5kiSQX5vnlpiiPgZqAuEUDh5DnG0HtA7xg6M5USBc8pkdllt6A6T1AgMB
AAGjggIaMIICFjAdBgNVHQ4EFgQU8QWFaL2ilTMNfwBz+iQW4WbSnCQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTOTAwMi5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAxBggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAVIWDAME
AVIXiAMEAFIXjgMEAFIXlzANBgkqhkiG9w0BAQsFAAOCAQEAghz3r8xwvZA67XKr
WmTr3YiwQc+N28Z1QCUEWYXr2opzIu6AwEfUgzf5v71C7ij2tMO+PTvjnB6BErgz
Ck3rdm3vxAjxEr4H9dUg0/QicAXBmzyJzW2f2lZLiwpX/ob8gFHu1FaCXhNDZ5GC
yzQqmghA49uODAVcxzz3WlCQmJ4RKU/QZbUk83R/eNDG6fvCEQfW9cOIejqSkLRo
BZsI7XP1OQ72yQbPGRQm0mm3zO4PERcK6eB2Y4X7dGIuQ3mJj0bW6mG1uLTeSwBu
ITMzkavrxyxDU6Bwr6SCzeZRBnV+gil3HJdCPaNK1btB92/Z3hcyIQ4ALdmqs0Rd
G5k0Gg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:04:18 2025 by rpki-client