Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e20323134393431.roa
File: 34352e3135382e35372e302f32342d3234203d3e20323134393431.roa (raw, json)
Hash identifier: EdcGkI2tYmmIyJ6JEOgm3u5eRUXHQc/cYie6Jky4S2M=
Subject key identifier: BF:CF:62:9A:01:67:DD:7B:B2:51:21:65:B3:E2:3D:C4:85:C3:93:51
Certificate issuer: /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial: 3B5AE3203C0601D2F354D015AB35FA48A2DBEE5D
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e20323134393431.roa
Signing time: Mon 22 Sep 2025 08:55:07 +0000
ROA not before: Mon 22 Sep 2025 08:50:07 +0000
ROA not after: Mon 21 Sep 2026 08:55:07 +0000
asID: 214941
IP address blocks: 45.158.57.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:5a:e3:20:3c:06:01:d2:f3:54:d0:15:ab:35:fa:48:a2:db:ee:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Validity
Not Before: Sep 22 08:50:07 2025 GMT
Not After : Sep 21 08:55:07 2026 GMT
Subject: CN=BFCF629A0167DD7BB2512165B3E23DC485C39351
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:80:10:6d:67:94:0e:16:57:29:b2:e5:c7:dd:
21:03:b1:ae:5e:9b:39:77:7a:f4:d4:9e:8c:f5:42:
4a:73:60:23:44:08:29:e7:fd:3a:34:e6:18:7d:75:
ab:dc:3a:1c:0e:44:9d:fd:24:93:f2:f9:a5:93:3e:
53:2e:29:e2:24:4f:7c:7d:f5:17:11:65:b1:2d:00:
f4:52:9c:81:60:23:cb:7a:33:98:af:d0:de:79:4c:
1a:00:99:a6:64:ac:ab:8b:59:7d:f2:f7:42:ac:78:
bd:a4:d4:15:c7:b1:1e:12:09:9c:a3:e4:46:17:e6:
6e:2c:d8:de:2b:e6:45:9b:69:23:9f:f5:a8:6c:fb:
fe:6c:92:bd:f1:ca:1d:d9:7d:1f:96:2d:95:5d:77:
28:24:50:be:4c:5b:6f:68:4d:ce:13:09:c3:10:83:
b5:97:a8:d1:30:f5:53:29:3e:b5:21:62:ae:ba:ea:
ad:3f:d3:e9:bb:3f:5a:25:0b:23:c2:87:23:af:ec:
fa:dc:74:2a:53:9b:92:36:8b:f0:59:47:2b:bc:c3:
d4:65:08:68:ad:7a:21:50:17:e0:b5:34:4c:eb:3f:
54:04:59:8c:1b:f7:e6:de:b9:2c:3a:1d:ab:4d:75:
82:10:21:14:8e:c6:9c:9b:45:52:cb:6b:e2:f3:12:
34:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:CF:62:9A:01:67:DD:7B:B2:51:21:65:B3:E2:3D:C4:85:C3:93:51
X509v3 Authority Key Identifier:
keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e20323134393431.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.158.57.0/24
Signature Algorithm: sha256WithRSAEncryption
09:03:17:4a:38:25:2f:dd:9c:99:80:81:8d:14:ad:0c:58:89:
87:c8:90:d4:15:af:1e:ca:4f:b3:f3:ea:bf:38:0d:be:cd:e8:
f5:a3:ba:c5:9a:42:d4:8a:53:0c:bd:a4:03:1f:69:a6:2a:e3:
21:c5:04:c0:77:cc:e8:49:3b:90:5f:69:b0:1c:f7:cf:a9:b9:
d8:b1:6e:62:fb:df:a1:cf:54:7d:ba:d5:09:ba:0e:04:51:3a:
53:aa:27:de:d4:df:2d:7b:c4:e7:24:82:06:ad:fa:a0:34:de:
20:24:23:58:86:60:76:aa:93:12:2b:04:ba:2d:d5:c2:cf:a8:
4f:ad:e1:62:35:9d:d2:6d:5c:6e:09:24:39:c6:2d:9f:90:eb:
18:b8:35:2d:3c:8c:a7:a7:38:24:1b:27:15:e1:fd:1f:21:4a:
89:b0:01:b4:68:13:db:48:ea:16:7a:3c:e2:3f:9c:29:84:5d:
5e:e9:60:71:58:26:c1:b4:fd:8c:c6:5d:21:5d:9d:76:73:93:
e5:bd:9b:d4:39:34:de:74:2d:5c:bd:39:d3:e8:a0:46:fa:6c:
6d:98:8a:7d:17:43:20:48:6d:73:15:30:c6:f8:4c:85:0d:30:
47:8b:61:bd:cd:fe:ee:de:50:04:1d:c8:a1:0c:7a:9b:80:80:
2e:4c:bd:eb
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUO1rjIDwGAdLzVNAVqzX6SKLb7l0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA5MjIwODUwMDdaFw0yNjA5MjEwODU1MDdaMDMxMTAvBgNV
BAMTKEJGQ0Y2MjlBMDE2N0REN0JCMjUxMjE2NUIzRTIzREM0ODVDMzkzNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVgBBtZ5QOFlcpsuXH3SEDsa5e
mzl3evTUnoz1QkpzYCNECCnn/To05hh9davcOhwORJ39JJPy+aWTPlMuKeIkT3x9
9RcRZbEtAPRSnIFgI8t6M5iv0N55TBoAmaZkrKuLWX3y90KseL2k1BXHsR4SCZyj
5EYX5m4s2N4r5kWbaSOf9ahs+/5skr3xyh3ZfR+WLZVddygkUL5MW29oTc4TCcMQ
g7WXqNEw9VMpPrUhYq666q0/0+m7P1olCyPChyOv7PrcdCpTm5I2i/BZRyu8w9Rl
CGiteiFQF+C1NEzrP1QEWYwb9+beuSw6HatNdYIQIRSOxpybRVLLa+LzEjQVAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUv89imgFn3XuyUSFls+I9xIXDk1EwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzNTM4MmUzNTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM0MzkzNDMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LZ45MA0GCSqGSIb3DQEBCwUAA4IBAQAJAxdKOCUv3ZyZgIGNFK0MWImHyJDUFa8e
yk+z8+q/OA2+zej1o7rFmkLUilMMvaQDH2mmKuMhxQTAd8zoSTuQX2mwHPfPqbnY
sW5i+9+hz1R9utUJug4EUTpTqife1N8te8TnJIIGrfqgNN4gJCNYhmB2qpMSKwS6
LdXCz6hPreFiNZ3SbVxuCSQ5xi2fkOsYuDUtPIynpzgkGycV4f0fIUqJsAG0aBPb
SOoWejziP5wphF1e6WBxWCbBtP2Mxl0hXZ12c5PlvZvUOTTedC1cvTnT6KBG+mxt
mIp9F0MgSG1zFTDG+EyFDTBHi2G9zf7u3lAEHcihDHqbgIAuTL3r
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:21:54 2025 by rpki-client