Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232302e302f32342d3234203d3e203634323637.roa
File: 38352e3230392e3232302e302f32342d3234203d3e203634323637.roa (raw, json)
Hash identifier: XWHIiKAhyC1hIbLxIy7cGzG24cVx0PdSj/ilxAV7wq8=
Subject key identifier: D7:0D:54:B6:90:60:C5:DC:E7:06:4D:95:9D:3A:A1:82:17:AD:2A:BB
Certificate issuer: /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial: 1A500E060191E7DE14990155B4FA2B0805D8F8EA
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232302e302f32342d3234203d3e203634323637.roa
Signing time: Fri 06 Jun 2025 15:54:08 +0000
ROA not before: Fri 06 Jun 2025 15:49:08 +0000
ROA not after: Fri 05 Jun 2026 15:54:08 +0000
asID: 64267
IP address blocks: 85.209.220.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 01 Jul 2025 14:23:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:50:0e:06:01:91:e7:de:14:99:01:55:b4:fa:2b:08:05:d8:f8:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Validity
Not Before: Jun 6 15:49:08 2025 GMT
Not After : Jun 5 15:54:08 2026 GMT
Subject: CN=D70D54B69060C5DCE7064D959D3AA18217AD2ABB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:8b:42:a0:ad:8c:5f:29:51:42:33:4b:6f:9f:
9c:54:48:ae:5a:30:1c:3f:d9:33:e2:b3:4d:20:ed:
51:07:f8:e5:5d:47:3e:4e:74:5f:f4:cd:84:46:e2:
f8:55:1e:5f:43:49:86:b1:8d:26:e2:a5:c5:9c:4e:
3b:ac:0d:78:ae:1e:a0:56:c5:fb:0d:41:0a:59:69:
42:f2:3b:20:95:e6:c5:e8:6f:1c:fa:fb:63:de:7e:
68:18:bf:d3:6c:f1:01:ca:7c:dd:87:cc:1e:e8:93:
c7:07:d4:54:55:19:82:fe:42:ad:3f:80:bd:ea:de:
29:f3:ae:8c:90:b5:c9:38:de:0f:ea:b1:c5:0c:41:
36:c2:c7:30:ef:ca:f4:35:0b:4a:ce:1e:8e:1d:a9:
5d:50:cd:60:cc:be:06:cf:50:91:d0:25:ed:bc:bf:
14:69:2d:b5:89:4f:83:8d:68:9b:26:f7:56:2b:78:
3a:58:f8:eb:7e:03:d5:63:ca:98:ba:14:12:db:ac:
56:71:54:d2:9b:67:a8:ee:12:7d:aa:94:e7:b4:b2:
e9:35:56:0b:94:07:1e:28:46:58:e6:5c:7f:d5:bb:
ba:26:58:54:22:1d:f3:bf:04:14:fc:de:11:80:ca:
eb:95:8d:41:1f:4c:49:61:78:6e:74:78:dc:50:58:
dd:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:0D:54:B6:90:60:C5:DC:E7:06:4D:95:9D:3A:A1:82:17:AD:2A:BB
X509v3 Authority Key Identifier:
keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232302e302f32342d3234203d3e203634323637.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.220.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:b2:7d:8b:e4:84:47:f0:3e:93:10:9f:a4:dc:b2:6d:be:94:
fa:c8:f9:2d:b9:39:99:7b:1b:07:a7:e1:de:56:ef:6d:fe:e6:
fc:ac:55:db:9a:db:f0:13:b0:4e:fc:00:86:b5:0c:69:fd:91:
60:24:df:f0:9c:81:ee:88:cd:bc:c9:02:66:80:39:ed:f0:99:
0c:8d:e7:73:e7:41:4f:1c:20:71:22:45:82:35:e1:a6:e1:c6:
17:96:7d:83:b6:38:e8:f7:ac:67:d7:53:0e:75:e9:28:38:e4:
7b:a5:0a:56:ae:1d:bc:28:08:3f:e9:80:d8:1a:f8:e0:b9:d2:
3b:81:55:e8:65:25:a7:15:49:b9:0e:c1:9f:fe:04:18:de:9f:
a5:41:b0:e0:9b:f7:8e:6b:8d:0b:49:77:54:4b:83:7b:b7:60:
c4:fb:1d:a8:d9:28:cd:c9:f4:0a:39:93:3d:8a:e1:72:40:88:
35:92:1e:92:71:df:da:4f:cc:b8:90:07:9c:03:b3:62:56:3a:
82:8d:71:ed:08:28:67:ec:f1:55:06:7b:1e:77:85:48:e0:a3:
6f:8e:b0:2c:77:5c:48:f2:5e:31:ee:24:62:dd:80:80:96:b4:
95:e3:d6:64:a3:ba:dc:25:77:ae:d0:94:a6:c7:71:ec:a5:6e:
3a:ac:0f:e9
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUGlAOBgGR594UmQFVtPorCAXY+OowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA2MDYxNTQ5MDhaFw0yNjA2MDUxNTU0MDhaMDMxMTAvBgNV
BAMTKEQ3MEQ1NEI2OTA2MEM1RENFNzA2NEQ5NTlEM0FBMTgyMTdBRDJBQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGi0KgrYxfKVFCM0tvn5xUSK5a
MBw/2TPis00g7VEH+OVdRz5OdF/0zYRG4vhVHl9DSYaxjSbipcWcTjusDXiuHqBW
xfsNQQpZaULyOyCV5sXobxz6+2PefmgYv9Ns8QHKfN2HzB7ok8cH1FRVGYL+Qq0/
gL3q3inzroyQtck43g/qscUMQTbCxzDvyvQ1C0rOHo4dqV1QzWDMvgbPUJHQJe28
vxRpLbWJT4ONaJsm91YreDpY+Ot+A9Vjypi6FBLbrFZxVNKbZ6juEn2qlOe0suk1
VguUBx4oRljmXH/Vu7omWFQiHfO/BBT83hGAyuuVjUEfTElheG50eNxQWN3zAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU1w1UtpBgxdznBk2VnTqhghetKrswHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzgzNTJlMzIzMDM5MmUzMjMy
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNjM0MzIzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
VdHcMA0GCSqGSIb3DQEBCwUAA4IBAQANsn2L5IRH8D6TEJ+k3LJtvpT6yPktuTmZ
exsHp+HeVu9t/ub8rFXbmtvwE7BO/ACGtQxp/ZFgJN/wnIHuiM28yQJmgDnt8JkM
jedz50FPHCBxIkWCNeGm4cYXln2Dtjjo96xn11MOdekoOOR7pQpWrh28KAg/6YDY
GvjgudI7gVXoZSWnFUm5DsGf/gQY3p+lQbDgm/eOa40LSXdUS4N7t2DE+x2o2SjN
yfQKOZM9iuFyQIg1kh6Scd/aT8y4kAecA7NiVjqCjXHtCChn7PFVBnsed4VI4KNv
jrAsd1xI8l4x7iRi3YCAlrSV49Zko7rcJXeu0JSmx3HspW46rA/p
-----END CERTIFICATE-----
Generated at Mon Jun 30 18:30:19 2025 by rpki-client