Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232312e302f32342d3234203d3e20323132333834.roa
File: 38352e3230392e3232312e302f32342d3234203d3e20323132333834.roa (raw, json)
Hash identifier: UWULpHy1Ov581uZoig1OyqAPBrIbwfYF3P54was0PP4=
Subject key identifier: AC:9D:42:4B:AF:B8:2A:E3:C1:59:6F:D1:02:AD:7C:95:7C:6E:F6:94
Certificate issuer: /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial: 56C8E5508A1D5C2391A8722DE1C19B9A43750A6F
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232312e302f32342d3234203d3e20323132333834.roa
Signing time: Wed 13 Aug 2025 13:54:13 +0000
ROA not before: Wed 13 Aug 2025 13:49:13 +0000
ROA not after: Wed 12 Aug 2026 13:54:13 +0000
asID: 212384
IP address blocks: 85.209.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:00:13 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
56:c8:e5:50:8a:1d:5c:23:91:a8:72:2d:e1:c1:9b:9a:43:75:0a:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Validity
Not Before: Aug 13 13:49:13 2025 GMT
Not After : Aug 12 13:54:13 2026 GMT
Subject: CN=AC9D424BAFB82AE3C1596FD102AD7C957C6EF694
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:99:8a:15:81:86:cf:b9:78:6a:00:78:c1:9e:
6a:13:18:50:3f:2d:0f:21:28:32:40:62:0e:37:92:
cf:10:e1:21:86:40:5b:ce:d5:49:40:04:da:fc:f4:
3f:e9:a3:79:1b:c8:0e:83:f2:53:be:a4:e3:08:a2:
ff:4f:83:6a:75:12:c3:de:0b:5e:34:99:3e:4a:23:
e9:dd:71:47:6d:8c:b9:6c:76:36:78:51:b4:b2:40:
b9:7b:5a:77:dc:d5:9c:1c:60:a9:86:51:b2:d8:3d:
73:d3:62:29:0c:82:cd:c5:fa:47:d6:20:4f:8e:34:
82:cd:71:04:f5:3b:44:d8:af:e1:f3:65:12:4f:d4:
eb:89:5a:84:4e:94:50:0e:bf:b0:00:b9:5c:3c:6c:
69:57:4c:82:2c:ab:84:e0:20:71:45:ed:4c:32:2a:
97:90:52:ed:cf:e7:29:f3:e5:13:47:2c:2c:d2:58:
c1:fe:2e:59:2d:72:be:e5:4c:5e:9b:d9:0d:03:61:
da:d6:6f:96:a8:13:33:24:f7:05:50:c5:64:86:00:
46:6f:dc:d9:86:06:90:a2:de:df:d4:be:0f:6e:3f:
db:e7:1f:a7:52:ed:bd:22:29:26:e5:8c:d5:c5:a3:
00:f0:0e:95:03:9b:6a:88:f5:fe:b5:63:a4:b8:e7:
b8:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:9D:42:4B:AF:B8:2A:E3:C1:59:6F:D1:02:AD:7C:95:7C:6E:F6:94
X509v3 Authority Key Identifier:
keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232312e302f32342d3234203d3e20323132333834.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.221.0/24
Signature Algorithm: sha256WithRSAEncryption
37:d7:5b:50:38:e4:f7:20:2e:c8:e9:4c:91:bb:b4:b4:bc:66:
c9:6c:c7:14:9a:52:08:48:b0:1f:64:9c:14:3e:cd:2c:c3:cb:
a0:e5:b0:b1:c7:92:e0:54:50:eb:59:fc:a9:73:8b:5b:c3:1a:
dd:68:42:ee:01:b4:d8:9d:a4:04:b2:a3:c5:e7:72:85:2f:d4:
86:d8:cf:db:1d:f8:d6:ea:4e:9e:03:9e:67:cf:7d:bc:50:cd:
9c:83:a2:8e:cd:76:ab:ed:a1:57:71:8d:a7:f6:97:05:10:f6:
3c:d4:70:25:cb:44:d7:3a:c3:72:5f:d0:19:c5:e5:aa:ae:f8:
95:51:82:71:52:5d:28:2a:43:1e:b4:36:d9:06:1e:ad:78:79:
78:79:59:f8:e0:d2:97:41:45:9a:6a:b6:23:52:18:b1:b4:6f:
03:b1:e9:0f:9d:b7:e0:16:1e:1f:fd:e8:ec:c4:e5:a7:f2:b6:
58:56:7c:28:99:dd:4e:db:91:88:ec:7b:e6:67:3b:10:34:a5:
e7:35:b2:15:70:ae:98:a6:89:b5:88:8e:b2:1f:d4:47:46:72:
fa:90:6e:2c:bb:82:04:37:ef:a7:21:2c:d2:cc:44:15:8c:fd:
28:af:0b:d4:4d:e8:6c:22:e3:4d:04:84:c6:17:41:32:c9:c1:
0a:ec:37:7c
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUVsjlUIodXCORqHIt4cGbmkN1Cm8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA4MTMxMzQ5MTNaFw0yNjA4MTIxMzU0MTNaMDMxMTAvBgNV
BAMTKEFDOUQ0MjRCQUZCODJBRTNDMTU5NkZEMTAyQUQ3Qzk1N0M2RUY2OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtmYoVgYbPuXhqAHjBnmoTGFA/
LQ8hKDJAYg43ks8Q4SGGQFvO1UlABNr89D/po3kbyA6D8lO+pOMIov9Pg2p1EsPe
C140mT5KI+ndcUdtjLlsdjZ4UbSyQLl7Wnfc1ZwcYKmGUbLYPXPTYikMgs3F+kfW
IE+ONILNcQT1O0TYr+HzZRJP1OuJWoROlFAOv7AAuVw8bGlXTIIsq4TgIHFF7Uwy
KpeQUu3P5ynz5RNHLCzSWMH+Llktcr7lTF6b2Q0DYdrWb5aoEzMk9wVQxWSGAEZv
3NmGBpCi3t/Uvg9uP9vnH6dS7b0iKSbljNXFowDwDpUDm2qI9f61Y6S457iHAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUrJ1CS6+4KuPBWW/RAq18lXxu9pQwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzgzNTJlMzIzMDM5MmUzMjMy
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMzM4MzQucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV0d0wDQYJKoZIhvcNAQELBQADggEBADfXW1A45PcgLsjpTJG7tLS8ZslsxxSa
UghIsB9knBQ+zSzDy6DlsLHHkuBUUOtZ/Klzi1vDGt1oQu4BtNidpASyo8XncoUv
1IbYz9sd+NbqTp4DnmfPfbxQzZyDoo7NdqvtoVdxjaf2lwUQ9jzUcCXLRNc6w3Jf
0BnF5aqu+JVRgnFSXSgqQx60NtkGHq14eXh5Wfjg0pdBRZpqtiNSGLG0bwOx6Q+d
t+AWHh/96OzE5afytlhWfCiZ3U7bkYjse+ZnOxA0pec1shVwrpimibWIjrIf1EdG
cvqQbiy7ggQ376chLNLMRBWM/SivC9RN6Gwi400EhMYXQTLJwQrsN3w=
-----END CERTIFICATE-----
Generated at Sat Aug 23 16:28:25 2025 by rpki-client