Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
File: AS214432.roa (raw, json)
Hash identifier: nXDvFAMrgKFoOpWHGsyz2XXGGn6IJENlZ5T0p8fKbu4=
Subject key identifier: CF:F2:48:7E:59:1B:C7:50:35:BB:D7:07:58:8B:FB:C6:A1:2A:48:E9
Certificate issuer: /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial: 395A10345B1FDB8EB174E73CAB9436BA1E43987B
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
Signing time: Sun 24 Aug 2025 00:00:22 +0000
ROA not before: Sat 23 Aug 2025 23:55:22 +0000
ROA not after: Sun 23 Aug 2026 00:00:22 +0000
asID: 214432
IP address blocks: 91.124.18.0/24 maxlen: 24
91.124.60.0/24 maxlen: 24
91.124.118.0/24 maxlen: 24
91.124.145.0/24 maxlen: 24
91.124.172.0/24 maxlen: 24
91.124.186.0/24 maxlen: 24
91.124.237.0/24 maxlen: 24
91.124.238.0/24 maxlen: 24
178.92.238.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 23:01:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
39:5a:10:34:5b:1f:db:8e:b1:74:e7:3c:ab:94:36:ba:1e:43:98:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Validity
Not Before: Aug 23 23:55:22 2025 GMT
Not After : Aug 23 00:00:22 2026 GMT
Subject: CN=CFF2487E591BC75035BBD707588BFBC6A12A48E9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:58:ba:40:6e:49:86:a9:93:22:51:95:7b:1a:
ef:10:50:b0:54:50:5f:e7:0f:71:5f:05:a7:a6:d6:
2c:66:10:52:1b:7c:3d:05:70:43:e9:c2:35:04:71:
ee:c1:c1:76:d9:6b:3a:56:51:01:d9:67:cf:81:fb:
f0:1c:54:11:c7:b4:da:67:7d:f9:a9:27:36:ce:46:
ca:31:9b:68:83:e3:df:4c:72:c5:c5:f5:d5:87:9e:
6a:c2:f8:87:31:ae:69:4e:b2:15:a5:69:72:67:11:
77:7f:93:a8:d0:8a:1d:f0:9b:55:a1:cb:15:71:17:
11:d7:ca:c0:75:3a:3c:8d:0f:dd:e8:7e:30:4d:61:
ba:65:b7:75:27:9c:78:e3:64:c4:24:da:e6:05:99:
c5:ba:b2:b0:a9:35:dd:81:3b:89:cb:08:56:d0:39:
8b:69:bd:7d:14:93:f6:11:99:0d:53:39:93:7f:98:
37:ff:18:5b:2f:a3:2d:58:e6:a9:c6:50:01:fa:ff:
47:9c:ce:38:20:71:1a:a0:6e:04:da:40:68:82:29:
2f:a7:6b:04:8e:91:31:e1:02:f5:a1:a0:d1:ee:98:
9d:ef:9c:b1:68:9f:99:51:5b:7c:48:35:c4:17:28:
06:96:8b:e4:49:72:0d:6c:97:d3:b2:a0:a2:a7:2c:
16:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:F2:48:7E:59:1B:C7:50:35:BB:D7:07:58:8B:FB:C6:A1:2A:48:E9
X509v3 Authority Key Identifier:
keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS214432.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.124.18.0/24
91.124.60.0/24
91.124.118.0/24
91.124.145.0/24
91.124.172.0/24
91.124.186.0/24
91.124.237.0-91.124.238.255
178.92.238.0/24
Signature Algorithm: sha256WithRSAEncryption
8e:c1:25:b0:30:2c:46:cc:11:a4:b4:78:2c:b1:2c:3b:cd:4d:
d3:71:d0:7f:4b:69:f9:4a:13:65:8f:c4:2b:b4:a1:49:86:a3:
c4:e5:6c:af:20:bc:e0:23:4b:d5:6a:fd:8d:3f:c5:6f:3f:4f:
7d:b0:9e:74:b0:7d:98:9e:28:ca:52:40:ce:01:c1:d3:d2:5a:
6f:4a:fe:60:13:2b:ea:93:30:60:94:26:6a:73:ac:a7:1f:14:
dd:4c:4f:d8:62:21:d0:1c:77:af:a5:5e:57:dc:50:21:b9:96:
d2:bb:54:56:f8:37:bc:60:1c:fc:eb:8f:d8:08:28:92:38:be:
7f:41:52:ec:9a:d0:99:d9:8d:2e:cc:6a:6a:f5:bf:cd:e7:cb:
d8:f6:7d:61:40:7c:7d:b0:cd:13:bb:85:9e:3f:55:bd:47:08:
c0:f9:67:44:c8:8d:48:c7:6d:22:8b:bb:75:40:12:d5:67:47:
30:26:1c:76:2f:0b:94:17:92:5d:f1:b6:7b:2f:72:90:45:61:
ab:4c:66:ee:29:48:20:87:7c:0f:11:c4:15:10:1c:26:44:d8:
dc:5c:d7:60:be:6d:d6:75:49:f6:e1:c0:22:76:b0:a8:04:76:
c6:b0:5d:b4:af:29:42:5b:0d:00:7c:c9:01:4b:85:7b:7e:6b:
07:32:60:58
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUOVoQNFsf246xdOc8q5Q2uh5DmHswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA4MjMyMzU1MjJaFw0yNjA4MjMwMDAwMjJaMDMxMTAvBgNV
BAMTKENGRjI0ODdFNTkxQkM3NTAzNUJCRDcwNzU4OEJGQkM2QTEyQTQ4RTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyWLpAbkmGqZMiUZV7Gu8QULBU
UF/nD3FfBaem1ixmEFIbfD0FcEPpwjUEce7BwXbZazpWUQHZZ8+B+/AcVBHHtNpn
ffmpJzbORsoxm2iD499McsXF9dWHnmrC+IcxrmlOshWlaXJnEXd/k6jQih3wm1Wh
yxVxFxHXysB1OjyND93ofjBNYbplt3UnnHjjZMQk2uYFmcW6srCpNd2BO4nLCFbQ
OYtpvX0Uk/YRmQ1TOZN/mDf/GFsvoy1Y5qnGUAH6/0eczjggcRqgbgTaQGiCKS+n
awSOkTHhAvWhoNHumJ3vnLFon5lRW3xINcQXKAaWi+RJcg1sl9OyoKKnLBalAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUz/JIflkbx1A1u9cHWIv7xqEqSOkwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAW3wS
AwQAW3w8AwQAW3x2AwQAW3yRAwQAW3ysAwQAW3y6MAwDBABbfO0DBABbfO4DBACy
XO4wDQYJKoZIhvcNAQELBQADggEBAI7BJbAwLEbMEaS0eCyxLDvNTdNx0H9LaflK
E2WPxCu0oUmGo8TlbK8gvOAjS9Vq/Y0/xW8/T32wnnSwfZieKMpSQM4BwdPSWm9K
/mATK+qTMGCUJmpzrKcfFN1MT9hiIdAcd6+lXlfcUCG5ltK7VFb4N7xgHPzrj9gI
KJI4vn9BUuya0JnZjS7Mamr1v83ny9j2fWFAfH2wzRO7hZ4/Vb1HCMD5Z0TIjUjH
bSKLu3VAEtVnRzAmHHYvC5QXkl3xtnsvcpBFYatMZu4pSCCHfA8RxBUQHCZE2Nxc
12C+bdZ1SfbhwCJ2sKgEdsawXbSvKUJbDQB8yQFLhXt+awcyYFg=
-----END CERTIFICATE-----
Generated at Sun Aug 24 07:07:10 2025 by rpki-client