Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3133352e3133362e302f32342d3234203d3e20313336373837.roa
File: 3138352e3133352e3133362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier: DR11XH6Aboc6zanzKR8pFoaZfyfdfqmZSFp5CuAdP1c=
Subject key identifier: B3:2C:86:92:6F:B4:67:F1:38:65:88:76:DA:D1:C9:0F:96:A2:F1:96
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 7EECAA1FB5055EE72A9D86303CDB22A1159BCD14
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3133352e3133362e302f32342d3234203d3e20313336373837.roa
Signing time: Sun 28 Sep 2025 20:47:39 +0000
ROA not before: Sun 28 Sep 2025 20:42:39 +0000
ROA not after: Sun 27 Sep 2026 20:47:39 +0000
asID: 136787
IP address blocks: 185.135.136.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 12:36:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:ec:aa:1f:b5:05:5e:e7:2a:9d:86:30:3c:db:22:a1:15:9b:cd:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Sep 28 20:42:39 2025 GMT
Not After : Sep 27 20:47:39 2026 GMT
Subject: CN=B32C86926FB467F138658876DAD1C90F96A2F196
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:c8:1d:c4:9c:73:01:73:9d:32:51:03:f5:d7:
d4:2a:dc:e6:13:3c:46:49:97:a1:7a:ba:f9:75:83:
d5:7d:88:4b:fa:a8:aa:14:89:49:46:d5:f0:a4:15:
53:04:89:2a:99:16:1e:c8:c7:a4:2f:b9:b5:95:e2:
b0:d7:f6:33:1c:52:52:62:b1:b8:a1:f4:f3:de:71:
64:ae:78:a9:09:43:2c:37:aa:79:07:a3:5e:05:fa:
b1:94:ef:ff:2e:b4:96:72:33:3c:74:70:10:e6:c7:
f8:00:03:b3:5f:8f:2c:52:7c:5a:4e:0e:f2:b9:b0:
1a:66:af:67:f4:15:ff:dc:07:f6:dc:fa:00:ec:0d:
a0:b2:47:b1:f8:4d:80:6d:7a:26:d6:c9:46:d8:07:
ff:06:14:53:93:b2:2d:9f:7b:b7:ae:0a:f1:12:5e:
d6:00:7b:02:96:65:57:f8:be:21:15:aa:24:e8:5f:
6f:b9:bc:09:e4:23:96:73:c8:52:79:80:06:c7:2d:
04:8e:0a:aa:fa:8e:7a:ab:20:90:3f:5c:8e:ac:31:
3a:21:fb:64:cb:98:07:f4:9b:33:5d:b8:93:ed:93:
71:9d:8e:4c:d6:11:24:7f:db:b9:1f:45:f5:19:8b:
2a:25:70:96:4e:5a:9e:df:8d:71:36:4c:fc:13:e6:
fc:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:2C:86:92:6F:B4:67:F1:38:65:88:76:DA:D1:C9:0F:96:A2:F1:96
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3133352e3133362e302f32342d3234203d3e20313336373837.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.135.136.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:fc:3b:ff:6b:ad:32:e3:28:d2:44:59:ea:62:8f:12:36:ca:
4b:49:d8:02:4b:73:1d:71:7a:5a:f8:45:9b:b0:e9:a1:da:e2:
3f:f8:8a:02:0f:e4:4a:45:2d:bb:02:77:e1:a4:87:4c:a0:21:
e1:d8:45:7b:de:93:3e:c5:03:f0:a8:f3:c4:0b:ab:5a:c9:20:
df:f9:76:39:bf:0c:4a:92:8d:b6:1d:24:89:35:5e:dd:5d:1d:
3c:cb:39:45:51:61:51:ea:70:8c:93:bd:e8:39:69:e4:02:ec:
f7:74:e4:f0:80:65:2b:6a:d2:9e:e5:8c:69:0e:db:bb:a8:a9:
e1:86:8b:f2:56:74:a4:82:7c:a0:a4:0b:f1:75:4f:4b:20:1f:
a1:f1:f5:8c:49:b7:59:eb:88:14:c8:6f:bf:6c:d2:87:3d:d7:
3e:38:51:6f:93:09:6f:30:8b:e9:39:a5:fc:f8:4f:83:da:0f:
3d:26:bd:d5:13:71:0f:ed:21:1d:38:f6:76:d9:e4:1e:80:c0:
2c:1d:52:e6:3e:d7:4b:47:04:c3:5f:da:23:1c:f0:9f:02:44:
b9:68:56:53:68:c8:2f:a8:56:36:78:81:1c:63:dd:0c:ec:58:
dd:21:de:08:61:30:c0:a2:2a:f5:6c:87:52:2f:fd:d9:cc:84:
14:df:f3:4c
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUfuyqH7UFXucqnYYwPNsioRWbzRQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MjgyMDQyMzlaFw0yNjA5MjcyMDQ3MzlaMDMxMTAvBgNV
BAMTKEIzMkM4NjkyNkZCNDY3RjEzODY1ODg3NkRBRDFDOTBGOTZBMkYxOTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjyB3EnHMBc50yUQP119Qq3OYT
PEZJl6F6uvl1g9V9iEv6qKoUiUlG1fCkFVMEiSqZFh7Ix6QvubWV4rDX9jMcUlJi
sbih9PPecWSueKkJQyw3qnkHo14F+rGU7/8utJZyMzx0cBDmx/gAA7NfjyxSfFpO
DvK5sBpmr2f0Ff/cB/bc+gDsDaCyR7H4TYBteibWyUbYB/8GFFOTsi2fe7euCvES
XtYAewKWZVf4viEVqiToX2+5vAnkI5ZzyFJ5gAbHLQSOCqr6jnqrIJA/XI6sMToh
+2TLmAf0mzNduJPtk3GdjkzWESR/27kfRfUZiyolcJZOWp7fjXE2TPwT5vxFAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUsyyGkm+0Z/E4ZYh22tHJD5ai8ZYwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTMzMzUyZTMx
MzMzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALmHiDANBgkqhkiG9w0BAQsFAAOCAQEAO/w7/2utMuMo0kRZ6mKPEjbKS0nY
AktzHXF6WvhFm7DpodriP/iKAg/kSkUtuwJ34aSHTKAh4dhFe96TPsUD8KjzxAur
Wskg3/l2Ob8MSpKNth0kiTVe3V0dPMs5RVFhUepwjJO96Dlp5ALs93Tk8IBlK2rS
nuWMaQ7bu6ip4YaL8lZ0pIJ8oKQL8XVPSyAfofH1jEm3WeuIFMhvv2zShz3XPjhR
b5MJbzCL6Tml/PhPg9oPPSa91RNxD+0hHTj2dtnkHoDALB1S5j7XS0cEw1/aIxzw
nwJEuWhWU2jIL6hWNniBHGPdDOxY3SHeCGEwwKIq9WyHUi/92cyEFN/zTA==
-----END CERTIFICATE-----
Generated at Tue Oct 21 02:00:53 2025 by rpki-client