Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232302e302f32342d3234203d3e20323036383034.roa
File: 3138352e3230392e3232302e302f32342d3234203d3e20323036383034.roa (raw, json)
Hash identifier: nhiRAlfBv+2F0wJUEWRBd4J17BdSPv9Z5mvY0olc/Sw=
Subject key identifier: ED:3C:77:BA:B5:26:CD:1A:BE:11:22:A3:C0:ED:FD:07:FD:82:8C:79
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 383723C88A1671E9E5E43924FE7EB31F40BCD6C6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232302e302f32342d3234203d3e20323036383034.roa
Signing time: Fri 22 Aug 2025 14:47:15 +0000
ROA not before: Fri 22 Aug 2025 14:42:15 +0000
ROA not after: Fri 21 Aug 2026 14:47:15 +0000
asID: 206804
IP address blocks: 185.209.220.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 Aug 2025 17:37:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:37:23:c8:8a:16:71:e9:e5:e4:39:24:fe:7e:b3:1f:40:bc:d6:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Aug 22 14:42:15 2025 GMT
Not After : Aug 21 14:47:15 2026 GMT
Subject: CN=ED3C77BAB526CD1ABE1122A3C0EDFD07FD828C79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:47:48:82:a1:4e:c3:2b:63:c9:20:79:b8:65:
d1:eb:1c:8a:7a:de:30:fa:21:60:cb:32:bd:a5:12:
3c:81:9a:22:0a:33:95:87:a3:c4:6a:ce:96:9a:ff:
3b:5a:e7:a6:a9:9e:38:4e:a9:32:ae:43:ab:16:ca:
86:e4:19:9b:b9:09:32:b2:08:41:62:5f:d9:da:92:
f3:91:00:f6:19:e9:91:7e:2c:3b:ec:45:62:7f:3b:
0c:14:d0:42:13:d7:54:68:57:7c:f7:47:48:1d:69:
ba:df:f4:ed:24:19:fd:57:41:10:e7:db:1d:4e:9f:
b2:d5:d5:3b:04:9e:59:d2:db:50:66:b4:50:56:fb:
21:b3:7d:00:c5:bc:de:ff:49:7a:93:9b:2c:52:71:
64:ec:7f:80:c0:e2:b0:39:ef:cf:b6:c7:dc:11:7e:
6f:95:9a:43:b0:6e:f9:ed:71:ca:c1:63:cd:9b:36:
57:5f:03:5d:3f:3a:a1:0c:0c:bb:8a:a0:61:09:38:
0d:07:c4:de:14:cc:2f:41:e1:c1:97:f3:03:46:67:
01:ad:3d:db:c5:10:cc:fd:0b:79:3d:8c:ba:6e:e2:
25:e9:fa:ab:bb:33:7d:c0:20:92:74:4f:49:84:1d:
44:a4:e7:2d:65:d7:4a:59:c2:a1:8c:54:e6:ae:a3:
03:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:3C:77:BA:B5:26:CD:1A:BE:11:22:A3:C0:ED:FD:07:FD:82:8C:79
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3230392e3232302e302f32342d3234203d3e20323036383034.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.209.220.0/24
Signature Algorithm: sha256WithRSAEncryption
65:8d:2b:f4:be:7a:d4:57:7b:61:c4:3b:e3:e5:f9:36:88:7a:
c5:db:f0:9f:2f:66:ce:86:24:59:4b:c6:d4:5b:de:4e:3c:bd:
84:62:e6:4f:cf:94:2c:b9:87:f1:4c:df:0e:1e:88:a3:9b:9f:
c3:0e:33:4f:20:c5:51:86:9f:43:c8:8b:a6:de:92:0d:5a:98:
11:73:91:b0:ac:3e:ad:94:29:7e:d8:c1:50:73:dd:20:72:c4:
75:25:4c:27:ae:90:29:0c:0d:74:d9:ad:2a:cc:3d:70:66:15:
6c:22:1b:c9:05:c6:93:3e:0c:be:44:8a:bb:0d:8b:76:9f:dc:
06:f0:fe:6c:de:5e:6c:60:34:e7:4e:fd:e0:1c:b0:81:09:c6:
4c:1a:8e:43:ed:7d:d6:c1:09:d6:91:a6:72:b1:69:27:d0:83:
a1:f4:9c:81:05:5c:7a:78:a9:e3:4d:46:86:3f:ef:9e:60:8a:
f7:79:40:6e:85:5d:df:05:67:d5:1d:11:10:c3:f8:e8:2e:70:
1d:9a:9a:fd:42:7f:a5:4f:69:bb:c7:27:dc:6f:be:23:9e:45:
a4:82:fa:39:4b:28:1d:90:4c:54:ff:9e:d8:d4:92:89:46:2e:
e2:52:17:99:47:1c:5e:34:59:62:28:e8:9e:e4:8e:31:d6:b7:
e6:d9:fd:25
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUODcjyIoWcenl5Dkk/n6zH0C81sYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MjIxNDQyMTVaFw0yNjA4MjExNDQ3MTVaMDMxMTAvBgNV
BAMTKEVEM0M3N0JBQjUyNkNEMUFCRTExMjJBM0MwRURGRDA3RkQ4MjhDNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoR0iCoU7DK2PJIHm4ZdHrHIp6
3jD6IWDLMr2lEjyBmiIKM5WHo8Rqzpaa/zta56apnjhOqTKuQ6sWyobkGZu5CTKy
CEFiX9nakvORAPYZ6ZF+LDvsRWJ/OwwU0EIT11RoV3z3R0gdabrf9O0kGf1XQRDn
2x1On7LV1TsEnlnS21BmtFBW+yGzfQDFvN7/SXqTmyxScWTsf4DA4rA578+2x9wR
fm+VmkOwbvntccrBY82bNldfA10/OqEMDLuKoGEJOA0HxN4UzC9B4cGX8wNGZwGt
PdvFEMz9C3k9jLpu4iXp+qu7M33AIJJ0T0mEHUSk5y1l10pZwqGMVOauowNFAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU7Tx3urUmzRq+ESKjwO39B/2CjHkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMwMzkyZTMy
MzIzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNjM4MzAzNC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnR3DANBgkqhkiG9w0BAQsFAAOCAQEAZY0r9L561Fd7YcQ74+X5Noh6xdvw
ny9mzoYkWUvG1FveTjy9hGLmT8+ULLmH8UzfDh6Io5ufww4zTyDFUYafQ8iLpt6S
DVqYEXORsKw+rZQpftjBUHPdIHLEdSVMJ66QKQwNdNmtKsw9cGYVbCIbyQXGkz4M
vkSKuw2Ldp/cBvD+bN5ebGA050794BywgQnGTBqOQ+191sEJ1pGmcrFpJ9CDofSc
gQVcenip401Ghj/vnmCK93lAboVd3wVn1R0REMP46C5wHZqa/UJ/pU9pu8cn3G++
I55FpIL6OUsoHZBMVP+e2NSSiUYu4lIXmUccXjRZYijonuSOMda35tn9JQ==
-----END CERTIFICATE-----
Generated at Sat Aug 23 09:03:43 2025 by rpki-client