Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3130322e302f32342d3234203d3e20313337343039.roa
File: 3231372e3231362e3130322e302f32342d3234203d3e20313337343039.roa (raw, json)
Hash identifier: r8lt1fUVmaLurS2b0QZaA2dT2tG3x08TviWi4BNU16E=
Subject key identifier: D6:D0:65:41:60:9A:9E:CC:00:8D:6C:98:C8:E1:19:23:26:7D:BC:68
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 658607584D2BB29B657658C449DDD59DDD8F13B7
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3130322e302f32342d3234203d3e20313337343039.roa
Signing time: Mon 29 Sep 2025 13:40:37 +0000
ROA not before: Mon 29 Sep 2025 13:35:37 +0000
ROA not after: Mon 28 Sep 2026 13:40:37 +0000
asID: 137409
IP address blocks: 217.216.102.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:86:07:58:4d:2b:b2:9b:65:76:58:c4:49:dd:d5:9d:dd:8f:13:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Sep 29 13:35:37 2025 GMT
Not After : Sep 28 13:40:37 2026 GMT
Subject: CN=D6D06541609A9ECC008D6C98C8E11923267DBC68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:45:34:ad:bb:03:ec:71:3c:4e:bf:71:b0:86:
2d:f8:ce:88:c1:0a:cd:d6:16:de:41:87:9e:92:7c:
ef:e4:08:3c:a1:db:51:3d:4b:1c:1b:d7:37:61:2e:
41:a4:4f:7f:6c:29:8b:41:59:d5:24:df:00:70:db:
7c:97:ad:12:06:3f:f6:ae:83:96:e5:3e:64:1a:f6:
86:2f:bf:1c:c6:4c:54:e1:f4:08:31:57:13:7e:71:
36:a1:7f:eb:26:0e:0f:a4:df:d8:b1:61:83:f0:c0:
10:7d:89:e8:e2:6c:c3:f9:17:17:c8:6d:f9:88:18:
ea:75:3e:e2:cc:13:db:65:6e:b3:4c:50:b0:58:91:
31:f7:2e:10:fa:f0:31:a7:1a:50:91:cf:96:8a:91:
87:db:c9:30:00:17:cb:10:e3:f3:9e:ce:8b:4a:14:
97:59:f8:e2:ca:4c:ef:7c:6c:3c:89:c4:9c:ee:f7:
3a:f2:04:cb:28:06:92:ab:47:08:9c:93:5a:83:48:
f6:ce:16:4c:75:25:f1:03:2a:70:b8:9b:57:13:64:
ff:0f:c5:2a:4b:00:2f:d0:2f:da:ae:3d:55:b7:d1:
b6:fe:34:88:b0:62:dc:e2:04:09:0d:ad:ad:a4:41:
88:54:68:40:a0:7b:b9:6d:b3:8a:b2:07:9d:ed:74:
26:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:D0:65:41:60:9A:9E:CC:00:8D:6C:98:C8:E1:19:23:26:7D:BC:68
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3130322e302f32342d3234203d3e20313337343039.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.216.102.0/24
Signature Algorithm: sha256WithRSAEncryption
5a:cf:78:b6:a5:83:fa:3c:5f:89:6b:25:8c:06:64:dd:23:1d:
74:d2:f8:30:06:46:a7:f8:54:ba:c0:0e:de:a2:cd:7f:25:f5:
07:6a:3a:a4:e9:4a:66:cf:9e:52:a5:e1:82:76:4e:14:2c:d6:
f9:68:88:97:39:56:20:e3:ee:16:66:bc:f9:81:fe:cb:5d:7a:
f2:e7:09:f0:5d:09:3f:49:2b:38:02:1c:8c:26:0d:3e:33:03:
cf:d1:ca:49:32:b5:4c:78:09:f5:67:a3:2c:18:4b:25:72:d8:
75:7e:2a:2c:04:63:95:5a:82:f4:02:9a:54:b9:66:83:8a:20:
9b:b5:9d:9f:da:b9:06:3c:d8:ee:17:09:a5:cb:1a:2c:7b:bd:
1d:29:d5:9a:58:ed:e9:de:2a:f3:31:ce:ce:bd:54:dc:c0:18:
c1:14:e6:57:21:2b:fe:f7:7a:f3:b2:e0:cc:6e:4b:e5:dc:7c:
0a:bc:02:ef:25:66:bc:7d:88:a9:52:74:c6:5c:dc:28:0a:e4:
13:d4:27:aa:c7:4f:aa:90:5c:9f:d8:cf:b9:1e:5b:5b:22:f2:
78:6d:b8:d0:26:ac:2a:37:cb:6f:40:19:f2:28:cd:44:5f:42:
2b:fc:ea:04:6a:7e:c3:0a:9d:b6:b1:6e:65:5d:25:31:80:bf:
c8:bc:e7:59
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUZYYHWE0rsptldljESd3Vnd2PE7cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MjkxMzM1MzdaFw0yNjA5MjgxMzQwMzdaMDMxMTAvBgNV
BAMTKEQ2RDA2NTQxNjA5QTlFQ0MwMDhENkM5OEM4RTExOTIzMjY3REJDNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZRTStuwPscTxOv3Gwhi34zojB
Cs3WFt5Bh56SfO/kCDyh21E9Sxwb1zdhLkGkT39sKYtBWdUk3wBw23yXrRIGP/au
g5blPmQa9oYvvxzGTFTh9AgxVxN+cTahf+smDg+k39ixYYPwwBB9iejibMP5FxfI
bfmIGOp1PuLME9tlbrNMULBYkTH3LhD68DGnGlCRz5aKkYfbyTAAF8sQ4/OezotK
FJdZ+OLKTO98bDyJxJzu9zryBMsoBpKrRwick1qDSPbOFkx1JfEDKnC4m1cTZP8P
xSpLAC/QL9quPVW30bb+NIiwYtziBAkNra2kQYhUaECge7lts4qyB53tdCYtAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU1tBlQWCanswAjWyYyOEZIyZ9vGgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMx
MzAzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNzM0MzAzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnYZjANBgkqhkiG9w0BAQsFAAOCAQEAWs94tqWD+jxfiWsljAZk3SMddNL4
MAZGp/hUusAO3qLNfyX1B2o6pOlKZs+eUqXhgnZOFCzW+WiIlzlWIOPuFma8+YH+
y1168ucJ8F0JP0krOAIcjCYNPjMDz9HKSTK1THgJ9WejLBhLJXLYdX4qLARjlVqC
9AKaVLlmg4ogm7Wdn9q5BjzY7hcJpcsaLHu9HSnVmljt6d4q8zHOzr1U3MAYwRTm
VyEr/vd687LgzG5L5dx8CrwC7yVmvH2IqVJ0xlzcKArkE9QnqsdPqpBcn9jPuR5b
WyLyeG240CasKjfLb0AZ8ijNRF9CK/zqBGp+wwqdtrFuZV0lMYC/yLznWQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:29:58 2025 by rpki-client