Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3132302e302f32342d3234203d3e20313336373837.roa
File: 3231372e3231362e3132302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier: yDWmmLOUqmSfxoI0/6K+GeKpWdrapW7kCG4l2BQkF0M=
Subject key identifier: 65:82:DD:62:4F:C7:6A:A1:5B:29:20:A8:DF:03:35:92:2D:A0:43:AC
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 0C71A237C766085F33008997B9ECEF7E3EBEBEC0
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3132302e302f32342d3234203d3e20313336373837.roa
Signing time: Thu 09 Oct 2025 13:13:50 +0000
ROA not before: Thu 09 Oct 2025 13:08:50 +0000
ROA not after: Thu 08 Oct 2026 13:13:50 +0000
asID: 136787
IP address blocks: 217.216.120.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:71:a2:37:c7:66:08:5f:33:00:89:97:b9:ec:ef:7e:3e:be:be:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Oct 9 13:08:50 2025 GMT
Not After : Oct 8 13:13:50 2026 GMT
Subject: CN=6582DD624FC76AA15B2920A8DF0335922DA043AC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:14:fb:cc:c7:35:46:15:12:18:ed:ae:cd:af:
3b:d0:13:69:f9:5c:36:8f:df:43:af:aa:81:5b:1c:
af:11:00:af:68:9b:78:ea:a1:16:c2:96:17:e8:4a:
3a:dc:21:19:4c:ff:52:2e:52:02:5e:ff:54:72:ce:
e5:05:b2:69:6c:6c:6b:d6:62:46:02:78:3e:c2:cb:
3b:5f:b0:95:15:27:0f:0a:1c:2d:40:da:92:fc:5c:
61:0f:ff:af:00:8b:77:9f:e1:70:0d:f1:6d:7b:d6:
47:c4:f5:50:88:88:c6:11:42:24:6c:37:7f:9e:02:
62:12:fd:6e:db:d2:d3:b0:21:b4:a3:9b:6e:09:97:
7d:89:78:7e:7c:ad:42:3f:73:72:09:b8:ab:aa:0a:
63:be:21:e3:e1:6c:6f:65:15:f7:14:81:2f:6c:f6:
fa:d4:39:28:f4:54:99:f0:c6:c3:0d:60:f7:4b:f1:
5d:0a:88:1c:ef:7a:d4:27:6f:83:55:e1:83:ac:47:
24:35:7e:79:6e:7e:be:18:53:75:40:c8:0e:94:66:
3c:3e:df:74:bf:31:97:79:4e:c4:4b:8e:ad:9f:ef:
37:83:0e:24:c7:9a:ba:cb:30:6d:71:0e:b9:83:35:
1d:f5:40:67:6b:0f:7c:2f:df:32:87:bc:49:74:4d:
b0:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:82:DD:62:4F:C7:6A:A1:5B:29:20:A8:DF:03:35:92:2D:A0:43:AC
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3132302e302f32342d3234203d3e20313336373837.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.216.120.0/24
Signature Algorithm: sha256WithRSAEncryption
76:55:8a:f3:8e:5d:26:b5:30:3d:08:05:ef:3e:f1:60:82:65:
37:c0:c2:25:00:66:70:a9:da:2d:7c:bf:fa:89:32:bb:c4:ee:
0f:b9:61:44:68:e9:f1:4f:78:c3:cc:d8:03:bd:fa:98:41:64:
0d:6c:46:a2:51:fd:2f:83:e2:bd:64:7f:1c:58:93:9b:f1:a9:
0f:1c:1a:0f:34:42:ee:ff:eb:42:9b:43:6f:45:3b:d1:00:48:
d6:6e:51:fe:2e:f0:c3:35:02:ef:9a:38:1b:25:67:9c:c6:e1:
c2:32:85:46:ba:0e:05:55:7d:6e:ac:b7:76:c9:ea:85:2f:16:
bf:61:d2:9a:b3:d8:52:c9:6e:5a:a1:fa:de:21:46:99:0a:03:
fb:12:0b:70:90:3c:c0:f1:c0:59:52:af:77:bc:ae:c8:71:53:
6b:bf:20:b3:8a:7b:87:fe:59:e0:08:ad:b3:c4:91:4c:fc:91:
2b:65:4c:f0:e0:bd:b4:78:e1:f1:00:c6:dc:0b:ac:46:65:5c:
1b:1b:a5:8a:10:6c:90:f6:13:89:f5:1e:67:ac:2a:12:e2:a0:
b9:44:37:dc:e6:e0:dc:e4:aa:c3:69:38:a7:ee:a8:7a:24:08:
e1:2d:ed:98:4c:2f:fc:76:b9:04:81:89:57:3a:34:5c:59:fb:
ad:c4:85:c8
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUDHGiN8dmCF8zAImXuezvfj6+vsAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTEwMDkxMzA4NTBaFw0yNjEwMDgxMzEzNTBaMDMxMTAvBgNV
BAMTKDY1ODJERDYyNEZDNzZBQTE1QjI5MjBBOERGMDMzNTkyMkRBMDQzQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCFPvMxzVGFRIY7a7NrzvQE2n5
XDaP30OvqoFbHK8RAK9om3jqoRbClhfoSjrcIRlM/1IuUgJe/1RyzuUFsmlsbGvW
YkYCeD7CyztfsJUVJw8KHC1A2pL8XGEP/68Ai3ef4XAN8W171kfE9VCIiMYRQiRs
N3+eAmIS/W7b0tOwIbSjm24Jl32JeH58rUI/c3IJuKuqCmO+IePhbG9lFfcUgS9s
9vrUOSj0VJnwxsMNYPdL8V0KiBzvetQnb4NV4YOsRyQ1fnlufr4YU3VAyA6UZjw+
33S/MZd5TsRLjq2f7zeDDiTHmrrLMG1xDrmDNR31QGdrD3wv3zKHvEl0TbCjAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUZYLdYk/HaqFbKSCo3wM1ki2gQ6wwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMx
MzIzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnYeDANBgkqhkiG9w0BAQsFAAOCAQEAdlWK845dJrUwPQgF7z7xYIJlN8DC
JQBmcKnaLXy/+okyu8TuD7lhRGjp8U94w8zYA736mEFkDWxGolH9L4PivWR/HFiT
m/GpDxwaDzRC7v/rQptDb0U70QBI1m5R/i7wwzUC75o4GyVnnMbhwjKFRroOBVV9
bqy3dsnqhS8Wv2HSmrPYUsluWqH63iFGmQoD+xILcJA8wPHAWVKvd7yuyHFTa78g
s4p7h/5Z4Aits8SRTPyRK2VM8OC9tHjh8QDG3AusRmVcGxulihBskPYTifUeZ6wq
EuKguUQ33Obg3OSqw2k4p+6oeiQI4S3tmEwv/Ha5BIGJVzo0XFn7rcSFyA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:46:50 2025 by rpki-client