Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3132352e302f32342d3234203d3e20313336373837.roa
File: 3231372e3231362e3132352e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier: EKDxYjco+R6hwdPsP7rFQxCLorM24K0keLG7fbojPQg=
Subject key identifier: F8:99:1E:35:1D:C8:CC:88:6B:4E:E2:20:4A:B5:5C:90:0B:E2:D9:09
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 66B766B078A01CC4BCFEC4EAFE6B2E2E062288B1
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3132352e302f32342d3234203d3e20313336373837.roa
Signing time: Thu 09 Oct 2025 13:13:54 +0000
ROA not before: Thu 09 Oct 2025 13:08:54 +0000
ROA not after: Thu 08 Oct 2026 13:13:54 +0000
asID: 136787
IP address blocks: 217.216.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:b7:66:b0:78:a0:1c:c4:bc:fe:c4:ea:fe:6b:2e:2e:06:22:88:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Oct 9 13:08:54 2025 GMT
Not After : Oct 8 13:13:54 2026 GMT
Subject: CN=F8991E351DC8CC886B4EE2204AB55C900BE2D909
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:b0:ba:81:be:5c:86:cc:3a:2c:f7:1a:4e:d8:
0f:f6:5a:0d:6b:e7:ba:ba:9d:a2:2e:29:c6:6a:8a:
72:0f:5b:af:d7:65:e0:e9:94:e7:43:98:fc:85:f9:
2f:6a:84:08:9a:ea:6a:2e:d5:3a:7f:fc:a2:af:75:
62:2c:22:54:21:f2:0c:20:67:a2:17:42:d5:e7:15:
0a:28:aa:0b:bb:a7:75:2b:28:7d:68:ca:bb:38:80:
f8:7a:2d:8b:cd:11:a9:5f:a4:f7:a6:f2:0f:22:cd:
d7:c1:b9:1d:91:6d:d4:2e:ba:20:0b:be:d7:94:27:
f8:92:3a:c2:c0:88:e3:db:16:5e:ea:4e:58:1a:77:
02:4f:5f:ee:56:c9:00:01:27:ce:4c:a1:ad:ce:02:
58:02:50:eb:56:aa:bd:23:5f:0a:ba:b8:75:c6:f5:
c1:8d:65:c8:ea:7f:f3:65:14:62:f3:27:76:7d:5a:
5d:76:89:69:69:45:41:92:d1:40:f8:5d:d5:eb:43:
de:5b:49:ec:8b:6f:be:5e:c8:43:8f:e0:4e:dd:d8:
c2:3e:64:15:64:a0:de:38:c3:0e:a9:f9:bd:30:4e:
f3:59:ca:1c:7c:62:67:98:af:ca:da:8c:35:ee:4f:
81:a8:58:84:28:f3:89:f5:1b:4d:0e:38:47:a9:d1:
b1:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:99:1E:35:1D:C8:CC:88:6B:4E:E2:20:4A:B5:5C:90:0B:E2:D9:09
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3132352e302f32342d3234203d3e20313336373837.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.216.125.0/24
Signature Algorithm: sha256WithRSAEncryption
3f:e0:f3:48:1e:b5:d1:21:e8:85:d0:32:63:65:5f:a5:52:9d:
3a:8a:6d:84:ab:a5:16:1e:80:f8:ef:ed:19:ef:0e:90:3e:5d:
95:34:e4:bb:3a:b2:a5:1e:ad:3c:73:6d:7a:3e:9f:a1:f3:75:
a0:cc:4c:13:6d:be:98:a9:8f:7d:1a:a9:a8:dd:d4:4a:d3:8f:
97:28:ca:d6:5d:77:06:6b:e8:c6:2e:80:28:f0:4f:27:48:18:
5d:66:10:7f:79:f1:52:5d:c1:c7:1f:56:34:54:31:75:9c:0d:
c5:ef:43:49:d3:31:4f:49:93:b7:41:be:05:9d:09:e4:7d:eb:
3a:cd:62:09:19:ec:03:a6:3a:38:3f:54:d3:67:30:31:2c:90:
8f:bc:d5:e3:6a:f2:d0:63:72:d7:0c:b7:18:d4:43:d5:5d:66:
96:87:7d:40:1f:c1:90:26:f5:7b:fc:17:64:bb:72:2a:47:ef:
16:7f:cd:ad:14:3d:05:32:3c:68:80:6e:9b:ea:5b:6c:ed:b2:
b9:f5:71:ce:2b:b9:2b:c5:c3:d2:ee:da:46:a2:a4:3e:1e:e7:
e0:3d:45:6b:0f:f3:e0:db:fe:2f:25:c5:69:b6:37:c6:77:7b:
ec:c4:fe:c9:ba:74:62:6e:f5:58:d2:82:82:1e:03:47:e1:ef:
a7:30:dd:d1
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUZrdmsHigHMS8/sTq/msuLgYiiLEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTEwMDkxMzA4NTRaFw0yNjEwMDgxMzEzNTRaMDMxMTAvBgNV
BAMTKEY4OTkxRTM1MURDOENDODg2QjRFRTIyMDRBQjU1QzkwMEJFMkQ5MDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2sLqBvlyGzDos9xpO2A/2Wg1r
57q6naIuKcZqinIPW6/XZeDplOdDmPyF+S9qhAia6mou1Tp//KKvdWIsIlQh8gwg
Z6IXQtXnFQooqgu7p3UrKH1oyrs4gPh6LYvNEalfpPem8g8izdfBuR2RbdQuuiAL
vteUJ/iSOsLAiOPbFl7qTlgadwJPX+5WyQABJ85Moa3OAlgCUOtWqr0jXwq6uHXG
9cGNZcjqf/NlFGLzJ3Z9Wl12iWlpRUGS0UD4XdXrQ95bSeyLb75eyEOP4E7d2MI+
ZBVkoN44ww6p+b0wTvNZyhx8YmeYr8rajDXuT4GoWIQo84n1G00OOEep0bEFAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU+JkeNR3IzIhrTuIgSrVckAvi2QkwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMx
MzIzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnYfTANBgkqhkiG9w0BAQsFAAOCAQEAP+DzSB610SHohdAyY2VfpVKdOopt
hKulFh6A+O/tGe8OkD5dlTTkuzqypR6tPHNtej6fofN1oMxME22+mKmPfRqpqN3U
StOPlyjK1l13Bmvoxi6AKPBPJ0gYXWYQf3nxUl3Bxx9WNFQxdZwNxe9DSdMxT0mT
t0G+BZ0J5H3rOs1iCRnsA6Y6OD9U02cwMSyQj7zV42ry0GNy1wy3GNRD1V1mlod9
QB/BkCb1e/wXZLtyKkfvFn/NrRQ9BTI8aIBum+pbbO2yufVxziu5K8XD0u7aRqKk
Ph7n4D1Faw/z4Nv+LyXFabY3xnd77MT+ybp0Ym71WNKCgh4DR+HvpzDd0Q==
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:46:48 2025 by rpki-client