Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132352e302f32342d3234203d3e20323132323338.roa
File: 3231372e3231372e3132352e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier: CBrRkn81o0s510G7/2yKPhQi1uhXRx9Wj2b8jv5yvfY=
Subject key identifier: 29:3C:0F:3B:7E:CC:A0:87:B6:84:73:61:C5:EF:1F:C1:3B:85:67:66
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 7674F1F140F58373377731343BF946731A96689F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132352e302f32342d3234203d3e20323132323338.roa
Signing time: Thu 07 Aug 2025 08:04:35 +0000
ROA not before: Thu 07 Aug 2025 07:59:35 +0000
ROA not after: Thu 06 Aug 2026 08:04:35 +0000
asID: 212238
IP address blocks: 217.217.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:50:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:74:f1:f1:40:f5:83:73:37:77:31:34:3b:f9:46:73:1a:96:68:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Aug 7 07:59:35 2025 GMT
Not After : Aug 6 08:04:35 2026 GMT
Subject: CN=293C0F3B7ECCA087B6847361C5EF1FC13B856766
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:12:d4:d2:e0:5a:1c:f3:04:43:c8:c8:6f:5e:
e6:56:25:b7:fc:d5:a3:60:52:6d:1e:c4:98:17:3f:
90:12:c2:cf:f3:4c:ba:28:7a:70:3d:bf:31:c9:4f:
72:bf:a8:8a:11:95:3d:bf:78:0f:fa:60:00:d9:c5:
13:44:d0:cc:87:cb:f1:fe:f9:c6:96:08:58:3e:6b:
41:e6:b5:8a:b1:ab:63:df:3a:f3:58:9b:33:1b:1b:
3e:90:23:da:ca:67:dd:fa:51:7e:f8:53:8f:97:fc:
2f:2d:57:1b:b6:d3:af:7a:5a:12:4f:c6:fd:5f:55:
8e:26:a7:af:aa:09:bb:4d:50:7a:3f:77:45:c0:19:
f6:a4:a0:2a:0b:12:99:f2:5e:6a:36:0f:61:b0:3f:
86:27:2d:32:b9:bb:bd:46:96:12:66:ab:11:95:4e:
dc:80:bf:8a:13:80:c1:19:57:b5:a6:03:c1:d7:ee:
31:43:f7:1e:a9:e9:ce:6b:95:08:06:4c:8f:f4:d9:
27:e9:fd:c1:0e:e3:63:cb:28:a4:24:ca:86:4c:81:
27:74:f8:a2:c3:74:11:98:64:52:ea:ee:d4:76:9e:
d6:6a:98:4b:7f:bb:0b:a7:2e:7b:4b:f7:b7:09:c0:
cd:30:ca:1e:d5:cb:9f:40:e4:06:f6:eb:1c:e9:e3:
2c:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:3C:0F:3B:7E:CC:A0:87:B6:84:73:61:C5:EF:1F:C1:3B:85:67:66
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3132352e302f32342d3234203d3e20323132323338.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.125.0/24
Signature Algorithm: sha256WithRSAEncryption
90:f4:05:01:e0:34:c7:c4:12:1b:a4:a2:a7:a1:47:dd:09:40:
dd:aa:08:da:d3:b8:88:4f:f2:99:3c:b6:3d:93:b2:7c:4f:32:
be:38:c6:3d:e8:cc:ac:1a:16:83:07:13:b8:e4:f1:8a:b0:2b:
c8:1e:5f:8c:36:e1:75:d0:c2:4f:ba:a0:01:c5:8f:91:d8:69:
fa:43:3d:98:b9:40:aa:ff:aa:cb:cb:bc:74:ad:2c:26:50:dd:
33:b8:77:35:b5:a0:64:01:65:f4:47:96:e9:4b:80:d6:5f:23:
33:98:69:71:b4:b1:9f:fe:9a:3c:e7:fd:ce:7b:42:a2:6b:25:
0e:2f:22:71:f1:dc:d6:e7:6a:ac:0f:b8:aa:57:ec:15:e7:1c:
cb:77:fd:bb:1b:c9:16:87:0b:2b:96:4d:ac:4f:ee:02:bd:5e:
c1:6a:71:e2:19:9a:5c:db:d9:14:bd:2f:50:87:73:16:c3:bf:
64:5d:53:43:35:97:6e:00:dc:8a:21:d7:9c:31:ca:da:22:b3:
cb:1c:b9:d8:3d:81:19:91:43:8c:5d:6a:d5:ec:c4:b6:a7:1e:
85:78:0b:fe:68:e3:1f:a4:61:0b:29:13:4c:20:9a:5b:cd:ec:
12:4e:1d:94:1f:e3:fa:ef:a3:82:4a:5a:23:6d:3c:4d:bb:54:
a2:c9:f0:56
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUdnTx8UD1g3M3dzE0O/lGcxqWaJ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA4MDcwNzU5MzVaFw0yNjA4MDYwODA0MzVaMDMxMTAvBgNV
BAMTKDI5M0MwRjNCN0VDQ0EwODdCNjg0NzM2MUM1RUYxRkMxM0I4NTY3NjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeEtTS4Foc8wRDyMhvXuZWJbf8
1aNgUm0exJgXP5ASws/zTLooenA9vzHJT3K/qIoRlT2/eA/6YADZxRNE0MyHy/H+
+caWCFg+a0HmtYqxq2PfOvNYmzMbGz6QI9rKZ936UX74U4+X/C8tVxu20696WhJP
xv1fVY4mp6+qCbtNUHo/d0XAGfakoCoLEpnyXmo2D2GwP4YnLTK5u71GlhJmqxGV
TtyAv4oTgMEZV7WmA8HX7jFD9x6p6c5rlQgGTI/02Sfp/cEO42PLKKQkyoZMgSd0
+KLDdBGYZFLq7tR2ntZqmEt/uwunLntL97cJwM0wyh7Vy59A5Ab26xzp4yyBAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUKTwPO37MoIe2hHNhxe8fwTuFZ2YwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMx
MzIzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjMyMzMzOC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnZfTANBgkqhkiG9w0BAQsFAAOCAQEAkPQFAeA0x8QSG6Sip6FH3QlA3aoI
2tO4iE/ymTy2PZOyfE8yvjjGPejMrBoWgwcTuOTxirAryB5fjDbhddDCT7qgAcWP
kdhp+kM9mLlAqv+qy8u8dK0sJlDdM7h3NbWgZAFl9EeW6UuA1l8jM5hpcbSxn/6a
POf9zntComslDi8icfHc1udqrA+4qlfsFeccy3f9uxvJFocLK5ZNrE/uAr1ewWpx
4hmaXNvZFL0vUIdzFsO/ZF1TQzWXbgDciiHXnDHK2iKzyxy52D2BGZFDjF1q1ezE
tqcehXgL/mjjH6RhCykTTCCaW83sEk4dlB/j+u+jgkpaI208TbtUosnwVg==
-----END CERTIFICATE-----
Generated at Sat Aug 23 18:00:13 2025 by rpki-client