Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3234372e302f32342d3234203d3e20323136323533.roa
File: 3231372e3231372e3234372e302f32342d3234203d3e20323136323533.roa (raw, json)
Hash identifier: zgx+NqrnmjlVxeIzAHYLyuUQwuWbzUkHzxgh+mo69RE=
Subject key identifier: 3D:5B:5E:FB:C3:A6:28:74:6C:D6:CF:8D:7F:0B:2F:8F:12:48:77:D5
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 25A7A4952ADA49E8E1C592A00C9DCD22B4E13FF3
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3234372e302f32342d3234203d3e20323136323533.roa
Signing time: Tue 16 Sep 2025 18:39:45 +0000
ROA not before: Tue 16 Sep 2025 18:34:45 +0000
ROA not after: Tue 15 Sep 2026 18:39:45 +0000
asID: 216253
IP address blocks: 217.217.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:a7:a4:95:2a:da:49:e8:e1:c5:92:a0:0c:9d:cd:22:b4:e1:3f:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Sep 16 18:34:45 2025 GMT
Not After : Sep 15 18:39:45 2026 GMT
Subject: CN=3D5B5EFBC3A628746CD6CF8D7F0B2F8F124877D5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:5b:5d:fa:00:75:97:0d:41:52:54:34:3d:67:
be:49:f5:6f:b5:c8:11:05:7b:c9:d5:a8:71:14:b8:
6c:44:7b:76:b2:26:52:ac:d7:22:0a:38:9f:e0:e7:
59:7a:fe:70:cd:5f:97:67:b1:be:aa:8a:16:43:3b:
1c:eb:68:a4:03:43:1f:07:32:5d:94:3c:92:a4:37:
05:d7:9d:d1:02:36:3d:96:c5:31:fa:dd:b1:5a:11:
fa:4f:50:d8:87:2d:e4:86:ea:92:2f:3c:bf:0e:4f:
a0:cd:a9:31:09:44:97:13:37:92:b8:d7:a1:1b:31:
6c:47:c4:cd:8d:22:92:85:de:20:a4:69:7a:e5:fd:
f9:2e:50:95:d5:7d:ad:9b:b6:d5:89:5a:b7:ce:77:
f9:aa:0d:cb:81:8e:58:e8:58:a0:98:37:0a:f1:f6:
63:89:fa:a8:99:a9:22:1d:25:c2:9f:01:c9:4b:88:
b5:37:2c:09:98:9a:49:51:31:3c:c8:97:26:c1:05:
32:31:92:f0:8f:22:1a:cc:9c:9c:d3:67:e9:b9:ad:
fb:bb:03:c1:ec:b8:9f:db:8a:c5:68:c8:8a:3f:7c:
90:7a:66:8c:3b:5b:6e:b6:c4:0e:a8:9d:6a:ea:f9:
cf:11:0d:27:45:f4:4c:4b:b2:94:63:fb:5b:ec:99:
9f:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:5B:5E:FB:C3:A6:28:74:6C:D6:CF:8D:7F:0B:2F:8F:12:48:77:D5
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3234372e302f32342d3234203d3e20323136323533.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.247.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:f1:24:f5:55:80:1b:d8:42:2c:af:38:bc:6f:c0:80:7d:91:
83:7c:4c:01:90:d0:f8:2e:48:82:9f:05:8b:e0:2e:47:94:76:
3a:d9:05:c6:80:79:78:b0:ef:88:4a:ba:7e:46:d4:61:87:74:
7a:9f:9a:68:a4:ee:ef:00:c2:5b:47:bd:3d:e4:1f:e5:b5:d9:
df:d0:c0:25:cf:4e:22:1f:16:73:f6:2d:f9:5a:22:2f:af:73:
6b:43:ae:95:77:8c:22:1f:12:ba:2a:a7:c4:90:de:96:74:98:
87:b4:2c:5f:00:1c:65:cc:ab:38:4d:e9:8b:8c:ba:8a:19:69:
c6:b3:0e:d2:5c:11:86:30:50:cb:ef:04:1b:5e:c8:c9:36:10:
e4:37:29:c5:f4:0e:99:26:c6:a1:e4:ec:cc:02:5a:dc:6a:4e:
eb:90:aa:22:13:24:38:41:71:e5:44:da:48:26:b4:f1:6a:33:
cc:a2:06:e1:36:b5:7e:40:f0:9a:f8:95:c0:67:53:99:62:ed:
0e:0d:fb:dd:83:82:2b:9f:e5:0a:72:09:31:40:82:91:8d:0b:
45:04:19:ae:2d:02:10:52:b8:db:50:52:73:1c:b3:24:2f:f9:
11:50:56:c0:a6:e3:39:94:ba:fc:de:45:f4:d8:bf:57:42:e6:
e7:d7:7d:b5
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUJaeklSraSejhxZKgDJ3NIrThP/MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MTYxODM0NDVaFw0yNjA5MTUxODM5NDVaMDMxMTAvBgNV
BAMTKDNENUI1RUZCQzNBNjI4NzQ2Q0Q2Q0Y4RDdGMEIyRjhGMTI0ODc3RDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbW136AHWXDUFSVDQ9Z75J9W+1
yBEFe8nVqHEUuGxEe3ayJlKs1yIKOJ/g51l6/nDNX5dnsb6qihZDOxzraKQDQx8H
Ml2UPJKkNwXXndECNj2WxTH63bFaEfpPUNiHLeSG6pIvPL8OT6DNqTEJRJcTN5K4
16EbMWxHxM2NIpKF3iCkaXrl/fkuUJXVfa2bttWJWrfOd/mqDcuBjljoWKCYNwrx
9mOJ+qiZqSIdJcKfAclLiLU3LAmYmklRMTzIlybBBTIxkvCPIhrMnJzTZ+m5rfu7
A8HsuJ/bisVoyIo/fJB6Zow7W262xA6onWrq+c8RDSdF9ExLspRj+1vsmZ9tAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUPVte+8OmKHRs1s+NfwsvjxJId9UwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMy
MzQzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNjMyMzUzMy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnZ9zANBgkqhkiG9w0BAQsFAAOCAQEAXvEk9VWAG9hCLK84vG/AgH2Rg3xM
AZDQ+C5Igp8Fi+AuR5R2OtkFxoB5eLDviEq6fkbUYYd0ep+aaKTu7wDCW0e9PeQf
5bXZ39DAJc9OIh8Wc/Yt+VoiL69za0OulXeMIh8SuiqnxJDelnSYh7QsXwAcZcyr
OE3pi4y6ihlpxrMO0lwRhjBQy+8EG17IyTYQ5DcpxfQOmSbGoeTszAJa3GpO65Cq
IhMkOEFx5UTaSCa08WozzKIG4Ta1fkDwmviVwGdTmWLtDg373YOCK5/lCnIJMUCC
kY0LRQQZri0CEFK421BScxyzJC/5EVBWwKbjOZS6/N5F9Ni/V0Lm59d9tQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:30:09 2025 by rpki-client