Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3233362e302f32342d3234203d3e20313336373837.roa
File: 38352e3139302e3233362e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier: j4bHKj+xcUJGjhBX7NB/DXnuCsM2wgEMv97/xv43l0U=
Subject key identifier: 73:5F:7F:5F:D3:1E:BC:1A:80:00:D0:42:31:8E:D7:5B:28:96:38:3C
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 043BBB88AE68FCDF9E60ED8F1C19686217DDF86B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3233362e302f32342d3234203d3e20313336373837.roa
Signing time: Sun 28 Sep 2025 20:47:42 +0000
ROA not before: Sun 28 Sep 2025 20:42:42 +0000
ROA not after: Sun 27 Sep 2026 20:47:42 +0000
asID: 136787
IP address blocks: 85.190.236.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 12:36:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:3b:bb:88:ae:68:fc:df:9e:60:ed:8f:1c:19:68:62:17:dd:f8:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Sep 28 20:42:42 2025 GMT
Not After : Sep 27 20:47:42 2026 GMT
Subject: CN=735F7F5FD31EBC1A8000D042318ED75B2896383C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:f4:91:be:95:4f:15:b6:44:e2:dd:ec:87:b3:
8a:fb:6f:e5:d3:a8:5e:75:3a:5e:59:ba:1c:41:02:
27:17:64:02:42:14:e9:e2:06:b0:48:e9:c4:16:55:
6e:d1:6e:8d:dd:1c:0a:ce:4a:92:89:c6:fb:84:6d:
e3:5c:e5:92:73:66:a5:b6:63:10:e5:20:9e:b8:ef:
a7:ef:b2:d8:7e:2f:f0:45:91:df:9d:1f:64:00:95:
b7:5a:4d:b1:03:97:41:c6:8f:18:f4:56:4b:b5:2f:
21:66:a9:a4:08:a6:4b:9a:2f:f9:e5:64:ef:a8:51:
47:2d:78:7b:79:47:e6:81:6b:91:c4:f2:30:45:73:
62:41:bc:29:40:c3:70:03:f1:e9:e8:96:4b:0e:3f:
83:3d:e9:4a:5c:19:fe:37:be:0b:e9:24:74:82:b3:
5f:4c:49:cc:77:6f:83:78:65:10:3d:f1:c7:e8:99:
25:02:e8:44:68:44:da:71:cc:ee:aa:79:84:fe:34:
b5:9d:9d:37:b7:80:58:99:07:63:25:e7:40:e9:a7:
22:8a:e7:9f:84:18:27:7b:01:23:ee:f2:91:86:6c:
f0:bc:1d:4f:b8:0b:b2:44:9f:73:65:0a:d5:77:46:
7c:dd:bf:45:e4:9d:40:2a:00:81:68:7f:80:25:24:
8b:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:5F:7F:5F:D3:1E:BC:1A:80:00:D0:42:31:8E:D7:5B:28:96:38:3C
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3233362e302f32342d3234203d3e20313336373837.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.190.236.0/24
Signature Algorithm: sha256WithRSAEncryption
13:89:7e:5c:24:e6:51:d9:77:d0:54:f7:5d:a8:48:55:25:c6:
da:34:60:69:fb:29:02:2f:62:1f:f4:6c:6e:ce:a9:9b:69:6a:
60:1d:b2:3e:19:3f:39:1a:78:70:ee:26:41:75:0f:2a:31:ce:
f5:fe:e7:a8:1a:90:84:91:7f:e3:af:e6:30:64:dc:39:2c:d3:
67:46:67:d6:31:b6:61:6e:39:ce:f7:04:9c:d8:9f:6e:8e:a6:
79:10:b2:66:bd:54:d4:30:71:44:7c:d2:63:eb:39:2a:ff:8f:
b6:6c:1b:d8:ec:f5:87:17:8e:23:08:e7:31:29:e6:ed:52:7d:
fc:1b:27:4c:9c:a8:95:90:93:4c:db:a8:a1:e7:6a:d0:c7:9d:
10:e4:e6:49:15:d5:5c:0c:75:73:71:2a:8a:7d:4b:56:e6:71:
7e:7c:76:e0:0b:23:88:c0:bf:22:93:8e:1d:c6:57:87:58:0c:
c2:94:12:11:76:11:94:9d:4f:aa:af:f9:b4:09:99:ec:ba:cc:
25:c8:44:09:48:cc:ac:9c:92:aa:ec:d8:4b:73:84:9c:a9:e5:
af:13:51:02:33:02:b7:9e:88:38:dd:05:75:57:aa:1b:e6:e6:
6a:59:06:a8:9f:88:f1:55:65:27:4a:e6:f4:02:96:1f:2a:1b:
36:3e:ab:e5
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUBDu7iK5o/N+eYO2PHBloYhfd+GswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MjgyMDQyNDJaFw0yNjA5MjcyMDQ3NDJaMDMxMTAvBgNV
BAMTKDczNUY3RjVGRDMxRUJDMUE4MDAwRDA0MjMxOEVENzVCMjg5NjM4M0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD39JG+lU8VtkTi3eyHs4r7b+XT
qF51Ol5ZuhxBAicXZAJCFOniBrBI6cQWVW7Rbo3dHArOSpKJxvuEbeNc5ZJzZqW2
YxDlIJ6476fvsth+L/BFkd+dH2QAlbdaTbEDl0HGjxj0Vku1LyFmqaQIpkuaL/nl
ZO+oUUcteHt5R+aBa5HE8jBFc2JBvClAw3AD8enolksOP4M96UpcGf43vgvpJHSC
s19MScx3b4N4ZRA98cfomSUC6ERoRNpxzO6qeYT+NLWdnTe3gFiZB2Ml50DppyKK
55+EGCd7ASPu8pGGbPC8HU+4C7JEn3NlCtV3Rnzdv0XknUAqAIFof4AlJIupAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUc19/X9MevBqAANBCMY7XWyiWODwwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzEzOTMwMmUzMjMz
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABVvuwwDQYJKoZIhvcNAQELBQADggEBABOJflwk5lHZd9BU912oSFUlxto0YGn7
KQIvYh/0bG7OqZtpamAdsj4ZPzkaeHDuJkF1DyoxzvX+56gakISRf+Ov5jBk3Dks
02dGZ9YxtmFuOc73BJzYn26OpnkQsma9VNQwcUR80mPrOSr/j7ZsG9js9YcXjiMI
5zEp5u1SffwbJ0ycqJWQk0zbqKHnatDHnRDk5kkV1VwMdXNxKop9S1bmcX58duAL
I4jAvyKTjh3GV4dYDMKUEhF2EZSdT6qv+bQJmey6zCXIRAlIzKyckqrs2EtzhJyp
5a8TUQIzAreeiDjdBXVXqhvm5mpZBqifiPFVZSdK5vQClh8qGzY+q+U=
-----END CERTIFICATE-----
Generated at Mon Oct 20 21:03:04 2025 by rpki-client