Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215214.roa
File: AS215214.roa (raw, json)
Hash identifier: 6lwZBMJPjCu/efUU7I/QES8jIXleXs8zTQktrgfEZnk=
Subject key identifier: 53:22:A0:69:21:C9:BD:60:94:9E:50:02:13:B1:E4:A2:E7:09:25:86
Certificate issuer: /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial: 51C9340D98463F80C835D33D5ED9EB8AC0A4A0E1
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215214.roa
Signing time: Fri 25 Jul 2025 08:07:42 +0000
ROA not before: Fri 25 Jul 2025 08:02:42 +0000
ROA not after: Fri 24 Jul 2026 08:07:42 +0000
asID: 215214
IP address blocks: 2a0f:85c1:3a5::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 08 Aug 2025 08:00:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:c9:34:0d:98:46:3f:80:c8:35:d3:3d:5e:d9:eb:8a:c0:a4:a0:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Validity
Not Before: Jul 25 08:02:42 2025 GMT
Not After : Jul 24 08:07:42 2026 GMT
Subject: CN=5322A06921C9BD60949E500213B1E4A2E7092586
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:3b:b2:42:78:66:35:2c:55:72:de:5c:17:70:
fe:24:ed:d3:cd:63:b7:ce:d4:b9:da:00:2c:74:44:
a1:4a:93:96:da:31:00:16:7b:45:a1:d9:28:aa:41:
1c:35:1f:62:af:f0:f4:be:3b:b5:d6:37:d0:67:4c:
6c:84:4c:f6:e9:d7:eb:f4:8e:33:3b:ad:23:e7:5c:
fa:b5:f0:ba:1a:ac:e5:18:b2:3a:70:0c:d5:15:f7:
60:fb:85:ee:2e:6d:ca:1a:06:01:ea:41:9f:19:65:
89:17:5b:a8:4b:00:81:ac:72:2f:b9:7b:f0:4e:2f:
77:92:ad:bd:88:fb:c2:70:21:60:28:23:2a:63:bc:
8b:79:b8:be:3c:0a:65:cf:44:6b:75:51:53:24:e6:
c2:b0:0d:cb:40:dd:6a:65:38:84:f5:c0:0e:f1:60:
72:6e:da:0b:9d:ba:bf:07:8b:d5:3e:3b:1f:28:d7:
d9:4c:b0:e5:0e:35:24:12:e1:6d:64:60:34:a8:99:
b3:bd:5b:83:eb:8e:5b:b7:6f:5e:cf:2f:c0:db:27:
40:18:94:5c:bd:20:a0:d8:aa:3b:42:da:1c:0f:a2:
4e:cd:b0:fc:16:de:9d:ec:93:b8:d9:6a:fa:2e:f8:
1c:eb:0c:2f:e5:b4:55:98:e7:88:4c:12:60:be:ef:
2c:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:22:A0:69:21:C9:BD:60:94:9E:50:02:13:B1:E4:A2:E7:09:25:86
X509v3 Authority Key Identifier:
keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215214.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:85c1:3a5::/48
Signature Algorithm: sha256WithRSAEncryption
40:45:51:e0:90:d3:ff:a2:f7:88:1f:4c:5e:fc:cc:5c:8a:95:
c4:89:35:a1:2a:70:d9:5a:96:c1:df:1d:57:ba:18:2d:e9:46:
a0:fb:c4:04:d4:bc:c8:43:ed:40:39:5b:ec:01:b9:e6:63:c9:
5c:55:3c:28:84:bc:9c:37:96:03:21:e7:04:3b:cc:22:41:74:
52:78:35:44:92:2d:b3:aa:b7:18:3d:36:2b:22:29:cc:cf:a5:
a8:33:ee:70:d0:e3:89:9d:33:50:6b:6f:f6:8e:09:87:01:3f:
22:7d:6c:84:2c:3a:c4:39:07:e6:1b:1d:67:d7:00:60:51:f2:
bf:ef:e9:11:26:fc:cc:51:2a:98:14:ec:da:bf:f6:43:8a:5b:
94:1a:1d:b4:1a:e4:d4:b5:78:c2:10:c1:66:e3:c4:75:2d:72:
d7:85:77:88:11:56:b3:42:28:13:1e:71:2c:af:4d:18:21:01:
14:f4:e1:e5:b3:7b:35:90:a8:c2:35:2e:54:c2:85:f2:f2:50:
9f:90:5f:e2:bd:4a:83:88:42:b4:81:6c:54:f4:7e:03:26:74:
c5:1d:d5:2d:f0:35:0f:67:88:42:e6:f0:5b:a8:66:87:63:3f:
6b:82:27:e1:09:e2:25:73:07:2c:e6:f6:52:c4:6b:3d:33:5a:
56:8a:7a:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUUck0DZhGP4DINdM9XtnrisCkoOEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDJaFw0yNjA3MjQwODA3NDJaMDMxMTAvBgNV
BAMTKDUzMjJBMDY5MjFDOUJENjA5NDlFNTAwMjEzQjFFNEEyRTcwOTI1ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpO7JCeGY1LFVy3lwXcP4k7dPN
Y7fO1LnaACx0RKFKk5baMQAWe0Wh2SiqQRw1H2Kv8PS+O7XWN9BnTGyETPbp1+v0
jjM7rSPnXPq18LoarOUYsjpwDNUV92D7he4ubcoaBgHqQZ8ZZYkXW6hLAIGsci+5
e/BOL3eSrb2I+8JwIWAoIypjvIt5uL48CmXPRGt1UVMk5sKwDctA3WplOIT1wA7x
YHJu2gudur8Hi9U+Ox8o19lMsOUONSQS4W1kYDSombO9W4Prjlu3b17PL8DbJ0AY
lFy9IKDYqjtC2hwPok7NsPwW3p3sk7jZavou+BzrDC/ltFWY54hMEmC+7yxPAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUUyKgaSHJvWCUnlACE7HkoucJJYYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1MjE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQOlMA0GCSqGSIb3DQEBCwUAA4IBAQBARVHgkNP/oveIH0xe/MxcipXEiTWhKnDZ
WpbB3x1Xuhgt6Uag+8QE1LzIQ+1AOVvsAbnmY8lcVTwohLycN5YDIecEO8wiQXRS
eDVEki2zqrcYPTYrIinMz6WoM+5w0OOJnTNQa2/2jgmHAT8ifWyELDrEOQfmGx1n
1wBgUfK/7+kRJvzMUSqYFOzav/ZDiluUGh20GuTUtXjCEMFm48R1LXLXhXeIEVaz
QigTHnEsr00YIQEU9OHls3s1kKjCNS5UwoXy8lCfkF/ivUqDiEK0gWxU9H4DJnTF
HdUt8DUPZ4hC5vBbqGaHYz9rgifhCeIlcwcs5vZSxGs9M1pWinqt
-----END CERTIFICATE-----
Generated at Thu Aug 7 11:19:51 2025 by rpki-client