Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS0.roa
File: AS0.roa (raw, json)
Hash identifier: tR22axCg2z1k8I+RTdxZj8/e1wj1XqSAAz84XYSNF34=
Subject key identifier: 5F:D9:9E:67:B1:60:56:2F:21:49:DF:F5:20:98:3B:84:5E:F6:1E:32
Certificate issuer: /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial: 09685371EBCF40486445FA4939D993DE72E546E4
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS0.roa
Signing time: Sat 26 Apr 2025 09:46:17 +0000
ROA not before: Sat 26 Apr 2025 09:41:17 +0000
ROA not after: Sat 25 Apr 2026 09:46:17 +0000
asID: 0
IP address blocks: 2a14:7580:b000::/36 maxlen: 48
2a14:7583::/32 maxlen: 48
2a14:7584:8000::/36 maxlen: 48
2a14:7586::/32 maxlen: 48
2a14:7587::/32 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 10:09:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:68:53:71:eb:cf:40:48:64:45:fa:49:39:d9:93:de:72:e5:46:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Validity
Not Before: Apr 26 09:41:17 2025 GMT
Not After : Apr 25 09:46:17 2026 GMT
Subject: CN=5FD99E67B160562F2149DFF520983B845EF61E32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:38:e1:58:9b:bd:9e:5f:53:de:e4:2b:ad:6b:
3e:fe:4b:3a:46:1c:28:fe:ba:67:62:93:d9:a9:19:
70:1e:aa:a3:3c:35:5c:76:10:c9:5d:2c:3c:09:92:
cc:f2:30:d1:dc:f0:d3:a7:20:d2:f0:a0:0e:e2:af:
8c:22:5b:31:2c:b4:f2:c7:6f:47:de:72:a4:5f:68:
93:70:a2:60:09:d0:f5:67:a4:28:5f:0f:dc:c2:d5:
e8:52:6b:8c:17:76:4b:de:03:f4:be:b4:62:dc:72:
75:bc:2e:ce:42:52:76:36:5e:58:27:e1:e0:eb:a8:
ed:6a:11:a1:1b:d9:78:8e:90:a9:f7:77:fb:5c:a4:
ef:84:f5:73:a8:9b:00:f1:73:52:27:c1:3e:fb:09:
f7:7d:41:99:30:c6:40:a2:dd:07:90:4b:c2:b7:e6:
b4:36:cb:96:4b:94:9f:e3:0a:f1:64:67:56:d9:73:
02:6a:77:15:2f:65:88:de:65:87:a3:7e:48:51:c3:
60:ac:2d:bf:5e:5a:47:44:18:e5:a8:ec:f8:09:0b:
b7:c0:15:d6:8a:34:77:55:11:98:b3:c0:44:4f:d7:
6f:8f:1a:b7:2c:af:93:6f:73:7b:90:00:c9:02:3c:
6f:72:49:11:6a:f7:e4:9c:b7:40:b1:67:98:b1:ba:
f2:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:D9:9E:67:B1:60:56:2F:21:49:DF:F5:20:98:3B:84:5E:F6:1E:32
X509v3 Authority Key Identifier:
keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS0.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:7580:b000::/36
2a14:7583::/32
2a14:7584:8000::/36
2a14:7586::/31
Signature Algorithm: sha256WithRSAEncryption
68:72:1e:81:62:4e:05:c9:11:97:a2:07:9d:b6:1a:c2:d1:c6:
98:04:e3:79:e9:e7:80:71:82:75:2d:a2:74:64:68:93:3d:9b:
7d:0c:a3:71:e3:1c:21:55:4d:43:cc:84:3c:cf:59:1b:61:40:
30:c5:25:5a:05:5b:55:04:8c:6e:51:2b:75:e8:24:ef:4f:1c:
c0:7c:18:0e:3b:71:ac:d6:f6:8e:23:f3:39:4d:9e:8b:e1:3a:
78:2e:ec:76:af:c0:9b:1a:dc:c1:70:9a:61:fa:b8:47:22:df:
86:eb:6f:f8:66:19:d9:3e:c5:cf:e6:62:3b:24:8a:e6:0f:51:
ea:45:cc:75:62:f1:8a:ac:e0:5d:a7:f5:b6:0c:4d:6b:c5:0a:
d7:27:14:02:20:48:58:40:1f:de:fc:bc:d0:b1:9a:24:13:02:
f1:d3:fe:d7:df:47:fe:6f:ba:c4:fc:7d:88:c7:05:f3:12:cb:
54:e5:5f:48:2b:3c:d1:3e:f4:b7:6a:0c:98:ad:5d:d3:53:7f:
1a:49:b2:c7:49:43:18:9e:62:18:7f:80:3b:df:48:76:21:e3:
b7:8a:7f:6c:4b:f0:5d:df:30:e3:3f:ac:10:3f:9d:df:2f:17:
3a:40:1f:e8:b2:73:95:0c:41:6d:44:67:db:d6:85:94:f5:d8:
29:04:fb:ad
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIUCWhTcevPQEhkRfpJOdmT3nLlRuQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA0MjYwOTQxMTdaFw0yNjA0MjUwOTQ2MTdaMDMxMTAvBgNV
BAMTKDVGRDk5RTY3QjE2MDU2MkYyMTQ5REZGNTIwOTgzQjg0NUVGNjFFMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyOOFYm72eX1Pe5Cutaz7+SzpG
HCj+umdik9mpGXAeqqM8NVx2EMldLDwJkszyMNHc8NOnINLwoA7ir4wiWzEstPLH
b0fecqRfaJNwomAJ0PVnpChfD9zC1ehSa4wXdkveA/S+tGLccnW8Ls5CUnY2Xlgn
4eDrqO1qEaEb2XiOkKn3d/tcpO+E9XOomwDxc1InwT77Cfd9QZkwxkCi3QeQS8K3
5rQ2y5ZLlJ/jCvFkZ1bZcwJqdxUvZYjeZYejfkhRw2CsLb9eWkdEGOWo7PgJC7fA
FdaKNHdVEZizwERP12+PGrcsr5Nvc3uQAMkCPG9ySRFq9+Sct0CxZ5ixuvIDAgMB
AAGjggIdMIICGTAdBgNVHQ4EFgQUX9meZ7FgVi8hSd/1IJg7hF72HjIwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwdgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjA3BggrBgEFBQcBBwEB/wQoMCYwJAQCAAIwHgMGBCoUdYCwAwUA
KhR1gwMGBCoUdYSAAwUBKhR1hjANBgkqhkiG9w0BAQsFAAOCAQEAaHIegWJOBckR
l6IHnbYawtHGmATjeenngHGCdS2idGRokz2bfQyjceMcIVVNQ8yEPM9ZG2FAMMUl
WgVbVQSMblErdegk708cwHwYDjtxrNb2jiPzOU2ei+E6eC7sdq/AmxrcwXCaYfq4
RyLfhutv+GYZ2T7Fz+ZiOySK5g9R6kXMdWLxiqzgXaf1tgxNa8UK1ycUAiBIWEAf
3vy80LGaJBMC8dP+199H/m+6xPx9iMcF8xLLVOVfSCs80T70t2oMmK1d01N/Gkmy
x0lDGJ5iGH+AO99IdiHjt4p/bEvwXd8w4z+sED+d3y8XOkAf6LJzlQxBbURn29aF
lPXYKQT7rQ==
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:47:16 2025 by rpki-client