Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232322e302f32342d3234203d3e203433363431.roa
File: 38352e3230392e3232322e302f32342d3234203d3e203433363431.roa (raw, json)
Hash identifier: 4J9n2vON96PvFs3UN55Awik433YZ1G1C4vgS71Fw9+s=
Subject key identifier: 9E:07:EA:0A:4F:74:DD:01:52:B7:A1:D2:21:17:3A:6C:3D:0B:18:EA
Certificate issuer: /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial: 341A30A07FC4CD360147B174AE7660F430345856
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232322e302f32342d3234203d3e203433363431.roa
Signing time: Tue 04 Nov 2025 04:46:17 +0000
ROA not before: Tue 04 Nov 2025 04:41:17 +0000
ROA not after: Tue 03 Nov 2026 04:46:17 +0000
asID: 43641
IP address blocks: 85.209.222.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 23:27:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:1a:30:a0:7f:c4:cd:36:01:47:b1:74:ae:76:60:f4:30:34:58:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Validity
Not Before: Nov 4 04:41:17 2025 GMT
Not After : Nov 3 04:46:17 2026 GMT
Subject: CN=9E07EA0A4F74DD0152B7A1D221173A6C3D0B18EA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:98:30:19:16:d0:92:4b:95:97:db:e4:d8:a1:
ce:1b:80:82:a4:fa:2a:4d:fe:b9:33:ee:50:e8:88:
e3:bd:51:bc:ec:0a:f4:d8:77:79:3c:d2:fa:c6:44:
a9:98:a7:ed:24:74:5d:9b:92:88:db:28:39:a3:1f:
8f:1a:95:2c:b5:c6:83:b9:7a:ba:2d:ac:a8:85:2a:
bb:69:75:61:6d:12:07:34:a9:31:f4:c5:28:56:72:
0c:b4:71:5a:3e:19:11:3e:d8:15:82:54:f9:1b:33:
ea:0e:3b:ff:6d:9f:58:19:6f:f5:ce:68:54:b5:7b:
02:c2:5a:c6:36:c5:27:6a:52:28:30:74:a9:1d:2a:
d9:83:a0:00:de:b6:0c:97:fd:c5:44:50:2e:72:c5:
e2:d3:00:ae:51:86:36:e6:86:58:75:09:b4:f6:9e:
ac:81:56:43:e1:c3:27:2c:26:c8:7b:09:d2:57:6c:
3f:9a:28:43:d4:ec:05:d8:e4:d3:9d:ba:7c:e2:f2:
d4:7c:6c:d4:3d:0d:5f:f2:13:05:13:e6:bd:9c:bd:
5c:3b:4e:ee:71:06:17:dd:d2:b2:aa:44:87:20:94:
00:98:f1:f0:98:c4:9a:79:0a:6b:58:1b:1c:34:fb:
78:47:a6:f0:e5:b0:69:51:ca:9f:31:bd:7e:de:9a:
c2:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:07:EA:0A:4F:74:DD:01:52:B7:A1:D2:21:17:3A:6C:3D:0B:18:EA
X509v3 Authority Key Identifier:
keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232322e302f32342d3234203d3e203433363431.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.222.0/24
Signature Algorithm: sha256WithRSAEncryption
cb:55:d9:7f:72:30:69:07:f0:5d:db:e2:be:85:72:3f:df:d7:
66:77:6f:05:29:ea:08:a0:a7:a2:67:2e:32:e9:04:18:eb:f7:
53:c1:77:37:41:94:bf:a3:6b:ae:50:5d:99:a6:47:1d:0a:81:
ef:98:73:9a:0f:b9:c1:87:86:c1:34:b3:55:09:96:3c:03:68:
a3:4a:e3:a7:4e:e9:ca:99:b8:84:cb:44:75:1a:4a:55:81:3d:
de:98:53:85:c7:75:9a:82:7f:09:7f:c5:68:6b:65:44:8d:16:
fd:30:f2:89:2e:7a:19:9e:46:d9:8e:ce:dd:2d:0f:41:40:b7:
36:16:26:1f:70:b8:b2:fb:2b:50:95:9b:91:8e:60:78:6e:72:
6e:11:cd:1b:74:76:79:5c:96:1d:d5:09:38:eb:3b:11:78:45:
71:6e:ff:ed:a7:cb:30:30:59:b7:c5:d8:62:d2:13:3b:f1:4f:
7a:a1:ee:8c:c6:9d:51:b8:48:fb:82:57:39:af:62:8a:7b:52:
93:03:69:cd:84:a1:8a:5f:b1:9a:8a:8f:6c:1d:36:7c:b7:bb:
ac:40:84:0b:16:a8:40:5f:46:80:11:3e:99:73:fa:2a:8c:3f:
2e:40:5a:53:02:67:d3:8e:3a:e5:be:5f:f5:b6:d2:2d:52:74:
ff:75:3d:04
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUNBowoH/EzTYBR7F0rnZg9DA0WFYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTExMDQwNDQxMTdaFw0yNjExMDMwNDQ2MTdaMDMxMTAvBgNV
BAMTKDlFMDdFQTBBNEY3NEREMDE1MkI3QTFEMjIxMTczQTZDM0QwQjE4RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6mDAZFtCSS5WX2+TYoc4bgIKk
+ipN/rkz7lDoiOO9UbzsCvTYd3k80vrGRKmYp+0kdF2bkojbKDmjH48alSy1xoO5
erotrKiFKrtpdWFtEgc0qTH0xShWcgy0cVo+GRE+2BWCVPkbM+oOO/9tn1gZb/XO
aFS1ewLCWsY2xSdqUigwdKkdKtmDoADetgyX/cVEUC5yxeLTAK5Rhjbmhlh1CbT2
nqyBVkPhwycsJsh7CdJXbD+aKEPU7AXY5NOdunzi8tR8bNQ9DV/yEwUT5r2cvVw7
Tu5xBhfd0rKqRIcglACY8fCYxJp5CmtYGxw0+3hHpvDlsGlRyp8xvX7emsLBAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUngfqCk903QFSt6HSIRc6bD0LGOowHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzgzNTJlMzIzMDM5MmUzMjMy
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMzMzYzNDMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
VdHeMA0GCSqGSIb3DQEBCwUAA4IBAQDLVdl/cjBpB/Bd2+K+hXI/39dmd28FKeoI
oKeiZy4y6QQY6/dTwXc3QZS/o2uuUF2ZpkcdCoHvmHOaD7nBh4bBNLNVCZY8A2ij
SuOnTunKmbiEy0R1GkpVgT3emFOFx3Wagn8Jf8Voa2VEjRb9MPKJLnoZnkbZjs7d
LQ9BQLc2FiYfcLiy+ytQlZuRjmB4bnJuEc0bdHZ5XJYd1Qk46zsReEVxbv/tp8sw
MFm3xdhi0hM78U96oe6Mxp1RuEj7glc5r2KKe1KTA2nNhKGKX7Gaio9sHTZ8t7us
QIQLFqhAX0aAET6Zc/oqjD8uQFpTAmfTjjrlvl/1ttItUnT/dT0E
-----END CERTIFICATE-----
Generated at Wed Nov 5 10:32:00 2025 by rpki-client