Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20323634343039.roa
File: 322e35382e38372e302f32342d3234203d3e20323634343039.roa (raw, json)
Hash identifier: mkGL2Y74THGESksATgz18aFujAfAh2hZzUMM/zMEgtE=
Subject key identifier: 36:8A:1F:46:AA:34:ED:B5:E4:25:E2:01:E2:F2:65:B3:42:E1:C5:F9
Certificate issuer: /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial: 1E8EB2C7DC028FA9CB7278CD864446DEE43B17E6
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20323634343039.roa
Signing time: Mon 03 Nov 2025 20:37:12 +0000
ROA not before: Mon 03 Nov 2025 20:32:12 +0000
ROA not after: Mon 02 Nov 2026 20:37:12 +0000
asID: 264409
IP address blocks: 2.58.87.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 17:58:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:8e:b2:c7:dc:02:8f:a9:cb:72:78:cd:86:44:46:de:e4:3b:17:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
Validity
Not Before: Nov 3 20:32:12 2025 GMT
Not After : Nov 2 20:37:12 2026 GMT
Subject: CN=368A1F46AA34EDB5E425E201E2F265B342E1C5F9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:77:16:86:31:f6:1b:d2:5d:49:8f:ea:52:c9:
cd:f2:4a:ee:14:ff:37:0a:44:2f:bc:71:19:f8:73:
23:c0:8d:89:d5:b0:2b:22:b5:9a:7f:a8:0f:d6:e1:
5f:34:83:90:84:18:2c:d1:fc:b7:fc:a0:6c:87:eb:
50:e9:3c:74:c9:42:80:93:00:59:82:6d:1f:9c:8a:
12:56:e4:d3:c7:f3:65:e6:32:8d:ce:db:82:bd:aa:
7f:d9:e7:70:39:2c:24:95:b9:d4:c6:52:46:1f:a6:
9b:2e:cd:36:a7:7e:af:7f:cb:e2:70:8f:b7:81:19:
21:58:95:02:f2:2e:33:39:7f:2a:f3:b2:90:57:f0:
45:a2:f6:9d:83:d6:b7:94:be:2a:d0:c0:a3:2c:1a:
51:f2:3a:26:d7:e5:56:0d:82:d4:37:00:da:e3:48:
3d:59:df:2b:0e:9c:01:6e:b0:da:30:24:f0:cc:60:
42:77:47:67:13:b6:72:ac:e6:d0:b0:2a:0b:1f:d1:
e5:cc:48:00:64:4a:8a:1d:62:7f:87:34:35:23:f9:
2e:3c:c1:62:ab:fb:7e:a6:94:f0:5e:93:95:9c:cd:
01:63:ef:1f:86:f6:d1:4c:a4:07:25:71:aa:bd:d2:
2d:e9:d2:b1:59:35:7c:38:0c:ae:35:ee:4d:b4:27:
51:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:8A:1F:46:AA:34:ED:B5:E4:25:E2:01:E2:F2:65:B3:42:E1:C5:F9
X509v3 Authority Key Identifier:
keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38372e302f32342d3234203d3e20323634343039.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.87.0/24
Signature Algorithm: sha256WithRSAEncryption
9c:0f:d4:24:75:db:5b:06:81:7e:4c:ef:d2:2b:f1:3b:20:56:
eb:a4:31:e4:29:f4:9e:d2:0c:0d:05:9b:ae:92:4a:b3:b3:d7:
0d:5e:c3:27:a5:c6:4e:5d:c7:6d:56:c5:aa:e7:47:c6:10:ea:
9f:dc:17:18:d0:f4:d5:1a:b8:9c:fe:9e:bb:2e:f4:09:5e:f4:
20:8d:39:90:9d:b8:4f:39:e7:12:c7:b0:3b:06:7e:f6:d2:b6:
56:f3:b9:88:84:4a:85:99:0b:f2:ec:28:84:af:7f:cd:c5:ef:
b2:53:74:69:a0:39:de:f9:36:d2:91:60:8f:36:db:a6:cf:81:
99:9c:cc:5b:76:14:76:b6:fb:2e:63:f8:e7:8d:fe:f0:ac:84:
26:8c:5d:9c:48:24:fc:30:a6:6f:8e:27:bf:a5:7e:b3:c6:79:
dc:05:3a:3f:12:ac:bc:7e:67:2f:c6:4e:63:bc:36:2a:50:f3:
47:51:64:ce:81:3a:eb:ac:19:a9:fe:d1:7a:f9:64:22:c5:2e:
f2:68:85:e1:2c:57:90:8f:2f:24:93:c1:a1:e5:71:ea:bf:65:
eb:be:c2:68:97:7e:32:0c:d6:8d:10:a2:eb:62:26:7c:38:75:
82:ea:e7:e0:e4:66:58:6b:06:55:09:35:79:7d:5c:ac:1a:e8:
a1:d9:1b:26
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHo6yx9wCj6nLcnjNhkRG3uQ7F+YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTExMDMyMDMyMTJaFw0yNjExMDIyMDM3MTJaMDMxMTAvBgNV
BAMTKDM2OEExRjQ2QUEzNEVEQjVFNDI1RTIwMUUyRjI2NUIzNDJFMUM1RjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0dxaGMfYb0l1Jj+pSyc3ySu4U
/zcKRC+8cRn4cyPAjYnVsCsitZp/qA/W4V80g5CEGCzR/Lf8oGyH61DpPHTJQoCT
AFmCbR+cihJW5NPH82XmMo3O24K9qn/Z53A5LCSVudTGUkYfppsuzTanfq9/y+Jw
j7eBGSFYlQLyLjM5fyrzspBX8EWi9p2D1reUvirQwKMsGlHyOibX5VYNgtQ3ANrj
SD1Z3ysOnAFusNowJPDMYEJ3R2cTtnKs5tCwKgsf0eXMSABkSoodYn+HNDUj+S48
wWKr+36mlPBek5WczQFj7x+G9tFMpAclcaq90i3p0rFZNXw4DK417k20J1FFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUNoofRqo07bXkJeIB4vJls0LhxfkwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM2MzQzNDMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlcw
DQYJKoZIhvcNAQELBQADggEBAJwP1CR121sGgX5M79Ir8TsgVuukMeQp9J7SDA0F
m66SSrOz1w1ewyelxk5dx21WxarnR8YQ6p/cFxjQ9NUauJz+nrsu9Ale9CCNOZCd
uE855xLHsDsGfvbStlbzuYiESoWZC/LsKISvf83F77JTdGmgOd75NtKRYI8226bP
gZmczFt2FHa2+y5j+OeN/vCshCaMXZxIJPwwpm+OJ7+lfrPGedwFOj8SrLx+Zy/G
TmO8NipQ80dRZM6BOuusGan+0Xr5ZCLFLvJoheEsV5CPLySTwaHlceq/Zeu+wmiX
fjIM1o0QoutiJnw4dYLq5+DkZlhrBlUJNXl9XKwa6KHZGyY=
-----END CERTIFICATE-----
Generated at Wed Nov 5 07:06:17 2025 by rpki-client