Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e36342e302f32322d3332203d3e203430303231.roa
File: 3231372e3231362e36342e302f32322d3332203d3e203430303231.roa (raw, json)
Hash identifier: C7RZycOtc9CF/aqZzYhzRmp+dqe4V9GHOutc48bJOk8=
Subject key identifier: 52:BA:A5:70:54:52:BD:5D:75:16:A2:34:E8:53:E5:E4:AA:77:4D:75
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 69125193FBFCC373FC5A63D8454143653C83AFB8
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e36342e302f32322d3332203d3e203430303231.roa
Signing time: Sun 02 Nov 2025 13:28:16 +0000
ROA not before: Sun 02 Nov 2025 13:23:16 +0000
ROA not after: Sun 01 Nov 2026 13:28:16 +0000
asID: 40021
IP address blocks: 217.216.64.0/22 maxlen: 32
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:12:51:93:fb:fc:c3:73:fc:5a:63:d8:45:41:43:65:3c:83:af:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Nov 2 13:23:16 2025 GMT
Not After : Nov 1 13:28:16 2026 GMT
Subject: CN=52BAA5705452BD5D7516A234E853E5E4AA774D75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:07:0c:be:cf:ff:a6:28:5c:39:54:f6:c8:cb:
7f:d7:a0:68:4c:7e:f7:08:d1:6d:fa:e4:c0:19:d1:
2c:ee:83:3b:b8:21:09:7c:35:3c:11:5f:40:b4:b8:
f8:2d:6c:66:d9:f1:a9:de:ae:5d:f6:4e:88:65:ae:
d1:93:70:7b:93:bc:0d:2e:6a:bd:e9:68:67:c0:11:
d3:0b:0f:de:de:83:19:f9:97:97:c1:f9:08:0f:ae:
67:07:91:c2:14:22:ed:a7:04:35:2d:4c:6b:48:8a:
e5:e2:57:a5:7e:02:d9:a2:a2:ac:d6:9e:6e:70:6f:
f1:01:84:5d:15:20:97:91:37:b9:93:05:75:f9:c7:
df:45:8a:9d:3d:31:dd:a3:64:c6:ca:a9:e8:74:36:
6e:08:02:f5:5b:cd:85:00:47:0a:22:e3:ea:a6:fe:
98:00:2c:a8:b4:3d:16:1e:ae:19:fa:c3:cd:b0:44:
74:e1:d4:c3:6d:8f:54:2e:f3:e4:67:d8:dd:a3:1e:
f5:7c:dd:84:29:c0:c0:67:da:a3:36:48:82:d8:b3:
a5:4e:ec:ec:f5:5e:d1:0b:c0:16:ba:87:c7:22:9f:
ac:0f:e5:2d:49:7f:75:a2:a9:a7:0a:68:e4:78:2f:
2f:3f:e6:a7:82:1c:cd:7c:9b:84:8a:bb:b1:4d:bf:
28:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:BA:A5:70:54:52:BD:5D:75:16:A2:34:E8:53:E5:E4:AA:77:4D:75
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e36342e302f32322d3332203d3e203430303231.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.216.64.0/22
Signature Algorithm: sha256WithRSAEncryption
3f:2c:83:0a:26:95:b2:cb:7a:1e:72:c7:ca:a8:9e:43:58:1a:
a2:83:b5:c9:41:4d:81:27:d1:a0:82:69:e8:44:6a:ad:e9:c2:
41:80:9a:82:ef:0c:11:2b:78:b8:98:2c:b8:5d:ff:eb:1b:8f:
6b:2f:20:52:5c:d9:73:9d:f3:54:af:94:46:c6:e0:1d:6c:5a:
30:70:e1:24:13:07:ca:be:23:a9:d7:09:24:d9:2a:fb:16:86:
0d:6b:a6:7e:bf:6c:4b:f1:45:06:a2:1d:a1:cb:c4:6f:1c:e2:
31:3b:c6:21:f8:92:e4:f6:d6:19:f7:eb:a3:a7:35:90:f3:02:
b5:b5:ca:14:51:f0:e2:27:9e:eb:82:e4:19:51:f6:64:87:93:
2d:b0:35:5b:e5:68:ab:2c:50:78:51:1b:c2:05:3f:17:3d:e8:
9f:5f:29:af:83:f4:59:59:6b:d3:e5:c8:c5:b0:6e:d3:2a:f5:
68:6b:f1:51:4e:33:32:67:62:5a:3c:73:c5:9e:8a:05:26:4d:
2a:ad:87:20:c1:9e:da:ed:e8:08:d3:a5:ca:ad:5b:c4:90:c4:
3c:15:18:71:c3:aa:22:b6:be:6b:df:cb:33:9f:96:61:a2:f2:
07:6f:cf:3b:2f:5d:bb:bc:0f:fc:56:83:42:24:ec:17:59:1d:
e8:df:73:db
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUaRJRk/v8w3P8WmPYRUFDZTyDr7gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTExMDIxMzIzMTZaFw0yNjExMDExMzI4MTZaMDMxMTAvBgNV
BAMTKDUyQkFBNTcwNTQ1MkJENUQ3NTE2QTIzNEU4NTNFNUU0QUE3NzRENzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSBwy+z/+mKFw5VPbIy3/XoGhM
fvcI0W365MAZ0Szugzu4IQl8NTwRX0C0uPgtbGbZ8anerl32TohlrtGTcHuTvA0u
ar3paGfAEdMLD97egxn5l5fB+QgPrmcHkcIUIu2nBDUtTGtIiuXiV6V+AtmioqzW
nm5wb/EBhF0VIJeRN7mTBXX5x99Fip09Md2jZMbKqeh0Nm4IAvVbzYUARwoi4+qm
/pgALKi0PRYerhn6w82wRHTh1MNtj1Qu8+Rn2N2jHvV83YQpwMBn2qM2SILYs6VO
7Oz1XtELwBa6h8cin6wP5S1Jf3WiqacKaOR4Ly8/5qeCHM18m4SKu7FNvyhVAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUUrqlcFRSvV11FqI06FPl5Kp3TXUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTM2
MzQyZTMwMmYzMjMyMmQzMzMyMjAzZDNlMjAzNDMwMzAzMjMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC
2dhAMA0GCSqGSIb3DQEBCwUAA4IBAQA/LIMKJpWyy3oecsfKqJ5DWBqig7XJQU2B
J9GggmnoRGqt6cJBgJqC7wwRK3i4mCy4Xf/rG49rLyBSXNlznfNUr5RGxuAdbFow
cOEkEwfKviOp1wkk2Sr7FoYNa6Z+v2xL8UUGoh2hy8RvHOIxO8Yh+JLk9tYZ9+uj
pzWQ8wK1tcoUUfDiJ57rguQZUfZkh5MtsDVb5WirLFB4URvCBT8XPeifXymvg/RZ
WWvT5cjFsG7TKvVoa/FRTjMyZ2JaPHPFnooFJk0qrYcgwZ7a7egI06XKrVvEkMQ8
FRhxw6oitr5r38szn5ZhovIHb887L127vA/8VoNCJOwXWR3o33Pb
-----END CERTIFICATE-----
Generated at Tue Nov 4 19:48:40 2025 by rpki-client