Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3132382e302e35392e302f32342d3234203d3e2035353131.roa
File: 3132382e302e35392e302f32342d3234203d3e2035353131.roa (raw, json)
Hash identifier: gGViZGAaB3g39jK5W2J4q8lvp0DNJNFZ+qu9AVINKfo=
Subject key identifier: 4B:17:16:65:E1:B2:FC:30:3F:48:64:FA:DB:B6:8F:4B:A6:AE:34:8E
Certificate issuer: /CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
Certificate serial: 475AEBA9CE2EE40C3228A64D933C1E88613C04A2
Authority key identifier: 7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3132382e302e35392e302f32342d3234203d3e2035353131.roa
Signing time: Fri 20 Mar 2026 11:46:11 +0000
ROA not before: Fri 20 Mar 2026 11:41:11 +0000
ROA not after: Fri 19 Mar 2027 11:46:11 +0000
asID: 5511
IP address blocks: 128.0.59.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl
rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.mft
rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:5a:eb:a9:ce:2e:e4:0c:32:28:a6:4d:93:3c:1e:88:61:3c:04:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
Validity
Not Before: Mar 20 11:41:11 2026 GMT
Not After : Mar 19 11:46:11 2027 GMT
Subject: CN=4B171665E1B2FC303F4864FADBB68F4BA6AE348E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:92:0e:50:1c:90:d7:f9:77:07:80:1f:b4:ad:
fe:8e:48:7f:51:38:40:a1:d3:dd:7f:19:46:99:73:
42:8b:3e:56:1b:89:ec:f9:ad:7c:76:7d:13:ea:e5:
5e:24:51:74:c4:da:b2:93:63:12:f1:ef:a5:e2:af:
aa:90:14:be:5c:38:a7:09:59:61:09:fc:e8:d4:0f:
67:81:8d:13:62:67:ec:d8:11:aa:2b:98:79:ea:b9:
6e:f0:5c:e2:b5:9e:29:29:75:0f:91:5f:05:1b:1f:
29:a5:e2:51:4f:d1:34:7b:af:d5:71:dc:05:e3:a7:
df:b7:cf:9c:ad:be:65:a4:48:03:57:c1:be:99:8b:
a0:e9:7e:12:ac:ba:0b:73:73:75:3e:54:91:9e:c2:
b5:9b:20:60:64:4a:74:43:7d:72:18:02:71:a5:a7:
8f:c1:b4:9a:87:49:97:0c:55:85:2c:cb:72:3c:63:
79:6e:b5:cf:ed:5c:27:a4:8c:82:f8:ec:cf:0b:09:
45:5c:7c:79:c6:a3:e4:7a:d1:b2:0b:80:7d:e0:ce:
36:9b:b6:9a:12:f7:9e:e6:c9:2a:35:a4:5a:29:03:
f4:56:c9:fd:74:90:02:e8:1b:63:cc:27:05:98:e6:
ae:47:2a:ce:54:9b:16:0d:8d:58:b3:01:f4:41:71:
88:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:17:16:65:E1:B2:FC:30:3F:48:64:FA:DB:B6:8F:4B:A6:AE:34:8E
X509v3 Authority Key Identifier:
keyid:7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3132382e302e35392e302f32342d3234203d3e2035353131.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
128.0.59.0/24
Signature Algorithm: sha256WithRSAEncryption
dd:ff:a6:e8:85:c1:ac:05:c3:5f:68:ec:1f:aa:3c:ca:e9:69:
16:8d:68:67:1d:1e:54:da:e2:4d:d5:c4:3c:7c:38:66:c7:ac:
8b:53:c1:87:8f:a5:25:22:aa:0e:63:31:a8:71:45:d7:28:f1:
3a:ba:ae:40:fc:a9:01:7d:9b:cc:70:23:cb:ed:2f:65:3b:fa:
ca:f9:d2:ed:ac:ed:76:9d:d1:31:84:7a:1c:d5:03:da:68:4b:
78:47:96:d5:2b:fb:5f:1b:ba:42:9c:46:0f:ce:cd:40:66:6b:
01:74:f0:73:6e:95:d3:95:01:a7:8b:02:fd:05:cd:57:8b:1f:
d6:d8:1f:df:82:d2:56:39:f0:f5:7c:15:07:15:04:4a:65:bf:
bd:75:25:87:64:00:19:b1:cf:84:2e:86:f1:cf:38:04:5f:29:
84:b3:ba:94:77:02:31:f2:8d:1b:83:ae:a8:8a:28:04:b2:0a:
b3:17:56:17:00:a5:93:76:3c:f5:5e:e4:77:49:6f:df:e1:38:
ab:5c:7d:f7:96:bf:9f:87:fa:8c:aa:55:49:92:89:36:dc:1e:
29:da:2b:21:3a:54:c8:a3:1a:6e:4a:d8:72:11:51:b6:7d:94:
f4:c6:92:b9:2e:87:a0:6f:c9:b2:08:48:18:a9:f0:f6:9b:01:
2d:7c:57:ea
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUR1rrqc4u5AwyKKZNkzweiGE8BKIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2ZlYTM3ZmRmZTI5YjM0MTczZTk3ZjFiNjM3YTQ0ZWM0
MWFjZWJiODAeFw0yNjAzMjAxMTQxMTFaFw0yNzAzMTkxMTQ2MTFaMDMxMTAvBgNV
BAMTKDRCMTcxNjY1RTFCMkZDMzAzRjQ4NjRGQURCQjY4RjRCQTZBRTM0OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4kg5QHJDX+XcHgB+0rf6OSH9R
OECh091/GUaZc0KLPlYbiez5rXx2fRPq5V4kUXTE2rKTYxLx76Xir6qQFL5cOKcJ
WWEJ/OjUD2eBjRNiZ+zYEaormHnquW7wXOK1nikpdQ+RXwUbHyml4lFP0TR7r9Vx
3AXjp9+3z5ytvmWkSANXwb6Zi6DpfhKsugtzc3U+VJGewrWbIGBkSnRDfXIYAnGl
p4/BtJqHSZcMVYUsy3I8Y3lutc/tXCekjIL47M8LCUVcfHnGo+R60bILgH3gzjab
tpoS957mySo1pFopA/RWyf10kALoG2PMJwWY5q5HKs5UmxYNjVizAfRBcYhTAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUSxcWZeGy/DA/SGT627aPS6auNI4wHwYDVR0j
BBgwFoAUf+o3/f4ps0Fz6X8bY3pE7EGs67gwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWItZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkz
YTlkLzAvN0ZFQTM3RkRGRTI5QjM0MTczRTk3RjFCNjM3QTQ0RUM0MUFDRUJCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YtbzNfZjRwczBGejZYOGJZM3BFN0VH
czY3Zy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWIt
ZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkzYTlkLzAvMzEzMjM4MmUzMDJlMzUzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzUzMTMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgAA7MA0G
CSqGSIb3DQEBCwUAA4IBAQDd/6bohcGsBcNfaOwfqjzK6WkWjWhnHR5U2uJN1cQ8
fDhmx6yLU8GHj6UlIqoOYzGocUXXKPE6uq5A/KkBfZvMcCPL7S9lO/rK+dLtrO12
ndExhHoc1QPaaEt4R5bVK/tfG7pCnEYPzs1AZmsBdPBzbpXTlQGniwL9Bc1Xix/W
2B/fgtJWOfD1fBUHFQRKZb+9dSWHZAAZsc+ELobxzzgEXymEs7qUdwIx8o0bg66o
iigEsgqzF1YXAKWTdjz1XuR3SW/f4TirXH33lr+fh/qMqlVJkok23B4p2ishOlTI
oxpuSthyEVG2fZT0xpK5Loegb8myCEgYqfD2mwEtfFfq
-----END CERTIFICATE-----
Generated at Thu Mar 26 00:20:53 2026 by rpki-client