Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3138352e3231302e3136382e302f32342d3234203d3e20343031373736.roa
File: 3138352e3231302e3136382e302f32342d3234203d3e20343031373736.roa (raw, json)
Hash identifier: FthwBNZ7NlQCxWBqkzgJ8UOaCP0gTFfvlhrIRd0qSWo=
Subject key identifier: B2:9D:89:07:F6:3D:94:F9:C9:00:8E:7A:87:74:85:20:3F:F1:A6:38
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 0CDC863581D50E2F3A83AF2BC003FE1DB1F9C396
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3138352e3231302e3136382e302f32342d3234203d3e20343031373736.roa
Signing time: Mon 16 Mar 2026 09:46:12 +0000
ROA not before: Mon 16 Mar 2026 09:41:12 +0000
ROA not after: Mon 15 Mar 2027 09:46:12 +0000
asID: 401776
IP address blocks: 185.210.168.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:dc:86:35:81:d5:0e:2f:3a:83:af:2b:c0:03:fe:1d:b1:f9:c3:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Mar 16 09:41:12 2026 GMT
Not After : Mar 15 09:46:12 2027 GMT
Subject: CN=B29D8907F63D94F9C9008E7A877485203FF1A638
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:a5:e5:a9:14:25:7d:8c:60:40:db:31:34:9d:
75:60:32:a6:68:4a:6b:72:10:f3:e0:94:1d:72:26:
c7:ee:45:27:7d:2c:7c:f6:4d:1f:74:b6:ac:f6:0b:
7c:52:a9:58:84:53:8e:7a:71:e9:39:b3:0d:7a:7d:
6a:64:bf:23:01:ef:e7:30:92:11:3a:e7:f4:d0:a4:
52:0b:ed:7a:41:86:87:4f:9d:dd:44:87:7b:43:74:
a2:82:f3:96:d9:fa:de:f6:3d:51:e5:8b:6e:34:b4:
16:be:ec:b2:1c:5e:75:fb:c5:9e:ef:28:3a:18:59:
78:20:ed:e8:0f:43:77:6b:14:30:21:bd:92:16:d3:
ee:30:8d:a9:3c:44:46:1d:3b:ed:bd:70:70:e0:bb:
9e:81:06:53:1f:f3:ab:de:8d:bf:de:dc:d1:04:69:
81:c3:f9:40:2a:2f:83:90:e1:94:73:72:03:f0:9d:
09:5e:7e:ee:39:a6:06:ec:f1:c1:eb:75:96:fb:57:
63:83:d0:db:74:69:97:c8:93:4c:a9:51:26:79:40:
bf:e5:62:57:39:2b:9d:8f:f6:6a:46:e2:0d:e8:50:
12:ba:86:86:3b:cb:04:c2:98:a6:aa:5a:ad:25:62:
10:9f:8a:6d:34:a9:cc:5c:27:dc:d4:b7:e0:a5:18:
b2:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:9D:89:07:F6:3D:94:F9:C9:00:8E:7A:87:74:85:20:3F:F1:A6:38
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3138352e3231302e3136382e302f32342d3234203d3e20343031373736.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.210.168.0/24
Signature Algorithm: sha256WithRSAEncryption
31:72:df:ce:b1:f0:c5:b0:85:4c:bd:62:30:fe:0b:20:e3:51:
7f:41:63:ce:d8:9a:d5:54:cb:c4:75:db:f6:69:2a:43:12:a2:
0f:38:79:c0:ac:e2:86:1b:c8:dd:17:53:4b:79:e1:d9:df:53:
4c:3e:21:50:13:b0:1f:6b:b0:64:e6:cb:27:ef:bd:14:08:68:
45:55:05:db:68:69:f5:44:04:13:3e:d4:5e:2c:d6:1f:3c:dc:
0b:8e:ac:7e:4c:85:50:57:b7:5b:04:50:b2:83:51:db:36:f7:
c4:1e:a6:08:5f:46:43:d2:1c:60:21:13:95:d3:34:92:ca:e8:
79:6a:5c:db:53:bb:8a:59:8e:0c:38:1c:51:74:7b:34:5a:9d:
2d:9d:7a:2b:30:0b:00:39:e8:88:71:fe:8e:9a:ea:8c:b1:81:
0b:ce:8c:5c:e1:67:43:d6:fa:da:31:61:34:d7:6b:24:1e:82:
95:49:7e:61:1e:69:29:26:1c:b1:6a:fd:a6:5e:21:8f:d8:b4:
e9:2e:38:aa:7a:ea:ed:6d:04:aa:99:97:2c:a0:56:b7:20:1e:
f1:2c:bf:83:02:72:52:70:0d:7f:8b:9a:1c:bf:96:88:96:6f:
b6:94:cf:a9:73:b0:f8:fd:f7:5e:1f:32:3d:4c:b3:7c:61:ef:
37:b2:b1:ad
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUDNyGNYHVDi86g68rwAP+HbH5w5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMTYwOTQxMTJaFw0yNzAzMTUwOTQ2MTJaMDMxMTAvBgNV
BAMTKEIyOUQ4OTA3RjYzRDk0RjlDOTAwOEU3QTg3NzQ4NTIwM0ZGMUE2MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRpeWpFCV9jGBA2zE0nXVgMqZo
SmtyEPPglB1yJsfuRSd9LHz2TR90tqz2C3xSqViEU456cek5sw16fWpkvyMB7+cw
khE65/TQpFIL7XpBhodPnd1Eh3tDdKKC85bZ+t72PVHli240tBa+7LIcXnX7xZ7v
KDoYWXgg7egPQ3drFDAhvZIW0+4wjak8REYdO+29cHDgu56BBlMf86vejb/e3NEE
aYHD+UAqL4OQ4ZRzcgPwnQlefu45pgbs8cHrdZb7V2OD0Nt0aZfIk0ypUSZ5QL/l
Ylc5K52P9mpG4g3oUBK6hoY7ywTCmKaqWq0lYhCfim00qcxcJ9zUt+ClGLIZAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUsp2JB/Y9lPnJAI56h3SFID/xpjgwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzEzODM1MmUzMjMxMzAyZTMx
MzYzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMTM3MzczNi5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnSqDANBgkqhkiG9w0BAQsFAAOCAQEAMXLfzrHwxbCFTL1iMP4LIONRf0Fj
ztia1VTLxHXb9mkqQxKiDzh5wKzihhvI3RdTS3nh2d9TTD4hUBOwH2uwZObLJ++9
FAhoRVUF22hp9UQEEz7UXizWHzzcC46sfkyFUFe3WwRQsoNR2zb3xB6mCF9GQ9Ic
YCETldM0ksroeWpc21O7ilmODDgcUXR7NFqdLZ16KzALADnoiHH+jprqjLGBC86M
XOFnQ9b62jFhNNdrJB6ClUl+YR5pKSYcsWr9pl4hj9i06S44qnrq7W0EqpmXLKBW
tyAe8Sy/gwJyUnANf4uaHL+WiJZvtpTPqXOw+P33Xh8yPUyzfGHvN7KxrQ==
-----END CERTIFICATE-----
Generated at Thu Mar 26 16:32:55 2026 by rpki-client