Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e312e302f32342d3234203d3e20343032303434.roa
File: 3231372e32352e312e302f32342d3234203d3e20343032303434.roa (raw, json)
Hash identifier: xCcm9OSDFoiRAyZGskXdn1FDK0ugz/jCcwYJjik/uSg=
Subject key identifier: DF:C5:66:EF:67:0E:26:00:70:AB:FC:F8:F3:D4:22:61:AD:98:53:46
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 75B0F63FEAFFF6496AFCFA28C64561B892F50D38
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e312e302f32342d3234203d3e20343032303434.roa
Signing time: Thu 23 Apr 2026 16:16:25 +0000
ROA not before: Thu 23 Apr 2026 16:11:25 +0000
ROA not after: Thu 22 Apr 2027 16:16:25 +0000
asID: 402044
IP address blocks: 217.25.1.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:14:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:b0:f6:3f:ea:ff:f6:49:6a:fc:fa:28:c6:45:61:b8:92:f5:0d:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Apr 23 16:11:25 2026 GMT
Not After : Apr 22 16:16:25 2027 GMT
Subject: CN=DFC566EF670E260070ABFCF8F3D42261AD985346
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:c6:d1:5d:96:6f:1a:63:f0:28:f7:40:81:02:
0e:be:e5:36:ac:81:1c:59:d0:6f:47:22:f9:92:ae:
8d:94:11:6a:45:23:ef:74:e8:f8:15:82:ea:73:73:
ee:f6:dc:be:c4:8b:00:0c:87:db:ce:32:30:0d:c2:
78:90:cd:c2:79:a3:d9:f1:90:ac:2b:8e:e1:53:94:
ea:a9:00:e6:8d:c0:fb:71:66:37:3b:77:be:61:93:
12:e6:e6:87:aa:08:7e:67:55:eb:ff:a8:39:aa:be:
41:0e:d6:3a:fe:63:f3:38:55:c9:f3:33:72:a3:fc:
76:2c:40:a0:4f:63:35:7d:40:a8:3a:a6:eb:af:61:
44:29:19:37:66:f3:a1:7f:07:f6:f7:f4:ef:9f:f2:
1b:64:e4:75:6b:65:bc:6b:33:f3:82:39:a5:bc:cb:
8b:d4:c5:99:89:a9:dc:6f:ab:3a:e6:b6:61:22:56:
69:b0:29:3f:6c:58:08:fd:d8:3c:6c:44:a4:dc:a7:
ee:8b:9e:2a:c1:c7:ae:3e:d1:7f:11:78:5a:40:87:
fd:d1:d6:2b:b4:78:cb:16:2b:66:3b:c4:cf:29:e7:
5e:8b:82:06:47:c2:06:23:e5:88:40:35:20:da:31:
db:62:df:3e:98:88:e7:df:4f:c6:49:69:0a:7e:39:
ef:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:C5:66:EF:67:0E:26:00:70:AB:FC:F8:F3:D4:22:61:AD:98:53:46
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e312e302f32342d3234203d3e20343032303434.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.25.1.0/24
Signature Algorithm: sha256WithRSAEncryption
05:19:d5:77:0f:77:a2:a2:40:07:c2:aa:9d:70:bc:13:4f:02:
b8:0b:50:9d:72:85:02:e1:a3:66:5c:56:18:10:95:a0:aa:30:
1a:99:67:ce:08:69:2d:c3:1a:8a:a5:bb:1f:f8:34:0c:b9:42:
a5:94:a2:c8:d6:3e:92:63:95:72:1b:6d:b6:7c:84:39:74:19:
fc:b7:93:9c:3d:cb:fd:40:ae:0a:49:5e:5e:23:8c:7d:81:97:
b6:a4:51:db:2e:4b:00:b6:15:e5:c5:ca:d4:f1:0e:bf:82:cb:
64:b4:0c:0b:3e:a8:b6:c8:d0:aa:78:da:db:31:75:6e:eb:b1:
32:a4:a4:43:15:36:2c:4b:a1:31:3a:32:54:0d:e0:92:07:1b:
8b:2b:b4:f0:fc:1c:c8:30:7b:42:97:90:2f:b2:14:4d:7b:37:
c6:e4:08:57:83:49:49:58:92:4c:1d:cd:2e:ca:fa:05:e2:33:
6b:8a:0b:25:78:7b:24:de:ae:d6:48:9b:3d:1c:62:3e:4a:9f:
ed:6f:cc:71:98:c8:b9:d2:43:3c:79:33:62:e2:fb:6a:de:38:
da:1d:8b:69:cd:20:f8:bb:f1:51:3a:36:c4:fd:5e:a1:46:e5:
ef:99:39:b6:36:a3:19:77:15:12:4a:2b:a7:fd:7b:da:16:16:
b2:f3:7a:6f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdbD2P+r/9klq/PooxkVhuJL1DTgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA0MjMxNjExMjVaFw0yNzA0MjIxNjE2MjVaMDMxMTAvBgNV
BAMTKERGQzU2NkVGNjcwRTI2MDA3MEFCRkNGOEYzRDQyMjYxQUQ5ODUzNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkxtFdlm8aY/Ao90CBAg6+5Tas
gRxZ0G9HIvmSro2UEWpFI+906PgVgupzc+723L7EiwAMh9vOMjANwniQzcJ5o9nx
kKwrjuFTlOqpAOaNwPtxZjc7d75hkxLm5oeqCH5nVev/qDmqvkEO1jr+Y/M4Vcnz
M3Kj/HYsQKBPYzV9QKg6puuvYUQpGTdm86F/B/b39O+f8htk5HVrZbxrM/OCOaW8
y4vUxZmJqdxvqzrmtmEiVmmwKT9sWAj92DxsRKTcp+6LnirBx64+0X8ReFpAh/3R
1iu0eMsWK2Y7xM8p516LggZHwgYj5YhANSDaMdti3z6YiOffT8ZJaQp+Oe+7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU38Vm72cOJgBwq/z489QiYa2YU0YwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMjMwMzQzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZ
ATANBgkqhkiG9w0BAQsFAAOCAQEABRnVdw93oqJAB8KqnXC8E08CuAtQnXKFAuGj
ZlxWGBCVoKowGplnzghpLcMaiqW7H/g0DLlCpZSiyNY+kmOVchtttnyEOXQZ/LeT
nD3L/UCuCkleXiOMfYGXtqRR2y5LALYV5cXK1PEOv4LLZLQMCz6otsjQqnja2zF1
buuxMqSkQxU2LEuhMToyVA3gkgcbiyu08PwcyDB7QpeQL7IUTXs3xuQIV4NJSViS
TB3NLsr6BeIza4oLJXh7JN6u1kibPRxiPkqf7W/McZjIudJDPHkzYuL7at442h2L
ac0g+LvxUTo2xP1eoUbl75k5tjajGXcVEkorp/172hYWsvN6bw==
-----END CERTIFICATE-----
Generated at Wed May 13 06:55:39 2026 by rpki-client