Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31322e302f32342d3234203d3e20313531333839.roa
File: 38372e3235342e31322e302f32342d3234203d3e20313531333839.roa (raw, json)
Hash identifier: 9zA+dszgJN5AP3J45oSwZmskcmnOlaFWG4lzA3aNK2Q=
Subject key identifier: 37:DA:52:37:F0:BA:4D:5E:97:C7:AE:60:9E:6E:97:00:27:A5:75:33
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 22FB3BFECA5D9D3EFAD4902D2BED92FBAC9805A7
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31322e302f32342d3234203d3e20313531333839.roa
Signing time: Fri 08 May 2026 04:00:52 +0000
ROA not before: Fri 08 May 2026 03:55:52 +0000
ROA not after: Fri 07 May 2027 04:00:52 +0000
asID: 151389
IP address blocks: 87.254.12.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:14:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:fb:3b:fe:ca:5d:9d:3e:fa:d4:90:2d:2b:ed:92:fb:ac:98:05:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: May 8 03:55:52 2026 GMT
Not After : May 7 04:00:52 2027 GMT
Subject: CN=37DA5237F0BA4D5E97C7AE609E6E970027A57533
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:83:38:31:e0:ed:f1:46:7e:82:59:33:22:06:
74:48:a3:b0:9a:45:95:cf:45:70:4d:fb:13:b1:97:
21:79:81:73:a3:7b:43:dd:d9:bb:86:a6:b3:de:4b:
bf:ee:d6:fa:4f:87:b8:a2:13:54:b7:bc:61:22:64:
3f:5b:73:80:ab:55:a5:d3:94:21:d1:74:af:0b:2d:
86:2d:89:53:8f:ff:e8:9a:a0:70:17:8c:c8:77:b5:
08:7c:95:fb:c4:67:89:bf:cd:c8:1e:72:10:29:68:
28:8b:d2:dc:ba:43:ff:37:8e:37:04:d5:76:15:05:
b0:08:ce:5b:06:79:8a:4a:a5:4f:d8:4b:d9:bc:fe:
cb:b3:0f:00:73:8b:86:b0:09:dd:32:cd:f9:ee:4f:
55:14:d0:e9:28:a4:cb:c1:f9:b0:83:a1:47:62:fc:
7e:2c:83:57:a0:8c:7a:e0:87:27:0e:e9:c7:c3:39:
6a:8c:6c:12:e4:67:3c:92:14:8d:27:5b:78:c5:d6:
7d:66:ae:19:7a:37:30:9b:f5:b3:46:1d:18:50:37:
8b:19:d5:dd:e2:48:f8:b6:a0:c5:59:84:8c:44:e9:
5b:e1:a2:7c:25:0c:3a:bb:b9:f3:1f:6a:0f:14:b7:
d9:97:e2:d7:90:21:95:33:50:ca:14:e7:a0:11:8f:
36:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:DA:52:37:F0:BA:4D:5E:97:C7:AE:60:9E:6E:97:00:27:A5:75:33
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e31322e302f32342d3234203d3e20313531333839.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.12.0/24
Signature Algorithm: sha256WithRSAEncryption
32:21:30:68:88:8b:3f:3e:f9:89:e1:ed:53:91:e2:d9:f5:c8:
9e:bd:6c:3f:3e:d4:c8:b7:88:29:e0:46:9b:87:4e:29:88:8c:
67:c9:53:6d:4f:af:20:88:29:88:e4:e9:bf:b9:1f:b1:53:ef:
15:2d:46:da:5b:33:eb:fd:7b:38:ad:a9:2d:b6:a6:89:b4:00:
93:8a:0d:73:d9:82:13:e8:ba:85:6e:fa:6e:45:ff:b4:37:f7:
b4:60:91:68:66:b1:3b:e2:80:b7:a9:a9:48:47:ce:7b:de:f6:
9c:47:9b:7c:8f:c2:af:7b:d2:e1:a6:b7:99:ee:48:a6:38:47:
fb:d7:36:4c:c3:ae:d4:dd:73:6f:43:3a:45:86:32:d5:fe:2b:
12:d0:5e:c6:a6:5c:8b:e3:75:cf:dd:21:2f:e1:ce:36:3c:21:
4b:41:87:89:85:a9:8c:d6:05:4b:bd:7f:ae:c2:15:81:d3:16:
19:49:63:00:23:0c:10:f2:0a:f9:4b:63:ff:69:05:3d:e0:8d:
e1:16:10:6a:13:e3:4d:10:91:83:3f:95:ca:71:c0:f1:ca:3b:
0e:df:8b:5b:a5:c5:61:38:31:dd:0f:69:7b:60:80:37:47:c8:
e2:68:12:ac:77:a3:1b:ce:d3:8b:6a:32:94:14:4a:29:cb:52:
9d:84:d6:69
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUIvs7/spdnT761JAtK+2S+6yYBacwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA1MDgwMzU1NTJaFw0yNzA1MDcwNDAwNTJaMDMxMTAvBgNV
BAMTKDM3REE1MjM3RjBCQTRENUU5N0M3QUU2MDlFNkU5NzAwMjdBNTc1MzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCogzgx4O3xRn6CWTMiBnRIo7Ca
RZXPRXBN+xOxlyF5gXOje0Pd2buGprPeS7/u1vpPh7iiE1S3vGEiZD9bc4CrVaXT
lCHRdK8LLYYtiVOP/+iaoHAXjMh3tQh8lfvEZ4m/zcgechApaCiL0ty6Q/83jjcE
1XYVBbAIzlsGeYpKpU/YS9m8/suzDwBzi4awCd0yzfnuT1UU0OkopMvB+bCDoUdi
/H4sg1egjHrghycO6cfDOWqMbBLkZzySFI0nW3jF1n1mrhl6NzCb9bNGHRhQN4sZ
1d3iSPi2oMVZhIxE6VvhonwlDDq7ufMfag8Ut9mX4teQIZUzUMoU56ARjzYjAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUN9pSN/C6TV6Xx65gnm6XACeldTMwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNTMxMzMzODM5LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
V/4MMA0GCSqGSIb3DQEBCwUAA4IBAQAyITBoiIs/PvmJ4e1TkeLZ9cievWw/PtTI
t4gp4Eabh04piIxnyVNtT68giCmI5Om/uR+xU+8VLUbaWzPr/Xs4rakttqaJtACT
ig1z2YIT6LqFbvpuRf+0N/e0YJFoZrE74oC3qalIR8573vacR5t8j8Kve9LhpreZ
7kimOEf71zZMw67U3XNvQzpFhjLV/isS0F7GplyL43XP3SEv4c42PCFLQYeJhamM
1gVLvX+uwhWB0xYZSWMAIwwQ8gr5S2P/aQU94I3hFhBqE+NNEJGDP5XKccDxyjsO
34tbpcVhODHdD2l7YIA3R8jiaBKsd6MbztOLajKUFEopy1KdhNZp
-----END CERTIFICATE-----
Generated at Wed May 13 12:02:28 2026 by rpki-client