Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32382e302f32342d3234203d3e20343032323135.roa
File: 38372e3235342e32382e302f32342d3234203d3e20343032323135.roa (raw, json)
Hash identifier: SGNaeNVqZGf07yOteWt8edtRnKOa52xBHwzvPwvg5pw=
Subject key identifier: 8B:FD:41:70:B0:28:FC:32:0E:19:F5:FE:84:89:63:E4:7A:99:FF:70
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 59DD4B5780C8F25DEEC6A4F0A79EE7560CE9040B
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32382e302f32342d3234203d3e20343032323135.roa
Signing time: Mon 20 Apr 2026 08:40:12 +0000
ROA not before: Mon 20 Apr 2026 08:35:12 +0000
ROA not after: Mon 19 Apr 2027 08:40:12 +0000
asID: 402215
IP address blocks: 87.254.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 20:14:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
59:dd:4b:57:80:c8:f2:5d:ee:c6:a4:f0:a7:9e:e7:56:0c:e9:04:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Apr 20 08:35:12 2026 GMT
Not After : Apr 19 08:40:12 2027 GMT
Subject: CN=8BFD4170B028FC320E19F5FE848963E47A99FF70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:2f:4c:6f:13:3c:74:11:6b:33:f4:b8:ea:6b:
cb:5b:50:cd:c0:99:9e:49:0d:02:ee:be:f2:af:b8:
a1:25:6e:ad:b7:04:65:b4:89:99:ce:4a:b7:c1:cb:
e3:e7:c4:90:7f:e9:aa:34:44:42:92:f9:cc:20:e1:
b8:9b:66:44:51:95:95:fe:9a:61:eb:d2:65:7a:c0:
d0:4d:ca:15:e4:b1:8c:e2:8d:7d:13:c4:eb:b4:85:
02:84:1f:af:64:2f:f4:40:23:ab:35:a0:20:8a:32:
36:13:12:8a:50:ad:f8:07:8e:8b:52:8a:b5:e6:bf:
48:ef:73:9d:31:dd:97:59:ad:79:49:bf:60:b5:1b:
8a:b5:52:93:d4:16:ac:9b:18:2c:ee:37:6e:e0:51:
72:b8:69:e8:90:00:6d:64:09:63:cf:a4:58:4e:b5:
78:87:30:c0:75:94:f0:28:00:01:e8:d4:f5:72:bd:
d0:96:7d:cc:06:7d:ba:98:a9:67:ed:7c:c0:5f:61:
02:45:a7:10:51:72:12:a7:ce:fb:bc:95:f8:67:4d:
74:0f:90:0f:00:34:22:5e:a1:9e:b3:9d:dd:1c:d1:
d3:fd:5f:48:03:96:6b:7c:61:f8:66:41:57:9e:d3:
a7:7d:bf:52:9b:18:4e:ed:30:27:ec:30:dd:ae:6a:
b0:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:FD:41:70:B0:28:FC:32:0E:19:F5:FE:84:89:63:E4:7A:99:FF:70
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32382e302f32342d3234203d3e20343032323135.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.28.0/24
Signature Algorithm: sha256WithRSAEncryption
20:eb:5d:21:ff:92:62:b0:64:e3:ce:f2:f7:c5:83:d8:86:af:
67:1f:5d:df:db:e6:9e:5a:4e:63:06:8f:82:cf:93:1a:68:5a:
7c:42:4e:a4:2f:ac:d3:c2:cb:a6:63:53:1d:4a:bf:41:08:c5:
ff:6b:4c:b1:f4:11:5b:e1:d7:38:c8:48:9e:76:a3:25:ce:f9:
cd:2d:96:bb:73:f3:ef:d4:fa:8a:f5:f7:c5:ad:32:dd:31:43:
36:a5:5d:ea:a4:37:a8:9d:29:63:95:79:37:ce:23:4b:7b:58:
ca:2a:86:f1:f8:29:ba:2a:cd:9c:37:91:95:c2:53:1a:e2:88:
76:c0:65:75:e3:78:f0:7d:26:b8:d8:01:1d:cf:2b:d9:23:d3:
bb:67:37:ec:5a:29:d2:f0:46:29:88:c5:90:da:93:de:6f:21:
e7:86:ea:46:50:85:7d:3f:6b:52:0f:cb:88:ef:f1:5b:e0:fa:
74:28:83:45:21:f7:7e:2e:f8:83:a1:75:6c:dd:5a:57:bc:6b:
0c:ca:bd:b9:0b:80:90:c5:51:28:27:11:ba:58:87:51:99:ee:
4a:c2:e8:0b:3d:6b:e0:07:a3:32:d9:5b:60:9b:1f:ac:76:50:
0f:1c:e5:27:a7:2b:4b:28:0e:50:7d:d2:00:cb:91:17:30:62:
b9:4f:8d:c8
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUWd1LV4DI8l3uxqTwp57nVgzpBAswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA0MjAwODM1MTJaFw0yNzA0MTkwODQwMTJaMDMxMTAvBgNV
BAMTKDhCRkQ0MTcwQjAyOEZDMzIwRTE5RjVGRTg0ODk2M0U0N0E5OUZGNzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNL0xvEzx0EWsz9Ljqa8tbUM3A
mZ5JDQLuvvKvuKElbq23BGW0iZnOSrfBy+PnxJB/6ao0REKS+cwg4bibZkRRlZX+
mmHr0mV6wNBNyhXksYzijX0TxOu0hQKEH69kL/RAI6s1oCCKMjYTEopQrfgHjotS
irXmv0jvc50x3ZdZrXlJv2C1G4q1UpPUFqybGCzuN27gUXK4aeiQAG1kCWPPpFhO
tXiHMMB1lPAoAAHo1PVyvdCWfcwGfbqYqWftfMBfYQJFpxBRchKnzvu8lfhnTXQP
kA8ANCJeoZ6znd0c0dP9X0gDlmt8YfhmQVee06d9v1KbGE7tMCfsMN2uarDrAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUi/1BcLAo/DIOGfX+hIlj5HqZ/3AwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMjM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMDMyMzIzMTM1LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
V/4cMA0GCSqGSIb3DQEBCwUAA4IBAQAg610h/5JisGTjzvL3xYPYhq9nH13f2+ae
Wk5jBo+Cz5MaaFp8Qk6kL6zTwsumY1MdSr9BCMX/a0yx9BFb4dc4yEiedqMlzvnN
LZa7c/Pv1PqK9ffFrTLdMUM2pV3qpDeonSljlXk3ziNLe1jKKobx+Cm6Ks2cN5GV
wlMa4oh2wGV143jwfSa42AEdzyvZI9O7ZzfsWinS8EYpiMWQ2pPebyHnhupGUIV9
P2tSD8uI7/Fb4Pp0KINFIfd+LviDoXVs3VpXvGsMyr25C4CQxVEoJxG6WIdRme5K
wugLPWvgB6My2Vtgmx+sdlAPHOUnpytLKA5QfdIAy5EXMGK5T43I
-----END CERTIFICATE-----
Generated at Wed May 13 11:22:19 2026 by rpki-client