Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e342e302f32332d3234203d3e20383334.roa
File: 38372e3235342e342e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier: X9JcAlWz2cWHFDBQRn2/GiBUt95iJv417zAItTtavhU=
Subject key identifier: 69:07:0C:95:EE:0B:B5:11:38:39:DB:C0:62:8F:F9:7F:94:CB:4F:E6
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 3DED54FC77414F17171701142467215051D8DB17
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e342e302f32332d3234203d3e20383334.roa
Signing time: Mon 16 Mar 2026 10:20:40 +0000
ROA not before: Mon 16 Mar 2026 10:15:40 +0000
ROA not after: Mon 15 Mar 2027 10:20:40 +0000
asID: 834
IP address blocks: 87.254.4.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 19:57:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:ed:54:fc:77:41:4f:17:17:17:01:14:24:67:21:50:51:d8:db:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Mar 16 10:15:40 2026 GMT
Not After : Mar 15 10:20:40 2027 GMT
Subject: CN=69070C95EE0BB5113839DBC0628FF97F94CB4FE6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:0a:b1:f0:8e:8e:9e:19:39:7c:8d:2c:60:ab:
4d:86:95:7a:ac:4d:f6:86:9a:f4:f5:96:d0:74:32:
a8:40:b6:7c:4d:0f:22:e3:7e:32:86:26:64:ba:dd:
35:3d:40:8e:4a:2b:c5:70:a7:3c:cf:bd:61:86:f2:
bb:3d:10:3c:1f:87:5e:37:8b:ed:bf:6a:11:e1:24:
77:f0:23:d7:ea:23:37:2f:a6:c4:c9:59:1f:2d:30:
fa:f4:97:2c:e9:c3:4f:ce:c2:07:50:ca:27:b4:83:
9b:f8:6c:d3:f0:0e:d8:7d:b5:5a:7b:4a:ef:45:d0:
d9:00:b1:7b:ed:1f:f2:4f:42:80:0d:1f:59:79:0f:
00:5a:42:5d:ed:ee:d9:81:c4:20:ee:96:99:5c:9c:
f4:d9:6e:b8:48:9d:96:44:2a:f0:b4:13:0d:e8:95:
e6:43:2a:30:f9:ce:4c:aa:5d:55:f8:cd:aa:5f:bb:
88:03:07:62:82:86:12:e2:d9:0f:da:5d:0c:53:e1:
9b:9d:5e:c3:fd:3b:6f:40:41:2c:25:cb:f4:ee:44:
75:0f:40:4e:be:4d:ed:d8:8d:99:66:78:0a:b5:4a:
c4:9a:e1:02:33:f2:3a:e8:4f:b9:7f:5b:74:68:47:
e3:7a:53:15:e7:99:83:88:8f:87:05:77:fc:2b:6c:
fd:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:07:0C:95:EE:0B:B5:11:38:39:DB:C0:62:8F:F9:7F:94:CB:4F:E6
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e342e302f32332d3234203d3e20383334.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.4.0/23
Signature Algorithm: sha256WithRSAEncryption
27:6c:e6:9f:62:ed:a6:f1:f7:34:df:55:72:2b:1f:f5:79:1a:
cb:49:90:b5:09:61:f1:69:1b:65:e8:c7:8d:99:34:25:c5:d9:
af:c3:aa:09:ef:f4:d5:08:be:4c:b2:cb:5f:7c:da:45:f2:90:
58:2b:04:cf:c6:df:15:d6:35:bc:ea:0e:e3:c0:6c:db:a0:77:
40:84:07:b1:6e:40:29:ca:8d:64:51:d3:4f:90:cc:eb:6f:cd:
8e:db:82:29:41:f1:e8:c4:1b:8f:cf:6d:dc:31:42:b4:58:0f:
66:e2:79:12:1b:ef:2b:83:64:fe:a1:c0:67:2e:af:0b:6d:0d:
18:9a:a0:de:64:7e:0a:44:b8:23:10:78:0e:4e:65:89:8b:5c:
a9:03:d4:c1:ee:32:55:09:9b:4f:02:ec:d1:f9:99:48:4f:b3:
0a:41:16:11:b0:7f:9f:e3:fd:37:d5:36:50:e6:b2:a9:58:47:
62:4a:22:69:d9:3e:fd:50:29:8b:86:95:83:33:48:cf:f5:03:
ef:22:86:50:6b:cf:0d:69:26:b5:68:8a:cd:41:dd:2e:a5:a5:
d9:5a:1b:e4:0a:6e:61:2c:e2:fc:ec:33:53:b6:a1:8d:85:79:
b6:7c:a6:ae:28:57:af:28:7b:7a:2e:6d:41:96:39:87:86:92:
00:bf:d0:5a
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUPe1U/HdBTxcXFwEUJGchUFHY2xcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMTYxMDE1NDBaFw0yNzAzMTUxMDIwNDBaMDMxMTAvBgNV
BAMTKDY5MDcwQzk1RUUwQkI1MTEzODM5REJDMDYyOEZGOTdGOTRDQjRGRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7CrHwjo6eGTl8jSxgq02GlXqs
TfaGmvT1ltB0MqhAtnxNDyLjfjKGJmS63TU9QI5KK8VwpzzPvWGG8rs9EDwfh143
i+2/ahHhJHfwI9fqIzcvpsTJWR8tMPr0lyzpw0/OwgdQyie0g5v4bNPwDth9tVp7
Su9F0NkAsXvtH/JPQoANH1l5DwBaQl3t7tmBxCDulplcnPTZbrhInZZEKvC0Ew3o
leZDKjD5zkyqXVX4zapfu4gDB2KChhLi2Q/aXQxT4ZudXsP9O29AQSwly/TuRHUP
QE6+Te3YjZlmeAq1SsSa4QIz8jroT7l/W3RoR+N6UxXnmYOIj4cFd/wrbP0xAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUaQcMle4LtRE4OdvAYo/5f5TLT+YwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzNDJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVf+BDANBgkq
hkiG9w0BAQsFAAOCAQEAJ2zmn2LtpvH3NN9Vcisf9Xkay0mQtQlh8WkbZejHjZk0
JcXZr8OqCe/01Qi+TLLLX3zaRfKQWCsEz8bfFdY1vOoO48Bs26B3QIQHsW5AKcqN
ZFHTT5DM62/NjtuCKUHx6MQbj89t3DFCtFgPZuJ5EhvvK4Nk/qHAZy6vC20NGJqg
3mR+CkS4IxB4Dk5liYtcqQPUwe4yVQmbTwLs0fmZSE+zCkEWEbB/n+P9N9U2UOay
qVhHYkoiadk+/VApi4aVgzNIz/UD7yKGUGvPDWkmtWiKzUHdLqWl2Vob5ApuYSzi
/OwzU7ahjYV5tnymrihXryh7ei5tQZY5h4aSAL/QWg==
-----END CERTIFICATE-----
Generated at Thu Mar 26 08:18:04 2026 by rpki-client