Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e362e302f32342d3234203d3e203230343733.roa
File: 38372e3235342e362e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier: U9mhVXn/Y2qy5SVslhyWTBFWO3Hfm0be6+7a6kbSGwo=
Subject key identifier: C8:2E:B7:D5:E0:DA:F5:DE:DC:88:FB:5B:E9:63:A8:A3:CE:92:49:23
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 158DBC766DAC058DBEB592DC004720D813BC56D5
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e362e302f32342d3234203d3e203230343733.roa
Signing time: Mon 16 Mar 2026 10:19:02 +0000
ROA not before: Mon 16 Mar 2026 10:14:02 +0000
ROA not after: Mon 15 Mar 2027 10:19:02 +0000
asID: 20473
IP address blocks: 87.254.6.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
15:8d:bc:76:6d:ac:05:8d:be:b5:92:dc:00:47:20:d8:13:bc:56:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Mar 16 10:14:02 2026 GMT
Not After : Mar 15 10:19:02 2027 GMT
Subject: CN=C82EB7D5E0DAF5DEDC88FB5BE963A8A3CE924923
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:cc:9e:12:56:28:e8:bc:75:ee:53:8b:9e:42:
86:29:50:c5:08:8b:f7:c4:35:dd:87:0d:1e:1d:1f:
38:14:b7:9f:5f:aa:f4:cc:21:4f:35:5d:5d:c1:ff:
99:19:27:9c:5a:a1:9d:ae:4e:70:db:50:17:92:4c:
28:ab:c6:d3:e5:de:af:7c:2c:87:1a:87:67:bb:63:
93:fd:05:cb:ea:c7:32:c6:47:8d:33:27:48:1d:77:
4c:9b:79:81:78:86:db:2c:5d:b7:66:21:2c:37:d1:
b0:1c:78:98:1b:2f:2b:91:c8:cb:18:16:65:b3:7b:
86:17:9d:9e:46:78:db:02:ae:55:68:25:53:ae:b2:
80:cf:7a:88:09:3d:88:ad:f9:28:04:9c:ec:e7:ad:
18:eb:bf:74:18:4a:c2:e8:c0:91:37:61:92:9d:8d:
c0:c3:cb:a6:aa:83:d7:fb:ff:16:8e:75:48:9d:5b:
61:67:f9:3f:54:5f:3b:df:50:ee:7a:6d:59:88:0a:
a2:8d:cc:79:cc:b2:12:a0:1d:61:f8:b6:64:b1:09:
15:6f:ad:36:b9:70:cc:1c:a8:c3:c7:07:05:aa:aa:
d1:eb:cd:29:f9:50:2e:7b:f7:de:8c:79:63:56:13:
d9:1f:bf:23:11:f7:1a:ab:68:f9:55:b9:b8:a2:03:
bb:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:2E:B7:D5:E0:DA:F5:DE:DC:88:FB:5B:E9:63:A8:A3:CE:92:49:23
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e362e302f32342d3234203d3e203230343733.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.6.0/24
Signature Algorithm: sha256WithRSAEncryption
6a:40:d8:6a:fe:bd:a1:b9:97:11:cc:ac:3e:46:2b:bc:85:2d:
d1:8b:ea:63:93:97:f1:b9:80:e3:4e:23:c1:29:8a:b6:28:63:
a6:2f:01:95:98:2e:18:20:db:fb:9c:f0:30:c4:15:a4:ea:13:
e4:94:1f:a8:5e:83:e0:0d:b5:a2:78:0f:27:25:9d:0a:c9:84:
5f:97:bd:a4:71:88:8d:b7:5a:42:a6:d7:23:2f:b9:cc:e6:ce:
2c:5d:18:d3:a8:a0:89:17:ae:1a:c9:53:da:bc:31:1c:60:26:
a4:1e:b0:e5:99:e7:7d:cf:c1:9b:f2:b9:6f:70:47:0e:08:76:
a4:ee:af:96:42:5e:1a:4f:ad:f3:bf:76:b2:33:4e:ac:ba:c3:
bb:48:4a:32:0c:30:7d:33:43:2d:0d:ea:a8:9c:05:fc:ea:91:
e5:50:b3:66:8a:36:48:5d:20:7f:57:b6:a2:0d:b3:a6:11:9c:
2d:df:ea:80:de:69:cb:25:56:6a:fe:90:88:e6:69:ca:02:0b:
1b:91:a3:04:23:3e:e1:05:29:ea:e6:77:5a:a4:46:bc:ad:3b:
db:93:a7:43:98:c2:9c:42:0b:0d:ee:03:c6:fa:62:48:b9:42:
33:b6:d4:96:d2:49:9d:8b:f7:f4:c7:ee:b8:c2:e8:af:e1:c3:
42:ae:72:2d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUFY28dm2sBY2+tZLcAEcg2BO8VtUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMTYxMDE0MDJaFw0yNzAzMTUxMDE5MDJaMDMxMTAvBgNV
BAMTKEM4MkVCN0Q1RTBEQUY1REVEQzg4RkI1QkU5NjNBOEEzQ0U5MjQ5MjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/zJ4SVijovHXuU4ueQoYpUMUI
i/fENd2HDR4dHzgUt59fqvTMIU81XV3B/5kZJ5xaoZ2uTnDbUBeSTCirxtPl3q98
LIcah2e7Y5P9BcvqxzLGR40zJ0gdd0ybeYF4htssXbdmISw30bAceJgbLyuRyMsY
FmWze4YXnZ5GeNsCrlVoJVOusoDPeogJPYit+SgEnOznrRjrv3QYSsLowJE3YZKd
jcDDy6aqg9f7/xaOdUidW2Fn+T9UXzvfUO56bVmICqKNzHnMshKgHWH4tmSxCRVv
rTa5cMwcqMPHBwWqqtHrzSn5UC57996MeWNWE9kfvyMR9xqraPlVubiiA7u3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUyC631eDa9d7ciPtb6WOoo86SSSMwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNDM3MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABX/gYw
DQYJKoZIhvcNAQELBQADggEBAGpA2Gr+vaG5lxHMrD5GK7yFLdGL6mOTl/G5gONO
I8EpirYoY6YvAZWYLhgg2/uc8DDEFaTqE+SUH6heg+ANtaJ4DyclnQrJhF+XvaRx
iI23WkKm1yMvuczmzixdGNOooIkXrhrJU9q8MRxgJqQesOWZ533PwZvyuW9wRw4I
dqTur5ZCXhpPrfO/drIzTqy6w7tISjIMMH0zQy0N6qicBfzqkeVQs2aKNkhdIH9X
tqINs6YRnC3f6oDeacslVmr+kIjmacoCCxuRowQjPuEFKermd1qkRrytO9uTp0OY
wpxCCw3uA8b6Yki5QjO21JbSSZ2L9/TH7rjC6K/hw0Kuci0=
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:47:19 2026 by rpki-client