Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3356.roa
File: AS3356.roa (raw, json)
Hash identifier: 8jO1OGEOH4pzFExvGZ0qImbdhHAvRY3SoYyhhw+6bAk=
Subject key identifier: 1E:21:C4:E0:63:88:6D:D3:67:B2:CC:6C:07:33:50:AC:18:0A:99:5C
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 4DC8B4BCDC93237CD938FE3626F9526B7E2B3A20
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3356.roa
Signing time: Tue 28 Apr 2026 00:02:45 +0000
ROA not before: Mon 27 Apr 2026 23:57:45 +0000
ROA not after: Tue 27 Apr 2027 00:02:45 +0000
asID: 3356
IP address blocks: 82.21.78.0/24 maxlen: 24
82.21.79.0/24 maxlen: 24
82.21.246.0/24 maxlen: 24
82.21.247.0/24 maxlen: 24
82.22.64.0/24 maxlen: 24
82.22.66.0/24 maxlen: 24
82.22.67.0/24 maxlen: 24
82.22.68.0/24 maxlen: 24
82.22.69.0/24 maxlen: 24
82.22.70.0/24 maxlen: 24
82.22.71.0/24 maxlen: 24
82.22.72.0/24 maxlen: 24
82.22.73.0/24 maxlen: 24
82.22.74.0/24 maxlen: 24
82.22.75.0/24 maxlen: 24
82.22.89.0/24 maxlen: 24
82.22.93.0/24 maxlen: 24
82.22.142.0/24 maxlen: 24
82.22.164.0/24 maxlen: 24
82.22.188.0/24 maxlen: 24
82.22.189.0/24 maxlen: 24
82.22.202.0/24 maxlen: 24
82.22.203.0/24 maxlen: 24
82.22.219.0/24 maxlen: 24
82.22.244.0/24 maxlen: 24
82.22.246.0/24 maxlen: 24
82.23.19.0/24 maxlen: 24
82.23.20.0/24 maxlen: 24
82.23.23.0/24 maxlen: 24
82.23.24.0/24 maxlen: 24
82.23.59.0/24 maxlen: 24
82.23.60.0/24 maxlen: 24
82.23.139.0/24 maxlen: 24
82.23.164.0/24 maxlen: 24
82.23.169.0/24 maxlen: 24
82.23.175.0/24 maxlen: 24
82.23.185.0/24 maxlen: 24
82.23.196.0/24 maxlen: 24
82.23.234.0/24 maxlen: 24
82.23.236.0/24 maxlen: 24
82.24.5.0/24 maxlen: 24
82.24.6.0/24 maxlen: 24
82.24.7.0/24 maxlen: 24
82.24.9.0/24 maxlen: 24
82.24.12.0/24 maxlen: 24
82.24.13.0/24 maxlen: 24
82.24.15.0/24 maxlen: 24
82.24.18.0/24 maxlen: 24
82.24.43.0/24 maxlen: 24
82.24.54.0/24 maxlen: 24
82.24.65.0/24 maxlen: 24
82.24.66.0/24 maxlen: 24
82.24.67.0/24 maxlen: 24
82.24.73.0/24 maxlen: 24
82.24.74.0/24 maxlen: 24
82.24.75.0/24 maxlen: 24
82.24.80.0/24 maxlen: 24
82.24.87.0/24 maxlen: 24
82.24.89.0/24 maxlen: 24
82.24.104.0/24 maxlen: 24
82.24.115.0/24 maxlen: 24
82.24.124.0/24 maxlen: 24
82.24.147.0/24 maxlen: 24
82.24.173.0/24 maxlen: 24
82.24.180.0/24 maxlen: 24
82.24.202.0/24 maxlen: 24
82.25.136.0/24 maxlen: 24
82.25.160.0/24 maxlen: 24
82.25.186.0/24 maxlen: 24
82.26.95.0/24 maxlen: 24
82.26.146.0/24 maxlen: 24
82.27.111.0/24 maxlen: 24
82.27.231.0/24 maxlen: 24
82.27.244.0/24 maxlen: 24
82.27.248.0/24 maxlen: 24
82.29.246.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:c8:b4:bc:dc:93:23:7c:d9:38:fe:36:26:f9:52:6b:7e:2b:3a:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Apr 27 23:57:45 2026 GMT
Not After : Apr 27 00:02:45 2027 GMT
Subject: CN=1E21C4E063886DD367B2CC6C073350AC180A995C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:01:0a:06:52:3f:e7:cd:20:12:15:80:25:ba:
ba:34:ab:a2:19:82:67:f1:a0:9c:90:7f:4d:c7:c4:
da:39:1d:6e:3d:a2:88:61:85:29:3e:a0:6d:23:07:
c2:cd:25:2d:92:5e:40:40:60:02:d2:f7:26:ad:08:
b3:68:61:64:6b:96:63:21:ea:86:e1:87:a4:48:e9:
2f:fb:5b:10:af:84:03:ca:f1:8a:cc:2a:ed:d7:b9:
3b:5f:d7:4d:25:40:96:5c:f7:c5:95:8c:fb:0e:9d:
d3:26:42:a1:51:ee:fb:fd:b5:84:1a:d3:ea:a3:8b:
cd:af:c1:11:d8:10:07:45:d4:37:d1:8d:88:9f:f9:
64:35:c7:19:f8:71:e2:e9:f7:42:80:c5:f0:17:76:
e5:8b:be:c7:cc:af:64:b5:af:8c:b0:82:fc:6c:65:
22:97:79:e9:03:91:02:20:d3:16:2d:ce:c1:c6:27:
b3:ae:ac:f6:3d:42:57:bf:0f:3f:14:c5:b1:71:3d:
7c:e3:60:24:cf:55:0d:16:3d:04:4c:ac:a6:a1:6c:
82:21:53:44:09:95:33:31:92:78:9e:06:2c:4a:f3:
0b:55:a5:a2:d0:c7:7e:cd:15:9b:6f:ef:4c:f9:27:
10:67:50:fe:38:aa:91:21:5c:fb:0a:b4:68:f4:8f:
38:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:21:C4:E0:63:88:6D:D3:67:B2:CC:6C:07:33:50:AC:18:0A:99:5C
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3356.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.78.0/23
82.21.246.0/23
82.22.64.0/24
82.22.66.0-82.22.75.255
82.22.89.0/24
82.22.93.0/24
82.22.142.0/24
82.22.164.0/24
82.22.188.0/23
82.22.202.0/23
82.22.219.0/24
82.22.244.0/24
82.22.246.0/24
82.23.19.0-82.23.20.255
82.23.23.0-82.23.24.255
82.23.59.0-82.23.60.255
82.23.139.0/24
82.23.164.0/24
82.23.169.0/24
82.23.175.0/24
82.23.185.0/24
82.23.196.0/24
82.23.234.0/24
82.23.236.0/24
82.24.5.0-82.24.7.255
82.24.9.0/24
82.24.12.0/23
82.24.15.0/24
82.24.18.0/24
82.24.43.0/24
82.24.54.0/24
82.24.65.0-82.24.67.255
82.24.73.0-82.24.75.255
82.24.80.0/24
82.24.87.0/24
82.24.89.0/24
82.24.104.0/24
82.24.115.0/24
82.24.124.0/24
82.24.147.0/24
82.24.173.0/24
82.24.180.0/24
82.24.202.0/24
82.25.136.0/24
82.25.160.0/24
82.25.186.0/24
82.26.95.0/24
82.26.146.0/24
82.27.111.0/24
82.27.231.0/24
82.27.244.0/24
82.27.248.0/24
82.29.246.0/24
Signature Algorithm: sha256WithRSAEncryption
04:a6:8c:bb:20:fb:c3:00:2b:54:72:aa:da:ff:10:51:cb:58:
87:50:c1:3f:0e:31:8e:22:db:14:bd:6a:19:39:bf:2b:8d:26:
73:e7:8e:d3:b2:aa:58:86:b3:86:e6:1d:aa:03:d9:23:1d:ce:
21:31:a4:38:ae:c6:ec:db:2e:22:a3:f7:1d:90:68:a3:c6:08:
8d:93:6b:b7:e1:34:ea:53:55:d1:fe:eb:9b:c7:f6:62:6f:0a:
eb:a6:b1:cb:2a:22:6b:e0:5e:64:fd:84:fa:9a:e9:f8:36:e4:
cb:e2:18:4c:71:f3:3f:5e:6e:09:02:60:4d:05:fa:8c:f4:ab:
51:0c:4a:17:da:7d:45:f6:8f:4e:15:53:1d:b3:c0:32:8a:2e:
6c:b3:95:5c:2c:26:37:98:e8:1f:22:ad:f8:a8:4e:e6:8b:cb:
8a:c9:ce:44:06:21:21:68:3a:71:88:a5:12:a6:81:97:a6:a5:
df:a3:9b:18:e7:dd:6c:f6:26:b4:3a:0e:15:c5:b5:b8:79:0b:
b8:58:9f:23:03:b7:5a:82:ab:bc:c6:3b:f9:f2:5a:fd:df:82:
32:99:2e:99:48:70:de:69:7d:dd:87:99:7f:4b:99:70:40:5f:
2b:8e:97:4c:3a:e7:ad:c5:ed:ed:d2:c2:55:84:99:48:ef:42:
5f:71:1a:d6
-----BEGIN CERTIFICATE-----
MIIGeDCCBWCgAwIBAgIUTci0vNyTI3zZOP42JvlSa34rOiAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjcyMzU3NDVaFw0yNzA0MjcwMDAyNDVaMDMxMTAvBgNV
BAMTKDFFMjFDNEUwNjM4ODZERDM2N0IyQ0M2QzA3MzM1MEFDMTgwQTk5NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZAQoGUj/nzSASFYAluro0q6IZ
gmfxoJyQf03HxNo5HW49oohhhSk+oG0jB8LNJS2SXkBAYALS9yatCLNoYWRrlmMh
6obhh6RI6S/7WxCvhAPK8YrMKu3XuTtf100lQJZc98WVjPsOndMmQqFR7vv9tYQa
0+qji82vwRHYEAdF1DfRjYif+WQ1xxn4ceLp90KAxfAXduWLvsfMr2S1r4ywgvxs
ZSKXeekDkQIg0xYtzsHGJ7OurPY9Qle/Dz8UxbFxPXzjYCTPVQ0WPQRMrKahbIIh
U0QJlTMxknieBixK8wtVpaLQx37NFZtv70z5JxBnUP44qpEhXPsKtGj0jzjxAgMB
AAGjggOCMIIDfjAdBgNVHQ4EFgQUHiHE4GOIbdNnssxsBzNQrBgKmVwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzM1Ni5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAZcGCCsGAQUFBwEHAQH/BIIBhjCCAYIwggF+BAIAATCC
AXYDBAFSFU4DBAFSFfYDBABSFkAwDAMEAVIWQgMEAlIWSAMEAFIWWQMEAFIWXQME
AFIWjgMEAFIWpAMEAVIWvAMEAVIWygMEAFIW2wMEAFIW9AMEAFIW9jAMAwQAUhcT
AwQAUhcUMAwDBABSFxcDBABSFxgwDAMEAFIXOwMEAFIXPAMEAFIXiwMEAFIXpAME
AFIXqQMEAFIXrwMEAFIXuQMEAFIXxAMEAFIX6gMEAFIX7DAMAwQAUhgFAwQDUhgA
AwQAUhgJAwQBUhgMAwQAUhgPAwQAUhgSAwQAUhgrAwQAUhg2MAwDBABSGEEDBAJS
GEAwDAMEAFIYSQMEAlIYSAMEAFIYUAMEAFIYVwMEAFIYWQMEAFIYaAMEAFIYcwME
AFIYfAMEAFIYkwMEAFIYrQMEAFIYtAMEAFIYygMEAFIZiAMEAFIZoAMEAFIZugME
AFIaXwMEAFIakgMEAFIbbwMEAFIb5wMEAFIb9AMEAFIb+AMEAFId9jANBgkqhkiG
9w0BAQsFAAOCAQEABKaMuyD7wwArVHKq2v8QUctYh1DBPw4xjiLbFL1qGTm/K40m
c+eO07KqWIazhuYdqgPZIx3OITGkOK7G7NsuIqP3HZBoo8YIjZNrt+E06lNV0f7r
m8f2Ym8K66axyyoia+BeZP2E+prp+Dbky+IYTHHzP15uCQJgTQX6jPSrUQxKF9p9
RfaPThVTHbPAMooubLOVXCwmN5joHyKt+KhO5ovLisnORAYhIWg6cYilEqaBl6al
36ObGOfdbPYmtDoOFcW1uHkLuFifIwO3WoKrvMY7+fJa/d+CMpkumUhw3ml93YeZ
f0uZcEBfK46XTDrnrcXt7dLCVYSZSO9CX3Ea1g==
-----END CERTIFICATE-----
Generated at Wed May 13 00:18:10 2026 by rpki-client