Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3949.roa
File: AS3949.roa (raw, json)
Hash identifier: NbtWc7PhVl05zUwG0wtsdUtLjMDH3DuGM7pcBxp20j0=
Subject key identifier: 20:DA:04:9E:A6:96:59:34:EE:9E:23:7D:B8:DA:44:FB:C6:55:5B:21
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 7CB9B02D429D5254EED28334E6FD066B02B7C04D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3949.roa
Signing time: Thu 19 Mar 2026 11:33:53 +0000
ROA not before: Thu 19 Mar 2026 11:28:53 +0000
ROA not after: Thu 18 Mar 2027 11:33:53 +0000
asID: 3949
IP address blocks: 82.38.46.0/23 maxlen: 24
82.38.80.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7c:b9:b0:2d:42:9d:52:54:ee:d2:83:34:e6:fd:06:6b:02:b7:c0:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Mar 19 11:28:53 2026 GMT
Not After : Mar 18 11:33:53 2027 GMT
Subject: CN=20DA049EA6965934EE9E237DB8DA44FBC6555B21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:aa:52:b7:8d:d9:29:c6:4a:66:53:58:f4:71:
ee:54:dc:22:c1:21:b7:0d:2e:01:04:44:bb:96:fd:
8f:92:9d:75:82:f6:5e:b8:89:8d:15:7f:d7:3d:b4:
c3:6c:97:af:25:d4:16:c1:13:cf:ff:24:d2:9f:a4:
29:63:05:a0:81:bd:d5:84:4d:e7:75:7d:94:0d:ba:
99:7c:53:0d:a1:53:b0:88:cf:23:7f:80:3b:b2:e1:
2f:d1:97:0b:db:34:a8:ac:9b:21:c3:cb:c4:9a:52:
af:2f:c6:20:3b:c4:13:b7:07:84:22:b2:9f:f7:1e:
39:6a:ce:d8:14:f3:1d:28:e6:06:f4:70:4c:58:ea:
f2:61:1d:6f:a8:6c:c5:8c:71:9c:df:88:00:be:a4:
e8:b1:fb:70:7d:7f:b4:5f:ed:66:13:a0:57:15:8e:
df:89:ba:d2:47:f5:be:ea:e6:4b:f3:21:31:76:3f:
a8:4e:6b:f5:b9:ea:54:c3:86:d4:20:4c:8f:72:2d:
6c:d8:45:24:81:5d:0b:20:ee:df:89:57:70:a1:a5:
55:b2:14:c8:36:e1:bf:52:8a:61:9d:70:d2:39:b9:
0c:39:68:e6:57:14:b4:58:90:46:ac:81:8e:9b:ec:
2c:b8:7b:00:29:63:18:8e:97:42:b4:2c:3a:24:a9:
be:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:DA:04:9E:A6:96:59:34:EE:9E:23:7D:B8:DA:44:FB:C6:55:5B:21
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS3949.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.38.46.0/23
82.38.80.0/23
Signature Algorithm: sha256WithRSAEncryption
6b:bd:d0:df:9c:e6:cd:2f:98:7e:9e:9c:85:2e:67:84:df:5b:
eb:86:df:21:b0:3e:5b:fe:6c:a1:85:16:c9:4a:b9:42:c7:ec:
36:69:65:2a:ba:fc:0a:fc:49:38:36:20:a8:d4:dd:2f:cd:ba:
d2:18:09:ea:ff:ce:e6:c9:4a:fb:e5:78:49:23:3d:74:2a:27:
f7:e1:7f:89:f5:82:ac:4a:2d:15:e0:da:b7:88:a0:87:79:7f:
df:3c:d8:f0:fc:f5:59:1f:6a:51:50:00:f6:a2:5a:2e:26:e4:
85:52:7d:60:81:28:c4:dc:7b:17:c1:a1:ff:8d:aa:ff:a0:57:
f7:7c:39:9c:ce:17:d7:26:16:d9:74:49:ef:32:b5:6d:7b:68:
ea:4b:f8:ae:75:08:24:dc:87:8c:65:72:60:6a:b0:e7:a4:4c:
d8:ee:e5:ea:96:2c:3f:a5:ba:d3:e5:6d:76:75:06:87:d7:51:
25:5c:65:e0:3a:6a:70:bb:d6:7e:90:39:43:d3:1f:55:6f:26:
f8:c1:46:a6:ae:3b:9a:3b:dc:70:5c:9d:c1:8e:c1:c2:14:4e:
ea:05:7a:86:2b:ec:47:be:a3:81:70:72:6c:3c:5f:4a:b4:f1:
58:1b:a4:5a:93:94:4d:b7:4a:dd:f5:d2:80:74:ea:dc:01:db:
3b:d5:55:de
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUfLmwLUKdUlTu0oM05v0GawK3wE0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTkxMTI4NTNaFw0yNzAzMTgxMTMzNTNaMDMxMTAvBgNV
BAMTKDIwREEwNDlFQTY5NjU5MzRFRTlFMjM3REI4REE0NEZCQzY1NTVCMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYqlK3jdkpxkpmU1j0ce5U3CLB
IbcNLgEERLuW/Y+SnXWC9l64iY0Vf9c9tMNsl68l1BbBE8//JNKfpCljBaCBvdWE
Ted1fZQNupl8Uw2hU7CIzyN/gDuy4S/RlwvbNKismyHDy8SaUq8vxiA7xBO3B4Qi
sp/3HjlqztgU8x0o5gb0cExY6vJhHW+obMWMcZzfiAC+pOix+3B9f7Rf7WYToFcV
jt+JutJH9b7q5kvzITF2P6hOa/W56lTDhtQgTI9yLWzYRSSBXQsg7t+JV3ChpVWy
FMg24b9SimGdcNI5uQw5aOZXFLRYkEasgY6b7Cy4ewApYxiOl0K0LDokqb4DAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUINoEnqaWWTTuniN9uNpE+8ZVWyEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk0OS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAVImLgME
AVImUDANBgkqhkiG9w0BAQsFAAOCAQEAa73Q35zmzS+Yfp6chS5nhN9b64bfIbA+
W/5soYUWyUq5QsfsNmllKrr8CvxJODYgqNTdL8260hgJ6v/O5slK++V4SSM9dCon
9+F/ifWCrEotFeDat4igh3l/3zzY8Pz1WR9qUVAA9qJaLibkhVJ9YIEoxNx7F8Gh
/42q/6BX93w5nM4X1yYW2XRJ7zK1bXto6kv4rnUIJNyHjGVyYGqw56RM2O7l6pYs
P6W60+VtdnUGh9dRJVxl4DpqcLvWfpA5Q9MfVW8m+MFGpq47mjvccFydwY7BwhRO
6gV6hivsR76jgXBybDxfSrTxWBukWpOUTbdK3fXSgHTq3AHbO9VV3g==
-----END CERTIFICATE-----
Generated at Thu Mar 26 01:34:50 2026 by rpki-client