Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38392e302f32342d3234203d3e2039303039.roa
File: 3231332e3133392e38392e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier: UJuRx/b7ZuN3xXtU9UGl0rZYUByVV4xgOSCJ1FXm9MY=
Subject key identifier: D2:0A:A8:56:C0:2C:90:21:65:38:CD:06:F7:90:B0:18:B6:7C:6D:06
Certificate issuer: /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial: 1D0007020731DED25B06AF3BE1C0743EBDD47E16
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38392e302f32342d3234203d3e2039303039.roa
Signing time: Mon 23 Mar 2026 11:46:51 +0000
ROA not before: Mon 23 Mar 2026 11:41:51 +0000
ROA not after: Mon 22 Mar 2027 11:46:51 +0000
asID: 9009
IP address blocks: 213.139.89.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:00:07:02:07:31:de:d2:5b:06:af:3b:e1:c0:74:3e:bd:d4:7e:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Validity
Not Before: Mar 23 11:41:51 2026 GMT
Not After : Mar 22 11:46:51 2027 GMT
Subject: CN=D20AA856C02C90216538CD06F790B018B67C6D06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:b8:76:56:e5:5e:2f:ea:bd:78:f4:c2:9a:43:
bb:e7:25:f6:ef:a3:09:bb:28:25:f4:36:07:04:7d:
52:8e:3c:26:20:f2:bb:13:03:e8:23:25:8b:b2:3c:
79:ef:e9:ef:d9:b3:bb:bb:b6:fc:16:ef:fe:6f:03:
9d:7e:b4:a3:49:b1:6f:ba:35:a2:37:95:e8:bc:7d:
9d:f7:eb:43:f6:2a:ac:c8:c5:42:7d:f2:4a:4e:26:
05:99:f2:ed:ff:79:59:9d:19:bb:71:4b:a3:d2:2c:
7b:cd:cd:c4:04:44:44:12:8b:72:9f:2b:19:97:3e:
ad:e1:b2:60:8a:a3:34:af:7b:ba:91:be:24:c7:7b:
0c:17:3d:36:38:5e:62:4c:28:d6:c8:19:7e:34:96:
f7:cd:59:9b:88:58:a6:65:63:88:f5:fc:2d:b3:de:
27:5e:4d:1f:ab:7b:d4:9a:08:f9:b7:ea:fc:be:c6:
d1:ea:f4:64:da:fa:ea:43:f2:52:97:be:a9:e4:6f:
44:81:b3:76:2e:16:b8:39:6c:9d:dc:44:dc:82:86:
32:4c:e3:66:c3:0c:87:0d:ce:3f:14:88:ae:a1:d4:
46:79:b2:bc:26:64:74:ff:7d:e0:8d:37:5f:af:8f:
79:e6:58:e2:07:62:a5:b5:53:46:81:fb:11:87:3c:
56:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:0A:A8:56:C0:2C:90:21:65:38:CD:06:F7:90:B0:18:B6:7C:6D:06
X509v3 Authority Key Identifier:
keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38392e302f32342d3234203d3e2039303039.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.139.89.0/24
Signature Algorithm: sha256WithRSAEncryption
78:4b:7d:8a:07:03:fa:c4:40:6a:1f:3c:3d:b5:7d:86:78:96:
78:d0:cc:65:68:47:8e:f8:85:00:ad:55:51:f1:48:0f:f8:7b:
ba:67:0f:da:77:a2:ed:73:f2:2d:66:1a:84:6b:df:c7:df:30:
7f:8e:b4:aa:13:96:0f:1b:a8:19:ae:30:4b:d7:9a:43:f6:ec:
d5:88:0d:89:9a:8a:9b:10:50:cf:6f:17:f7:26:c3:bb:4a:d7:
e4:6f:dd:9d:6c:4c:7d:73:f3:b3:62:1e:9e:66:e4:a9:db:d1:
97:28:b4:1f:01:52:bd:e5:e9:ef:35:20:7e:6b:2d:85:7f:37:
c8:c2:01:b2:18:76:11:6b:86:6e:06:44:67:48:4a:19:3d:f6:
9b:01:b7:49:2c:8a:c2:09:3d:f3:d9:a9:68:c5:0f:f8:16:56:
11:ec:01:ab:ae:bd:5a:23:c0:fd:f4:ec:ba:4c:59:63:65:9b:
7b:7d:4c:49:4e:96:75:36:63:43:0d:be:6e:71:c0:a1:3e:9c:
48:53:69:b1:19:4f:28:4f:88:52:50:40:99:14:80:e8:06:8e:
11:f0:1d:91:19:86:42:bf:0f:d7:f0:f5:13:c2:78:7c:31:5a:
76:90:4d:fa:c7:fd:0e:03:d4:96:0a:b5:1e:5a:a5:09:8a:0f:
80:ff:fd:7a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHQAHAgcx3tJbBq874cB0Pr3UfhYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjAzMjMxMTQxNTFaFw0yNzAzMjIxMTQ2NTFaMDMxMTAvBgNV
BAMTKEQyMEFBODU2QzAyQzkwMjE2NTM4Q0QwNkY3OTBCMDE4QjY3QzZEMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChuHZW5V4v6r149MKaQ7vnJfbv
owm7KCX0NgcEfVKOPCYg8rsTA+gjJYuyPHnv6e/Zs7u7tvwW7/5vA51+tKNJsW+6
NaI3lei8fZ3360P2KqzIxUJ98kpOJgWZ8u3/eVmdGbtxS6PSLHvNzcQEREQSi3Kf
KxmXPq3hsmCKozSve7qRviTHewwXPTY4XmJMKNbIGX40lvfNWZuIWKZlY4j1/C2z
3ideTR+re9SaCPm36vy+xtHq9GTa+upD8lKXvqnkb0SBs3YuFrg5bJ3cRNyChjJM
42bDDIcNzj8UiK6h1EZ5srwmZHT/feCNN1+vj3nmWOIHYqW1U0aB+xGHPFZxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU0gqoVsAskCFlOM0G95CwGLZ8bQYwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
WTANBgkqhkiG9w0BAQsFAAOCAQEAeEt9igcD+sRAah88PbV9hniWeNDMZWhHjviF
AK1VUfFID/h7umcP2nei7XPyLWYahGvfx98wf460qhOWDxuoGa4wS9eaQ/bs1YgN
iZqKmxBQz28X9ybDu0rX5G/dnWxMfXPzs2IenmbkqdvRlyi0HwFSveXp7zUgfmst
hX83yMIBshh2EWuGbgZEZ0hKGT32mwG3SSyKwgk989mpaMUP+BZWEewBq669WiPA
/fTsukxZY2Wbe31MSU6WdTZjQw2+bnHAoT6cSFNpsRlPKE+IUlBAmRSA6AaOEfAd
kRmGQr8P1/D1E8J4fDFadpBN+sf9DgPUlgq1HlqlCYoPgP/9eg==
-----END CERTIFICATE-----
Generated at Thu Mar 26 06:53:33 2026 by rpki-client