Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230352e302f32342d3234203d3e20313339363539.roa
File: 38352e3233372e3230352e302f32342d3234203d3e20313339363539.roa (raw, json)
Hash identifier: pBrCI7JYsjKzFSqLP0LQiqGqXQSRA7Ts1uqZOu9Xd1A=
Subject key identifier: BE:66:B7:A1:B8:5F:51:3A:26:38:1B:BD:64:B5:9D:67:FF:5E:C8:81
Certificate issuer: /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial: 6E546E0DBCEB261FDAC1EC3A9EE5B8A7C038D916
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230352e302f32342d3234203d3e20313339363539.roa
Signing time: Mon 23 Mar 2026 11:19:00 +0000
ROA not before: Mon 23 Mar 2026 11:14:00 +0000
ROA not after: Mon 22 Mar 2027 11:19:00 +0000
asID: 139659
IP address blocks: 85.237.205.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 21:09:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:54:6e:0d:bc:eb:26:1f:da:c1:ec:3a:9e:e5:b8:a7:c0:38:d9:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Validity
Not Before: Mar 23 11:14:00 2026 GMT
Not After : Mar 22 11:19:00 2027 GMT
Subject: CN=BE66B7A1B85F513A26381BBD64B59D67FF5EC881
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:bc:fb:c5:0c:ae:a5:5a:3e:9b:ef:a2:c6:2c:
9c:47:93:0e:fa:75:f5:f7:17:3e:c6:83:6d:57:8e:
78:3e:4b:7e:b4:26:30:3e:d2:d7:b3:f8:48:5c:de:
7d:c9:46:6e:de:04:bf:3a:56:28:d1:e4:de:93:b0:
8e:40:cc:78:59:83:97:4a:64:0d:c8:d4:e6:8c:c1:
26:de:40:ed:0a:81:55:cc:34:69:88:4d:8c:db:97:
bf:c9:2e:f6:c9:29:b8:98:76:f0:6e:6e:0b:da:27:
4b:ef:c4:f6:79:e8:b3:aa:50:3e:67:c3:97:5d:ba:
72:91:2d:fb:3d:80:f0:17:b3:07:f5:56:66:eb:a7:
7f:f5:e2:80:e6:ef:17:7a:df:cd:91:38:6b:0b:27:
6e:1c:80:77:d1:c5:b5:83:16:ed:31:92:04:8b:5c:
fa:5b:23:71:89:3d:da:3a:5e:d0:f2:c8:b5:75:93:
c2:47:71:88:5b:74:e4:fb:e7:cc:32:47:71:b6:0c:
d4:f1:3b:b0:b2:e0:c3:6d:96:00:df:d2:29:9b:c2:
80:b2:36:59:3d:88:62:7e:41:d8:49:ca:dc:fe:0c:
24:f8:d5:d6:ee:ea:04:0e:04:62:3d:02:bb:2e:1c:
ea:00:b5:ee:28:18:39:f1:29:01:2a:f8:1a:0f:6c:
c1:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:66:B7:A1:B8:5F:51:3A:26:38:1B:BD:64:B5:9D:67:FF:5E:C8:81
X509v3 Authority Key Identifier:
keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230352e302f32342d3234203d3e20313339363539.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.237.205.0/24
Signature Algorithm: sha256WithRSAEncryption
73:87:a1:56:76:81:99:69:1e:fe:11:a0:c1:75:09:0b:fd:52:
1e:fc:8d:6d:13:c7:a6:06:f2:d9:6a:1d:08:63:85:77:2c:24:
21:fd:e2:c0:54:56:45:2d:c4:5a:66:ee:8a:a9:6d:7f:37:2f:
26:ed:5b:d2:37:bf:ee:a6:86:08:07:ce:1b:f2:32:e5:e9:23:
39:63:55:59:d1:b7:a1:b9:b7:fb:45:d4:bc:8b:99:b9:29:ae:
4e:b1:a0:fe:4a:dd:c8:bc:f8:9d:67:a6:12:1b:12:a5:d2:6d:
92:3c:86:c7:5a:0b:04:25:4a:78:24:ae:65:cc:2c:9d:5f:f8:
2b:a9:95:9b:63:55:6d:60:ad:e0:d6:a3:29:83:84:ae:44:9e:
32:ce:51:48:98:e3:19:0f:1b:6a:e9:69:45:67:14:84:7f:77:
a2:54:fe:0c:fd:2e:a0:f6:8c:1a:7f:0b:59:de:57:6a:ab:6e:
dc:cd:91:a6:b0:d1:90:67:f9:fd:25:fb:6b:bd:97:da:2b:b6:
90:b5:14:8a:99:76:26:5a:dd:db:45:37:12:ce:0b:80:00:0e:
eb:dd:d0:bf:66:32:98:45:0d:88:b5:63:ef:ec:b2:36:71:d3:
c2:5e:85:d7:a5:ce:fa:97:eb:99:8f:a8:30:c5:0f:93:95:52:
e5:67:e4:0d
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUblRuDbzrJh/awew6nuW4p8A42RYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjAzMjMxMTE0MDBaFw0yNzAzMjIxMTE5MDBaMDMxMTAvBgNV
BAMTKEJFNjZCN0ExQjg1RjUxM0EyNjM4MUJCRDY0QjU5RDY3RkY1RUM4ODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjvPvFDK6lWj6b76LGLJxHkw76
dfX3Fz7Gg21Xjng+S360JjA+0tez+Ehc3n3JRm7eBL86VijR5N6TsI5AzHhZg5dK
ZA3I1OaMwSbeQO0KgVXMNGmITYzbl7/JLvbJKbiYdvBubgvaJ0vvxPZ56LOqUD5n
w5ddunKRLfs9gPAXswf1Vmbrp3/14oDm7xd6382ROGsLJ24cgHfRxbWDFu0xkgSL
XPpbI3GJPdo6XtDyyLV1k8JHcYhbdOT758wyR3G2DNTxO7Cy4MNtlgDf0imbwoCy
Nlk9iGJ+QdhJytz+DCT41dbu6gQOBGI9ArsuHOoAte4oGDnxKQEq+BoPbMHnAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUvma3obhfUTomOBu9ZLWdZ/9eyIEwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzkzNjM1Mzkucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV7c0wDQYJKoZIhvcNAQELBQADggEBAHOHoVZ2gZlpHv4RoMF1CQv9Uh78jW0T
x6YG8tlqHQhjhXcsJCH94sBUVkUtxFpm7oqpbX83LybtW9I3v+6mhggHzhvyMuXp
IzljVVnRt6G5t/tF1LyLmbkprk6xoP5K3ci8+J1nphIbEqXSbZI8hsdaCwQlSngk
rmXMLJ1f+CuplZtjVW1greDWoymDhK5EnjLOUUiY4xkPG2rpaUVnFIR/d6JU/gz9
LqD2jBp/C1neV2qrbtzNkaaw0ZBn+f0l+2u9l9ortpC1FIqZdiZa3dtFNxLOC4AA
Duvd0L9mMphFDYi1Y+/ssjZx08JehdelzvqX65mPqDDFD5OVUuVn5A0=
-----END CERTIFICATE-----
Generated at Thu Mar 26 13:15:44 2026 by rpki-client