Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232302e302f32342d3234203d3e203634323637.roa
File: 38352e3230392e3232302e302f32342d3234203d3e203634323637.roa (raw, json)
Hash identifier: /xhyz61UyB15PvY1VWpgba2IUHrgOZaPcuExUjQcLQU=
Subject key identifier: DE:B5:C0:7E:B0:4C:65:33:22:8F:51:52:73:DF:5C:E2:7A:78:DA:64
Certificate issuer: /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial: 4CC4A66B6E06377D28DA2ACA3F6E9958AC1DC4DD
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232302e302f32342d3234203d3e203634323637.roa
Signing time: Fri 08 May 2026 16:47:11 +0000
ROA not before: Fri 08 May 2026 16:42:11 +0000
ROA not after: Fri 07 May 2027 16:47:11 +0000
asID: 64267
IP address blocks: 85.209.220.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:38:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:c4:a6:6b:6e:06:37:7d:28:da:2a:ca:3f:6e:99:58:ac:1d:c4:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Validity
Not Before: May 8 16:42:11 2026 GMT
Not After : May 7 16:47:11 2027 GMT
Subject: CN=DEB5C07EB04C6533228F515273DF5CE27A78DA64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:67:d5:12:97:3a:05:be:55:f6:ad:f2:09:ba:
2f:07:ed:b6:b5:1e:8b:d4:af:b4:24:fa:d6:f8:ff:
ea:85:27:77:49:e7:b2:08:c4:44:d1:49:f4:32:1e:
99:26:0e:94:3f:42:dd:20:03:43:bc:4e:fa:7d:dd:
c2:8b:c9:ad:82:5a:d8:5f:71:3c:f7:37:b5:6d:55:
26:78:de:ff:81:b4:6b:11:e2:c1:3c:8f:d0:90:f6:
b5:42:23:7b:8e:48:e7:fe:b6:ad:96:8a:f5:85:ca:
90:29:b5:4e:a0:97:5f:76:db:3f:65:a5:b6:45:67:
39:ec:84:2b:4f:bb:c2:fb:23:07:09:24:f0:7d:3d:
c4:6c:86:3f:ad:f7:69:a6:ce:ef:2d:aa:d4:5b:f1:
93:cb:34:91:cb:2c:e1:ab:04:eb:72:5d:74:b1:29:
6e:af:a3:59:71:f8:4c:0a:73:8e:2a:9c:bb:ee:f7:
1b:aa:fc:0a:fb:c0:fd:51:9c:d1:a1:ad:b3:85:d8:
b9:10:aa:8a:87:ca:bb:22:63:f4:58:71:03:a1:3c:
f4:2b:4d:8a:9e:b3:19:91:2a:47:c7:c0:46:43:08:
19:20:43:71:4a:6b:3d:ac:9f:7c:db:e5:f8:39:6d:
0b:26:e9:b6:a5:c6:4d:20:a2:3e:53:66:be:17:c1:
02:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:B5:C0:7E:B0:4C:65:33:22:8F:51:52:73:DF:5C:E2:7A:78:DA:64
X509v3 Authority Key Identifier:
keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/38352e3230392e3232302e302f32342d3234203d3e203634323637.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.220.0/24
Signature Algorithm: sha256WithRSAEncryption
33:38:1a:ee:3c:c1:a1:67:7b:b9:56:9d:f6:da:59:04:18:c4:
31:65:c8:6c:59:83:88:4f:81:46:5c:30:52:3c:df:c4:5f:0a:
f8:66:ee:29:ab:ad:2e:00:43:ae:98:22:46:e6:38:23:87:11:
96:a4:67:c6:2a:f2:0f:0a:54:b8:c1:95:35:21:5a:10:1c:41:
c7:4f:84:08:4a:d7:29:a1:ab:16:9e:30:b4:33:13:04:bb:f2:
4d:d1:c8:1f:7d:44:61:5f:36:56:a7:b7:29:74:6e:2c:45:9f:
0c:be:79:d6:06:06:ee:a6:5c:03:aa:9a:30:df:c4:3b:25:01:
ee:3d:9b:44:23:37:aa:ed:28:f0:f4:c2:d4:f2:e6:98:79:ce:
21:80:7b:52:8e:cc:12:c2:86:e1:2e:26:e0:dc:94:77:2f:3c:
8e:cd:d7:02:b0:d9:fc:49:ae:ea:57:d8:07:ac:9d:ca:0a:d9:
65:62:e7:c5:d2:f8:b8:3b:e0:60:cf:90:68:9b:a9:b8:9c:8d:
0e:d4:71:c9:b7:36:6c:44:fd:90:79:f1:a0:eb:38:74:02:51:
ed:06:4e:83:64:0b:92:9e:7f:7e:a6:70:27:d6:aa:d5:d2:11:
82:59:4d:85:e4:9e:7e:14:22:43:d0:a1:f1:c1:66:33:f7:d9:
1e:ae:6d:5a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUTMSma24GN30o2irKP26ZWKwdxN0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjA1MDgxNjQyMTFaFw0yNzA1MDcxNjQ3MTFaMDMxMTAvBgNV
BAMTKERFQjVDMDdFQjA0QzY1MzMyMjhGNTE1MjczREY1Q0UyN0E3OERBNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUZ9USlzoFvlX2rfIJui8H7ba1
HovUr7Qk+tb4/+qFJ3dJ57IIxETRSfQyHpkmDpQ/Qt0gA0O8Tvp93cKLya2CWthf
cTz3N7VtVSZ43v+BtGsR4sE8j9CQ9rVCI3uOSOf+tq2WivWFypAptU6gl1922z9l
pbZFZznshCtPu8L7IwcJJPB9PcRshj+t92mmzu8tqtRb8ZPLNJHLLOGrBOtyXXSx
KW6vo1lx+EwKc44qnLvu9xuq/Ar7wP1RnNGhrbOF2LkQqoqHyrsiY/RYcQOhPPQr
TYqesxmRKkfHwEZDCBkgQ3FKaz2sn3zb5fg5bQsm6balxk0goj5TZr4XwQJtAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU3rXAfrBMZTMij1FSc99c4np42mQwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzgzNTJlMzIzMDM5MmUzMjMy
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNjM0MzIzNjM3LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
VdHcMA0GCSqGSIb3DQEBCwUAA4IBAQAzOBruPMGhZ3u5Vp322lkEGMQxZchsWYOI
T4FGXDBSPN/EXwr4Zu4pq60uAEOumCJG5jgjhxGWpGfGKvIPClS4wZU1IVoQHEHH
T4QIStcpoasWnjC0MxMEu/JN0cgffURhXzZWp7cpdG4sRZ8MvnnWBgbuplwDqpow
38Q7JQHuPZtEIzeq7Sjw9MLU8uaYec4hgHtSjswSwobhLibg3JR3LzyOzdcCsNn8
Sa7qV9gHrJ3KCtllYufF0vi4O+Bgz5Bom6m4nI0O1HHJtzZsRP2QefGg6zh0AlHt
Bk6DZAuSnn9+pnAn1qrV0hGCWU2F5J5+FCJD0KHxwWYz99kerm1a
-----END CERTIFICATE-----
Generated at Wed May 13 04:14:43 2026 by rpki-client