Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a313a3a2f34382d3438203d3e20323032333539.roa
File: 326131313a663263303a313a3a2f34382d3438203d3e20323032333539.roa (raw, json)
Hash identifier: R62nekvU6YkPTxxGPPfhB938rPtmq9HaX3X0QDaH6z0=
Subject key identifier: 34:FB:08:FA:38:02:BF:CD:08:55:79:D9:AB:AB:61:76:C8:4D:9C:74
Certificate issuer: /CN=0839a93dab544c296ffa143456844a8b2818b1d0
Certificate serial: 38D02241037E4BA3201F9FBF7A823D0DD2C2CAF7
Authority key identifier: 08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a313a3a2f34382d3438203d3e20323032333539.roa
Signing time: Sun 03 May 2026 13:05:00 +0000
ROA not before: Sun 03 May 2026 13:00:00 +0000
ROA not after: Sun 02 May 2027 13:05:00 +0000
asID: 202359
IP address blocks: 2a11:f2c0:1::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl
rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.mft
rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 00:34:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:d0:22:41:03:7e:4b:a3:20:1f:9f:bf:7a:82:3d:0d:d2:c2:ca:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0839a93dab544c296ffa143456844a8b2818b1d0
Validity
Not Before: May 3 13:00:00 2026 GMT
Not After : May 2 13:05:00 2027 GMT
Subject: CN=34FB08FA3802BFCD085579D9ABAB6176C84D9C74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:1d:c4:18:f8:56:25:93:12:6b:16:35:e7:a5:
75:8d:e9:96:e5:4d:60:70:8f:f6:b6:10:72:eb:e8:
8e:65:ad:e6:90:e9:24:f1:3b:16:42:59:76:0f:59:
06:12:11:b5:71:af:9b:56:65:f7:84:13:cf:45:be:
e7:45:b9:02:c9:be:42:64:c4:13:23:b8:bd:34:fc:
d8:58:88:f7:92:67:0b:a8:6d:69:c6:a4:0f:73:67:
8b:74:21:76:3b:e5:e4:1d:7d:40:a5:0a:81:a0:02:
e8:fd:4c:70:07:b3:9b:a1:ed:18:e9:bf:3e:59:0d:
f9:6e:4e:53:03:0c:a7:b6:2d:48:7a:91:ba:af:99:
29:1c:bb:ee:76:e0:91:3e:0b:59:4b:9c:d5:2e:04:
c3:d4:39:f5:6e:9e:67:fe:14:d8:25:5c:bf:f9:3b:
15:2d:63:64:06:5b:61:a2:af:2f:c7:5c:f4:d1:ed:
9f:e0:f4:a3:63:87:f5:36:72:f9:97:c3:05:00:c1:
d1:29:a4:6e:1f:f9:9b:02:c5:1f:ce:7e:eb:65:83:
dc:d2:bd:ec:1e:25:25:a8:01:7b:16:c4:4d:95:b5:
b9:59:ba:78:81:d9:af:f7:93:b9:b4:c9:50:8a:5c:
5a:48:20:0e:39:11:5f:df:1e:3b:9e:11:d7:6b:68:
d6:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:FB:08:FA:38:02:BF:CD:08:55:79:D9:AB:AB:61:76:C8:4D:9C:74
X509v3 Authority Key Identifier:
keyid:08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/326131313a663263303a313a3a2f34382d3438203d3e20323032333539.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:f2c0:1::/48
Signature Algorithm: sha256WithRSAEncryption
39:fc:81:46:d4:8e:ac:5a:49:17:6f:2f:1e:fe:18:1d:af:89:
eb:c0:76:ef:88:15:65:88:e4:f1:6c:af:ed:12:45:0c:ee:c0:
f8:38:5a:9b:a0:16:28:92:74:2f:f9:72:f9:9d:60:a3:70:a1:
1c:3e:ba:7a:25:99:03:6a:cf:e9:c4:c1:16:17:f9:75:cc:bd:
88:3b:21:5e:7a:8c:44:a0:3a:e7:ed:ef:e6:d6:a7:3e:be:a9:
e1:f6:bf:cb:9e:6f:79:8d:99:87:c8:19:e7:54:7f:53:22:94:
71:cd:56:0e:40:a7:ce:3f:59:b1:2b:c9:ba:5f:b5:5d:69:ac:
94:37:d2:67:aa:a4:6c:45:47:d5:57:b0:dd:ff:bb:dc:51:65:
38:c4:bf:b0:53:39:d5:a5:c6:94:4c:dd:45:d7:32:86:e9:b8:
db:63:06:10:af:d7:02:64:49:ab:68:7a:bf:4e:3b:2c:c2:6f:
ef:be:3e:6b:51:47:23:73:23:35:84:bc:91:6b:b0:ae:91:c4:
df:bf:f9:e6:8a:92:21:49:8b:3a:39:2c:d1:b1:f3:20:84:98:
72:d0:cb:7d:73:e1:67:c9:0b:2f:d4:29:f2:56:7b:a3:14:4c:
3f:e5:ed:7e:a0:ef:e4:78:e9:2e:1c:c9:f3:2c:59:a7:a2:f2:
a1:e7:66:d6
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUONAiQQN+S6MgH5+/eoI9DdLCyvcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDgzOWE5M2RhYjU0NGMyOTZmZmExNDM0NTY4NDRhOGIy
ODE4YjFkMDAeFw0yNjA1MDMxMzAwMDBaFw0yNzA1MDIxMzA1MDBaMDMxMTAvBgNV
BAMTKDM0RkIwOEZBMzgwMkJGQ0QwODU1NzlEOUFCQUI2MTc2Qzg0RDlDNzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcHcQY+FYlkxJrFjXnpXWN6Zbl
TWBwj/a2EHLr6I5lreaQ6STxOxZCWXYPWQYSEbVxr5tWZfeEE89FvudFuQLJvkJk
xBMjuL00/NhYiPeSZwuobWnGpA9zZ4t0IXY75eQdfUClCoGgAuj9THAHs5uh7Rjp
vz5ZDfluTlMDDKe2LUh6kbqvmSkcu+524JE+C1lLnNUuBMPUOfVunmf+FNglXL/5
OxUtY2QGW2Giry/HXPTR7Z/g9KNjh/U2cvmXwwUAwdEppG4f+ZsCxR/Ofutlg9zS
veweJSWoAXsWxE2VtblZuniB2a/3k7m0yVCKXFpIIA45EV/fHjueEddraNbhAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUNPsI+jgCv80IVXnZq6thdshNnHQwHwYDVR0j
BBgwFoAUCDmpPatUTClv+hQ0VoRKiygYsdAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGRlODM3ZmItNjM5MC00MWI1LTgyYTAtZjBkMDJjMDNh
MmM2LzcvMDgzOUE5M0RBQjU0NEMyOTZGRkExNDM0NTY4NDRBOEIyODE4QjFEMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NEbXBQYXRVVENsdi1oUTBWb1JLaXln
WXNkQS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGRlODM3ZmIt
NjM5MC00MWI1LTgyYTAtZjBkMDJjMDNhMmM2LzcvMzI2MTMxMzEzYTY2MzI2MzMw
M2EzMTNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzAzMjMzMzUzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHACoR8sAAATANBgkqhkiG9w0BAQsFAAOCAQEAOfyBRtSOrFpJF28vHv4YHa+J
68B274gVZYjk8Wyv7RJFDO7A+Dham6AWKJJ0L/ly+Z1go3ChHD66eiWZA2rP6cTB
Fhf5dcy9iDshXnqMRKA65+3v5tanPr6p4fa/y55veY2Zh8gZ51R/UyKUcc1WDkCn
zj9ZsSvJul+1XWmslDfSZ6qkbEVH1Vew3f+73FFlOMS/sFM51aXGlEzdRdcyhum4
22MGEK/XAmRJq2h6v047LMJv774+a1FHI3MjNYS8kWuwrpHE37/55oqSIUmLOjks
0bHzIISYctDLfXPhZ8kLL9Qp8lZ7oxRMP+XtfqDv5HjpLhzJ8yxZp6Lyoedm1g==
-----END CERTIFICATE-----
Generated at Wed May 13 14:55:56 2026 by rpki-client