Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3137382e3133322e3130382e302f32342d3234203d3e20313336373837.roa
File: 3137382e3133322e3130382e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier: NOeAbRuSXIjPBqImaixibhKEC74eU1fRHaUGXJ+vSYE=
Subject key identifier: 8C:E6:7B:C6:D5:95:0B:9A:45:DD:79:3B:41:B9:27:CA:1E:5C:97:C2
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 04ABDEB356F71E4569D69A4C44E1818DCB7CF417
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3137382e3133322e3130382e302f32342d3234203d3e20313336373837.roa
Signing time: Mon 23 Mar 2026 18:23:29 +0000
ROA not before: Mon 23 Mar 2026 18:18:29 +0000
ROA not after: Mon 22 Mar 2027 18:23:29 +0000
asID: 136787
IP address blocks: 178.132.108.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:ab:de:b3:56:f7:1e:45:69:d6:9a:4c:44:e1:81:8d:cb:7c:f4:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Mar 23 18:18:29 2026 GMT
Not After : Mar 22 18:23:29 2027 GMT
Subject: CN=8CE67BC6D5950B9A45DD793B41B927CA1E5C97C2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:b7:60:82:9c:b5:c2:7c:26:98:4f:d5:e8:f6:
be:d9:10:7d:0b:b2:bf:9d:34:cd:1c:df:f2:25:0a:
63:ff:68:c8:fa:17:6e:a9:a1:2b:a4:89:d6:42:c6:
22:f9:14:ca:4e:19:b7:05:20:5f:e9:6a:aa:c4:c6:
11:55:f5:11:e0:00:c1:3d:53:fb:6f:68:30:ab:3e:
7a:05:98:31:82:0e:df:25:79:98:db:57:af:28:2f:
91:f5:2a:70:54:00:6c:4f:ee:76:33:81:40:56:80:
74:2d:1d:41:ae:ca:52:97:39:2b:1f:84:f8:04:89:
7a:75:4e:ce:ae:4d:a1:f4:24:c9:02:64:eb:94:ee:
2a:ab:f5:af:b5:60:a8:f3:76:5e:e5:7a:2a:05:d4:
04:27:36:9d:30:b1:bd:3e:5f:94:99:7e:5d:44:0f:
b5:c3:27:1b:dc:97:01:a8:a5:97:b5:66:98:3e:b6:
67:c8:61:a1:a2:51:df:83:23:2b:85:75:1b:49:6e:
04:00:32:3c:e1:a6:30:b8:36:bb:b6:cc:f3:bd:46:
45:9d:27:6c:bf:4e:c5:6a:c0:2a:bd:59:4a:2a:01:
9e:db:3b:97:1e:b6:20:4d:b5:33:38:52:09:f8:26:
27:6c:ec:c5:0e:73:90:f2:4c:c5:5c:5d:d8:e7:e4:
b0:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:E6:7B:C6:D5:95:0B:9A:45:DD:79:3B:41:B9:27:CA:1E:5C:97:C2
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3137382e3133322e3130382e302f32342d3234203d3e20313336373837.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.132.108.0/24
Signature Algorithm: sha256WithRSAEncryption
60:ef:ea:d0:1d:4e:0d:b2:12:00:a4:d1:72:35:d8:50:6d:85:
53:f8:18:34:89:cc:74:80:c8:fc:f2:9a:6a:f9:83:a0:f0:20:
89:9c:9a:10:d4:cf:a4:55:58:45:a0:64:3a:cf:97:f6:b6:03:
85:0b:0e:b7:2e:66:5e:c1:c3:b2:80:b1:53:29:e1:f6:70:fa:
b0:a7:dc:49:fb:ca:22:58:79:51:4c:5d:10:6b:ae:1c:20:51:
3b:ca:51:4a:c0:c3:96:f8:32:6a:2e:bc:a6:2b:cf:57:05:26:
2f:b6:7c:f0:67:32:2b:14:dd:2e:f1:35:88:9f:33:ea:ef:be:
cb:2e:b9:27:ca:b8:74:60:ff:4f:91:e5:0d:01:c5:c4:8f:9f:
9c:81:91:22:34:22:19:27:c0:c3:8d:42:73:6f:1a:c3:d9:da:
d6:b4:7d:49:c8:74:8c:cc:68:3e:60:41:a8:24:e3:09:bc:61:
d6:e9:18:4c:ca:6d:bb:da:2a:b8:1b:74:e6:54:53:66:e6:96:
86:fa:fc:d0:23:6d:e3:30:b7:e2:c8:87:e3:e4:ee:04:b5:1f:
9f:1f:73:b7:eb:58:15:81:f3:a4:73:56:f1:c6:a3:97:12:56:
df:54:49:35:62:b3:d7:64:98:8c:49:6d:38:8f:5f:30:5e:ec:
e6:48:1c:bc
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUBKves1b3HkVp1ppMROGBjct89BcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMjMxODE4MjlaFw0yNzAzMjIxODIzMjlaMDMxMTAvBgNV
BAMTKDhDRTY3QkM2RDU5NTBCOUE0NURENzkzQjQxQjkyN0NBMUU1Qzk3QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUt2CCnLXCfCaYT9Xo9r7ZEH0L
sr+dNM0c3/IlCmP/aMj6F26poSukidZCxiL5FMpOGbcFIF/paqrExhFV9RHgAME9
U/tvaDCrPnoFmDGCDt8leZjbV68oL5H1KnBUAGxP7nYzgUBWgHQtHUGuylKXOSsf
hPgEiXp1Ts6uTaH0JMkCZOuU7iqr9a+1YKjzdl7leioF1AQnNp0wsb0+X5SZfl1E
D7XDJxvclwGopZe1Zpg+tmfIYaGiUd+DIyuFdRtJbgQAMjzhpjC4Nru2zPO9RkWd
J2y/TsVqwCq9WUoqAZ7bO5cetiBNtTM4Ugn4Jids7MUOc5DyTMVcXdjn5LCXAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUjOZ7xtWVC5pF3Xk7Qbknyh5cl8IwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNzM4MmUzMTMzMzIyZTMx
MzAzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALKEbDANBgkqhkiG9w0BAQsFAAOCAQEAYO/q0B1ODbISAKTRcjXYUG2FU/gY
NInMdIDI/PKaavmDoPAgiZyaENTPpFVYRaBkOs+X9rYDhQsOty5mXsHDsoCxUynh
9nD6sKfcSfvKIlh5UUxdEGuuHCBRO8pRSsDDlvgyai68pivPVwUmL7Z88GcyKxTd
LvE1iJ8z6u++yy65J8q4dGD/T5HlDQHFxI+fnIGRIjQiGSfAw41Cc28aw9na1rR9
Sch0jMxoPmBBqCTjCbxh1ukYTMptu9oquBt05lRTZuaWhvr80CNt4zC34siH4+Tu
BLUfnx9zt+tYFYHzpHNW8cajlxJW31RJNWKz12SYjEltOI9fMF7s5kgcvA==
-----END CERTIFICATE-----
Generated at Thu Mar 26 12:25:07 2026 by rpki-client