Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231322e36382e302f32342d3234203d3e20313336373837.roa
File: 3138352e3231322e36382e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier: mVqRFt3zXDK2CiCW1HU/EooBe5OTfON/2SSTaaq7UKs=
Subject key identifier: 38:E8:C4:C3:14:1D:FD:B3:CB:7B:5F:61:B3:F8:E1:E4:33:38:7A:50
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 42EF238AFA35D0AF19BD26051588B4BEDE0CF3F2
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231322e36382e302f32342d3234203d3e20313336373837.roa
Signing time: Sun 15 Mar 2026 12:23:26 +0000
ROA not before: Sun 15 Mar 2026 12:18:26 +0000
ROA not after: Sun 14 Mar 2027 12:23:26 +0000
asID: 136787
IP address blocks: 185.212.68.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:21:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:ef:23:8a:fa:35:d0:af:19:bd:26:05:15:88:b4:be:de:0c:f3:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Mar 15 12:18:26 2026 GMT
Not After : Mar 14 12:23:26 2027 GMT
Subject: CN=38E8C4C3141DFDB3CB7B5F61B3F8E1E433387A50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:10:10:a4:ae:d3:75:6b:9c:af:a9:7b:e9:b2:
85:3d:cc:78:6f:39:01:77:bc:db:3f:49:42:7a:15:
a5:c0:9a:52:5a:5d:55:4c:e4:b5:75:6a:b1:b3:5c:
23:74:06:62:7f:5c:5e:db:a2:73:e3:94:ec:54:eb:
b1:67:c3:24:b7:c9:14:62:4e:27:f8:ab:7a:cb:94:
c6:27:2c:ff:de:63:7e:84:8b:82:a5:ea:17:3d:61:
f8:07:da:6b:43:c5:d4:16:3d:36:a7:1f:96:3e:77:
f0:d4:77:3a:c5:5b:32:3c:cd:39:c7:22:0e:4b:a1:
5c:f0:02:ce:8e:8c:94:67:e8:00:62:b4:78:03:6a:
59:6d:5d:0e:8f:3b:ad:ea:7f:29:57:f2:5c:be:ea:
cb:e0:a3:27:a4:45:5f:05:de:2b:1c:c2:0a:3d:66:
68:ee:ad:2a:8e:df:dc:04:5e:30:f6:5d:10:41:75:
b1:b4:35:d6:2f:a7:7a:5e:25:50:15:93:3c:4c:b2:
84:6b:3d:66:91:71:6e:d9:6c:f3:38:8f:51:3b:94:
2b:db:81:22:95:3c:b1:f8:3c:79:a3:bb:fd:10:8a:
34:ff:0a:d5:6e:7c:51:dc:f3:d3:53:45:d1:e4:89:
28:ac:52:ec:da:69:a0:f5:69:bd:20:6e:7c:26:16:
52:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:E8:C4:C3:14:1D:FD:B3:CB:7B:5F:61:B3:F8:E1:E4:33:38:7A:50
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231322e36382e302f32342d3234203d3e20313336373837.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.212.68.0/24
Signature Algorithm: sha256WithRSAEncryption
83:2d:c0:60:90:48:3c:50:19:ba:e9:6d:23:e6:d8:2c:27:5f:
02:91:9e:7e:30:84:74:8f:10:3f:73:ec:8b:84:e5:d3:66:c0:
a5:0c:6e:2b:65:e3:9d:2f:7f:77:6f:ad:a2:30:d7:e1:78:f1:
98:2b:f3:e6:36:e4:b4:e4:11:95:55:fe:37:0f:1a:35:62:dc:
58:c5:b6:30:69:c7:e2:7d:7f:1a:ab:9e:68:b3:c2:40:2c:ac:
66:d3:00:e4:43:2e:94:c3:2f:7d:80:36:c6:7a:da:7b:84:e7:
ab:e3:dd:00:4e:7c:0b:c0:e2:84:94:d1:d7:20:f6:09:47:cb:
d9:fc:ea:e0:e4:aa:e3:31:63:53:9d:32:3c:0d:33:f5:5a:81:
b9:9c:df:2a:05:a7:0f:b2:b4:b2:1f:21:10:ff:3c:f2:74:fd:
5f:b0:7a:3f:a2:66:b9:d7:ee:b0:3f:14:e2:bd:24:16:39:47:
5e:68:65:3b:7f:47:f5:e9:6f:b7:bf:f6:80:0a:19:cd:5e:65:
e2:e2:d6:4c:4c:21:11:32:4c:a5:14:97:0b:7a:e4:e1:e9:6b:
9f:48:42:08:cf:92:3f:66:2a:86:be:f1:81:e2:70:41:bd:66:
16:09:8e:fb:6f:23:c6:8e:90:ea:68:5f:0f:81:bc:63:ae:79:
af:d5:49:b7
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUQu8jivo10K8ZvSYFFYi0vt4M8/IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMTUxMjE4MjZaFw0yNzAzMTQxMjIzMjZaMDMxMTAvBgNV
BAMTKDM4RThDNEMzMTQxREZEQjNDQjdCNUY2MUIzRjhFMUU0MzMzODdBNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbEBCkrtN1a5yvqXvpsoU9zHhv
OQF3vNs/SUJ6FaXAmlJaXVVM5LV1arGzXCN0BmJ/XF7bonPjlOxU67FnwyS3yRRi
Tif4q3rLlMYnLP/eY36Ei4Kl6hc9YfgH2mtDxdQWPTanH5Y+d/DUdzrFWzI8zTnH
Ig5LoVzwAs6OjJRn6ABitHgDalltXQ6PO63qfylX8ly+6svgoyekRV8F3iscwgo9
ZmjurSqO39wEXjD2XRBBdbG0NdYvp3peJVAVkzxMsoRrPWaRcW7ZbPM4j1E7lCvb
gSKVPLH4PHmju/0QijT/CtVufFHc89NTRdHkiSisUuzaaaD1ab0gbnwmFlKNAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUOOjEwxQd/bPLe19hs/jh5DM4elAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzIyZTM2
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC51EQwDQYJKoZIhvcNAQELBQADggEBAIMtwGCQSDxQGbrpbSPm2CwnXwKRnn4w
hHSPED9z7IuE5dNmwKUMbitl450vf3dvraIw1+F48Zgr8+Y25LTkEZVV/jcPGjVi
3FjFtjBpx+J9fxqrnmizwkAsrGbTAORDLpTDL32ANsZ62nuE56vj3QBOfAvA4oSU
0dcg9glHy9n86uDkquMxY1OdMjwNM/Vagbmc3yoFpw+ytLIfIRD/PPJ0/V+wej+i
ZrnX7rA/FOK9JBY5R15oZTt/R/Xpb7e/9oAKGc1eZeLi1kxMIREyTKUUlwt65OHp
a59IQgjPkj9mKoa+8YHicEG9ZhYJjvtvI8aOkOpoXw+BvGOuea/VSbc=
-----END CERTIFICATE-----
Generated at Thu Mar 26 07:33:13 2026 by rpki-client