Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e31362e302f32322d3234203d3e20333939393535.roa
File: 3231372e3231372e31362e302f32322d3234203d3e20333939393535.roa (raw, json)
Hash identifier: eiRyJuxV+AVcmos11ZJrwDdxb1R98wrHpScTLj3J6o4=
Subject key identifier: CA:96:59:7E:FB:60:8E:7B:42:BF:EF:F3:51:4F:12:C6:FD:9B:8C:E0
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 717C58E9172C17320E2290F54CE4977127E32729
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e31362e302f32322d3234203d3e20333939393535.roa
Signing time: Thu 30 Apr 2026 13:46:27 +0000
ROA not before: Thu 30 Apr 2026 13:41:27 +0000
ROA not after: Thu 29 Apr 2027 13:46:27 +0000
asID: 399955
IP address blocks: 217.217.16.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 12:12:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:7c:58:e9:17:2c:17:32:0e:22:90:f5:4c:e4:97:71:27:e3:27:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Apr 30 13:41:27 2026 GMT
Not After : Apr 29 13:46:27 2027 GMT
Subject: CN=CA96597EFB608E7B42BFEFF3514F12C6FD9B8CE0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:d4:7e:ec:df:dc:1b:3f:50:b6:4e:c6:4b:63:
24:5b:65:55:4c:de:d7:23:9b:10:b6:e6:bb:0c:78:
fb:f0:13:d1:79:52:0f:dd:52:d0:7b:07:2e:fc:fc:
d7:b5:4e:69:73:24:3e:13:bc:92:8e:09:b4:8a:8e:
0a:d6:3e:54:0c:8a:6c:a1:e0:6e:ec:b0:63:b2:8c:
a8:09:fc:f2:1d:ff:16:55:e3:5f:fe:98:f1:cf:42:
7b:84:1b:6e:a6:4e:91:2a:3d:d3:4b:72:2a:9c:77:
42:c0:28:6d:4b:59:1c:aa:91:8a:fd:e0:ea:ad:c0:
f6:05:3d:78:62:42:d1:e3:e4:e0:af:49:c6:7a:1c:
af:db:3b:54:2d:d8:8b:f2:e9:0a:19:68:8b:4d:ac:
fa:4f:d5:99:d8:d6:7b:3e:4c:88:6e:e7:6b:e8:3c:
fe:b5:30:03:8d:ee:36:4c:79:b6:e1:34:56:cb:db:
c7:77:10:51:81:f3:22:6f:52:5e:dc:ac:e0:40:c2:
c6:65:79:3f:38:09:50:e7:af:b2:0d:47:c4:cf:89:
a9:8e:4b:93:33:2b:f3:b1:6b:12:e6:f6:ed:eb:50:
da:c5:32:4b:b4:1b:b3:99:f0:54:ae:20:3c:0e:98:
c4:a6:50:91:75:e1:56:0b:69:c9:12:6d:3c:fa:97:
b4:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:96:59:7E:FB:60:8E:7B:42:BF:EF:F3:51:4F:12:C6:FD:9B:8C:E0
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e31362e302f32322d3234203d3e20333939393535.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.16.0/22
Signature Algorithm: sha256WithRSAEncryption
28:bf:73:0c:3e:a9:1e:41:60:f4:be:11:04:0c:c5:a5:3c:53:
4c:94:cd:80:96:7f:e1:38:b6:62:a0:9e:aa:23:45:2b:ce:44:
9b:83:2c:8a:66:d9:59:ee:ec:ad:01:58:7a:8f:5a:66:3f:8f:
22:3d:cc:e8:67:c7:d1:c8:19:51:80:51:6f:5e:5a:f2:ff:2b:
55:55:fc:60:4c:b1:c2:ba:d7:2c:70:9e:b2:7a:bc:82:3c:db:
f2:4d:da:ab:88:19:00:40:76:9c:05:99:0f:70:63:2c:71:47:
0b:cc:b7:27:f9:60:c0:32:02:5f:c1:16:b5:3f:be:fe:17:31:
c8:e0:90:25:88:59:83:81:da:35:f8:b5:ca:06:2d:7f:5a:fc:
81:ba:f0:f8:16:8c:da:20:08:da:57:38:ff:89:06:43:f2:cf:
58:fd:18:90:cf:a2:f7:07:98:5b:35:d6:c2:80:96:a8:78:64:
fe:5a:ac:bb:5f:62:e5:7f:3e:b1:76:0e:b2:8a:c6:46:15:93:
71:c5:c7:cc:71:df:35:6f:7e:18:68:27:e8:3b:70:b7:3e:2e:
ed:40:25:bb:97:1e:04:8f:5d:06:1c:58:bd:d0:42:7e:6b:d6:
3c:ce:55:3c:66:89:a1:f4:11:ff:9c:06:e3:c3:7a:23:ad:06:
39:f7:34:55
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUcXxY6RcsFzIOIpD1TOSXcSfjJykwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MzAxMzQxMjdaFw0yNzA0MjkxMzQ2MjdaMDMxMTAvBgNV
BAMTKENBOTY1OTdFRkI2MDhFN0I0MkJGRUZGMzUxNEYxMkM2RkQ5QjhDRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv1H7s39wbP1C2TsZLYyRbZVVM
3tcjmxC25rsMePvwE9F5Ug/dUtB7By78/Ne1TmlzJD4TvJKOCbSKjgrWPlQMimyh
4G7ssGOyjKgJ/PId/xZV41/+mPHPQnuEG26mTpEqPdNLciqcd0LAKG1LWRyqkYr9
4OqtwPYFPXhiQtHj5OCvScZ6HK/bO1Qt2Ivy6QoZaItNrPpP1ZnY1ns+TIhu52vo
PP61MAON7jZMebbhNFbL28d3EFGB8yJvUl7crOBAwsZleT84CVDnr7INR8TPiamO
S5MzK/OxaxLm9u3rUNrFMku0G7OZ8FSuIDwOmMSmUJF14VYLackSbTz6l7R5AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUypZZfvtgjntCv+/zUU8Sxv2bjOAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMx
MzYyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMzM5MzkzOTM1MzUucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BALZ2RAwDQYJKoZIhvcNAQELBQADggEBACi/cww+qR5BYPS+EQQMxaU8U0yUzYCW
f+E4tmKgnqojRSvORJuDLIpm2Vnu7K0BWHqPWmY/jyI9zOhnx9HIGVGAUW9eWvL/
K1VV/GBMscK61yxwnrJ6vII82/JN2quIGQBAdpwFmQ9wYyxxRwvMtyf5YMAyAl/B
FrU/vv4XMcjgkCWIWYOB2jX4tcoGLX9a/IG68PgWjNogCNpXOP+JBkPyz1j9GJDP
ovcHmFs11sKAlqh4ZP5arLtfYuV/PrF2DrKKxkYVk3HFx8xx3zVvfhhoJ+g7cLc+
Lu1AJbuXHgSPXQYcWL3QQn5r1jzOVTxmiaH0Ef+cBuPDeiOtBjn3NFU=
-----END CERTIFICATE-----
Generated at Wed May 13 04:53:30 2026 by rpki-client