Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3230342e302f32342d3234203d3e203438323636.roa
File: 3231372e3231372e3230342e302f32342d3234203d3e203438323636.roa (raw, json)
Hash identifier: VOhvMSwUKhZcocgjEgDs9J39moxFO+XzYkm0bs7q5fw=
Subject key identifier: 8E:FC:AC:64:24:88:00:8D:A5:CB:B3:8D:CE:29:85:F8:32:E0:4A:24
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 57B1A74A674F20A52BA1DC6A1FFA8E423D688AE6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3230342e302f32342d3234203d3e203438323636.roa
Signing time: Wed 25 Mar 2026 08:49:12 +0000
ROA not before: Wed 25 Mar 2026 08:44:12 +0000
ROA not after: Wed 24 Mar 2027 08:49:12 +0000
asID: 48266
IP address blocks: 217.217.204.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:b1:a7:4a:67:4f:20:a5:2b:a1:dc:6a:1f:fa:8e:42:3d:68:8a:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Mar 25 08:44:12 2026 GMT
Not After : Mar 24 08:49:12 2027 GMT
Subject: CN=8EFCAC642488008DA5CBB38DCE2985F832E04A24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:61:15:53:73:29:d9:3e:8b:42:24:f4:ce:7d:
83:b5:41:41:cf:9c:13:17:17:fd:35:a5:34:bb:ec:
10:bf:42:23:58:ef:ff:0d:97:a3:68:b7:ad:82:f8:
f9:18:9b:d6:d8:1f:b5:bb:28:b3:9a:6b:a3:92:fc:
b0:e0:16:59:48:dc:f0:1c:fa:e5:f7:24:71:66:27:
2e:90:c2:cc:fb:ee:1d:2c:40:2e:bc:87:dc:ec:e6:
21:86:84:08:a3:8f:02:19:fe:25:0a:37:2a:d6:82:
4c:7a:cc:11:65:db:72:43:db:35:49:47:89:12:2c:
e7:85:c7:f8:56:90:0f:d3:49:9f:46:41:ab:8f:b4:
fb:37:c8:7e:68:6b:2c:7d:89:fb:58:e1:17:7d:ce:
e1:68:ac:94:e8:3c:0a:33:27:95:30:bf:1d:59:cc:
b0:70:0c:ca:c1:2a:bb:51:d6:f2:ea:db:86:93:f8:
5a:f3:12:3b:1d:04:52:fa:1e:7e:a2:82:5c:ba:82:
ee:24:92:dc:ed:a0:9f:20:10:4c:7b:c7:1c:8d:60:
3e:43:f9:b8:1b:84:a2:c8:98:28:f7:d6:c1:be:00:
68:5c:2f:a5:11:4c:2b:b1:2c:00:53:60:10:20:97:
a1:4c:58:b8:97:2e:09:30:a7:dd:67:4b:64:1f:e4:
3a:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:FC:AC:64:24:88:00:8D:A5:CB:B3:8D:CE:29:85:F8:32:E0:4A:24
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231372e3230342e302f32342d3234203d3e203438323636.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.217.204.0/24
Signature Algorithm: sha256WithRSAEncryption
12:e0:62:19:bc:cc:38:65:b2:18:6a:a2:e2:fa:80:fb:15:98:
6e:0a:e2:0b:3c:49:56:e5:c1:f2:d8:5b:eb:4d:e4:03:33:bd:
ca:e7:bb:89:f0:61:c9:b5:dd:c0:9f:24:00:27:e7:eb:35:d6:
7b:b7:8e:f4:59:30:80:62:92:9c:24:78:2e:db:15:b5:fb:0c:
92:70:26:10:ed:3b:b9:93:49:7d:6a:f5:d0:ae:3b:b8:08:67:
aa:79:0a:7d:4d:7b:e2:d1:3b:5e:80:b0:3d:0b:c8:03:ed:8f:
12:15:62:af:5d:6f:5f:56:ea:40:3d:9a:cb:30:8b:8a:dc:1c:
c7:03:44:9e:18:3a:1f:e2:c2:57:31:1e:ea:d9:82:fc:a7:9d:
38:c8:b4:86:f0:e6:2a:2a:dd:ea:dd:e4:a2:65:2b:72:ec:f8:
43:8c:9a:a1:ab:b1:e7:71:a7:7a:eb:d4:36:7d:58:67:68:8d:
a9:87:7e:31:a1:d8:92:17:c5:77:78:bf:f7:a7:cf:1a:bb:9b:
1e:d0:95:0c:10:c6:13:8b:8b:90:8b:9b:3e:c8:2c:d1:f8:9e:
6d:d8:7a:8d:de:15:be:8c:4a:6a:fd:a6:61:15:c8:03:33:6e:
bd:60:22:30:6c:0c:d8:8d:aa:fa:bc:87:2c:e8:1c:b6:c5:0b:
f4:1b:c8:bf
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUV7GnSmdPIKUrodxqH/qOQj1oiuYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMjUwODQ0MTJaFw0yNzAzMjQwODQ5MTJaMDMxMTAvBgNV
BAMTKDhFRkNBQzY0MjQ4ODAwOERBNUNCQjM4RENFMjk4NUY4MzJFMDRBMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnYRVTcynZPotCJPTOfYO1QUHP
nBMXF/01pTS77BC/QiNY7/8Nl6Not62C+PkYm9bYH7W7KLOaa6OS/LDgFllI3PAc
+uX3JHFmJy6Qwsz77h0sQC68h9zs5iGGhAijjwIZ/iUKNyrWgkx6zBFl23JD2zVJ
R4kSLOeFx/hWkA/TSZ9GQauPtPs3yH5oayx9iftY4Rd9zuForJToPAozJ5Uwvx1Z
zLBwDMrBKrtR1vLq24aT+FrzEjsdBFL6Hn6igly6gu4kktztoJ8gEEx7xxyNYD5D
+bgbhKLImCj31sG+AGhcL6URTCuxLABTYBAgl6FMWLiXLgkwp91nS2Qf5Dq7AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUjvysZCSIAI2ly7ONzimF+DLgSiQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzcyZTMy
MzAzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzgzMjM2MzYucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADZ2cwwDQYJKoZIhvcNAQELBQADggEBABLgYhm8zDhlshhqouL6gPsVmG4K4gs8
SVblwfLYW+tN5AMzvcrnu4nwYcm13cCfJAAn5+s11nu3jvRZMIBikpwkeC7bFbX7
DJJwJhDtO7mTSX1q9dCuO7gIZ6p5Cn1Ne+LRO16AsD0LyAPtjxIVYq9db19W6kA9
msswi4rcHMcDRJ4YOh/iwlcxHurZgvynnTjItIbw5ioq3erd5KJlK3Ls+EOMmqGr
sedxp3rr1DZ9WGdojamHfjGh2JIXxXd4v/enzxq7mx7QlQwQxhOLi5CLmz7ILNH4
nm3Yeo3eFb6MSmr9pmEVyAMzbr1gIjBsDNiNqvq8hyzoHLbFC/QbyL8=
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:13:51 2026 by rpki-client