Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133382e3234302e302f32322d3232203d3e20323031333431.roa
File: 34352e3133382e3234302e302f32322d3232203d3e20323031333431.roa (raw, json)
Hash identifier: UVj4nsdmouzmt75Q6f+LB0bwHG3bud+bMaPhLvqNYUE=
Subject key identifier: 66:73:1E:49:D6:5C:9A:53:74:47:9F:62:78:DE:06:A3:71:96:CF:1F
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 4902ACBA9ED53DEB213B5C5DF287B48FB27D9427
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133382e3234302e302f32322d3232203d3e20323031333431.roa
Signing time: Wed 04 Mar 2026 13:23:22 +0000
ROA not before: Wed 04 Mar 2026 13:18:22 +0000
ROA not after: Wed 03 Mar 2027 13:23:22 +0000
asID: 201341
IP address blocks: 45.138.240.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
49:02:ac:ba:9e:d5:3d:eb:21:3b:5c:5d:f2:87:b4:8f:b2:7d:94:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Mar 4 13:18:22 2026 GMT
Not After : Mar 3 13:23:22 2027 GMT
Subject: CN=66731E49D65C9A5374479F6278DE06A37196CF1F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:f9:9c:c8:d2:05:af:35:c4:48:b3:1d:fd:0c:
02:93:3e:1b:0e:93:d4:dc:6c:85:88:b3:92:38:0f:
e4:36:cc:70:f9:5d:57:66:2c:da:68:e1:c0:d5:a1:
6e:97:ba:4d:69:f7:bb:b5:7e:3a:33:a7:e5:c9:9e:
53:a8:2d:e2:48:a2:1d:d9:a6:be:da:75:d3:30:15:
f8:03:82:21:3d:4e:cd:cb:52:a4:ed:ca:33:9d:df:
d1:66:bc:a8:66:02:b2:06:51:60:18:63:c7:68:2a:
61:be:5c:6f:77:b5:8b:9b:55:60:e3:ca:5f:68:cb:
1d:8f:c9:7f:f6:87:11:87:da:0d:21:a1:fb:de:55:
25:ec:67:b1:8d:5a:71:7e:94:a7:b8:5d:af:bc:fc:
3a:3a:05:0f:11:41:8c:16:a6:a2:ce:30:ea:1e:29:
02:23:99:9c:4f:29:16:f2:9b:86:51:fe:2e:88:6d:
51:64:19:b6:60:11:c4:b2:64:8c:4b:3b:61:d9:cb:
61:52:f2:27:f1:5f:62:9e:26:39:c6:c8:ad:03:74:
3f:7b:cb:7e:57:c3:cc:55:e8:13:06:22:0c:c5:c6:
d3:4d:c4:01:42:db:73:c6:fe:df:f7:4d:2b:8d:30:
fd:22:01:c0:8d:20:c4:05:f1:17:eb:b1:d3:77:59:
15:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:73:1E:49:D6:5C:9A:53:74:47:9F:62:78:DE:06:A3:71:96:CF:1F
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133382e3234302e302f32322d3232203d3e20323031333431.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.138.240.0/22
Signature Algorithm: sha256WithRSAEncryption
79:05:73:e5:90:fe:75:b5:f1:8b:b3:b8:d7:81:b0:5e:a6:bf:
77:85:17:35:0d:75:50:ed:bf:57:20:72:c3:ab:41:a7:99:03:
56:ed:12:e0:b6:cc:a3:fb:9f:47:6c:1d:eb:d3:0b:a3:08:0d:
9a:1b:98:c5:2b:52:5e:23:59:a8:3f:13:0e:e9:12:df:44:0c:
1c:97:89:4c:39:7f:a9:87:b2:cf:7c:61:57:e1:77:36:9b:cf:
33:8d:9a:17:5d:c6:d9:3d:1a:69:70:80:9b:69:e5:f4:7b:4d:
d8:f6:72:ae:b7:73:22:e7:d6:6f:a7:15:b5:59:80:92:67:fb:
ac:e5:56:2d:f2:10:ef:ed:ce:40:4a:84:20:ef:97:da:ea:42:
af:ff:f0:6b:fb:25:5d:e0:e5:fb:23:f0:cd:52:7d:ed:94:d2:
62:c3:8c:76:36:4d:f9:94:42:73:49:35:a5:b2:d6:64:e8:07:
ac:c1:6e:76:1a:d0:4c:fd:75:70:78:19:4e:b3:ac:31:78:d2:
c9:68:0f:64:76:c3:e8:a0:cf:34:7b:f5:75:5b:29:f6:be:82:
a3:bf:49:e1:2a:65:8a:85:7b:0f:ea:39:9e:ab:b0:bf:ce:70:
b7:79:12:7c:ae:0b:f2:76:42:97:2b:94:67:5a:a2:6b:51:27:
10:d9:29:70
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUSQKsup7VPeshO1xd8oe0j7J9lCcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAzMDQxMzE4MjJaFw0yNzAzMDMxMzIzMjJaMDMxMTAvBgNV
BAMTKDY2NzMxRTQ5RDY1QzlBNTM3NDQ3OUY2Mjc4REUwNkEzNzE5NkNGMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp+ZzI0gWvNcRIsx39DAKTPhsO
k9TcbIWIs5I4D+Q2zHD5XVdmLNpo4cDVoW6Xuk1p97u1fjozp+XJnlOoLeJIoh3Z
pr7addMwFfgDgiE9Ts3LUqTtyjOd39FmvKhmArIGUWAYY8doKmG+XG93tYubVWDj
yl9oyx2PyX/2hxGH2g0hofveVSXsZ7GNWnF+lKe4Xa+8/Do6BQ8RQYwWpqLOMOoe
KQIjmZxPKRbym4ZR/i6IbVFkGbZgEcSyZIxLO2HZy2FS8ifxX2KeJjnGyK0DdD97
y35Xw8xV6BMGIgzFxtNNxAFC23PG/t/3TSuNMP0iAcCNIMQF8RfrsdN3WRVTAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUZnMeSdZcmlN0R59ieN4Go3GWzx8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzMzM4MmUzMjM0
MzAyZTMwMmYzMjMyMmQzMjMyMjAzZDNlMjAzMjMwMzEzMzM0MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAItivAwDQYJKoZIhvcNAQELBQADggEBAHkFc+WQ/nW18YuzuNeBsF6mv3eFFzUN
dVDtv1cgcsOrQaeZA1btEuC2zKP7n0dsHevTC6MIDZobmMUrUl4jWag/Ew7pEt9E
DByXiUw5f6mHss98YVfhdzabzzONmhddxtk9GmlwgJtp5fR7Tdj2cq63cyLn1m+n
FbVZgJJn+6zlVi3yEO/tzkBKhCDvl9rqQq//8Gv7JV3g5fsj8M1Sfe2U0mLDjHY2
TfmUQnNJNaWy1mToB6zBbnYa0Ez9dXB4GU6zrDF40sloD2R2w+igzzR79XVbKfa+
gqO/SeEqZYqFew/qOZ6rsL/OcLd5EnyuC/J2QpcrlGdaomtRJxDZKXA=
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:17:37 2026 by rpki-client