Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232382e302f32342d3234203d3e203230343733.roa
File: 38352e3230392e3232382e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier: 1VJONXDxJnPHUDzUm7XiO/UF/aXr3KYuVDC6vKiNDOc=
Subject key identifier: D4:81:DC:DF:55:32:04:D7:F4:C2:4C:8A:36:56:2C:67:E8:12:D1:F5
Certificate issuer: /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial: 6280063A8C6295E0342EA5BA57FE1EB72432DC58
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232382e302f32342d3234203d3e203230343733.roa
Signing time: Mon 09 Mar 2026 13:46:48 +0000
ROA not before: Mon 09 Mar 2026 13:41:48 +0000
ROA not after: Mon 08 Mar 2027 13:46:48 +0000
asID: 20473
IP address blocks: 85.209.228.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 17 Mar 2026 03:51:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
62:80:06:3a:8c:62:95:e0:34:2e:a5:ba:57:fe:1e:b7:24:32:dc:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Validity
Not Before: Mar 9 13:41:48 2026 GMT
Not After : Mar 8 13:46:48 2027 GMT
Subject: CN=D481DCDF553204D7F4C24C8A36562C67E812D1F5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:f6:3e:b5:dd:6b:6e:ab:24:43:2c:a1:a7:88:
73:43:68:f2:8d:20:32:00:75:cb:bf:d3:e3:a3:2e:
ac:25:32:b2:83:f5:60:e7:65:47:4c:d3:cc:6d:ca:
15:57:69:b6:b7:df:d7:7d:64:9d:41:ca:14:3a:e4:
b6:ce:c0:ed:3b:c5:46:ac:71:12:ef:be:97:e5:e1:
cf:f8:2e:85:b5:6a:0c:03:15:04:dc:12:31:c3:cc:
89:4e:27:d8:88:5e:18:03:03:58:c5:e9:e0:2c:51:
93:0e:9e:25:57:ac:f6:8a:ca:c3:0e:27:5c:7f:c8:
38:ab:87:d4:92:b1:dc:35:7d:4e:5c:c0:48:52:f0:
b9:db:8b:ce:b9:a7:ef:5c:a4:4b:1d:cf:95:2f:7d:
d2:e9:22:95:42:4f:ac:69:61:e3:e5:c9:e7:32:15:
e2:2a:47:75:57:9e:bb:ee:18:75:83:42:3a:a3:2f:
ae:ea:98:91:34:b9:48:b5:e4:f2:ea:e4:8f:e7:86:
64:94:40:2a:67:f8:ca:07:84:19:42:0e:0a:32:5f:
dc:26:66:da:cc:42:1a:a3:ef:6a:1b:20:3a:d4:fa:
cc:f1:0d:67:47:e0:82:e1:4e:35:6d:5a:07:e9:e0:
dd:79:9f:ef:9b:3d:76:b5:f4:9a:06:f2:fa:59:3e:
2b:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:81:DC:DF:55:32:04:D7:F4:C2:4C:8A:36:56:2C:67:E8:12:D1:F5
X509v3 Authority Key Identifier:
keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3232382e302f32342d3234203d3e203230343733.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.228.0/24
Signature Algorithm: sha256WithRSAEncryption
78:88:e9:7d:d3:f4:c9:06:af:82:af:53:52:95:88:8b:0b:24:
6c:e5:7c:2c:f7:94:8c:75:6a:88:86:f8:0b:e3:29:1c:8a:17:
79:b3:66:ab:fb:9f:22:c4:84:69:d8:fa:53:fe:14:ec:28:3b:
79:73:71:83:6c:b7:2d:41:06:d8:67:26:e1:32:dc:ff:36:07:
ed:e3:34:a1:e1:07:de:5c:88:de:36:df:e3:57:f7:6b:66:de:
b5:fe:77:4c:ce:58:aa:79:df:e9:f6:a3:bd:5b:79:38:ca:93:
97:06:93:ac:7a:77:2c:e3:f0:7c:6b:a8:de:ff:e6:0b:fb:3a:
bc:14:f1:8c:9b:d7:ee:50:6d:0f:91:bc:61:11:6b:cc:2a:df:
1e:92:5a:d8:78:9c:20:65:13:d2:fb:6f:c5:0f:b6:7c:b7:4c:
bf:e7:e1:d4:9e:b4:fa:d2:cb:d5:a3:6e:91:23:f3:d5:7a:58:
ad:1e:64:f3:6e:79:a8:f9:76:26:2d:e8:9d:57:fb:a6:3e:0d:
8f:98:24:99:c9:15:86:e0:db:89:36:5b:88:3b:cc:b8:51:8a:
36:6c:9e:a2:17:af:7d:2e:a3:3d:92:89:ff:4a:f2:70:fe:55:
31:b6:df:80:f2:28:f8:76:6e:61:e3:1c:fe:7b:f7:89:51:49:
cd:7d:9e:cb
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUYoAGOoxileA0LqW6V/4etyQy3FgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNjAzMDkxMzQxNDhaFw0yNzAzMDgxMzQ2NDhaMDMxMTAvBgNV
BAMTKEQ0ODFEQ0RGNTUzMjA0RDdGNEMyNEM4QTM2NTYyQzY3RTgxMkQxRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR9j613WtuqyRDLKGniHNDaPKN
IDIAdcu/0+OjLqwlMrKD9WDnZUdM08xtyhVXaba339d9ZJ1ByhQ65LbOwO07xUas
cRLvvpfl4c/4LoW1agwDFQTcEjHDzIlOJ9iIXhgDA1jF6eAsUZMOniVXrPaKysMO
J1x/yDirh9SSsdw1fU5cwEhS8Lnbi865p+9cpEsdz5UvfdLpIpVCT6xpYePlyecy
FeIqR3VXnrvuGHWDQjqjL67qmJE0uUi15PLq5I/nhmSUQCpn+MoHhBlCDgoyX9wm
ZtrMQhqj72obIDrU+szxDWdH4ILhTjVtWgfp4N15n++bPXa19JoG8vpZPitRAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU1IHc31UyBNf0wkyKNlYsZ+gS0fUwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzgzNTJlMzIzMDM5MmUzMjMy
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzQzNzMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
VdHkMA0GCSqGSIb3DQEBCwUAA4IBAQB4iOl90/TJBq+Cr1NSlYiLCyRs5Xws95SM
dWqIhvgL4ykcihd5s2ar+58ixIRp2PpT/hTsKDt5c3GDbLctQQbYZybhMtz/Ngft
4zSh4QfeXIjeNt/jV/drZt61/ndMzliqed/p9qO9W3k4ypOXBpOsencs4/B8a6je
/+YL+zq8FPGMm9fuUG0PkbxhEWvMKt8eklrYeJwgZRPS+2/FD7Z8t0y/5+HUnrT6
0svVo26RI/PVelitHmTzbnmo+XYmLeidV/umPg2PmCSZyRWG4NuJNluIO8y4UYo2
bJ6iF699LqM9kon/SvJw/lUxtt+A8ij4dm5h4xz+e/eJUUnNfZ7L
-----END CERTIFICATE-----
Generated at Mon Mar 16 16:42:32 2026 by rpki-client