Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3233302e302f32342d3234203d3e20313430323234.roa
File: 38352e3230392e3233302e302f32342d3234203d3e20313430323234.roa (raw, json)
Hash identifier: l2LIzKinG0BfxQ8d6ejTKmtFPNdSKUK9y0vPJ8skqFk=
Subject key identifier: 0E:CE:CD:50:28:EA:91:2D:4F:4C:56:20:DB:BF:99:F9:21:F6:BE:89
Certificate issuer: /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial: 25446D65C7F5903EC9200BC0B408892594887335
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3233302e302f32342d3234203d3e20313430323234.roa
Signing time: Tue 28 Apr 2026 12:47:07 +0000
ROA not before: Tue 28 Apr 2026 12:42:07 +0000
ROA not after: Tue 27 Apr 2027 12:47:07 +0000
asID: 140224
IP address blocks: 85.209.230.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 01 May 2026 11:57:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:44:6d:65:c7:f5:90:3e:c9:20:0b:c0:b4:08:89:25:94:88:73:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Validity
Not Before: Apr 28 12:42:07 2026 GMT
Not After : Apr 27 12:47:07 2027 GMT
Subject: CN=0ECECD5028EA912D4F4C5620DBBF99F921F6BE89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:6a:c3:12:7b:ef:33:04:5e:01:9b:57:6e:f7:
06:53:6d:82:26:f6:f4:70:c3:4a:d0:73:8e:53:98:
65:de:ed:49:a8:51:08:5e:7e:2b:38:d6:5f:c5:d5:
32:95:f3:5e:d8:c4:9a:3d:19:2b:b2:04:b1:4c:13:
2c:de:b7:6d:34:45:64:e7:92:e4:11:98:d8:4e:8d:
3f:f1:c4:c7:ec:a7:90:cf:55:e1:47:5e:8c:8e:c4:
2a:45:ac:0b:26:f4:d3:94:4c:57:48:54:06:92:7e:
ff:61:ff:63:e0:12:08:7f:05:e9:72:90:92:e0:97:
da:53:60:79:f2:9d:87:d3:77:b1:5e:f1:04:e7:65:
39:c2:1a:44:b7:6d:48:3e:c1:85:70:dc:92:51:64:
46:c5:4d:60:92:3e:1e:a1:2a:38:4d:f3:ac:9b:23:
40:fc:e0:ba:c6:50:67:0a:fe:6f:51:5d:5a:90:c7:
ba:51:3b:f8:96:84:90:0f:b4:5c:87:ff:06:34:05:
98:c1:37:98:36:1e:42:74:d9:60:ec:b1:48:76:f4:
3a:95:1e:0e:5f:fb:67:81:46:5c:cb:1f:f0:9f:53:
d4:14:37:71:a0:d3:44:63:35:ae:3e:74:0e:a7:85:
07:29:ee:2d:c3:26:c6:44:fb:7d:c4:11:37:a6:c0:
95:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:CE:CD:50:28:EA:91:2D:4F:4C:56:20:DB:BF:99:F9:21:F6:BE:89
X509v3 Authority Key Identifier:
keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/38352e3230392e3233302e302f32342d3234203d3e20313430323234.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.230.0/24
Signature Algorithm: sha256WithRSAEncryption
c1:d4:a5:5f:79:a2:dc:49:86:c0:ef:23:72:5b:19:f0:e4:b5:
da:83:0a:e0:e8:ef:18:df:7e:58:a0:ab:a5:0d:7d:e1:e1:cd:
53:b2:9e:6b:73:c1:97:60:62:d1:93:4f:43:16:39:66:0b:c5:
75:cb:e9:62:a8:b4:ee:e4:70:fa:78:58:76:ea:03:2a:4e:55:
f0:4c:3e:81:f8:b1:62:7d:04:c2:37:f3:b9:32:54:e3:12:ac:
e7:3e:d4:d5:a3:a6:85:ab:dc:0e:11:be:9f:f2:44:56:56:ad:
56:01:35:6c:56:d7:37:de:12:53:a0:b9:90:3e:cc:2f:91:06:
b3:d1:2e:e4:f8:35:c4:51:e9:dc:a3:0e:2e:6c:73:72:36:9d:
9a:54:df:88:1b:ae:50:e3:78:09:2c:cc:14:07:e7:4a:98:63:
6f:a7:64:1c:b0:7d:e4:83:c0:3f:0f:07:51:70:65:9e:e1:a0:
6a:d4:04:fe:d1:43:d6:70:28:59:88:70:df:a3:63:dc:33:4e:
01:bb:85:a7:7f:be:bd:57:d8:27:98:53:b7:32:ab:a2:74:51:
cb:75:75:7e:ce:c4:95:60:f2:d5:92:aa:bd:e5:32:48:a2:81:
6c:4b:b2:8a:7f:fe:af:cf:d6:00:94:bb:b6:cc:f2:bb:4a:db:
fb:16:b1:04
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUJURtZcf1kD7JIAvAtAiJJZSIczUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNjA0MjgxMjQyMDdaFw0yNzA0MjcxMjQ3MDdaMDMxMTAvBgNV
BAMTKDBFQ0VDRDUwMjhFQTkxMkQ0RjRDNTYyMERCQkY5OUY5MjFGNkJFODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtasMSe+8zBF4Bm1du9wZTbYIm
9vRww0rQc45TmGXe7UmoUQhefis41l/F1TKV817YxJo9GSuyBLFMEyzet200RWTn
kuQRmNhOjT/xxMfsp5DPVeFHXoyOxCpFrAsm9NOUTFdIVAaSfv9h/2PgEgh/Bely
kJLgl9pTYHnynYfTd7Fe8QTnZTnCGkS3bUg+wYVw3JJRZEbFTWCSPh6hKjhN86yb
I0D84LrGUGcK/m9RXVqQx7pRO/iWhJAPtFyH/wY0BZjBN5g2HkJ02WDssUh29DqV
Hg5f+2eBRlzLH/CfU9QUN3Gg00RjNa4+dA6nhQcp7i3DJsZE+33EETemwJUfAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUDs7NUCjqkS1PTFYg27+Z+SH2vokwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzgzNTJlMzIzMDM5MmUzMjMz
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM0MzAzMjMyMzQucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV0eYwDQYJKoZIhvcNAQELBQADggEBAMHUpV95otxJhsDvI3JbGfDktdqDCuDo
7xjffligq6UNfeHhzVOynmtzwZdgYtGTT0MWOWYLxXXL6WKotO7kcPp4WHbqAypO
VfBMPoH4sWJ9BMI387kyVOMSrOc+1NWjpoWr3A4Rvp/yRFZWrVYBNWxW1zfeElOg
uZA+zC+RBrPRLuT4NcRR6dyjDi5sc3I2nZpU34gbrlDjeAkszBQH50qYY2+nZByw
feSDwD8PB1FwZZ7hoGrUBP7RQ9ZwKFmIcN+jY9wzTgG7had/vr1X2CeYU7cyq6J0
Uct1dX7OxJVg8tWSqr3lMkiigWxLsop//q/P1gCUu7bM8rtK2/sWsQQ=
-----END CERTIFICATE-----
Generated at Fri May 1 01:20:59 2026 by rpki-client