Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e302e302f32342d3234203d3e20343032323938.roa
File: 3231372e32352e302e302f32342d3234203d3e20343032323938.roa (raw, json)
Hash identifier: Mm8PewrJPji0CPkMrVcyWK2eAlHnKJC88mGQrJK+Buw=
Subject key identifier: 0C:A4:F3:57:E1:92:24:5E:B7:E7:15:8F:4A:73:3F:FA:F4:40:72:2C
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 70C6DE91EF6073BDFB489DF27A34FC4BA7C9DE8C
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e302e302f32342d3234203d3e20343032323938.roa
Signing time: Wed 29 Apr 2026 17:10:28 +0000
ROA not before: Wed 29 Apr 2026 17:05:28 +0000
ROA not after: Wed 28 Apr 2027 17:10:28 +0000
asID: 402298
IP address blocks: 217.25.0.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 01 May 2026 14:07:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
70:c6:de:91:ef:60:73:bd:fb:48:9d:f2:7a:34:fc:4b:a7:c9:de:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Apr 29 17:05:28 2026 GMT
Not After : Apr 28 17:10:28 2027 GMT
Subject: CN=0CA4F357E192245EB7E7158F4A733FFAF440722C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:3f:77:34:3a:b9:7c:3f:73:6f:bf:de:0f:54:
2f:82:0d:48:ac:b1:cf:64:15:4b:2a:ce:f7:f8:f8:
33:27:58:7a:fc:81:ad:b5:25:50:7c:f0:d4:d8:fb:
44:99:58:8c:ad:9c:d3:c1:f2:08:20:55:57:8f:c7:
0d:2e:37:f0:02:eb:ac:9b:a5:8c:6b:20:d8:c3:a5:
53:88:d2:40:d4:6e:dd:71:b9:49:79:c3:b8:3a:39:
f4:95:cc:05:9c:33:ee:3b:aa:8f:cd:f7:28:d1:57:
8c:e6:0d:6a:80:2c:24:e6:e5:a7:ab:b6:ed:c4:6c:
9d:e5:60:68:9e:ce:a5:35:dc:d9:02:b7:21:4a:2b:
82:4a:c8:a6:6c:9e:71:99:c0:e4:e2:49:4b:46:b9:
48:1a:84:4b:73:07:50:08:e9:45:d3:11:98:77:bf:
69:aa:ba:de:c1:6f:42:29:5a:0e:99:88:25:6c:51:
02:3f:47:88:f9:b8:65:95:2d:9c:ca:7a:46:aa:b8:
32:8e:f5:0f:e0:04:39:f3:c5:da:47:b1:7a:a1:ca:
cf:89:8c:65:37:9b:a7:77:a5:f7:3c:da:19:08:a7:
11:18:2d:8e:a7:f6:a2:52:9c:2e:17:de:43:30:67:
99:4a:3f:6b:03:66:19:2e:17:d8:25:2a:ad:8d:5f:
0d:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:A4:F3:57:E1:92:24:5E:B7:E7:15:8F:4A:73:3F:FA:F4:40:72:2C
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e302e302f32342d3234203d3e20343032323938.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.25.0.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:af:42:b9:57:7b:a3:16:01:a6:3d:ca:a1:93:32:ca:9c:d7:
e3:85:40:e1:a8:28:91:51:50:8a:51:bc:44:36:e2:b0:eb:f8:
f8:a3:e5:7e:22:96:d0:4c:ea:ce:c9:77:71:e7:7b:1b:ee:c0:
1f:07:6e:ec:60:b0:f0:50:41:98:29:c8:f7:06:01:58:2b:34:
ad:92:44:97:69:28:8a:ba:4b:8d:90:ca:8b:fc:14:5c:c6:79:
fb:85:e3:f6:ad:58:72:52:29:d9:6a:b5:e8:b1:fc:9a:93:19:
df:4d:da:bb:4a:42:15:76:ab:5d:17:b2:20:01:8a:82:b8:86:
99:e8:5f:3e:be:8e:51:2d:7f:4d:8c:ad:85:b9:5b:4b:fe:40:
27:2d:be:21:51:1c:7f:a6:ea:1d:58:22:5f:d0:37:ed:2e:64:
4b:dd:f6:bc:b9:86:46:3f:42:6d:c0:59:90:6e:b3:91:ac:11:
f2:30:9e:76:9c:bc:b8:9b:53:4b:7d:87:df:5a:cd:f5:10:9f:
e2:2f:a9:5c:ea:f2:51:66:81:22:8e:df:7a:02:e5:e8:e9:85:
13:79:cd:43:af:fb:9c:79:75:0b:9c:52:59:37:a8:6a:27:30:
e2:a5:b9:d9:f3:33:41:6f:f2:db:70:cc:64:77:3b:52:4f:c9:
52:dd:a2:5f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcMbeke9gc737SJ3yejT8S6fJ3owwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA0MjkxNzA1MjhaFw0yNzA0MjgxNzEwMjhaMDMxMTAvBgNV
BAMTKDBDQTRGMzU3RTE5MjI0NUVCN0U3MTU4RjRBNzMzRkZBRjQ0MDcyMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqP3c0Orl8P3Nvv94PVC+CDUis
sc9kFUsqzvf4+DMnWHr8ga21JVB88NTY+0SZWIytnNPB8gggVVePxw0uN/AC66yb
pYxrINjDpVOI0kDUbt1xuUl5w7g6OfSVzAWcM+47qo/N9yjRV4zmDWqALCTm5aer
tu3EbJ3lYGiezqU13NkCtyFKK4JKyKZsnnGZwOTiSUtGuUgahEtzB1AI6UXTEZh3
v2mqut7Bb0IpWg6ZiCVsUQI/R4j5uGWVLZzKekaquDKO9Q/gBDnzxdpHsXqhys+J
jGU3m6d3pfc82hkIpxEYLY6n9qJSnC4X3kMwZ5lKP2sDZhkuF9glKq2NXw0ZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDKTzV+GSJF635xWPSnM/+vRAciwwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMjMyMzkzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkZ
ADANBgkqhkiG9w0BAQsFAAOCAQEAHa9CuVd7oxYBpj3KoZMyypzX44VA4agokVFQ
ilG8RDbisOv4+KPlfiKW0Ezqzsl3ced7G+7AHwdu7GCw8FBBmCnI9wYBWCs0rZJE
l2koirpLjZDKi/wUXMZ5+4Xj9q1YclIp2Wq16LH8mpMZ303au0pCFXarXReyIAGK
griGmehfPr6OUS1/TYythblbS/5AJy2+IVEcf6bqHVgiX9A37S5kS932vLmGRj9C
bcBZkG6zkawR8jCedpy8uJtTS32H31rN9RCf4i+pXOryUWaBIo7fegLl6OmFE3nN
Q6/7nHl1C5xSWTeoaicw4qW52fMzQW/y23DMZHc7Uk/JUt2iXw==
-----END CERTIFICATE-----
Generated at Thu Apr 30 17:26:47 2026 by rpki-client