Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31302e302f32342d3234203d3e20343032333036.roa
File: 3231372e32352e31302e302f32342d3234203d3e20343032333036.roa (raw, json)
Hash identifier: T4L7hpUsN96XAnCcalrDDFJMTolwuXEA3K6ws92IWq0=
Subject key identifier: 22:4F:D7:7B:2A:61:C0:25:9C:FC:99:E0:27:E7:60:E7:B2:99:55:98
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 665EE023686EE5C9AD543C1A75316A4E87C443B3
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31302e302f32342d3234203d3e20343032333036.roa
Signing time: Thu 23 Apr 2026 07:05:35 +0000
ROA not before: Thu 23 Apr 2026 07:00:35 +0000
ROA not after: Thu 22 Apr 2027 07:05:35 +0000
asID: 402306
IP address blocks: 217.25.10.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Apr 2026 05:25:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:5e:e0:23:68:6e:e5:c9:ad:54:3c:1a:75:31:6a:4e:87:c4:43:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Apr 23 07:00:35 2026 GMT
Not After : Apr 22 07:05:35 2027 GMT
Subject: CN=224FD77B2A61C0259CFC99E027E760E7B2995598
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:91:2b:fe:1e:1f:17:bf:06:46:21:a6:7b:b8:
9a:74:5d:11:50:5b:b4:80:84:64:a3:f0:88:d3:74:
9d:89:eb:e2:9b:ee:f6:ad:7f:9e:14:87:f3:19:da:
6a:eb:e4:63:a8:1e:ed:90:02:d3:24:2a:ba:be:28:
85:ab:83:ba:9c:ee:e5:5e:88:09:33:7d:18:76:6f:
ac:c2:1e:57:77:01:e2:f9:52:36:f9:6f:1c:5b:85:
87:69:5f:98:d2:5e:60:b4:d2:07:9d:3b:2a:8b:51:
33:fc:2e:9a:f5:6e:a2:ce:14:31:4e:c0:a9:b3:01:
9c:85:0f:92:7c:ef:78:27:77:68:0b:d3:f6:cd:a0:
41:dc:be:6d:19:64:76:d8:e8:f7:0a:49:6b:d5:6d:
50:9c:33:0b:4f:94:cd:3d:a0:11:44:d4:1b:00:13:
a8:05:d6:04:be:1e:d4:7a:cb:c3:70:50:be:46:5c:
52:ae:4a:ad:30:5d:2c:e4:b7:fb:11:85:fa:fb:b3:
58:9d:5d:53:b3:5c:24:09:5a:7b:a6:11:a8:1a:68:
8e:3c:c3:ad:83:65:92:de:c3:b8:3b:fb:df:be:1b:
b7:45:2a:ae:b0:d5:93:12:1e:c8:ec:4e:e9:7b:b3:
c1:15:5e:45:97:40:aa:58:8b:b0:0d:09:78:65:25:
e8:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:4F:D7:7B:2A:61:C0:25:9C:FC:99:E0:27:E7:60:E7:B2:99:55:98
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31302e302f32342d3234203d3e20343032333036.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.25.10.0/24
Signature Algorithm: sha256WithRSAEncryption
17:a9:b3:9e:35:54:53:4b:4d:69:12:84:05:ea:68:60:bb:36:
a1:9d:c5:f9:ed:bc:c0:b1:8b:02:ef:8c:45:41:71:33:3b:41:
63:46:09:3c:23:c9:ee:a5:61:16:9c:35:7e:9b:67:d1:86:e9:
6f:24:07:c8:2e:a5:15:9f:19:dd:77:51:0e:e1:b7:9c:53:dc:
12:2e:94:86:b4:9f:1e:61:e7:6e:2d:ce:b8:c4:d9:6c:0d:dd:
3d:7c:22:e9:97:32:d3:b6:d8:28:04:62:5a:1d:18:ca:0a:81:
b9:13:4b:2d:3a:dc:f1:17:02:a0:f3:04:88:f7:96:3b:e3:25:
8d:db:f8:61:b5:67:ed:28:2f:d8:3c:17:4e:6d:41:d2:cd:7e:
d1:0c:7a:b7:2b:ef:b4:26:e7:13:85:e7:57:c1:d8:e9:65:b3:
66:0c:1c:09:ae:a2:f7:f5:42:ce:0c:6d:68:d8:ee:7b:4a:81:
25:48:1e:5d:22:28:41:bf:82:64:d3:c6:c0:8a:68:a6:51:e6:
40:b6:89:55:bb:e3:df:08:97:15:e2:73:7d:6c:a8:67:1f:e8:
9c:75:df:4e:0f:53:59:64:b5:56:0b:84:ac:04:87:d5:fd:93:
c5:04:ef:db:20:dd:73:d3:f8:ea:5b:17:5d:7c:f6:de:7f:3d:
28:e5:d8:92
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUZl7gI2hu5cmtVDwadTFqTofEQ7MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA0MjMwNzAwMzVaFw0yNzA0MjIwNzA1MzVaMDMxMTAvBgNV
BAMTKDIyNEZENzdCMkE2MUMwMjU5Q0ZDOTlFMDI3RTc2MEU3QjI5OTU1OTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBkSv+Hh8XvwZGIaZ7uJp0XRFQ
W7SAhGSj8IjTdJ2J6+Kb7vatf54Uh/MZ2mrr5GOoHu2QAtMkKrq+KIWrg7qc7uVe
iAkzfRh2b6zCHld3AeL5Ujb5bxxbhYdpX5jSXmC00gedOyqLUTP8Lpr1bqLOFDFO
wKmzAZyFD5J873gnd2gL0/bNoEHcvm0ZZHbY6PcKSWvVbVCcMwtPlM09oBFE1BsA
E6gF1gS+HtR6y8NwUL5GXFKuSq0wXSzkt/sRhfr7s1idXVOzXCQJWnumEagaaI48
w62DZZLew7g7+9++G7dFKq6w1ZMSHsjsTul7s8EVXkWXQKpYi7ANCXhlJehDAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUIk/XeyphwCWc/JngJ+dg57KZVZgwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMDMyMzMzMDM2LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
2RkKMA0GCSqGSIb3DQEBCwUAA4IBAQAXqbOeNVRTS01pEoQF6mhguzahncX57bzA
sYsC74xFQXEzO0FjRgk8I8nupWEWnDV+m2fRhulvJAfILqUVnxndd1EO4becU9wS
LpSGtJ8eYeduLc64xNlsDd09fCLplzLTttgoBGJaHRjKCoG5E0stOtzxFwKg8wSI
95Y74yWN2/hhtWftKC/YPBdObUHSzX7RDHq3K++0JucThedXwdjpZbNmDBwJrqL3
9ULODG1o2O57SoElSB5dIihBv4Jk08bAimimUeZAtolVu+PfCJcV4nN9bKhnH+ic
dd9OD1NZZLVWC4SsBIfV/ZPFBO/bIN1z0/jqWxddfPbefz0o5diS
-----END CERTIFICATE-----
Generated at Mon Apr 27 11:15:38 2026 by rpki-client