Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31332e302f32342d3234203d3e20323033303438.roa
File: 3231372e32352e31332e302f32342d3234203d3e20323033303438.roa (raw, json)
Hash identifier: emF4lgxVnHZ+9xIJd7lDbOPZA2U4UK1myb+9IST3mnM=
Subject key identifier: 94:DD:66:88:F3:1C:57:E3:A3:66:D9:71:5B:CE:C3:8B:56:C8:7C:84
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 6EB46C4D3B7ABFE4E81BDBC2A4E183FAA938831D
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31332e302f32342d3234203d3e20323033303438.roa
Signing time: Mon 06 Apr 2026 12:43:33 +0000
ROA not before: Mon 06 Apr 2026 12:38:33 +0000
ROA not after: Mon 05 Apr 2027 12:43:33 +0000
asID: 203048
IP address blocks: 217.25.13.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 11 Apr 2026 16:20:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:b4:6c:4d:3b:7a:bf:e4:e8:1b:db:c2:a4:e1:83:fa:a9:38:83:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Apr 6 12:38:33 2026 GMT
Not After : Apr 5 12:43:33 2027 GMT
Subject: CN=94DD6688F31C57E3A366D9715BCEC38B56C87C84
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:b8:6b:b3:e5:59:54:2a:13:25:d2:40:e4:2c:
66:03:8d:de:87:50:b1:0a:37:82:f4:3f:c6:37:5c:
e3:24:92:0c:82:3c:fc:19:9d:3c:5f:54:2a:a9:e5:
34:d4:f7:91:ea:93:57:20:61:e8:37:a0:bd:6a:f1:
82:56:68:c8:5a:fa:6d:f5:d6:a4:55:5d:c1:96:3e:
99:ca:47:f6:42:53:92:46:78:29:a8:c0:ab:cc:72:
4b:56:bb:f8:a2:88:1c:a3:88:80:0d:4d:be:65:e4:
35:49:8f:03:e1:86:80:3b:74:ce:6d:d7:c4:ef:bc:
ee:7a:31:cd:80:39:fa:7a:ae:ab:64:4d:c1:3a:c2:
ff:22:b4:7e:1a:f7:9c:38:4e:a5:bb:93:df:35:c8:
22:60:e9:fb:aa:64:e4:3a:9b:8c:44:7c:1f:4b:06:
e9:1e:16:37:72:2b:4d:f1:f4:d6:9e:15:e0:f8:75:
d2:ad:aa:e9:01:e6:35:62:af:5c:1c:ac:26:ae:6c:
2b:12:29:2c:fc:d3:19:b6:e7:1d:df:4e:63:aa:49:
fe:da:3c:b0:bd:ab:62:dd:c1:63:cd:5c:7c:54:6c:
1d:51:85:fa:65:c8:b2:3f:99:d0:01:a9:15:5d:2f:
25:6f:57:1d:fd:56:e3:8a:c0:62:86:58:82:9b:9a:
c1:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:DD:66:88:F3:1C:57:E3:A3:66:D9:71:5B:CE:C3:8B:56:C8:7C:84
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/3231372e32352e31332e302f32342d3234203d3e20323033303438.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.25.13.0/24
Signature Algorithm: sha256WithRSAEncryption
81:e2:bf:28:40:1a:ee:e5:bf:d4:20:da:83:81:c0:e4:03:44:
d9:b5:0f:22:4a:15:c2:f0:c7:46:e2:41:80:3f:c8:2f:2d:a6:
82:2e:8a:2e:05:af:62:52:50:fa:3b:38:62:cd:96:db:00:5e:
af:53:12:13:8e:4c:82:b9:f1:7d:c4:24:af:59:10:9a:2b:89:
f7:24:03:03:cd:67:ed:36:08:ff:1f:67:1c:95:5f:30:a6:70:
b5:20:25:49:35:6f:eb:5e:1d:fe:09:1e:c8:9e:3e:35:90:e1:
53:10:be:29:74:e7:20:5f:c1:87:97:1d:f1:4a:55:32:c8:05:
e7:89:d4:5a:cb:31:d5:ce:0a:94:a2:f9:af:97:42:c2:2d:63:
75:03:c5:e5:6c:c0:d8:69:da:ae:8b:a8:8c:13:7a:43:d2:f6:
c1:1b:25:63:c4:03:01:05:c9:c9:68:bc:05:f2:db:5e:87:c2:
a0:3c:29:ef:11:90:97:5d:b4:48:e9:92:f7:28:b3:98:e2:67:
91:37:e9:c4:62:c8:98:33:cb:0b:91:8e:6c:e1:c5:95:68:84:
ae:fc:3c:c6:ed:ff:33:81:ab:d7:5e:38:58:d0:ba:c0:1e:f3:
6c:c6:f5:b9:10:8b:aa:1c:14:4f:a7:7f:40:54:0e:51:d0:e6:
91:18:36:b6
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUbrRsTTt6v+ToG9vCpOGD+qk4gx0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA0MDYxMjM4MzNaFw0yNzA0MDUxMjQzMzNaMDMxMTAvBgNV
BAMTKDk0REQ2Njg4RjMxQzU3RTNBMzY2RDk3MTVCQ0VDMzhCNTZDODdDODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJuGuz5VlUKhMl0kDkLGYDjd6H
ULEKN4L0P8Y3XOMkkgyCPPwZnTxfVCqp5TTU95Hqk1cgYeg3oL1q8YJWaMha+m31
1qRVXcGWPpnKR/ZCU5JGeCmowKvMcktWu/iiiByjiIANTb5l5DVJjwPhhoA7dM5t
18TvvO56Mc2AOfp6rqtkTcE6wv8itH4a95w4TqW7k981yCJg6fuqZOQ6m4xEfB9L
BukeFjdyK03x9NaeFeD4ddKtqukB5jVir1wcrCaubCsSKSz80xm25x3fTmOqSf7a
PLC9q2LdwWPNXHxUbB1RhfplyLI/mdABqRVdLyVvVx39VuOKwGKGWIKbmsHvAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUlN1miPMcV+OjZtlxW87Di1bIfIQwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzIzMTM3MmUzMjM1MmUzMTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDMzMzAzNDM4LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
2RkNMA0GCSqGSIb3DQEBCwUAA4IBAQCB4r8oQBru5b/UINqDgcDkA0TZtQ8iShXC
8MdG4kGAP8gvLaaCLoouBa9iUlD6OzhizZbbAF6vUxITjkyCufF9xCSvWRCaK4n3
JAMDzWftNgj/H2cclV8wpnC1ICVJNW/rXh3+CR7Inj41kOFTEL4pdOcgX8GHlx3x
SlUyyAXnidRayzHVzgqUovmvl0LCLWN1A8XlbMDYadqui6iME3pD0vbBGyVjxAMB
BcnJaLwF8tteh8KgPCnvEZCXXbRI6ZL3KLOY4meRN+nEYsiYM8sLkY5s4cWVaISu
/DzG7f8zgavXXjhY0LrAHvNsxvW5EIuqHBRPp39AVA5R0OaRGDa2
-----END CERTIFICATE-----
Generated at Sat Apr 11 01:28:58 2026 by rpki-client