Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e33312e302f32342d3234203d3e20323132333834.roa
File: 38372e3235342e33312e302f32342d3234203d3e20323132333834.roa (raw, json)
Hash identifier: kuBs6hElF6wxCmWKuqHdTsZI2vk91hngsz1GJVgyb1o=
Subject key identifier: EA:54:26:CE:E1:72:0B:A2:5A:2F:70:7F:F4:55:B2:F5:42:4C:EB:DB
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 4D3DB76914EBCA103D3EED21892E7DD84170C9D7
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e33312e302f32342d3234203d3e20323132333834.roa
Signing time: Mon 02 Mar 2026 11:38:38 +0000
ROA not before: Mon 02 Mar 2026 11:33:38 +0000
ROA not after: Mon 01 Mar 2027 11:38:38 +0000
asID: 212384
IP address blocks: 87.254.31.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 06 Mar 2026 16:05:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:3d:b7:69:14:eb:ca:10:3d:3e:ed:21:89:2e:7d:d8:41:70:c9:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Mar 2 11:33:38 2026 GMT
Not After : Mar 1 11:38:38 2027 GMT
Subject: CN=EA5426CEE1720BA25A2F707FF455B2F5424CEBDB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:4b:66:f6:f0:c3:2a:08:fc:26:a8:8b:a7:69:
2e:8a:d0:8d:a4:09:18:0e:06:dc:54:d3:3c:50:38:
be:21:98:24:93:99:a5:6e:da:15:81:f5:90:3d:f3:
78:29:3b:e6:72:40:a6:f1:b0:b3:b7:21:ec:e7:35:
56:5f:b1:b2:ce:79:ff:69:15:d7:dc:32:aa:46:2d:
3b:f6:aa:bc:cf:33:cb:3b:66:84:1a:3e:94:9f:a4:
32:7e:57:07:a6:a5:64:69:88:7a:17:6c:78:ad:dd:
21:94:e3:c8:83:18:00:c3:f0:1d:6c:fd:21:89:d8:
cb:32:cf:e2:49:87:b5:d1:80:61:a3:8f:43:79:a1:
b5:b5:95:fe:35:d5:41:7d:8c:24:3b:8b:63:05:a2:
7a:63:f4:32:df:92:ac:c8:ba:56:3a:36:49:72:8a:
2b:99:89:70:c8:38:2a:92:39:d1:d1:69:0e:da:f1:
d6:dd:87:39:92:71:c9:9e:b9:64:2b:80:0c:5b:fa:
7b:78:f7:a3:ab:8f:07:44:f0:8a:da:3b:0d:83:ac:
61:cb:57:57:ab:2e:01:7b:73:d6:29:bd:7b:e5:5e:
77:ad:17:36:de:13:41:a6:aa:ac:40:83:68:35:76:
cd:d2:74:4d:72:78:20:04:a1:7e:c4:15:b8:2b:eb:
05:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:54:26:CE:E1:72:0B:A2:5A:2F:70:7F:F4:55:B2:F5:42:4C:EB:DB
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e33312e302f32342d3234203d3e20323132333834.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.31.0/24
Signature Algorithm: sha256WithRSAEncryption
01:44:6f:51:11:b9:a2:cd:40:2f:c5:1b:54:7c:ac:f4:6e:85:
b9:a5:34:49:b6:1d:b9:49:1a:f3:11:53:5b:29:80:ca:a0:13:
75:50:93:74:92:6b:46:db:65:33:d4:be:72:d9:ab:22:c4:dc:
5e:92:7e:5e:a7:9d:a5:79:32:84:20:9c:89:92:22:4a:16:14:
bc:4e:a2:6f:ff:54:42:14:f3:b2:07:4d:c9:81:96:77:39:61:
06:ed:a6:19:37:7f:ff:ef:3d:f8:4f:2b:66:b1:2f:d9:d5:c3:
15:db:d0:05:6b:ca:40:52:28:0d:d9:0c:e2:0f:f2:d8:9e:43:
6b:1c:54:7a:79:09:87:8f:e0:98:2a:d0:fc:30:f2:a5:f7:d3:
a3:d9:1d:6d:d5:9e:03:75:a4:06:86:06:a5:d5:34:f5:30:db:
81:3d:4d:1f:cf:7f:67:02:c0:63:f3:da:86:06:89:b7:ef:27:
9d:52:9d:8d:ff:c0:1f:2d:0f:4d:b3:58:50:82:a3:4f:17:75:
f2:9a:20:ef:bc:42:f6:5c:8b:01:4c:89:e3:bb:01:2b:4b:45:
48:a9:b6:56:40:f5:97:61:f8:39:a9:fb:82:f4:20:51:5b:74:
33:fd:87:67:70:9e:18:5d:d5:fa:83:94:07:62:46:40:54:65:
35:1b:c2:dc
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUTT23aRTryhA9Pu0hiS592EFwydcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjAzMDIxMTMzMzhaFw0yNzAzMDExMTM4MzhaMDMxMTAvBgNV
BAMTKEVBNTQyNkNFRTE3MjBCQTI1QTJGNzA3RkY0NTVCMkY1NDI0Q0VCREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3S2b28MMqCPwmqIunaS6K0I2k
CRgOBtxU0zxQOL4hmCSTmaVu2hWB9ZA983gpO+ZyQKbxsLO3IeznNVZfsbLOef9p
FdfcMqpGLTv2qrzPM8s7ZoQaPpSfpDJ+VwempWRpiHoXbHit3SGU48iDGADD8B1s
/SGJ2Msyz+JJh7XRgGGjj0N5obW1lf411UF9jCQ7i2MFonpj9DLfkqzIulY6Nkly
iiuZiXDIOCqSOdHRaQ7a8dbdhzmSccmeuWQrgAxb+nt496OrjwdE8IraOw2DrGHL
V1erLgF7c9YpvXvlXnetFzbeE0GmqqxAg2g1ds3SdE1yeCAEoX7EFbgr6wU7AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU6lQmzuFyC6JaL3B/9FWy9UJM69swHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMyMzMzODM0LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
V/4fMA0GCSqGSIb3DQEBCwUAA4IBAQABRG9REbmizUAvxRtUfKz0boW5pTRJth25
SRrzEVNbKYDKoBN1UJN0kmtG22Uz1L5y2asixNxekn5ep52leTKEIJyJkiJKFhS8
TqJv/1RCFPOyB03JgZZ3OWEG7aYZN3//7z34TytmsS/Z1cMV29AFa8pAUigN2Qzi
D/LYnkNrHFR6eQmHj+CYKtD8MPKl99Oj2R1t1Z4DdaQGhgal1TT1MNuBPU0fz39n
AsBj89qGBom37yedUp2N/8AfLQ9Ns1hQgqNPF3XymiDvvEL2XIsBTInjuwErS0VI
qbZWQPWXYfg5qfuC9CBRW3Qz/YdncJ4YXdX6g5QHYkZAVGU1G8Lc
-----END CERTIFICATE-----
Generated at Thu Mar 5 23:32:51 2026 by rpki-client