Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e352e302f32342d3234203d3e20343032323938.roa
File: 38372e3235342e352e302f32342d3234203d3e20343032323938.roa (raw, json)
Hash identifier: r8wZcVYG3Cambk4W0fP5ysp6wx4+nPjYzmzwkP5F3dU=
Subject key identifier: F2:48:2C:85:10:D8:8A:29:DC:0D:58:EA:91:D7:82:44:20:92:EB:CD
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 2B6FE44F7DF23456993BFDE4A3CE5DD6E6324370
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e352e302f32342d3234203d3e20343032323938.roa
Signing time: Wed 29 Apr 2026 17:10:27 +0000
ROA not before: Wed 29 Apr 2026 17:05:27 +0000
ROA not after: Wed 28 Apr 2027 17:10:27 +0000
asID: 402298
IP address blocks: 87.254.5.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 01 May 2026 14:07:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:6f:e4:4f:7d:f2:34:56:99:3b:fd:e4:a3:ce:5d:d6:e6:32:43:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Apr 29 17:05:27 2026 GMT
Not After : Apr 28 17:10:27 2027 GMT
Subject: CN=F2482C8510D88A29DC0D58EA91D782442092EBCD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:9c:78:7c:c7:70:f2:b7:7b:5f:68:98:d6:d0:
6a:11:31:79:6d:42:c8:d8:e1:65:ac:59:73:af:80:
95:eb:26:15:d6:04:ab:63:a5:23:ec:5b:71:21:df:
03:3f:a1:20:6e:4a:19:ea:6d:d7:27:0a:6b:f0:eb:
e9:ba:3d:4f:2f:6f:94:c7:df:20:ab:0d:6e:7f:c0:
1b:ff:34:ef:3d:ef:9f:9f:15:1b:79:91:9d:75:a6:
1a:45:33:df:99:15:29:bd:a3:71:74:98:7e:e4:39:
6c:29:48:b9:99:2c:93:73:01:4b:49:df:9b:5a:f0:
e6:70:db:52:3b:6b:b9:7b:95:e4:21:06:71:c1:cd:
eb:23:6e:95:80:5c:50:52:d4:c3:95:42:8d:cc:9c:
1d:4f:8f:3a:0e:87:db:0f:0f:6f:5f:ce:f9:78:e7:
d7:c2:c8:d7:e1:3a:c8:8f:a4:66:f6:bb:a2:b0:aa:
53:46:8a:5d:18:06:72:cd:d6:09:91:98:df:df:ab:
39:48:57:ab:25:d7:97:37:0b:97:26:4f:68:61:57:
58:bf:8b:0d:4b:dd:2c:41:8a:d0:3a:58:aa:47:95:
e5:a3:09:8b:c0:cb:56:53:f2:4c:5a:45:a9:cc:c9:
d6:24:79:71:e6:3e:2f:1c:46:3c:83:1a:f0:4d:22:
88:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:48:2C:85:10:D8:8A:29:DC:0D:58:EA:91:D7:82:44:20:92:EB:CD
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e352e302f32342d3234203d3e20343032323938.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.5.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:f9:b4:23:07:e6:8c:6d:e3:40:78:ed:2e:42:a1:e8:b4:53:
d7:54:28:b6:46:ae:85:f9:9d:2f:86:bb:d4:a1:d4:b4:dc:6a:
34:e7:ad:38:7e:5f:8b:35:7a:d4:01:aa:16:f8:44:e9:72:84:
94:04:e3:28:99:05:4b:73:c3:0b:4d:4e:96:09:30:2d:24:ca:
d4:08:03:c3:f5:5b:a5:32:ef:28:6c:58:c4:3d:7d:56:ad:9b:
82:03:8c:9c:01:65:cd:68:ac:1e:4f:c8:1e:f1:5a:4c:3c:77:
f0:9f:5e:b6:97:64:00:24:da:ad:30:09:b2:c0:7e:0a:1c:b7:
e6:46:08:38:32:a4:d7:c7:9e:54:6e:bf:cf:2d:3e:3c:52:c4:
c9:69:35:00:5a:95:0f:a4:7d:78:c6:f8:06:40:ec:33:28:77:
a6:a9:af:1c:62:a4:d7:41:2f:89:2e:e2:40:f3:dd:09:27:b6:
3c:01:26:c6:c3:02:e0:c9:45:3b:22:9b:60:e9:0b:e7:d7:3f:
f0:a7:a2:1f:77:8d:c0:9d:3d:02:42:31:84:bd:45:23:7f:59:
d0:ad:34:be:32:64:c7:4f:c3:66:c5:83:84:b9:25:37:2d:3f:
27:ea:c4:5e:b7:92:39:16:35:f9:bc:3e:ae:6f:54:aa:90:7a:
de:58:63:e7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUK2/kT33yNFaZO/3ko85d1uYyQ3AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA0MjkxNzA1MjdaFw0yNzA0MjgxNzEwMjdaMDMxMTAvBgNV
BAMTKEYyNDgyQzg1MTBEODhBMjlEQzBENThFQTkxRDc4MjQ0MjA5MkVCQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUnHh8x3Dyt3tfaJjW0GoRMXlt
QsjY4WWsWXOvgJXrJhXWBKtjpSPsW3Eh3wM/oSBuShnqbdcnCmvw6+m6PU8vb5TH
3yCrDW5/wBv/NO8975+fFRt5kZ11phpFM9+ZFSm9o3F0mH7kOWwpSLmZLJNzAUtJ
35ta8OZw21I7a7l7leQhBnHBzesjbpWAXFBS1MOVQo3MnB1PjzoOh9sPD29fzvl4
59fCyNfhOsiPpGb2u6KwqlNGil0YBnLN1gmRmN/fqzlIV6sl15c3C5cmT2hhV1i/
iw1L3SxBitA6WKpHleWjCYvAy1ZT8kxaRanMydYkeXHmPi8cRjyDGvBNIoi/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8kgshRDYiincDVjqkdeCRCCS680wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMjMyMzkzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf+
BTANBgkqhkiG9w0BAQsFAAOCAQEAivm0IwfmjG3jQHjtLkKh6LRT11Qotkauhfmd
L4a71KHUtNxqNOetOH5fizV61AGqFvhE6XKElATjKJkFS3PDC01OlgkwLSTK1AgD
w/VbpTLvKGxYxD19Vq2bggOMnAFlzWisHk/IHvFaTDx38J9etpdkACTarTAJssB+
Chy35kYIODKk18eeVG6/zy0+PFLEyWk1AFqVD6R9eMb4BkDsMyh3pqmvHGKk10Ev
iS7iQPPdCSe2PAEmxsMC4MlFOyKbYOkL59c/8KeiH3eNwJ09AkIxhL1FI39Z0K00
vjJkx0/DZsWDhLklNy0/J+rEXreSORY1+bw+rm9UqpB63lhj5w==
-----END CERTIFICATE-----
Generated at Thu Apr 30 17:26:34 2026 by rpki-client