Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6c43d3a6-7d13-4895-959d-419b9a6eb34b/4/326131333a633863333a653866663a3a2f34382d313238203d3e20323133393030.roa
File: 326131333a633863333a653866663a3a2f34382d313238203d3e20323133393030.roa (raw, json)
Hash identifier: w4ztKM2YHXn5pHZOkaCgsj+Q7c/anVV2bOT4TNgFFAQ=
Subject key identifier: 6C:B7:6F:57:4A:62:3E:CE:D4:1D:7A:76:30:65:76:D9:76:07:3A:3D
Certificate issuer: /CN=acb5dff8a45df5cdafa2a95c715f10c5fe5f91a3
Certificate serial: 08B64316B98D479BCE54FF0FB695F8158377C9F7
Authority key identifier: AC:B5:DF:F8:A4:5D:F5:CD:AF:A2:A9:5C:71:5F:10:C5:FE:5F:91:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rLXf-KRd9c2voqlccV8Qxf5fkaM.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/6c43d3a6-7d13-4895-959d-419b9a6eb34b/4/326131333a633863333a653866663a3a2f34382d313238203d3e20323133393030.roa
Signing time: Mon 20 Apr 2026 14:06:55 +0000
ROA not before: Mon 20 Apr 2026 14:01:55 +0000
ROA not after: Mon 19 Apr 2027 14:06:55 +0000
asID: 213900
IP address blocks: 2a13:c8c3:e8ff::/48 maxlen: 128
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/6c43d3a6-7d13-4895-959d-419b9a6eb34b/4/ACB5DFF8A45DF5CDAFA2A95C715F10C5FE5F91A3.crl
rsync://rsync.paas.rpki.ripe.net/repository/6c43d3a6-7d13-4895-959d-419b9a6eb34b/4/ACB5DFF8A45DF5CDAFA2A95C715F10C5FE5F91A3.mft
rsync://rpki.ripe.net/repository/DEFAULT/rLXf-KRd9c2voqlccV8Qxf5fkaM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 30 Apr 2026 22:19:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:b6:43:16:b9:8d:47:9b:ce:54:ff:0f:b6:95:f8:15:83:77:c9:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=acb5dff8a45df5cdafa2a95c715f10c5fe5f91a3
Validity
Not Before: Apr 20 14:01:55 2026 GMT
Not After : Apr 19 14:06:55 2027 GMT
Subject: CN=6CB76F574A623ECED41D7A76306576D976073A3D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:9a:92:ab:1d:a3:09:99:13:00:df:b9:fc:16:
0c:0e:8b:96:06:65:b4:85:2e:16:17:2a:30:98:68:
c2:c4:70:58:8d:97:8d:f4:5f:a1:41:0d:b5:a1:38:
52:1f:6e:b9:99:79:a0:71:b8:79:ed:36:ed:c5:78:
8c:ad:a1:9e:8c:e8:79:14:13:2c:0d:27:11:97:f4:
6b:99:29:1d:8e:29:cc:fb:98:3b:03:1e:99:6b:31:
b0:f4:75:b9:d0:fb:be:36:6e:a0:b2:22:5c:7a:54:
4c:9b:3d:6d:44:b5:c1:e6:76:04:78:d4:f1:17:96:
8a:18:c1:53:48:22:a3:d5:99:54:d3:b5:d3:4a:4c:
88:ea:d7:92:bf:0c:cb:e5:67:2d:30:35:7b:26:88:
88:77:b3:80:25:80:cf:0b:99:ba:cd:1d:94:38:cd:
77:c6:b2:6b:76:91:ca:f7:26:4a:bd:7d:ad:ec:a8:
c1:b4:14:f1:87:39:ef:2e:8c:ab:7e:9a:31:99:89:
ef:1e:ae:cf:87:75:fe:25:77:24:db:9c:20:3d:e6:
c1:64:32:a0:1c:e6:fb:c9:7a:43:1c:92:d5:d2:88:
57:e3:77:0c:ec:75:0e:dc:03:8c:4a:2a:70:d8:53:
e1:0e:20:e3:0e:d4:e5:b0:2e:74:57:53:a4:7e:60:
72:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:B7:6F:57:4A:62:3E:CE:D4:1D:7A:76:30:65:76:D9:76:07:3A:3D
X509v3 Authority Key Identifier:
keyid:AC:B5:DF:F8:A4:5D:F5:CD:AF:A2:A9:5C:71:5F:10:C5:FE:5F:91:A3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/6c43d3a6-7d13-4895-959d-419b9a6eb34b/4/ACB5DFF8A45DF5CDAFA2A95C715F10C5FE5F91A3.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rLXf-KRd9c2voqlccV8Qxf5fkaM.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6c43d3a6-7d13-4895-959d-419b9a6eb34b/4/326131333a633863333a653866663a3a2f34382d313238203d3e20323133393030.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:c8c3:e8ff::/48
Signature Algorithm: sha256WithRSAEncryption
69:d0:9a:a5:59:1f:7e:39:6b:6d:a4:05:18:98:02:e9:aa:4e:
20:58:00:0d:fc:ac:a2:b7:d2:2b:8c:35:53:8b:a3:0a:75:c4:
d5:80:ee:de:32:bd:91:64:1c:0a:22:6d:4a:3c:e9:c7:45:1e:
ed:52:de:30:cf:9a:17:e5:70:3d:69:d0:2f:b5:71:61:9a:7d:
ed:67:c2:ee:82:d9:75:c4:c1:ec:20:43:c0:eb:39:b1:38:bd:
7d:73:a6:da:cd:54:1e:09:91:20:0f:a9:8c:d9:77:da:f5:a8:
c3:6d:5b:dd:4e:79:bd:67:5a:73:f0:dd:61:8e:dc:76:ef:74:
c3:59:ca:4e:a5:3a:b3:5c:e9:7c:c3:78:44:6d:25:4e:ba:6d:
03:d8:47:35:34:45:c2:dd:26:75:1f:f6:4c:77:af:f3:67:86:
11:10:16:54:e1:25:bd:b7:2c:3b:d1:53:ec:67:73:a3:6c:7d:
11:de:a7:de:54:12:0d:9a:22:d7:6b:29:96:05:e7:ae:35:6f:
7c:5b:40:18:ba:69:4c:84:ef:d2:6d:23:14:b5:6c:81:be:c6:
80:75:06:0e:8d:50:03:17:3c:40:30:ad:ff:f3:e3:6a:1a:2b:
8e:55:f6:4e:b4:0f:95:21:a7:b4:47:ce:90:06:08:45:74:5f:
e2:0f:2f:f4
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgIUCLZDFrmNR5vOVP8PtpX4FYN3yfcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWNiNWRmZjhhNDVkZjVjZGFmYTJhOTVjNzE1ZjEwYzVm
ZTVmOTFhMzAeFw0yNjA0MjAxNDAxNTVaFw0yNzA0MTkxNDA2NTVaMDMxMTAvBgNV
BAMTKDZDQjc2RjU3NEE2MjNFQ0VENDFEN0E3NjMwNjU3NkQ5NzYwNzNBM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwmpKrHaMJmRMA37n8FgwOi5YG
ZbSFLhYXKjCYaMLEcFiNl430X6FBDbWhOFIfbrmZeaBxuHntNu3FeIytoZ6M6HkU
EywNJxGX9GuZKR2OKcz7mDsDHplrMbD0dbnQ+742bqCyIlx6VEybPW1EtcHmdgR4
1PEXlooYwVNIIqPVmVTTtdNKTIjq15K/DMvlZy0wNXsmiIh3s4AlgM8LmbrNHZQ4
zXfGsmt2kcr3Jkq9fa3sqMG0FPGHOe8ujKt+mjGZie8ers+Hdf4ldyTbnCA95sFk
MqAc5vvJekMcktXSiFfjdwzsdQ7cA4xKKnDYU+EOIOMO1OWwLnRXU6R+YHJJAgMB
AAGjggJMMIICSDAdBgNVHQ4EFgQUbLdvV0piPs7UHXp2MGV22XYHOj0wHwYDVR0j
BBgwFoAUrLXf+KRd9c2voqlccV8Qxf5fkaMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmM0M2QzYTYtN2QxMy00ODk1LTk1OWQtNDE5YjlhNmVi
MzRiLzQvQUNCNURGRjhBNDVERjVDREFGQTJBOTVDNzE1RjEwQzVGRTVGOTFBMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JMWGYtS1JkOWMydm9xbGNjVjhReGY1
ZmthTS5jZXIwgbkGCCsGAQUFBwELBIGsMIGpMIGmBggrBgEFBQcwC4aBmXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmM0M2QzYTYt
N2QxMy00ODk1LTk1OWQtNDE5YjlhNmViMzRiLzQvMzI2MTMxMzMzYTYzMzg2MzMz
M2E2NTM4NjY2NjNhM2EyZjM0MzgyZDMxMzIzODIwM2QzZTIwMzIzMTMzMzkzMDMw
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMw
ETAPBAIAAjAJAwcAKhPIw+j/MA0GCSqGSIb3DQEBCwUAA4IBAQBp0JqlWR9+OWtt
pAUYmALpqk4gWAAN/Kyit9IrjDVTi6MKdcTVgO7eMr2RZBwKIm1KPOnHRR7tUt4w
z5oX5XA9adAvtXFhmn3tZ8Lugtl1xMHsIEPA6zmxOL19c6bazVQeCZEgD6mM2Xfa
9ajDbVvdTnm9Z1pz8N1hjtx273TDWcpOpTqzXOl8w3hEbSVOum0D2Ec1NEXC3SZ1
H/ZMd6/zZ4YREBZU4SW9tyw70VPsZ3OjbH0R3qfeVBINmiLXaymWBeeuNW98W0AY
umlMhO/SbSMUtWyBvsaAdQYOjVADFzxAMK3/8+NqGiuOVfZOtA+VIae0R86QBghF
dF/iDy/0
-----END CERTIFICATE-----
Generated at Thu Apr 30 12:47:37 2026 by rpki-client