Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3132382e302f32342d3234203d3e20383334.roa
File: 3139352e35382e3132382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier: QM21jtEuqlBalyavsqDDevZfaBWKSU6CmvaikSZXRgU=
Subject key identifier: 43:8C:89:91:04:44:D4:E1:3F:F7:46:8A:1A:A5:B0:26:26:2F:CD:A6
Certificate issuer: /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial: 31CE35D6AD3CF9EEED7CAD5A78105E838322734C
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3132382e302f32342d3234203d3e20383334.roa
Signing time: Fri 26 Jun 2026 19:09:01 +0000
ROA not before: Fri 26 Jun 2026 19:04:01 +0000
ROA not after: Fri 25 Jun 2027 19:09:01 +0000
asID: 834
IP address blocks: 195.58.128.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 29 Jun 2026 19:47:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
31:ce:35:d6:ad:3c:f9:ee:ed:7c:ad:5a:78:10:5e:83:83:22:73:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Validity
Not Before: Jun 26 19:04:01 2026 GMT
Not After : Jun 25 19:09:01 2027 GMT
Subject: CN=438C89910444D4E13FF7468A1AA5B026262FCDA6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:eb:71:1d:9b:60:cf:6e:c4:cd:39:8c:65:42:
8a:0b:08:3f:bb:a1:e7:b4:c4:7a:b3:d6:f0:8b:e8:
2b:2f:2d:23:f9:0e:83:7a:8d:ea:db:5c:14:83:b7:
87:32:6d:b4:63:e0:93:54:c5:46:24:e8:d5:82:9c:
df:76:45:84:c3:bb:b8:d9:14:f6:4a:e3:61:ae:7f:
65:6f:2b:0f:b8:ba:4e:69:a9:bf:52:0f:53:e3:a5:
d6:8d:61:4c:5a:5f:e4:87:03:c8:0d:47:b4:bd:4a:
0c:c2:74:d5:21:81:be:e7:8d:11:52:c0:d7:c9:9b:
46:b9:a0:2c:bf:0e:5d:fb:86:0b:a0:77:06:bc:52:
a7:79:e7:cd:88:bf:2d:b2:20:b3:63:72:11:d8:43:
38:cc:c6:6d:aa:89:88:08:90:a0:b6:70:ad:26:c3:
bc:16:d3:12:ce:98:8a:c6:8a:94:26:25:91:54:d8:
f3:9d:ad:ce:b0:63:cc:ae:7b:75:91:3f:56:d8:5e:
86:d6:24:6e:f3:bc:a5:0e:99:2f:24:03:40:de:e8:
34:e6:35:9e:6a:2c:0e:ab:13:9c:e1:da:3b:9d:a0:
66:7e:5a:f2:e2:0c:97:1d:df:2d:ee:55:e6:9b:65:
55:3f:2b:be:41:55:e0:29:83:b9:21:f8:ea:a4:58:
89:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:8C:89:91:04:44:D4:E1:3F:F7:46:8A:1A:A5:B0:26:26:2F:CD:A6
X509v3 Authority Key Identifier:
keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3132382e302f32342d3234203d3e20383334.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.58.128.0/24
Signature Algorithm: sha256WithRSAEncryption
90:0f:1f:26:9b:e9:75:7f:a5:41:2f:dd:49:8f:1c:3d:25:ff:
b1:79:24:ca:6d:1b:84:32:cb:68:4d:4b:95:36:ea:09:6a:78:
78:5f:07:6f:96:fb:fd:6d:f0:8c:bc:bc:92:41:2c:de:d6:f8:
08:bb:79:3e:d6:32:1d:a3:8b:39:b0:2f:f3:97:26:fa:3a:bd:
e3:e4:b1:19:39:69:ed:7a:a7:50:41:f8:80:6b:aa:6e:4d:95:
1e:97:42:db:48:91:9c:d7:ba:5c:c0:8a:38:d5:76:40:23:79:
7a:d2:40:3a:91:01:ed:bd:e7:ff:c6:43:8a:2e:17:25:27:2f:
8a:7e:eb:f5:6a:da:44:d1:cf:70:7c:0c:8d:d8:02:60:16:a8:
21:b7:c0:b9:41:c8:19:4f:47:91:d8:f1:f8:16:9e:42:60:86:
c1:6b:2f:1b:40:57:68:91:2d:a0:e9:e5:15:06:11:c0:ea:4d:
5d:bc:3e:1d:31:08:1d:cd:89:8b:50:81:78:c8:71:a4:18:f2:
75:84:92:71:91:e0:5d:3c:0a:eb:b5:b9:63:c2:22:06:0a:7b:
91:b1:7f:9c:3e:54:1a:76:b2:10:69:9b:41:5d:a8:6f:1c:a0:
97:c6:ab:23:a1:34:2c:21:3c:dd:57:6a:b4:42:69:f5:d2:1e:
fc:c0:67:b5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUMc411q08+e7tfK1aeBBeg4Mic0wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjA2MjYxOTA0MDFaFw0yNzA2MjUxOTA5MDFaMDMxMTAvBgNV
BAMTKDQzOEM4OTkxMDQ0NEQ0RTEzRkY3NDY4QTFBQTVCMDI2MjYyRkNEQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC263Edm2DPbsTNOYxlQooLCD+7
oee0xHqz1vCL6CsvLSP5DoN6jerbXBSDt4cybbRj4JNUxUYk6NWCnN92RYTDu7jZ
FPZK42Guf2VvKw+4uk5pqb9SD1PjpdaNYUxaX+SHA8gNR7S9SgzCdNUhgb7njRFS
wNfJm0a5oCy/Dl37hgugdwa8Uqd5582Ivy2yILNjchHYQzjMxm2qiYgIkKC2cK0m
w7wW0xLOmIrGipQmJZFU2POdrc6wY8yue3WRP1bYXobWJG7zvKUOmS8kA0De6DTm
NZ5qLA6rE5zh2judoGZ+WvLiDJcd3y3uVeabZVU/K75BVeApg7kh+OqkWIlDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUQ4yJkQRE1OE/90aKGqWwJiYvzaYwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM1MmUzNTM4MmUzMTMy
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDOoAw
DQYJKoZIhvcNAQELBQADggEBAJAPHyab6XV/pUEv3UmPHD0l/7F5JMptG4Qyy2hN
S5U26glqeHhfB2+W+/1t8Iy8vJJBLN7W+Ai7eT7WMh2jizmwL/OXJvo6vePksRk5
ae16p1BB+IBrqm5NlR6XQttIkZzXulzAijjVdkAjeXrSQDqRAe295//GQ4ouFyUn
L4p+6/Vq2kTRz3B8DI3YAmAWqCG3wLlByBlPR5HY8fgWnkJghsFrLxtAV2iRLaDp
5RUGEcDqTV28Ph0xCB3NiYtQgXjIcaQY8nWEknGR4F08Cuu1uWPCIgYKe5Gxf5w+
VBp2shBpm0FdqG8coJfGqyOhNCwhPN1XarRCafXSHvzAZ7U=
-----END CERTIFICATE-----
Generated at Mon Jun 29 09:59:58 2026 by rpki-client