Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363323a3a2f33322d3430203d3e203535323031.roa
File: 326130663a316363323a3a2f33322d3430203d3e203535323031.roa (raw, json)
Hash identifier: WhCYMyl8EbC83XzJAmy6gLGZ8TqnoR5zf8Or4Xy/unk=
Subject key identifier: 17:01:68:B0:DF:A1:C9:7C:E7:FF:6F:58:77:8E:7A:02:BB:68:8E:8D
Certificate issuer: /CN=1be240021a287f298973d9ea28dfc80735fd5800
Certificate serial: 082DA94DB17F5CD4C9F5309DC8257EC931D555EA
Authority key identifier: 1B:E2:40:02:1A:28:7F:29:89:73:D9:EA:28:DF:C8:07:35:FD:58:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363323a3a2f33322d3430203d3e203535323031.roa
Signing time: Tue 02 Jun 2026 12:18:24 +0000
ROA not before: Tue 02 Jun 2026 12:13:24 +0000
ROA not after: Tue 01 Jun 2027 12:18:24 +0000
asID: 55201
IP address blocks: 2a0f:1cc2::/32 maxlen: 40
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.crl
rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.mft
rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 06 Jun 2026 19:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:2d:a9:4d:b1:7f:5c:d4:c9:f5:30:9d:c8:25:7e:c9:31:d5:55:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1be240021a287f298973d9ea28dfc80735fd5800
Validity
Not Before: Jun 2 12:13:24 2026 GMT
Not After : Jun 1 12:18:24 2027 GMT
Subject: CN=170168B0DFA1C97CE7FF6F58778E7A02BB688E8D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:c6:9f:29:f8:c7:a4:a1:04:45:dd:cf:bf:71:
e2:04:13:31:e4:91:4f:ad:b6:73:76:95:a9:a5:c0:
d9:c0:a1:67:04:fa:42:b5:04:38:bf:eb:89:b8:dd:
37:e6:1d:81:65:20:61:ee:73:bb:30:8c:72:2d:af:
3a:29:c4:eb:8d:1d:43:8b:55:ee:41:11:56:58:e3:
1e:7e:c6:59:fb:66:d4:14:13:5e:fc:1b:0e:4b:2d:
76:30:df:61:43:3e:d5:31:54:82:3b:e7:4b:c9:d1:
fc:e2:ac:c4:da:eb:32:10:8d:61:c1:d8:64:6d:ca:
95:2d:ae:1d:08:1b:bb:62:d3:eb:8e:b1:23:71:f3:
69:bf:cf:83:0e:e2:ce:e0:50:bf:9e:c1:39:73:84:
3b:ae:52:66:b5:9b:4b:a4:3b:c6:af:bf:bd:74:7c:
d1:55:ae:6b:23:8a:e8:79:b1:08:40:6b:00:b8:00:
d9:10:a7:a2:5a:15:35:96:e5:63:8c:f2:96:ce:d8:
ab:cd:aa:06:5f:1f:63:c3:06:af:56:89:3f:41:3d:
6f:62:cf:c4:da:b8:66:47:47:12:ea:cf:5b:e7:3e:
26:ee:a9:4c:4c:0a:17:33:13:c2:91:1e:f4:ac:c5:
57:2c:ac:30:4e:00:7a:38:cc:68:2a:87:12:fa:15:
f2:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:01:68:B0:DF:A1:C9:7C:E7:FF:6F:58:77:8E:7A:02:BB:68:8E:8D
X509v3 Authority Key Identifier:
keyid:1B:E2:40:02:1A:28:7F:29:89:73:D9:EA:28:DF:C8:07:35:FD:58:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363323a3a2f33322d3430203d3e203535323031.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:1cc2::/32
Signature Algorithm: sha256WithRSAEncryption
85:ec:ad:ab:30:6a:6d:61:3d:6b:37:51:b8:58:ea:7d:32:a4:
84:88:63:e3:26:94:a0:d2:61:ba:c5:49:19:93:70:3b:95:3d:
59:6e:6b:88:6c:c5:ef:70:b1:2d:b3:c1:39:03:d8:86:e6:07:
30:bb:78:d2:3b:ab:46:62:65:89:c0:f0:7b:29:4b:7c:1a:ee:
9d:06:98:65:a8:26:3f:dc:7c:87:ee:5c:31:7f:f2:08:b1:0d:
7c:d7:01:6d:b3:72:94:fa:b6:63:41:94:d8:35:84:8b:cc:6c:
51:c8:38:b0:91:4c:1e:c0:25:e5:f1:33:2d:4d:4f:18:b7:fd:
8a:ba:e8:2b:c7:58:9b:f7:54:ef:3b:20:42:d1:11:87:55:38:
95:d1:e0:ac:da:8f:ef:f8:f0:35:5c:05:3c:9a:ac:1c:1d:de:
fb:90:46:2e:44:f4:fe:a3:0d:01:cc:cd:09:1d:6a:05:21:85:
94:ac:84:2c:1a:69:b9:46:a8:39:31:ba:a3:1f:f7:be:fb:8f:
39:62:71:c6:95:cd:d6:cf:f0:3b:a6:0f:d1:05:d8:85:fd:48:
25:c2:81:2d:14:23:79:e2:6c:b5:5a:c6:8c:6f:d6:9e:a5:86:
c7:32:12:25:33:05:94:30:35:d1:60:d8:87:9e:bb:b4:37:16:
da:83:33:27
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUCC2pTbF/XNTJ9TCdyCV+yTHVVeowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWJlMjQwMDIxYTI4N2YyOTg5NzNkOWVhMjhkZmM4MDcz
NWZkNTgwMDAeFw0yNjA2MDIxMjEzMjRaFw0yNzA2MDExMjE4MjRaMDMxMTAvBgNV
BAMTKDE3MDE2OEIwREZBMUM5N0NFN0ZGNkY1ODc3OEU3QTAyQkI2ODhFOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdxp8p+MekoQRF3c+/ceIEEzHk
kU+ttnN2lamlwNnAoWcE+kK1BDi/64m43TfmHYFlIGHuc7swjHItrzopxOuNHUOL
Ve5BEVZY4x5+xln7ZtQUE178Gw5LLXYw32FDPtUxVII750vJ0fzirMTa6zIQjWHB
2GRtypUtrh0IG7ti0+uOsSNx82m/z4MO4s7gUL+ewTlzhDuuUma1m0ukO8avv710
fNFVrmsjiuh5sQhAawC4ANkQp6JaFTWW5WOM8pbO2KvNqgZfH2PDBq9WiT9BPW9i
z8TauGZHRxLqz1vnPibuqUxMChczE8KRHvSsxVcsrDBOAHo4zGgqhxL6FfJFAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUFwFosN+hyXzn/29Yd456Artojo0wHwYDVR0j
BBgwFoAUG+JAAhoofymJc9nqKN/IBzX9WAAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGFmYjVmZTItM2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0
ZjBlLzAvMUJFMjQwMDIxQTI4N0YyOTg5NzNEOUVBMjhERkM4MDczNUZENTgwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0ctSkFBaG9vZnltSmM5bnFLTl9JQnpY
OVdBQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGFmYjVmZTIt
M2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0ZjBlLzAvMzI2MTMwNjYzYTMxNjM2MzMy
M2EzYTJmMzMzMjJkMzQzMDIwM2QzZTIwMzUzNTMyMzAzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoP
HMIwDQYJKoZIhvcNAQELBQADggEBAIXsraswam1hPWs3UbhY6n0ypISIY+MmlKDS
YbrFSRmTcDuVPVlua4hsxe9wsS2zwTkD2IbmBzC7eNI7q0ZiZYnA8HspS3wa7p0G
mGWoJj/cfIfuXDF/8gixDXzXAW2zcpT6tmNBlNg1hIvMbFHIOLCRTB7AJeXxMy1N
Txi3/Yq66CvHWJv3VO87IELREYdVOJXR4Kzaj+/48DVcBTyarBwd3vuQRi5E9P6j
DQHMzQkdagUhhZSshCwaablGqDkxuqMf9777jzliccaVzdbP8DumD9EF2IX9SCXC
gS0UI3nibLVaxoxv1p6lhscyEiUzBZQwNdFg2Ieeu7Q3FtqDMyc=
-----END CERTIFICATE-----
Generated at Sat Jun 6 05:25:41 2026 by rpki-client