Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a3130303a3a2f34302d3438203d3e20323033333039.roa
File: 326130663a316363353a3130303a3a2f34302d3438203d3e20323033333039.roa (raw, json)
Hash identifier: qVjSWK/o6isH0KL2Om/WXmoPGPRlWujBMDcfS2CG5L8=
Subject key identifier: AB:44:4A:6A:67:DB:BA:47:66:6B:A1:1E:4F:2B:CB:DD:48:54:BC:DC
Certificate issuer: /CN=1be240021a287f298973d9ea28dfc80735fd5800
Certificate serial: 614B1FB1350E3FAA902E56C0817A828E7B9684F6
Authority key identifier: 1B:E2:40:02:1A:28:7F:29:89:73:D9:EA:28:DF:C8:07:35:FD:58:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a3130303a3a2f34302d3438203d3e20323033333039.roa
Signing time: Tue 02 Jun 2026 12:18:14 +0000
ROA not before: Tue 02 Jun 2026 12:13:14 +0000
ROA not after: Tue 01 Jun 2027 12:18:14 +0000
asID: 203309
IP address blocks: 2a0f:1cc5:100::/40 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.crl
rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.mft
rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Jun 2026 06:00:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:4b:1f:b1:35:0e:3f:aa:90:2e:56:c0:81:7a:82:8e:7b:96:84:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1be240021a287f298973d9ea28dfc80735fd5800
Validity
Not Before: Jun 2 12:13:14 2026 GMT
Not After : Jun 1 12:18:14 2027 GMT
Subject: CN=AB444A6A67DBBA47666BA11E4F2BCBDD4854BCDC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:c1:61:af:fd:e2:c9:18:17:23:e6:09:d5:31:
27:5f:df:c8:20:49:b5:55:c6:7b:3d:ec:23:51:a4:
a4:0b:21:3a:c8:3c:10:52:50:ba:3d:f5:a9:0e:52:
61:35:fd:02:c4:1b:e0:ee:24:d2:70:f5:ec:4f:92:
e5:f8:5f:08:6c:3e:8c:64:9d:89:c2:c6:91:d2:d9:
de:8d:a8:3d:4b:21:c6:84:69:7e:f7:4b:b5:b3:57:
10:c1:0f:a6:c0:ea:7e:22:a7:e1:3e:4c:ae:a8:8d:
ae:f5:ac:4d:26:6b:28:93:fa:cf:7d:bf:47:b6:d8:
8e:74:c4:53:0c:db:b1:20:3c:74:86:e5:fb:1f:cc:
fb:1f:5d:63:8a:3a:92:5f:51:82:d4:b1:2a:4a:71:
bd:56:19:e9:43:64:0d:09:67:4a:19:d8:8b:8e:6c:
33:62:a4:13:a0:a4:c3:51:8e:ee:8a:a3:38:79:61:
c8:8f:aa:47:2c:72:b6:11:5f:51:95:90:3f:3b:1e:
60:7a:4c:d1:a2:a6:b4:9a:3e:f0:c6:1d:9e:e0:51:
0f:e6:06:29:bf:3b:a9:30:c6:b4:b0:06:7f:a8:d1:
ce:87:21:f5:1d:16:da:2a:b3:86:db:97:c5:58:8d:
b5:bf:06:54:4e:e8:7e:2a:dd:79:0d:a7:38:f7:67:
b9:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:44:4A:6A:67:DB:BA:47:66:6B:A1:1E:4F:2B:CB:DD:48:54:BC:DC
X509v3 Authority Key Identifier:
keyid:1B:E2:40:02:1A:28:7F:29:89:73:D9:EA:28:DF:C8:07:35:FD:58:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a3130303a3a2f34302d3438203d3e20323033333039.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:1cc5:100::/40
Signature Algorithm: sha256WithRSAEncryption
8f:84:80:b4:95:05:6b:02:50:a8:54:da:c6:1c:1c:56:31:5a:
8a:e3:48:7d:ad:cb:ca:bc:b7:85:ac:4b:0b:4c:7a:5f:bd:b9:
9f:fd:dc:7d:ce:07:b7:74:cf:d7:e4:f5:30:f8:65:fb:34:90:
03:49:1d:ef:3c:5a:f2:6b:71:b6:64:cd:c1:82:1a:69:4a:11:
83:97:22:d1:7a:d9:9d:f2:04:dc:8e:5a:68:0a:8a:80:84:e0:
70:4d:b3:55:b2:8c:11:df:6b:22:1b:ea:3f:5a:bc:e2:bd:4b:
3e:a6:7e:c1:7f:5f:47:15:aa:de:87:77:c0:62:bb:3e:60:28:
cc:68:9a:ab:d5:ac:b5:e9:3d:dc:38:83:a7:03:36:f1:09:a2:
9b:58:ae:77:a5:93:fa:95:3d:c9:96:f2:b7:7a:65:85:f7:75:
0d:f1:35:1b:f6:93:42:19:af:cb:fe:df:26:cc:30:aa:a3:64:
ea:67:f4:2e:f1:bb:6d:f9:87:44:70:c6:57:da:19:e1:28:86:
50:2c:58:17:7c:c5:15:73:45:e6:6d:1a:d3:fe:24:1c:b2:02:
aa:ea:1b:c9:2a:07:71:09:4a:07:8c:38:5b:02:9c:d7:a4:e0:
64:13:f0:a0:e7:26:25:a9:47:ec:d2:57:22:bb:34:48:e3:df:
10:7f:61:89
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIUYUsfsTUOP6qQLlbAgXqCjnuWhPYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWJlMjQwMDIxYTI4N2YyOTg5NzNkOWVhMjhkZmM4MDcz
NWZkNTgwMDAeFw0yNjA2MDIxMjEzMTRaFw0yNzA2MDExMjE4MTRaMDMxMTAvBgNV
BAMTKEFCNDQ0QTZBNjdEQkJBNDc2NjZCQTExRTRGMkJDQkRENDg1NEJDREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLwWGv/eLJGBcj5gnVMSdf38gg
SbVVxns97CNRpKQLITrIPBBSULo99akOUmE1/QLEG+DuJNJw9exPkuX4XwhsPoxk
nYnCxpHS2d6NqD1LIcaEaX73S7WzVxDBD6bA6n4ip+E+TK6oja71rE0mayiT+s99
v0e22I50xFMM27EgPHSG5fsfzPsfXWOKOpJfUYLUsSpKcb1WGelDZA0JZ0oZ2IuO
bDNipBOgpMNRju6Kozh5YciPqkcscrYRX1GVkD87HmB6TNGiprSaPvDGHZ7gUQ/m
Bim/O6kwxrSwBn+o0c6HIfUdFtoqs4bbl8VYjbW/BlRO6H4q3XkNpzj3Z7kpAgMB
AAGjggJHMIICQzAdBgNVHQ4EFgQUq0RKamfbukdma6EeTyvL3UhUvNwwHwYDVR0j
BBgwFoAUG+JAAhoofymJc9nqKN/IBzX9WAAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGFmYjVmZTItM2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0
ZjBlLzAvMUJFMjQwMDIxQTI4N0YyOTg5NzNEOUVBMjhERkM4MDczNUZENTgwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0ctSkFBaG9vZnltSmM5bnFLTl9JQnpY
OVdBQS5jZXIwgbUGCCsGAQUFBwELBIGoMIGlMIGiBggrBgEFBQcwC4aBlXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGFmYjVmZTIt
M2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0ZjBlLzAvMzI2MTMwNjYzYTMxNjM2MzM1
M2EzMTMwMzAzYTNhMmYzNDMwMmQzNDM4MjAzZDNlMjAzMjMwMzMzMzMwMzkucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgAqDxzFATANBgkqhkiG9w0BAQsFAAOCAQEAj4SAtJUFawJQqFTaxhwc
VjFaiuNIfa3Lyry3haxLC0x6X725n/3cfc4Ht3TP1+T1MPhl+zSQA0kd7zxa8mtx
tmTNwYIaaUoRg5ci0XrZnfIE3I5aaAqKgITgcE2zVbKMEd9rIhvqP1q84r1LPqZ+
wX9fRxWq3od3wGK7PmAozGiaq9Wstek93DiDpwM28Qmim1iud6WT+pU9yZbyt3pl
hfd1DfE1G/aTQhmvy/7fJswwqqNk6mf0LvG7bfmHRHDGV9oZ4SiGUCxYF3zFFXNF
5m0a0/4kHLICquobySoHcQlKB4w4WwKc16TgZBPwoOcmJalH7NJXIrs0SOPfEH9h
iQ==
-----END CERTIFICATE-----
Generated at Sun Jun 7 09:13:59 2026 by rpki-client