Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a333330303a3a2f34302d3438203d3e20323034323131.roa
File: 326130663a316363353a333330303a3a2f34302d3438203d3e20323034323131.roa (raw, json)
Hash identifier: oBiG7RFi7aiBAKpZZHjy2Wr71FcRrE76EaVPTYyRZi4=
Subject key identifier: AA:3B:5F:72:4D:E2:E2:1D:B1:82:C3:9E:C7:C5:54:8D:5E:ED:4C:B9
Certificate issuer: /CN=1be240021a287f298973d9ea28dfc80735fd5800
Certificate serial: 3D8C4D5C20ABA2F6BD17EE65155C91EB976AE8DC
Authority key identifier: 1B:E2:40:02:1A:28:7F:29:89:73:D9:EA:28:DF:C8:07:35:FD:58:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a333330303a3a2f34302d3438203d3e20323034323131.roa
Signing time: Tue 02 Jun 2026 12:18:27 +0000
ROA not before: Tue 02 Jun 2026 12:13:27 +0000
ROA not after: Tue 01 Jun 2027 12:18:27 +0000
asID: 204211
IP address blocks: 2a0f:1cc5:3300::/40 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.crl
rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.mft
rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 03 Jun 2026 14:33:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:8c:4d:5c:20:ab:a2:f6:bd:17:ee:65:15:5c:91:eb:97:6a:e8:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1be240021a287f298973d9ea28dfc80735fd5800
Validity
Not Before: Jun 2 12:13:27 2026 GMT
Not After : Jun 1 12:18:27 2027 GMT
Subject: CN=AA3B5F724DE2E21DB182C39EC7C5548D5EED4CB9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:b8:36:94:57:db:79:b2:78:ac:a3:51:34:ae:
01:cb:d4:b5:7d:d3:80:d6:54:ac:57:77:3d:85:d7:
94:6a:84:c4:68:89:47:1f:f1:b0:06:63:00:bd:1b:
fc:96:6f:c2:52:e1:3e:0e:4d:a9:b2:75:cf:31:6e:
ba:9f:78:5e:f5:e0:38:a5:95:b2:95:6a:e6:96:e7:
33:39:fa:8a:4a:75:82:99:8e:d8:51:02:7f:74:74:
41:58:61:49:5e:f8:4f:f7:01:f4:46:8e:fc:41:d5:
b3:a8:19:7d:76:1e:ae:4e:dc:db:4c:4a:16:a6:a7:
65:43:39:05:f1:d0:3e:d1:1d:98:7d:7b:a1:8a:83:
9e:55:6e:d7:4a:b3:ae:2f:35:b0:e8:89:67:17:1b:
76:2d:67:9a:90:00:45:f2:d0:f0:6f:c7:49:48:29:
87:d0:39:7e:29:fd:47:73:4a:e4:f5:2f:81:91:23:
0b:c2:8c:fa:47:24:08:79:6d:2b:8b:34:76:64:38:
a5:e2:6a:e0:58:fd:99:ef:aa:c1:2a:71:b5:99:f4:
c4:af:86:1b:c2:72:33:1d:38:eb:18:33:b6:c2:55:
d2:20:ba:85:b0:c5:aa:4b:0f:9e:1f:2d:c4:93:b7:
5b:e0:6a:b6:1b:6a:91:49:be:33:1a:d7:9d:ad:e8:
eb:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:3B:5F:72:4D:E2:E2:1D:B1:82:C3:9E:C7:C5:54:8D:5E:ED:4C:B9
X509v3 Authority Key Identifier:
keyid:1B:E2:40:02:1A:28:7F:29:89:73:D9:EA:28:DF:C8:07:35:FD:58:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a333330303a3a2f34302d3438203d3e20323034323131.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:1cc5:3300::/40
Signature Algorithm: sha256WithRSAEncryption
27:57:d4:e0:5a:b0:72:1c:9f:94:7a:4d:3e:0a:fe:13:84:86:
f3:b3:c7:6f:0c:88:c9:da:80:cb:14:90:8a:26:c9:90:8d:07:
c6:6c:2e:e0:4b:4b:25:d5:57:d0:ca:51:4c:51:24:0b:26:3b:
31:d2:ed:fe:72:4f:52:04:8d:e4:e5:44:7c:d8:2d:e5:b4:6a:
ee:9d:92:b8:c0:c4:e9:c5:d8:2f:b8:1f:36:15:f2:c5:26:d3:
94:af:23:89:3c:08:e5:9a:4e:7c:a0:4c:a0:85:00:ad:d5:49:
98:d4:50:16:5f:aa:d8:49:33:41:ea:72:aa:61:2a:36:20:31:
96:00:2c:1f:44:c7:a3:8a:ef:d4:68:a0:06:af:a4:60:ad:9a:
d4:d4:a0:27:77:29:9d:25:98:f1:5d:de:13:08:ae:59:03:95:
6f:86:99:0c:c2:03:24:a1:e1:62:4f:fa:99:fd:ba:15:51:41:
63:0c:06:26:92:45:ac:55:5e:4e:47:26:b8:15:29:99:d7:b0:
1c:fd:14:73:c2:e9:2b:02:8b:90:9d:5b:4b:fa:e3:cf:25:1a:
b5:98:bb:44:f4:e6:0b:11:a0:cf:e5:5a:5e:23:a7:ff:77:a3:
50:2b:92:3f:a4:f8:ca:21:53:13:16:f6:dc:c2:f2:f8:ca:e0:
5d:bf:3d:a7
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgIUPYxNXCCrova9F+5lFVyR65dq6NwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWJlMjQwMDIxYTI4N2YyOTg5NzNkOWVhMjhkZmM4MDcz
NWZkNTgwMDAeFw0yNjA2MDIxMjEzMjdaFw0yNzA2MDExMjE4MjdaMDMxMTAvBgNV
BAMTKEFBM0I1RjcyNERFMkUyMURCMTgyQzM5RUM3QzU1NDhENUVFRDRDQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCruDaUV9t5sniso1E0rgHL1LV9
04DWVKxXdz2F15RqhMRoiUcf8bAGYwC9G/yWb8JS4T4OTamydc8xbrqfeF714Dil
lbKVauaW5zM5+opKdYKZjthRAn90dEFYYUle+E/3AfRGjvxB1bOoGX12Hq5O3NtM
Shamp2VDOQXx0D7RHZh9e6GKg55VbtdKs64vNbDoiWcXG3YtZ5qQAEXy0PBvx0lI
KYfQOX4p/UdzSuT1L4GRIwvCjPpHJAh5bSuLNHZkOKXiauBY/ZnvqsEqcbWZ9MSv
hhvCcjMdOOsYM7bCVdIguoWwxapLD54fLcSTt1vgarYbapFJvjMa152t6OvdAgMB
AAGjggJJMIICRTAdBgNVHQ4EFgQUqjtfck3i4h2xgsOex8VUjV7tTLkwHwYDVR0j
BBgwFoAUG+JAAhoofymJc9nqKN/IBzX9WAAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGFmYjVmZTItM2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0
ZjBlLzAvMUJFMjQwMDIxQTI4N0YyOTg5NzNEOUVBMjhERkM4MDczNUZENTgwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0ctSkFBaG9vZnltSmM5bnFLTl9JQnpY
OVdBQS5jZXIwgbcGCCsGAQUFBwELBIGqMIGnMIGkBggrBgEFBQcwC4aBl3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGFmYjVmZTIt
M2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0ZjBlLzAvMzI2MTMwNjYzYTMxNjM2MzM1
M2EzMzMzMzAzMDNhM2EyZjM0MzAyZDM0MzgyMDNkM2UyMDMyMzAzNDMyMzEzMS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAw
DgQCAAIwCAMGACoPHMUzMA0GCSqGSIb3DQEBCwUAA4IBAQAnV9TgWrByHJ+Uek0+
Cv4ThIbzs8dvDIjJ2oDLFJCKJsmQjQfGbC7gS0sl1VfQylFMUSQLJjsx0u3+ck9S
BI3k5UR82C3ltGrunZK4wMTpxdgvuB82FfLFJtOUryOJPAjlmk58oEyghQCt1UmY
1FAWX6rYSTNB6nKqYSo2IDGWACwfRMejiu/UaKAGr6RgrZrU1KAndymdJZjxXd4T
CK5ZA5VvhpkMwgMkoeFiT/qZ/boVUUFjDAYmkkWsVV5ORya4FSmZ17Ac/RRzwukr
AouQnVtL+uPPJRq1mLtE9OYLEaDP5VpeI6f/d6NQK5I/pPjKIVMTFvbcwvL4yuBd
vz2n
-----END CERTIFICATE-----
Generated at Tue Jun 2 21:39:25 2026 by rpki-client