Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a333630303a3a2f34302d3438203d3e203132313938.roa
File: 326130663a316363353a333630303a3a2f34302d3438203d3e203132313938.roa (raw, json)
Hash identifier: CImRdvRuKMDwkmY7ViUw+cfFvqXIuvYjiuxxxptH/Ec=
Subject key identifier: 2A:5D:29:7B:FF:92:DD:98:A4:89:C6:93:3C:64:99:A6:49:ED:A2:0F
Certificate issuer: /CN=1be240021a287f298973d9ea28dfc80735fd5800
Certificate serial: 484AE894E946E94D6605A2B0911D6A04958A9E4D
Authority key identifier: 1B:E2:40:02:1A:28:7F:29:89:73:D9:EA:28:DF:C8:07:35:FD:58:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a333630303a3a2f34302d3438203d3e203132313938.roa
Signing time: Tue 02 Jun 2026 12:18:07 +0000
ROA not before: Tue 02 Jun 2026 12:13:07 +0000
ROA not after: Tue 01 Jun 2027 12:18:07 +0000
asID: 12198
IP address blocks: 2a0f:1cc5:3600::/40 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.crl
rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.mft
rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 03 Jun 2026 14:33:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
48:4a:e8:94:e9:46:e9:4d:66:05:a2:b0:91:1d:6a:04:95:8a:9e:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1be240021a287f298973d9ea28dfc80735fd5800
Validity
Not Before: Jun 2 12:13:07 2026 GMT
Not After : Jun 1 12:18:07 2027 GMT
Subject: CN=2A5D297BFF92DD98A489C6933C6499A649EDA20F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:a5:25:b5:f2:5c:7e:e8:df:52:09:be:29:52:
38:85:15:0e:84:76:07:c5:9a:75:e3:c0:72:44:80:
4d:2f:75:e5:8c:c4:8d:11:ee:1e:ea:73:7a:a2:e2:
08:22:06:b8:2b:da:18:6e:05:47:cf:ee:31:1c:5f:
48:f8:15:c6:23:2e:bc:bc:44:e4:b2:3b:95:0a:f3:
f7:11:bb:0f:d5:d9:f4:2d:94:cf:7b:bc:f3:03:f0:
e9:52:2c:b2:63:9e:b0:ef:ec:1e:c5:d5:ae:41:1a:
39:f0:2e:45:e0:67:8d:81:73:17:df:ba:c3:02:6b:
a7:bf:5a:6b:c2:1e:1e:0f:33:b1:10:af:80:11:8f:
22:26:b0:cd:ce:3d:b5:e1:78:af:0c:1c:67:44:f2:
66:59:9c:c3:e0:7e:5f:31:12:d4:61:8f:2a:66:a4:
5e:81:6e:60:07:a2:89:22:e7:fc:ae:e2:b3:99:9b:
be:d1:b8:00:a1:6c:3c:8c:5a:c8:87:c0:cb:5e:af:
bf:40:38:8f:8e:14:32:0c:f6:58:ff:36:2a:95:b7:
b6:1a:87:c8:3c:60:57:78:10:46:d3:05:02:dc:df:
83:7d:fd:bd:5c:0b:9d:d9:e7:7a:65:13:71:57:41:
07:f3:9f:88:a2:90:63:84:bd:21:ff:71:b0:83:c0:
06:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:5D:29:7B:FF:92:DD:98:A4:89:C6:93:3C:64:99:A6:49:ED:A2:0F
X509v3 Authority Key Identifier:
keyid:1B:E2:40:02:1A:28:7F:29:89:73:D9:EA:28:DF:C8:07:35:FD:58:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a333630303a3a2f34302d3438203d3e203132313938.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:1cc5:3600::/40
Signature Algorithm: sha256WithRSAEncryption
07:40:84:03:b0:ac:c5:d7:1c:ae:8b:45:69:77:77:aa:4a:71:
5b:fd:56:ad:15:15:d4:9c:9e:5c:81:fe:e6:3e:58:d9:62:22:
67:8c:cf:fe:ff:09:7b:ed:8d:28:69:6a:b0:db:9c:f1:11:61:
c3:9d:a7:78:81:21:a0:82:84:e1:75:c7:7b:3d:da:84:34:11:
8a:9b:62:67:fe:d4:8d:b0:51:dc:03:b8:12:98:24:93:1f:65:
28:3d:7c:a0:13:3d:17:4e:d2:3a:c1:2b:92:cc:3d:e2:0e:7f:
b2:fa:84:51:23:46:b9:3a:a9:b3:da:f6:02:62:a4:a7:0d:10:
c5:fb:b3:7b:11:30:17:8c:13:d1:f9:47:28:d0:c0:86:50:0e:
4f:0c:bf:83:95:d9:3d:63:2b:f4:ff:26:17:6e:55:3f:20:8b:
a3:0a:8f:1f:dc:e2:ac:38:d3:50:c0:12:19:ec:3e:4f:d7:ae:
bc:63:15:7d:6c:e9:df:3d:ee:44:d9:a7:b6:8c:d0:e4:bd:27:
46:69:0f:99:6e:3a:8d:a4:a0:0a:37:91:4a:98:bb:c7:db:0d:
c8:b2:d9:84:a2:6f:b3:1b:14:bb:0b:d5:72:9d:28:af:a6:86:
82:d9:81:68:d8:12:77:8e:44:36:16:d9:1d:ca:d9:71:21:37:
51:a0:76:42
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIUSErolOlG6U1mBaKwkR1qBJWKnk0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWJlMjQwMDIxYTI4N2YyOTg5NzNkOWVhMjhkZmM4MDcz
NWZkNTgwMDAeFw0yNjA2MDIxMjEzMDdaFw0yNzA2MDExMjE4MDdaMDMxMTAvBgNV
BAMTKDJBNUQyOTdCRkY5MkREOThBNDg5QzY5MzNDNjQ5OUE2NDlFREEyMEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDupSW18lx+6N9SCb4pUjiFFQ6E
dgfFmnXjwHJEgE0vdeWMxI0R7h7qc3qi4ggiBrgr2hhuBUfP7jEcX0j4FcYjLry8
ROSyO5UK8/cRuw/V2fQtlM97vPMD8OlSLLJjnrDv7B7F1a5BGjnwLkXgZ42Bcxff
usMCa6e/WmvCHh4PM7EQr4ARjyImsM3OPbXheK8MHGdE8mZZnMPgfl8xEtRhjypm
pF6BbmAHooki5/yu4rOZm77RuAChbDyMWsiHwMter79AOI+OFDIM9lj/NiqVt7Ya
h8g8YFd4EEbTBQLc34N9/b1cC53Z53plE3FXQQfzn4iikGOEvSH/cbCDwAbLAgMB
AAGjggJHMIICQzAdBgNVHQ4EFgQUKl0pe/+S3ZikicaTPGSZpkntog8wHwYDVR0j
BBgwFoAUG+JAAhoofymJc9nqKN/IBzX9WAAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGFmYjVmZTItM2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0
ZjBlLzAvMUJFMjQwMDIxQTI4N0YyOTg5NzNEOUVBMjhERkM4MDczNUZENTgwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0ctSkFBaG9vZnltSmM5bnFLTl9JQnpY
OVdBQS5jZXIwgbUGCCsGAQUFBwELBIGoMIGlMIGiBggrBgEFBQcwC4aBlXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGFmYjVmZTIt
M2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0ZjBlLzAvMzI2MTMwNjYzYTMxNjM2MzM1
M2EzMzM2MzAzMDNhM2EyZjM0MzAyZDM0MzgyMDNkM2UyMDMxMzIzMTM5Mzgucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4E
AgACMAgDBgAqDxzFNjANBgkqhkiG9w0BAQsFAAOCAQEAB0CEA7CsxdccrotFaXd3
qkpxW/1WrRUV1JyeXIH+5j5Y2WIiZ4zP/v8Je+2NKGlqsNuc8RFhw52neIEhoIKE
4XXHez3ahDQRiptiZ/7UjbBR3AO4Epgkkx9lKD18oBM9F07SOsErksw94g5/svqE
USNGuTqps9r2AmKkpw0QxfuzexEwF4wT0flHKNDAhlAOTwy/g5XZPWMr9P8mF25V
PyCLowqPH9zirDjTUMASGew+T9euvGMVfWzp3z3uRNmntozQ5L0nRmkPmW46jaSg
CjeRSpi7x9sNyLLZhKJvsxsUuwvVcp0or6aGgtmBaNgSd45ENhbZHcrZcSE3UaB2
Qg==
-----END CERTIFICATE-----
Generated at Tue Jun 2 21:39:25 2026 by rpki-client