Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132302e302f32342d3234203d3e203432383331.roa
File: 3231332e3135372e3132302e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier: g4IGtUFHeDDC8WAjlZEZva8EecSiFWhZuJ5FIzjktM8=
Subject key identifier: 08:53:9C:AC:DB:29:87:2D:B6:1B:26:7C:A1:04:C8:F4:89:D8:A0:BD
Certificate issuer: /CN=8184669b0189b7fabe05e700325a0d74957beb27
Certificate serial: 3F46F34649900DC1BD4A0D79300B5E07BC4DD1C4
Authority key identifier: 81:84:66:9B:01:89:B7:FA:BE:05:E7:00:32:5A:0D:74:95:7B:EB:27
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132302e302f32342d3234203d3e203432383331.roa
Signing time: Tue 10 Mar 2026 16:46:48 +0000
ROA not before: Tue 10 Mar 2026 16:41:48 +0000
ROA not after: Tue 09 Mar 2027 16:46:48 +0000
asID: 42831
IP address blocks: 213.157.120.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.crl
rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.mft
rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 20 Mar 2026 12:21:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:46:f3:46:49:90:0d:c1:bd:4a:0d:79:30:0b:5e:07:bc:4d:d1:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8184669b0189b7fabe05e700325a0d74957beb27
Validity
Not Before: Mar 10 16:41:48 2026 GMT
Not After : Mar 9 16:46:48 2027 GMT
Subject: CN=08539CACDB29872DB61B267CA104C8F489D8A0BD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:7a:42:a5:70:b4:dd:e8:f2:a0:85:75:45:a7:
c8:67:b9:d2:e3:3a:18:25:4a:05:ab:ec:92:8a:0e:
49:b9:8a:60:7c:63:e0:9f:77:57:f0:49:1f:66:df:
74:29:5d:3a:79:a8:da:28:ec:77:fe:5b:72:e9:70:
d0:ca:88:51:37:81:80:fb:5d:84:f7:9a:20:ed:fa:
57:43:48:65:cd:1a:d5:fe:cb:70:c2:40:3e:40:bb:
d7:c1:0e:d2:f0:97:f1:d2:e2:3f:87:15:35:da:b3:
c9:38:7e:24:07:3a:c2:ad:a8:3c:74:36:2e:15:cc:
8a:c0:80:da:1f:74:7f:aa:cc:4a:05:97:01:8b:1e:
fc:8a:b1:5f:26:83:55:cb:55:76:f4:0f:81:fe:b6:
45:16:ab:bc:4e:d6:9c:6e:8e:c5:b5:29:cb:34:70:
57:76:4b:ba:27:7b:19:25:fa:fd:ab:68:41:88:99:
a1:7a:a4:1a:5b:4d:21:8d:c8:a4:65:b2:19:15:b8:
e4:ab:72:34:16:bd:15:54:b8:fb:d3:5d:c6:b2:0d:
85:ca:3d:e2:98:4f:c0:ec:55:f0:08:65:67:d3:ad:
f7:b5:70:53:66:d1:bd:7b:15:0c:18:1e:42:4a:9d:
58:22:cb:f7:db:10:24:36:34:78:40:61:6d:78:e9:
29:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:53:9C:AC:DB:29:87:2D:B6:1B:26:7C:A1:04:C8:F4:89:D8:A0:BD
X509v3 Authority Key Identifier:
keyid:81:84:66:9B:01:89:B7:FA:BE:05:E7:00:32:5A:0D:74:95:7B:EB:27
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132302e302f32342d3234203d3e203432383331.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.157.120.0/24
Signature Algorithm: sha256WithRSAEncryption
21:b4:ad:30:7b:bf:26:d3:ca:4d:79:93:f3:da:47:fa:ab:8d:
3e:d8:1e:b4:1d:e9:87:83:73:bd:9d:3e:70:d5:a3:77:b2:8c:
67:3c:e5:de:89:21:0a:d1:9c:4f:2b:97:48:d0:62:f2:22:00:
ca:f9:7f:ca:70:c0:db:55:a4:3b:aa:2f:20:26:d8:11:86:1e:
ae:79:6d:56:8a:88:f4:57:31:19:8a:13:c1:0a:8d:22:c2:97:
54:87:de:4d:c4:33:6c:5f:5f:ed:e0:93:a8:01:9d:1f:e2:64:
fe:05:8b:76:c7:1f:53:b6:e9:cd:c1:ae:9a:54:21:77:64:f2:
07:f4:ff:35:dd:9e:e7:13:63:a4:3a:a1:9a:d0:99:d7:59:ee:
0f:0c:8f:76:f0:3d:23:fb:92:42:63:3f:ee:d7:e7:a3:bb:da:
d6:0a:88:db:61:a6:a3:1f:22:3e:77:ea:21:56:8c:ee:7a:c8:
72:4d:d9:66:0e:8e:0a:87:45:b8:65:57:2e:e1:c2:c3:5a:b3:
eb:72:3d:b0:30:fa:f6:30:2e:fe:d0:71:e9:e5:42:40:f5:a0:
5a:5e:12:8c:54:ff:4e:f5:11:5c:55:e8:8c:81:25:48:6c:5f:
f8:e4:43:a2:3e:d9:75:6f:70:4d:02:3a:39:37:eb:20:84:3d:
29:e7:de:de
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUP0bzRkmQDcG9Sg15MAteB7xN0cQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODE4NDY2OWIwMTg5YjdmYWJlMDVlNzAwMzI1YTBkNzQ5
NTdiZWIyNzAeFw0yNjAzMTAxNjQxNDhaFw0yNzAzMDkxNjQ2NDhaMDMxMTAvBgNV
BAMTKDA4NTM5Q0FDREIyOTg3MkRCNjFCMjY3Q0ExMDRDOEY0ODlEOEEwQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCCekKlcLTd6PKghXVFp8hnudLj
OhglSgWr7JKKDkm5imB8Y+Cfd1fwSR9m33QpXTp5qNoo7Hf+W3LpcNDKiFE3gYD7
XYT3miDt+ldDSGXNGtX+y3DCQD5Au9fBDtLwl/HS4j+HFTXas8k4fiQHOsKtqDx0
Ni4VzIrAgNofdH+qzEoFlwGLHvyKsV8mg1XLVXb0D4H+tkUWq7xO1pxujsW1Kcs0
cFd2S7onexkl+v2raEGImaF6pBpbTSGNyKRlshkVuOSrcjQWvRVUuPvTXcayDYXK
PeKYT8DsVfAIZWfTrfe1cFNm0b17FQwYHkJKnVgiy/fbECQ2NHhAYW146SlRAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUCFOcrNsphy22GyZ8oQTI9InYoL0wHwYDVR0j
BBgwFoAUgYRmmwGJt/q+BecAMloNdJV76ycwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTQzMWU0MmUtMGQ3Zi00NGQwLTgxM2YtYjVlM2EyYWJi
ZTI1LzAvODE4NDY2OUIwMTg5QjdGQUJFMDVFNzAwMzI1QTBENzQ5NTdCRUIyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2dZUm1td0dKdF9xLUJlY0FNbG9OZEpW
NzZ5Yy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTQzMWU0MmUt
MGQ3Zi00NGQwLTgxM2YtYjVlM2EyYWJiZTI1LzAvMzIzMTMzMmUzMTM1MzcyZTMx
MzIzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzIzODMzMzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADVnXgwDQYJKoZIhvcNAQELBQADggEBACG0rTB7vybTyk15k/PaR/qrjT7YHrQd
6YeDc72dPnDVo3eyjGc85d6JIQrRnE8rl0jQYvIiAMr5f8pwwNtVpDuqLyAm2BGG
Hq55bVaKiPRXMRmKE8EKjSLCl1SH3k3EM2xfX+3gk6gBnR/iZP4Fi3bHH1O26c3B
rppUIXdk8gf0/zXdnucTY6Q6oZrQmddZ7g8Mj3bwPSP7kkJjP+7X56O72tYKiNth
pqMfIj536iFWjO56yHJN2WYOjgqHRbhlVy7hwsNas+tyPbAw+vYwLv7QcenlQkD1
oFpeEoxU/071EVxV6IyBJUhsX/jkQ6I+2XVvcE0COjk36yCEPSnn3t4=
-----END CERTIFICATE-----
Generated at Fri Mar 20 05:46:56 2026 by rpki-client