Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230312e302f32342d3234203d3e20333933393432.roa
File: 38352e3233372e3230312e302f32342d3234203d3e20333933393432.roa (raw, json)
Hash identifier: MMrgeRJ7an1tH1YRzOOTk7IbqT5ehCAm9WX50YBSN08=
Subject key identifier: 93:79:59:CD:82:6E:E4:CE:49:C0:E2:CD:83:D8:C4:2C:6C:45:3F:9F
Certificate issuer: /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial: 7A378B959E75DCDEC42ABE9D128C36F36D51459E
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230312e302f32342d3234203d3e20333933393432.roa
Signing time: Thu 19 Mar 2026 01:47:51 +0000
ROA not before: Thu 19 Mar 2026 01:42:51 +0000
ROA not after: Thu 18 Mar 2027 01:47:51 +0000
asID: 393942
IP address blocks: 85.237.201.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Mar 2026 02:18:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:37:8b:95:9e:75:dc:de:c4:2a:be:9d:12:8c:36:f3:6d:51:45:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Validity
Not Before: Mar 19 01:42:51 2026 GMT
Not After : Mar 18 01:47:51 2027 GMT
Subject: CN=937959CD826EE4CE49C0E2CD83D8C42C6C453F9F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:03:08:06:1d:39:10:ae:49:84:57:44:29:3b:
7e:45:2f:cb:b8:45:89:02:79:2c:f5:88:1d:79:40:
fa:e6:41:91:84:e1:96:7f:e1:4e:be:62:92:6d:cb:
a8:ad:7e:c8:dd:97:54:41:4e:37:1f:0c:5c:5f:e6:
2b:b8:9f:68:8b:df:2b:e7:58:f3:7c:7d:60:35:5f:
a4:50:41:3f:1e:72:e1:9e:85:d0:47:86:72:cd:6a:
dd:b3:da:ad:11:d7:3a:b4:91:41:cf:fb:ee:79:cb:
01:dd:7c:ea:17:41:74:61:7e:79:2b:55:79:69:25:
60:91:dc:82:56:5f:bc:c2:14:35:1d:90:64:45:1c:
b0:56:46:09:89:3d:79:0f:f6:78:23:6e:f8:05:4b:
33:ca:5f:67:02:90:41:e7:ea:da:92:bb:04:f5:dd:
9e:15:1d:31:60:c4:3d:f4:eb:b7:b3:4c:c8:51:1a:
be:62:cd:56:a0:32:c8:76:5c:6c:6f:b5:97:4f:ec:
25:0b:ac:b6:ff:17:b4:6d:19:5f:b5:47:ad:45:38:
b9:a4:a3:06:96:5d:40:a2:e2:ff:8d:91:bf:e7:b8:
f6:af:18:fb:fe:2f:55:92:ce:f0:e1:08:59:8d:7e:
e2:05:8c:55:fa:4f:c1:7f:dd:66:ba:46:68:55:ed:
d7:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:79:59:CD:82:6E:E4:CE:49:C0:E2:CD:83:D8:C4:2C:6C:45:3F:9F
X509v3 Authority Key Identifier:
keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230312e302f32342d3234203d3e20333933393432.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.237.201.0/24
Signature Algorithm: sha256WithRSAEncryption
6e:34:7a:17:f7:ae:68:af:85:51:c7:65:72:2d:ce:74:94:b3:
dc:47:79:b2:2c:72:f0:45:23:75:d0:92:42:e2:45:96:55:2c:
1e:65:90:6f:5a:1a:4e:22:9d:90:be:de:f7:3a:2d:ff:ae:17:
5a:b7:69:74:a9:9f:95:99:ca:40:f5:83:3c:e4:b1:91:b5:3e:
03:d0:5c:af:8e:cb:21:c2:b5:3a:0b:8a:7f:b2:ec:40:f2:4b:
69:54:59:39:ef:df:15:fa:40:10:c4:48:67:e4:3c:61:26:91:
cc:26:51:e2:0a:e5:02:c2:c0:79:d8:e3:d6:4c:20:8e:63:61:
2d:02:ce:70:e1:1e:ab:0f:c4:01:4a:83:81:7e:9b:67:3e:dd:
f7:2b:6e:f2:1f:a9:02:b6:37:42:2b:b1:5a:22:b6:8d:bc:da:
a5:81:e9:c6:60:ce:eb:fd:b5:0f:33:33:e6:29:5e:39:1b:09:
38:69:04:64:45:9e:b3:5d:fe:d2:66:9a:8d:73:a2:62:85:5f:
05:e9:28:70:df:37:e8:c9:60:68:b5:01:28:16:64:0e:78:3f:
fe:19:58:fc:de:b4:b6:cd:e4:e0:c6:5e:62:95:86:30:9a:98:
14:03:93:96:9b:89:cf:8d:fb:5a:d7:e2:eb:4d:3e:a4:3e:41:
fa:83:05:51
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUejeLlZ513N7EKr6dEow2821RRZ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjAzMTkwMTQyNTFaFw0yNzAzMTgwMTQ3NTFaMDMxMTAvBgNV
BAMTKDkzNzk1OUNEODI2RUU0Q0U0OUMwRTJDRDgzRDhDNDJDNkM0NTNGOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDAwgGHTkQrkmEV0QpO35FL8u4
RYkCeSz1iB15QPrmQZGE4ZZ/4U6+YpJty6itfsjdl1RBTjcfDFxf5iu4n2iL3yvn
WPN8fWA1X6RQQT8ecuGehdBHhnLNat2z2q0R1zq0kUHP++55ywHdfOoXQXRhfnkr
VXlpJWCR3IJWX7zCFDUdkGRFHLBWRgmJPXkP9ngjbvgFSzPKX2cCkEHn6tqSuwT1
3Z4VHTFgxD3067ezTMhRGr5izVagMsh2XGxvtZdP7CULrLb/F7RtGV+1R61FOLmk
owaWXUCi4v+Nkb/nuPavGPv+L1WSzvDhCFmNfuIFjFX6T8F/3Wa6RmhV7deVAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUk3lZzYJu5M5JwOLNg9jELGxFP58wHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzMzOTM0MzIucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABV7ckwDQYJKoZIhvcNAQELBQADggEBAG40ehf3rmivhVHHZXItznSUs9xHebIs
cvBFI3XQkkLiRZZVLB5lkG9aGk4inZC+3vc6Lf+uF1q3aXSpn5WZykD1gzzksZG1
PgPQXK+OyyHCtToLin+y7EDyS2lUWTnv3xX6QBDESGfkPGEmkcwmUeIK5QLCwHnY
49ZMII5jYS0CznDhHqsPxAFKg4F+m2c+3fcrbvIfqQK2N0IrsVoito282qWB6cZg
zuv9tQ8zM+YpXjkbCThpBGRFnrNd/tJmmo1zomKFXwXpKHDfN+jJYGi1ASgWZA54
P/4ZWPzetLbN5ODGXmKVhjCamBQDk5abic+N+1rX4utNPqQ+QfqDBVE=
-----END CERTIFICATE-----
Generated at Sat Mar 21 09:35:21 2026 by rpki-client