Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e20383334.roa
File: 34352e31322e38332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier: GtI3c6bYEnYKLQQkCoTkkpq7BEmGS13lTjmujvI9Y0E=
Subject key identifier: C5:3C:18:86:87:56:A8:BB:C0:08:F5:9A:EE:97:94:1F:42:6D:C6:9D
Certificate issuer: /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial: 4A51C9A9F7A2666CF3EFD6C7501ADEC3698FB6E9
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e20383334.roa
Signing time: Sun 19 Apr 2026 00:05:30 +0000
ROA not before: Sun 19 Apr 2026 00:00:30 +0000
ROA not after: Sun 18 Apr 2027 00:05:30 +0000
asID: 834
IP address blocks: 45.12.83.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 21:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:51:c9:a9:f7:a2:66:6c:f3:ef:d6:c7:50:1a:de:c3:69:8f:b6:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Validity
Not Before: Apr 19 00:00:30 2026 GMT
Not After : Apr 18 00:05:30 2027 GMT
Subject: CN=C53C18868756A8BBC008F59AEE97941F426DC69D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:87:b6:1a:8f:40:dd:b1:07:b2:21:e8:09:6c:
2d:a3:fb:c1:b1:3d:59:1c:e0:5b:a2:5c:f6:aa:41:
2c:3e:51:09:aa:6d:50:6e:e4:2f:9b:93:42:c2:04:
dc:8c:c5:42:fd:f5:71:b8:15:14:47:56:25:52:d0:
a1:72:ff:62:9e:09:b3:34:7a:e5:08:4c:12:e5:b6:
29:e5:4b:ff:45:6e:4f:5c:1b:51:76:c4:82:78:b8:
36:a2:40:13:75:5c:cb:51:6f:06:47:4d:84:9c:c1:
1b:71:3f:4e:ae:f6:74:d9:6e:7d:55:00:be:88:43:
a7:59:c2:e1:64:03:77:ef:9b:bb:a9:c7:6b:90:6f:
8f:b1:d3:52:68:e0:71:12:54:8b:db:cd:f8:31:55:
5a:aa:30:c6:27:95:92:01:fa:ce:a0:8f:11:ba:1d:
27:57:c0:94:53:a4:4f:f2:6d:06:62:38:d6:52:53:
57:34:3c:1e:9a:33:84:ef:a6:ab:9b:a8:56:8c:7b:
ea:82:8d:0c:91:bd:30:b8:7b:59:81:a0:c7:d0:69:
cf:04:95:46:0e:b0:b6:4b:1f:6a:ab:f6:8e:18:eb:
31:7f:bb:13:e6:49:e2:a0:20:1b:1a:19:e4:f3:3d:
8a:51:f2:36:f8:51:23:12:92:43:3d:fe:a0:3f:7d:
88:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:3C:18:86:87:56:A8:BB:C0:08:F5:9A:EE:97:94:1F:42:6D:C6:9D
X509v3 Authority Key Identifier:
keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e20383334.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.83.0/24
Signature Algorithm: sha256WithRSAEncryption
43:d0:6a:e8:9c:42:ce:07:ed:7d:af:83:c8:c1:9a:8b:b7:48:
b0:85:86:3e:e6:39:d9:64:6d:31:fa:06:f6:87:e9:32:84:53:
d1:14:91:99:02:e0:b9:f5:24:38:68:96:35:24:cf:ea:98:59:
43:68:7f:1e:3f:57:87:58:64:4d:4f:d5:62:3b:cb:93:69:87:
ac:6a:63:0e:e7:3a:94:15:14:61:2c:f8:20:e5:69:41:15:d7:
82:9c:90:74:cd:68:2f:66:bb:a6:96:7b:92:0c:4e:dd:9f:e6:
00:ea:f9:05:b7:df:9e:4b:57:af:c1:d2:77:04:d3:30:f2:39:
84:57:b1:ae:8e:60:7c:52:67:8d:e4:24:bd:09:3d:35:5c:ca:
4f:93:12:dd:b2:4d:76:2e:49:28:5e:31:39:60:d4:8d:da:f7:
1d:ce:3d:e7:a5:a2:ff:23:59:95:de:c7:e9:bd:f9:1c:97:24:
46:46:54:90:6a:94:26:33:29:3e:b7:5a:9d:f5:77:e9:84:10:
72:92:ac:1d:50:87:fd:56:e7:da:25:05:a5:09:b1:b1:5a:5e:
bf:2a:ca:f2:c2:27:95:da:7d:59:46:62:b4:40:4a:01:69:e0:
fd:c2:62:93:4d:7b:42:b1:b2:81:05:d4:53:8f:b0:9c:8e:47:
68:e4:37:30
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUSlHJqfeiZmzz79bHUBrew2mPtukwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjA0MTkwMDAwMzBaFw0yNzA0MTgwMDA1MzBaMDMxMTAvBgNV
BAMTKEM1M0MxODg2ODc1NkE4QkJDMDA4RjU5QUVFOTc5NDFGNDI2REM2OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzh7Yaj0DdsQeyIegJbC2j+8Gx
PVkc4FuiXPaqQSw+UQmqbVBu5C+bk0LCBNyMxUL99XG4FRRHViVS0KFy/2KeCbM0
euUITBLltinlS/9Fbk9cG1F2xIJ4uDaiQBN1XMtRbwZHTYScwRtxP06u9nTZbn1V
AL6IQ6dZwuFkA3fvm7upx2uQb4+x01Jo4HESVIvbzfgxVVqqMMYnlZIB+s6gjxG6
HSdXwJRTpE/ybQZiONZSU1c0PB6aM4TvpqubqFaMe+qCjQyRvTC4e1mBoMfQac8E
lUYOsLZLH2qr9o4Y6zF/uxPmSeKgIBsaGeTzPYpR8jb4USMSkkM9/qA/fYh3AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUxTwYhodWqLvACPWa7peUH0Jtxp0wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0MUzANBgkq
hkiG9w0BAQsFAAOCAQEAQ9Bq6JxCzgftfa+DyMGai7dIsIWGPuY52WRtMfoG9ofp
MoRT0RSRmQLgufUkOGiWNSTP6phZQ2h/Hj9Xh1hkTU/VYjvLk2mHrGpjDuc6lBUU
YSz4IOVpQRXXgpyQdM1oL2a7ppZ7kgxO3Z/mAOr5BbffnktXr8HSdwTTMPI5hFex
ro5gfFJnjeQkvQk9NVzKT5MS3bJNdi5JKF4xOWDUjdr3Hc4956Wi/yNZld7H6b35
HJckRkZUkGqUJjMpPrdanfV36YQQcpKsHVCH/Vbn2iUFpQmxsVpevyrK8sInldp9
WUZitEBKAWng/cJik017QrGygQXUU4+wnI5HaOQ3MA==
-----END CERTIFICATE-----
Generated at Mon Apr 20 04:59:18 2026 by rpki-client