Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/34362e31382e38392e302f32342d3234203d3e20393834.roa
File: 34362e31382e38392e302f32342d3234203d3e20393834.roa (raw, json)
Hash identifier: dTPGPFu6IshEEsy/RmP50yZu0SBzIoPmfBrrv6G1Bt0=
Subject key identifier: BF:F4:0F:3D:B4:97:B8:E4:60:F9:B5:A6:CE:F3:85:50:33:45:55:7F
Certificate issuer: /CN=d455dec4f1ebc2a64f5ccc2ee9292731eb82113d
Certificate serial: 60B6684ED601A836C8039F299B56B48249102154
Authority key identifier: D4:55:DE:C4:F1:EB:C2:A6:4F:5C:CC:2E:E9:29:27:31:EB:82:11:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1FXexPHrwqZPXMwu6SknMeuCET0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/34362e31382e38392e302f32342d3234203d3e20393834.roa
Signing time: Thu 28 May 2026 13:45:16 +0000
ROA not before: Thu 28 May 2026 13:40:16 +0000
ROA not after: Thu 27 May 2027 13:45:16 +0000
asID: 984
IP address blocks: 46.18.89.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/D455DEC4F1EBC2A64F5CCC2EE9292731EB82113D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/D455DEC4F1EBC2A64F5CCC2EE9292731EB82113D.mft
rsync://rpki.ripe.net/repository/DEFAULT/1FXexPHrwqZPXMwu6SknMeuCET0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 03 Jun 2026 04:39:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:b6:68:4e:d6:01:a8:36:c8:03:9f:29:9b:56:b4:82:49:10:21:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d455dec4f1ebc2a64f5ccc2ee9292731eb82113d
Validity
Not Before: May 28 13:40:16 2026 GMT
Not After : May 27 13:45:16 2027 GMT
Subject: CN=BFF40F3DB497B8E460F9B5A6CEF385503345557F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:28:44:5d:3e:94:20:c0:0b:55:fe:71:fe:e2:
16:3b:58:c0:e8:02:26:49:d7:87:ee:61:39:e8:a8:
40:dc:3c:97:50:a7:3d:3f:71:4b:c9:1f:03:46:43:
38:6b:8c:65:77:b2:64:d0:d9:8a:d5:0b:f5:a6:e2:
50:1a:20:1b:8a:10:92:d3:57:cb:df:8f:37:69:d0:
be:c7:b3:85:ca:01:a9:70:ec:01:8a:b9:04:9c:6b:
47:e8:86:26:f9:1b:71:41:76:66:94:11:a2:1a:0d:
98:2c:98:7f:d4:38:02:e9:68:7c:3a:73:1c:d8:11:
17:ef:e5:f7:6e:9e:6e:4b:a8:c1:2a:3d:c7:3a:f2:
4c:08:4c:a6:a6:fb:97:4f:1a:05:37:fa:46:bf:73:
9e:3a:da:71:1f:ae:b0:06:12:68:7d:07:57:c5:85:
0f:78:60:ef:c9:4f:41:14:35:2a:30:4d:57:7c:06:
5c:aa:f8:c2:5b:b9:fd:79:31:67:bf:d0:a1:57:69:
b6:3d:8f:6e:a7:24:98:32:cc:09:45:d0:3c:7c:96:
cd:70:bb:f8:91:85:df:c5:38:7c:48:e2:6c:83:37:
04:d7:70:8a:ff:a4:d1:db:9b:b8:fc:bf:81:73:88:
24:40:43:ff:56:61:5b:22:19:a9:2d:d6:d6:2b:3f:
97:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:F4:0F:3D:B4:97:B8:E4:60:F9:B5:A6:CE:F3:85:50:33:45:55:7F
X509v3 Authority Key Identifier:
keyid:D4:55:DE:C4:F1:EB:C2:A6:4F:5C:CC:2E:E9:29:27:31:EB:82:11:3D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/D455DEC4F1EBC2A64F5CCC2EE9292731EB82113D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FXexPHrwqZPXMwu6SknMeuCET0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/34362e31382e38392e302f32342d3234203d3e20393834.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.18.89.0/24
Signature Algorithm: sha256WithRSAEncryption
54:29:08:c5:b4:9e:3a:03:ad:ab:86:07:97:b8:8e:66:c6:83:
7a:20:9a:37:3d:c9:cd:3f:a2:7f:85:37:06:0a:b6:88:65:53:
08:e5:2a:06:a6:c8:a7:5a:15:c0:59:d1:4f:59:97:90:60:eb:
10:05:74:6b:3e:0a:09:76:8f:c8:16:6c:c4:82:8f:d7:2d:3f:
dd:bb:f3:57:1e:5f:dc:7e:12:89:d8:ed:c1:dc:02:75:17:60:
1e:63:67:77:81:5d:26:23:29:7a:fe:37:86:ae:d0:6b:25:d7:
11:a4:e8:b1:05:63:08:5c:69:3e:f1:67:cf:f9:8a:ad:20:01:
09:99:4b:4a:32:25:05:a1:5e:a2:c6:0b:28:ab:dd:03:33:d8:
0f:41:0e:d0:1f:30:c8:a6:41:56:ef:36:8d:a3:c4:5a:04:7a:
11:e2:b2:9f:20:cb:2a:d5:b0:e6:e6:8d:68:58:e0:1e:f3:48:
9a:27:0c:75:98:db:69:01:12:00:69:a5:18:d1:92:82:37:54:
f2:05:b3:26:78:49:46:42:94:5c:a1:22:42:15:ff:3c:40:df:
03:0e:73:d5:c6:31:e8:63:f4:41:60:ac:4f:2e:e6:20:b9:54:
07:d8:73:61:3b:0f:8a:99:09:6a:04:e7:87:51:85:d4:cd:d1:
44:a2:fa:ce
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUYLZoTtYBqDbIA58pm1a0gkkQIVQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQ1NWRlYzRmMWViYzJhNjRmNWNjYzJlZTkyOTI3MzFl
YjgyMTEzZDAeFw0yNjA1MjgxMzQwMTZaFw0yNzA1MjcxMzQ1MTZaMDMxMTAvBgNV
BAMTKEJGRjQwRjNEQjQ5N0I4RTQ2MEY5QjVBNkNFRjM4NTUwMzM0NTU1N0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWKERdPpQgwAtV/nH+4hY7WMDo
AiZJ14fuYTnoqEDcPJdQpz0/cUvJHwNGQzhrjGV3smTQ2YrVC/Wm4lAaIBuKEJLT
V8vfjzdp0L7Hs4XKAalw7AGKuQSca0fohib5G3FBdmaUEaIaDZgsmH/UOALpaHw6
cxzYERfv5fdunm5LqMEqPcc68kwITKam+5dPGgU3+ka/c5462nEfrrAGEmh9B1fF
hQ94YO/JT0EUNSowTVd8Blyq+MJbuf15MWe/0KFXabY9j26nJJgyzAlF0Dx8ls1w
u/iRhd/FOHxI4myDNwTXcIr/pNHbm7j8v4FziCRAQ/9WYVsiGakt1tYrP5cHAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUv/QPPbSXuORg+bWmzvOFUDNFVX8wHwYDVR0j
BBgwFoAU1FXexPHrwqZPXMwu6SknMeuCET0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzhkMDhiMzAtNjRjNy00MDRiLTk4NzMtMmUwNGJkNzRj
MTQwLzAvRDQ1NURFQzRGMUVCQzJBNjRGNUNDQzJFRTkyOTI3MzFFQjgyMTEzRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFGWGV4UEhyd3FaUFhNd3U2U2tuTWV1
Q0VUMC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzhkMDhiMzAt
NjRjNy00MDRiLTk4NzMtMmUwNGJkNzRjMTQwLzAvMzQzNjJlMzEzODJlMzgzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzgzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC4SWTANBgkq
hkiG9w0BAQsFAAOCAQEAVCkIxbSeOgOtq4YHl7iOZsaDeiCaNz3JzT+if4U3Bgq2
iGVTCOUqBqbIp1oVwFnRT1mXkGDrEAV0az4KCXaPyBZsxIKP1y0/3bvzVx5f3H4S
idjtwdwCdRdgHmNnd4FdJiMpev43hq7QayXXEaTosQVjCFxpPvFnz/mKrSABCZlL
SjIlBaFeosYLKKvdAzPYD0EO0B8wyKZBVu82jaPEWgR6EeKynyDLKtWw5uaNaFjg
HvNImicMdZjbaQESAGmlGNGSgjdU8gWzJnhJRkKUXKEiQhX/PEDfAw5z1cYx6GP0
QWCsTy7mILlUB9hzYTsPipkJagTnh1GF1M3RRKL6zg==
-----END CERTIFICATE-----
Generated at Tue Jun 2 21:28:33 2026 by rpki-client