Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133322e302f32342d3234203d3e20323134343332.roa
File: 3134372e3132352e3133322e302f32342d3234203d3e20323134343332.roa (raw, json)
Hash identifier: j40M5BJzqpX8PpY5/plg/NRAGJOES3CCM2C9s2YFoe0=
Subject key identifier: 85:94:26:D2:B8:30:43:E7:C9:60:C3:2A:38:1C:21:A0:BA:56:3D:BB
Certificate issuer: /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial: 4EC96005605F7A6094044A5DBE3C9844974631A8
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133322e302f32342d3234203d3e20323134343332.roa
Signing time: Tue 21 Apr 2026 09:09:10 +0000
ROA not before: Tue 21 Apr 2026 09:04:10 +0000
ROA not after: Tue 20 Apr 2027 09:09:10 +0000
asID: 214432
IP address blocks: 147.125.132.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 27 Apr 2026 15:07:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4e:c9:60:05:60:5f:7a:60:94:04:4a:5d:be:3c:98:44:97:46:31:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Validity
Not Before: Apr 21 09:04:10 2026 GMT
Not After : Apr 20 09:09:10 2027 GMT
Subject: CN=859426D2B83043E7C960C32A381C21A0BA563DBB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:1f:7e:f9:33:3b:74:3c:ab:b6:32:af:0e:8c:
3b:a9:ad:e9:b5:93:9d:23:60:f1:9c:2e:b7:34:d4:
62:28:c9:c9:06:39:32:db:5d:e8:00:a0:55:d7:65:
2a:81:49:fa:33:08:2d:c4:2a:55:b7:a8:ea:a2:45:
51:8d:d0:44:bd:45:60:d3:48:71:63:2d:45:de:55:
d5:10:1e:03:23:19:29:ba:7f:33:84:a9:8f:6e:f2:
2e:52:73:d5:57:12:40:4e:dd:80:19:ae:d4:a2:bc:
b8:08:f5:0f:f5:a7:28:5c:fe:89:30:04:80:48:97:
2b:bc:69:8b:85:46:58:eb:52:c5:45:f2:d5:56:51:
4f:fe:7c:a3:e2:cb:6a:f1:f9:fc:84:6d:bd:82:d3:
8e:07:65:a9:1f:6f:cf:54:15:7a:62:79:e8:3e:5f:
9d:20:83:83:fe:c6:4b:5d:ed:0f:c9:7f:c1:31:6b:
8d:b4:2d:31:61:26:78:21:4f:47:0d:84:eb:fc:00:
42:1b:7c:57:39:b2:14:4d:29:2f:b2:94:da:bc:15:
8c:1c:1d:98:43:22:25:7b:ad:4e:49:10:15:7b:9d:
cd:11:69:64:76:a6:25:9f:d9:20:b7:46:e8:24:2f:
1d:37:c5:ae:0b:13:ab:92:75:08:4e:e4:c5:01:71:
50:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:94:26:D2:B8:30:43:E7:C9:60:C3:2A:38:1C:21:A0:BA:56:3D:BB
X509v3 Authority Key Identifier:
keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/3134372e3132352e3133322e302f32342d3234203d3e20323134343332.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.125.132.0/24
Signature Algorithm: sha256WithRSAEncryption
1a:25:d1:22:cb:04:dd:84:5e:8c:ff:d3:97:3f:f8:07:e7:42:
5e:5d:dd:95:a9:e7:21:d3:d8:9f:9e:df:14:6e:4b:30:27:ac:
39:05:14:20:7d:ac:42:1b:7b:6f:d7:2f:1f:24:72:8b:27:da:
66:f5:ae:43:32:35:f3:13:5b:38:72:fb:17:78:9e:90:ca:11:
da:df:c9:b0:f9:1d:57:f0:67:f5:dc:22:67:1e:de:fc:f6:82:
77:f0:c6:88:50:3a:9b:f5:aa:9c:0f:37:05:20:f1:7f:ce:50:
fd:25:fb:2b:c4:8d:1c:7c:9a:b4:6a:43:b0:14:52:1f:ea:80:
ff:5f:07:dd:bf:cb:9e:b0:12:9a:60:80:d9:68:2c:dc:6e:74:
10:5d:ee:85:47:e5:1d:fd:c6:11:f8:43:cc:2b:c0:26:15:aa:
e5:3e:40:b0:c3:50:e6:43:34:94:1d:9e:f3:9f:cc:8e:98:e3:
39:73:d7:a2:bb:33:74:2e:f9:e9:3f:2b:42:50:15:99:e7:11:
72:b2:0a:8e:fc:a4:77:ed:70:bb:3e:33:ef:1b:5e:fe:e2:93:
79:c2:77:81:00:de:28:08:1d:0b:ae:48:ee:ae:4c:17:f2:94:
0e:31:6f:21:f6:c2:e8:b8:65:d2:cb:ae:77:a1:12:f0:6d:d1:
ae:89:36:43
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUTslgBWBfemCUBEpdvjyYRJdGMagwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MjEwOTA0MTBaFw0yNzA0MjAwOTA5MTBaMDMxMTAvBgNV
BAMTKDg1OTQyNkQyQjgzMDQzRTdDOTYwQzMyQTM4MUMyMUEwQkE1NjNEQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYH375Mzt0PKu2Mq8OjDuprem1
k50jYPGcLrc01GIoyckGOTLbXegAoFXXZSqBSfozCC3EKlW3qOqiRVGN0ES9RWDT
SHFjLUXeVdUQHgMjGSm6fzOEqY9u8i5Sc9VXEkBO3YAZrtSivLgI9Q/1pyhc/okw
BIBIlyu8aYuFRljrUsVF8tVWUU/+fKPiy2rx+fyEbb2C044HZakfb89UFXpieeg+
X50gg4P+xktd7Q/Jf8Exa420LTFhJnghT0cNhOv8AEIbfFc5shRNKS+ylNq8FYwc
HZhDIiV7rU5JEBV7nc0RaWR2piWf2SC3RugkLx03xa4LE6uSdQhO5MUBcVDhAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUhZQm0rgwQ+fJYMMqOBwhoLpWPbswHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEt
YzM4NS00YjY1LTk4NjYtNGY2MzgzMTcyNjcyLzAvMzEzNDM3MmUzMTMyMzUyZTMx
MzMzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNDM0MzMzMi5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAJN9hDANBgkqhkiG9w0BAQsFAAOCAQEAGiXRIssE3YRejP/Tlz/4B+dCXl3d
lannIdPYn57fFG5LMCesOQUUIH2sQht7b9cvHyRyiyfaZvWuQzI18xNbOHL7F3ie
kMoR2t/JsPkdV/Bn9dwiZx7e/PaCd/DGiFA6m/WqnA83BSDxf85Q/SX7K8SNHHya
tGpDsBRSH+qA/18H3b/LnrASmmCA2Wgs3G50EF3uhUflHf3GEfhDzCvAJhWq5T5A
sMNQ5kM0lB2e85/MjpjjOXPXorszdC756T8rQlAVmecRcrIKjvykd+1wuz4z7xte
/uKTecJ3gQDeKAgdC65I7q5MF/KUDjFvIfbC6Lhl0suud6ES8G3Rrok2Qw==
-----END CERTIFICATE-----
Generated at Mon Apr 27 07:55:05 2026 by rpki-client