Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3138352e3231322e3131332e302f32342d3234203d3e20343032313836.roa
File: 3138352e3231322e3131332e302f32342d3234203d3e20343032313836.roa (raw, json)
Hash identifier: ig0KEkzJrn7cj9kmG3pO4IsDWol5Xes9935Oi26Jres=
Subject key identifier: B8:4D:3B:5B:FC:66:3A:70:F4:46:69:7D:8C:7F:C1:7B:10:FF:6A:60
Certificate issuer: /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial: 629C09D2A43C1D292340C90FABE9DC0768956F1F
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3138352e3231322e3131332e302f32342d3234203d3e20343032313836.roa
Signing time: Thu 12 Mar 2026 03:03:01 +0000
ROA not before: Thu 12 Mar 2026 02:58:01 +0000
ROA not after: Thu 11 Mar 2027 03:03:01 +0000
asID: 402186
IP address blocks: 185.212.113.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Mar 2026 05:49:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
62:9c:09:d2:a4:3c:1d:29:23:40:c9:0f:ab:e9:dc:07:68:95:6f:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
Validity
Not Before: Mar 12 02:58:01 2026 GMT
Not After : Mar 11 03:03:01 2027 GMT
Subject: CN=B84D3B5BFC663A70F446697D8C7FC17B10FF6A60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:a1:90:c0:72:5e:61:96:fb:f0:e8:33:84:86:
78:ee:b2:10:c4:a2:46:45:6b:65:c2:80:6e:ed:8c:
83:bf:82:a4:ee:04:32:96:ca:0f:ea:56:e5:ee:e4:
57:5f:8e:1c:79:49:1a:96:92:e7:0f:76:d3:5a:21:
b7:fb:7f:c5:8f:04:ec:66:ed:2f:77:e3:98:ab:a9:
14:45:b1:bb:ed:cb:8d:21:de:6d:48:5e:1f:f8:cb:
a1:6a:f2:81:26:9f:f6:17:b8:8d:12:69:85:4b:c1:
e6:c7:f6:9e:51:97:48:c1:f4:d1:33:a9:4e:20:5d:
43:e7:62:11:7c:5a:66:b6:be:92:2a:7a:0b:4c:df:
06:bc:90:c9:c5:18:f7:c3:6b:f3:92:5b:ec:ec:c0:
c4:16:9a:3d:6c:7b:c2:64:ee:27:46:0e:f8:c1:95:
21:b5:5d:44:c2:ba:ed:49:e6:e6:9b:98:84:89:4f:
b4:df:c2:f4:93:dc:23:f1:b6:2d:2f:8d:c9:92:ef:
23:7a:d8:7b:2e:c7:5d:10:82:ff:83:06:98:7c:dc:
d9:ba:33:78:ac:74:c8:f0:0a:c8:b7:c4:72:cd:fc:
f3:64:42:08:c8:7e:12:86:1c:3e:23:8a:be:53:1c:
37:42:85:66:10:fb:4a:c3:ae:55:fb:ec:77:b3:a1:
86:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:4D:3B:5B:FC:66:3A:70:F4:46:69:7D:8C:7F:C1:7B:10:FF:6A:60
X509v3 Authority Key Identifier:
keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3138352e3231322e3131332e302f32342d3234203d3e20343032313836.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.212.113.0/24
Signature Algorithm: sha256WithRSAEncryption
20:0b:4c:68:c2:43:b6:96:cc:55:b1:47:66:5a:24:1a:5a:54:
a4:30:6a:0a:a2:8e:46:fe:89:57:a1:72:17:d7:f7:da:9f:3d:
e9:ee:fa:4d:96:a9:27:24:3d:20:06:ed:e8:4f:72:c9:73:d4:
91:4d:33:10:be:c7:ad:89:d4:e0:2e:9e:51:93:c0:4b:e3:27:
9c:52:ae:93:ef:a0:29:59:7f:06:b2:1f:86:d4:e5:de:d8:87:
5a:1e:7e:48:20:28:7b:80:3c:10:c9:db:f0:90:a1:ef:5b:6c:
0f:33:90:83:d6:af:73:b0:c4:45:2a:90:76:16:3d:88:04:34:
86:ef:fb:17:b1:29:ba:fa:bb:12:7f:24:c3:77:f4:53:0e:fa:
ba:04:fc:b0:eb:5c:86:45:09:8e:f8:d4:74:80:7c:0e:03:98:
25:c9:47:0f:09:a3:06:cb:dc:05:2c:9b:34:24:aa:ea:83:6b:
cc:e2:10:0a:63:eb:2c:79:26:e9:a5:d5:3a:4a:73:39:b9:36:
54:98:ce:01:ff:af:8f:5f:1d:d7:1b:6b:af:19:69:65:10:7f:
bc:0c:c7:e8:53:95:f6:94:89:c9:20:82:de:a1:d6:a4:17:e1:
cf:89:76:42:fd:88:96:61:d5:96:11:c3:9c:b0:7b:2d:2b:b6:
59:ed:1c:e3
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUYpwJ0qQ8HSkjQMkPq+ncB2iVbx8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNjAzMTIwMjU4MDFaFw0yNzAzMTEwMzAzMDFaMDMxMTAvBgNV
BAMTKEI4NEQzQjVCRkM2NjNBNzBGNDQ2Njk3RDhDN0ZDMTdCMTBGRjZBNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcoZDAcl5hlvvw6DOEhnjushDE
okZFa2XCgG7tjIO/gqTuBDKWyg/qVuXu5Fdfjhx5SRqWkucPdtNaIbf7f8WPBOxm
7S9345irqRRFsbvty40h3m1IXh/4y6Fq8oEmn/YXuI0SaYVLwebH9p5Rl0jB9NEz
qU4gXUPnYhF8Wma2vpIqegtM3wa8kMnFGPfDa/OSW+zswMQWmj1se8Jk7idGDvjB
lSG1XUTCuu1J5uabmISJT7TfwvST3CPxti0vjcmS7yN62Hsux10Qgv+DBph83Nm6
M3isdMjwCsi3xHLN/PNkQgjIfhKGHD4jir5THDdChWYQ+0rDrlX77HezoYaVAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUuE07W/xmOnD0Rml9jH/BexD/amAwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzODM1MmUzMjMxMzIyZTMx
MzEzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMjMxMzgzNi5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnUcTANBgkqhkiG9w0BAQsFAAOCAQEAIAtMaMJDtpbMVbFHZlokGlpUpDBq
CqKORv6JV6FyF9f32p896e76TZapJyQ9IAbt6E9yyXPUkU0zEL7HrYnU4C6eUZPA
S+MnnFKuk++gKVl/BrIfhtTl3tiHWh5+SCAoe4A8EMnb8JCh71tsDzOQg9avc7DE
RSqQdhY9iAQ0hu/7F7Epuvq7En8kw3f0Uw76ugT8sOtchkUJjvjUdIB8DgOYJclH
DwmjBsvcBSybNCSq6oNrzOIQCmPrLHkm6aXVOkpzObk2VJjOAf+vj18d1xtrrxlp
ZRB/vAzH6FOV9pSJySCC3qHWpBfhz4l2Qv2IlmHVlhHDnLB7LSu2We0c4w==
-----END CERTIFICATE-----
Generated at Sat Mar 14 13:53:50 2026 by rpki-client