Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e20333939343638.roa
File: 322e35382e38352e302f32342d3234203d3e20333939343638.roa (raw, json)
Hash identifier: DxOq5kGC1UY7gmuJl9GjMiorjvhCP4eEet6VwfLbzJ4=
Subject key identifier: 88:D0:B9:4B:75:1F:F9:15:BC:1D:AE:F0:BA:15:F8:E5:9D:09:EE:00
Certificate issuer: /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial: 040F064B7F47B2B42C871045752DF54F037EF983
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e20333939343638.roa
Signing time: Wed 22 Apr 2026 13:28:05 +0000
ROA not before: Wed 22 Apr 2026 13:23:05 +0000
ROA not after: Wed 21 Apr 2027 13:28:05 +0000
asID: 399468
IP address blocks: 2.58.85.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 24 Apr 2026 08:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:0f:06:4b:7f:47:b2:b4:2c:87:10:45:75:2d:f5:4f:03:7e:f9:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
Validity
Not Before: Apr 22 13:23:05 2026 GMT
Not After : Apr 21 13:28:05 2027 GMT
Subject: CN=88D0B94B751FF915BC1DAEF0BA15F8E59D09EE00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:d9:be:3f:2a:1e:ec:31:fd:ce:7d:f7:c5:50:
c0:b0:e4:1d:7b:ac:55:eb:13:98:ae:69:7e:64:d3:
a9:ea:eb:cb:e3:b2:c0:9d:e5:c2:a4:d8:a1:f5:5e:
84:b1:bb:20:63:1c:cc:04:81:d0:cc:81:31:bc:41:
4b:0d:ab:b2:e8:fb:c6:ed:9a:67:0f:bf:c0:67:fe:
84:6f:0a:f1:fe:65:89:ae:6e:e7:55:4b:7c:c2:42:
db:5c:d5:38:e7:6d:23:f2:22:e3:77:71:28:f2:be:
cb:a0:5b:1c:6c:e9:b2:69:06:fa:08:43:cf:c3:12:
b0:4e:aa:3e:59:26:3e:63:70:24:d4:d4:82:f9:bd:
fb:8f:49:3c:85:67:6c:f3:76:9d:0a:06:f7:b7:33:
2b:e1:3c:c5:1f:28:f5:c7:33:69:53:56:a3:37:40:
cf:7d:5c:9c:11:a8:48:bf:a7:66:d1:cb:52:a0:59:
90:04:dc:7f:e7:f5:87:92:8c:e2:1c:49:68:c2:12:
bc:8e:97:8c:46:7d:bd:f5:21:b2:b0:6b:cf:9a:4a:
c8:0f:45:32:2a:5f:6e:ce:3b:81:80:3f:2f:3f:7e:
7d:61:2d:9a:8f:71:96:2a:01:9e:2b:bc:0e:8e:1b:
b7:63:0a:b3:a6:22:cf:00:bc:0e:2d:f3:46:5a:e8:
b4:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:D0:B9:4B:75:1F:F9:15:BC:1D:AE:F0:BA:15:F8:E5:9D:09:EE:00
X509v3 Authority Key Identifier:
keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/322e35382e38352e302f32342d3234203d3e20333939343638.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.85.0/24
Signature Algorithm: sha256WithRSAEncryption
ca:58:b5:9d:0c:a5:e0:1c:17:24:ae:4d:9a:a1:d5:0b:f6:64:
e9:8a:50:b8:e6:41:49:b7:c4:81:6d:4e:12:ce:b7:09:33:19:
e1:66:5d:d3:a8:82:7f:e4:a6:12:a3:a0:8a:3d:f5:5a:90:83:
78:a3:80:be:8e:1e:74:d9:cc:d3:0f:d7:63:94:d6:63:cf:5c:
e7:6d:98:1a:81:0d:e4:e3:1d:37:e7:f2:5e:3c:53:9c:c1:f4:
b0:7d:30:e7:94:77:08:82:5a:66:78:a2:1a:e9:78:88:61:0d:
5f:61:99:7d:e1:77:c8:82:30:ad:bf:a8:f2:b2:68:4a:dc:bb:
44:5c:1e:db:16:7f:5f:f5:cc:e8:8c:76:f7:ed:d2:d4:0a:4b:
1e:16:3f:6c:73:14:84:a8:85:8a:9c:59:15:9d:2c:50:6e:40:
09:db:27:d1:12:a2:3c:55:7f:7c:f9:e2:32:86:15:f0:16:bf:
1b:45:9a:e3:e1:4b:b7:cb:d8:3c:58:d9:c3:45:33:13:49:e6:
42:f0:7d:30:83:af:68:ed:c9:81:28:47:03:64:12:d8:26:d3:
7c:8f:c0:84:b0:9a:0e:ab:a5:fb:11:97:16:59:8b:e7:3b:9d:
45:f1:a9:3d:19:7e:97:7e:19:70:f4:bd:99:28:71:2c:23:e8:
56:70:0d:48
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBA8GS39HsrQshxBFdS31TwN++YMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNjA0MjIxMzIzMDVaFw0yNzA0MjExMzI4MDVaMDMxMTAvBgNV
BAMTKDg4RDBCOTRCNzUxRkY5MTVCQzFEQUVGMEJBMTVGOEU1OUQwOUVFMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC92b4/Kh7sMf3OfffFUMCw5B17
rFXrE5iuaX5k06nq68vjssCd5cKk2KH1XoSxuyBjHMwEgdDMgTG8QUsNq7Lo+8bt
mmcPv8Bn/oRvCvH+ZYmubudVS3zCQttc1TjnbSPyIuN3cSjyvsugWxxs6bJpBvoI
Q8/DErBOqj5ZJj5jcCTU1IL5vfuPSTyFZ2zzdp0KBve3MyvhPMUfKPXHM2lTVqM3
QM99XJwRqEi/p2bRy1KgWZAE3H/n9YeSjOIcSWjCEryOl4xGfb31IbKwa8+aSsgP
RTIqX27OO4GAPy8/fn1hLZqPcZYqAZ4rvA6OG7djCrOmIs8AvA4t80Za6LS1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUiNC5S3Uf+RW8Ha7wuhX45Z0J7gAwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzIyZTM1MzgyZTM4MzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzkzNDM2Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlUw
DQYJKoZIhvcNAQELBQADggEBAMpYtZ0MpeAcFySuTZqh1Qv2ZOmKULjmQUm3xIFt
ThLOtwkzGeFmXdOogn/kphKjoIo99VqQg3ijgL6OHnTZzNMP12OU1mPPXOdtmBqB
DeTjHTfn8l48U5zB9LB9MOeUdwiCWmZ4ohrpeIhhDV9hmX3hd8iCMK2/qPKyaErc
u0RcHtsWf1/1zOiMdvft0tQKSx4WP2xzFISohYqcWRWdLFBuQAnbJ9ESojxVf3z5
4jKGFfAWvxtFmuPhS7fL2DxY2cNFMxNJ5kLwfTCDr2jtyYEoRwNkEtgm03yPwISw
mg6rpfsRlxZZi+c7nUXxqT0Zfpd+GXD0vZkocSwj6FZwDUg=
-----END CERTIFICATE-----
Generated at Thu Apr 23 12:17:10 2026 by rpki-client