Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37332e302f32342d3234203d3e20383334.roa
File: 3134312e39382e37332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier: ZoqwxF6flCleiQTRy0QoD5BB4uSw/fV6aXoT5Yb1vik=
Subject key identifier: 0E:2A:86:CE:F0:CE:7C:05:75:82:B0:98:A5:F7:9E:98:F1:3D:15:4C
Certificate issuer: /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial: 37A902443CD429DE1522223892A43F0DD63D27F3
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37332e302f32342d3234203d3e20383334.roa
Signing time: Mon 01 Jun 2026 00:08:43 +0000
ROA not before: Mon 01 Jun 2026 00:03:43 +0000
ROA not after: Mon 31 May 2027 00:08:43 +0000
asID: 834
IP address blocks: 141.98.73.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 05 Jun 2026 07:00:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:a9:02:44:3c:d4:29:de:15:22:22:38:92:a4:3f:0d:d6:3d:27:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
Validity
Not Before: Jun 1 00:03:43 2026 GMT
Not After : May 31 00:08:43 2027 GMT
Subject: CN=0E2A86CEF0CE7C057582B098A5F79E98F13D154C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:f7:fb:9c:6b:4a:75:19:95:25:34:5e:37:4a:
e3:32:fd:d6:2b:d0:44:59:2d:54:91:1a:64:2c:75:
fd:df:79:ed:27:ea:ef:1c:9c:16:29:08:d8:e8:72:
9b:f9:a9:b5:16:f3:af:59:b9:ca:03:ec:aa:dd:fc:
8c:b7:c4:91:91:a8:8a:97:50:9a:20:1e:ff:09:85:
6f:59:79:fd:e3:b1:91:8b:c5:f9:8a:99:1b:61:7a:
d6:e3:7b:91:af:ca:b1:7b:ef:93:af:ae:83:01:d3:
49:cb:40:53:20:1c:eb:c2:39:2b:47:4a:32:45:fc:
be:c7:fd:10:a6:e9:3f:df:85:34:53:61:b4:54:f1:
08:f1:7d:62:6f:69:c4:59:28:cc:0b:cb:9a:cc:b3:
86:98:e0:3e:cd:e8:b8:31:ca:34:a6:74:67:0e:27:
b3:06:f2:05:13:b4:14:1f:71:66:b7:82:46:7a:b5:
e6:f4:91:2f:86:31:fc:50:b8:18:7e:b9:ab:8e:33:
48:a2:f3:08:de:b3:d1:87:00:c9:76:f8:eb:db:83:
07:ba:b5:3e:a8:3d:1c:54:d0:80:04:a3:fc:53:0f:
52:7d:99:46:16:a4:04:90:4c:50:4b:6b:fd:76:9d:
cc:20:7c:a2:26:d1:34:4c:09:62:0e:93:0a:fe:c1:
51:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:2A:86:CE:F0:CE:7C:05:75:82:B0:98:A5:F7:9E:98:F1:3D:15:4C
X509v3 Authority Key Identifier:
keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3134312e39382e37332e302f32342d3234203d3e20383334.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.98.73.0/24
Signature Algorithm: sha256WithRSAEncryption
b2:62:b6:26:89:41:a2:b7:d8:f4:0d:60:e0:9d:8a:53:ea:69:
50:b2:f8:39:df:a2:5e:59:0e:0a:1c:ef:c0:1e:c8:c3:82:90:
bc:89:ea:74:97:d1:f8:98:47:a3:6b:91:bd:a7:9b:90:48:5c:
da:f1:14:db:11:a3:3d:6c:63:ea:36:3c:ce:fe:b7:25:e0:1d:
e2:8e:2b:87:99:51:3a:97:5b:3c:91:52:07:44:c6:f0:dc:97:
b0:fd:1d:bb:2f:36:29:83:2a:81:df:07:27:4b:6f:80:7f:cd:
ee:d1:eb:34:08:84:d8:04:67:e0:69:8c:64:b7:c9:49:2d:8d:
38:d1:67:1e:f4:b7:7c:c1:b4:6f:28:59:24:cb:d3:14:cf:05:
80:9a:d2:4c:2b:4a:29:c5:46:be:7b:26:23:86:78:ca:eb:61:
42:09:22:78:47:11:60:8f:00:0e:14:6b:a0:0b:b2:b9:1e:14:
2f:45:19:b5:ce:eb:29:13:06:81:1f:fb:24:00:a0:99:81:ae:
3f:cb:41:8f:60:8f:6c:21:18:a2:67:bf:fa:76:c4:ea:1c:a7:
15:f4:04:f9:52:21:7d:e1:9c:fa:eb:6e:70:98:06:38:f5:24:
6c:a9:c0:bd:62:ce:8d:3c:4a:02:f2:8e:eb:d6:46:7e:f5:af:
73:b0:dc:a5
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUN6kCRDzUKd4VIiI4kqQ/DdY9J/MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjA2MDEwMDAzNDNaFw0yNzA1MzEwMDA4NDNaMDMxMTAvBgNV
BAMTKDBFMkE4NkNFRjBDRTdDMDU3NTgyQjA5OEE1Rjc5RTk4RjEzRDE1NEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp9/uca0p1GZUlNF43SuMy/dYr
0ERZLVSRGmQsdf3fee0n6u8cnBYpCNjocpv5qbUW869ZucoD7Krd/Iy3xJGRqIqX
UJogHv8JhW9Zef3jsZGLxfmKmRthetbje5GvyrF775OvroMB00nLQFMgHOvCOStH
SjJF/L7H/RCm6T/fhTRTYbRU8QjxfWJvacRZKMwLy5rMs4aY4D7N6LgxyjSmdGcO
J7MG8gUTtBQfcWa3gkZ6teb0kS+GMfxQuBh+uauOM0ii8wjes9GHAMl2+Ovbgwe6
tT6oPRxU0IAEo/xTD1J9mUYWpASQTFBLa/12ncwgfKIm0TRMCWIOkwr+wVH5AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUDiqGzvDOfAV1grCYpfeemPE9FUwwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzEzNDMxMmUzOTM4MmUzNzMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWJJMA0G
CSqGSIb3DQEBCwUAA4IBAQCyYrYmiUGit9j0DWDgnYpT6mlQsvg536JeWQ4KHO/A
HsjDgpC8iep0l9H4mEeja5G9p5uQSFza8RTbEaM9bGPqNjzO/rcl4B3ijiuHmVE6
l1s8kVIHRMbw3Jew/R27LzYpgyqB3wcnS2+Af83u0es0CITYBGfgaYxkt8lJLY04
0Wce9Ld8wbRvKFkky9MUzwWAmtJMK0opxUa+eyYjhnjK62FCCSJ4RxFgjwAOFGug
C7K5HhQvRRm1zuspEwaBH/skAKCZga4/y0GPYI9sIRiiZ7/6dsTqHKcV9AT5UiF9
4Zz6625wmAY49SRsqcC9Ys6NPEoC8o7r1kZ+9a9zsNyl
-----END CERTIFICATE-----
Generated at Thu Jun 4 13:01:27 2026 by rpki-client