Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35332e302f32342d3234203d3e20323031333431.roa
File: 3138352e3136332e35332e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier: BtGTxykmgxrs1TtxuMuBFgDM6ipCDCOOr5Kd1iviZmo=
Subject key identifier: CE:23:E9:92:F9:13:4A:61:E3:4F:33:72:06:0A:04:55:A5:7E:31:FB
Certificate issuer: /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial: 5FC219D3266DD71E14D328F965407FA09C0A356E
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35332e302f32342d3234203d3e20323031333431.roa
Signing time: Mon 29 Dec 2025 09:50:33 +0000
ROA not before: Mon 29 Dec 2025 09:45:33 +0000
ROA not after: Mon 28 Dec 2026 09:50:33 +0000
asID: 201341
IP address blocks: 185.163.53.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 23 Feb 2026 21:36:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5f:c2:19:d3:26:6d:d7:1e:14:d3:28:f9:65:40:7f:a0:9c:0a:35:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Validity
Not Before: Dec 29 09:45:33 2025 GMT
Not After : Dec 28 09:50:33 2026 GMT
Subject: CN=CE23E992F9134A61E34F3372060A0455A57E31FB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:65:ba:ce:e7:c0:55:d0:5d:cd:1e:b4:ae:ca:
47:9d:95:93:2b:03:d0:02:5c:7a:1a:30:2f:8b:c4:
9d:05:4e:1e:6b:34:52:70:1d:bd:c9:39:6f:a3:2d:
98:37:11:05:8d:5a:50:7f:d9:52:0c:11:8f:fc:22:
4f:65:d8:c5:1a:e2:da:ac:14:e5:9d:cc:78:91:f2:
79:9e:0b:8d:d7:89:8e:6d:b7:84:21:b4:c4:97:e2:
7d:2c:a0:7d:4b:64:ae:6b:da:c6:79:a0:6a:69:d1:
ec:79:a8:d1:bc:21:72:1f:73:84:f6:0b:0f:03:f7:
33:0e:52:00:d1:a4:9f:6e:d0:95:1c:c8:d7:f3:00:
68:ac:29:68:eb:3c:62:05:d2:5e:57:b9:cd:dd:f2:
9f:67:ef:ee:1d:e8:68:6f:b7:de:eb:49:e5:58:79:
7a:e3:b0:a5:84:4d:6e:6e:7b:19:4a:6c:63:cc:d5:
05:ee:4f:5a:a2:c1:09:aa:95:a3:2a:6e:16:5a:bb:
55:55:d2:4e:d7:25:c8:b7:42:68:82:0d:1f:d6:20:
df:21:7f:3a:0c:84:48:91:35:94:fa:fe:61:8c:4b:
8c:3c:af:f2:90:84:fb:cb:cf:44:65:7b:ac:df:fb:
c3:54:4e:c4:da:57:ed:7d:52:fb:89:60:ba:ae:16:
f2:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:23:E9:92:F9:13:4A:61:E3:4F:33:72:06:0A:04:55:A5:7E:31:FB
X509v3 Authority Key Identifier:
keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3136332e35332e302f32342d3234203d3e20323031333431.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.163.53.0/24
Signature Algorithm: sha256WithRSAEncryption
45:bc:c1:75:de:3e:cc:43:d3:27:0b:70:80:92:87:a4:9d:e9:
23:d4:30:81:bd:d6:82:7f:ec:a6:83:cf:e2:a4:62:fc:38:b4:
82:b4:8a:1b:98:d9:a8:52:50:84:7d:35:9a:e0:66:0a:e8:b1:
4e:12:6a:8f:23:7b:ca:ce:63:2e:61:de:8b:ee:55:1a:4e:48:
e0:bb:d0:64:2c:00:ac:d7:b4:50:b4:26:19:6c:bd:c1:25:3d:
54:2b:89:84:f4:98:be:cf:54:44:ba:26:0a:bf:91:8b:b1:35:
e7:a7:64:20:7a:5b:a0:fa:57:1e:2d:cd:2e:af:99:3b:92:33:
28:fc:95:db:fc:70:4b:d4:40:f7:34:3f:08:1e:3a:a3:d4:17:
65:7e:02:de:a8:f5:26:c3:d4:42:71:89:eb:ca:e6:f5:42:82:
3b:fc:5b:45:9b:c1:5c:bc:25:75:b9:dc:bf:8a:e6:aa:a4:aa:
a7:a1:75:f7:60:35:e6:15:52:8d:1f:f3:2e:4e:b9:7e:72:64:
9f:f3:70:0d:8f:dd:68:54:ca:78:c9:33:4f:13:e3:66:76:89:
c2:79:57:98:89:9e:50:08:c6:47:76:d8:59:8c:71:87:15:f1:
c3:08:aa:e4:aa:fd:24:8b:c3:59:12:14:47:9c:01:ae:52:20:
f4:aa:19:4c
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUX8IZ0yZt1x4U0yj5ZUB/oJwKNW4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNTEyMjkwOTQ1MzNaFw0yNjEyMjgwOTUwMzNaMDMxMTAvBgNV
BAMTKENFMjNFOTkyRjkxMzRBNjFFMzRGMzM3MjA2MEEwNDU1QTU3RTMxRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSZbrO58BV0F3NHrSuykedlZMr
A9ACXHoaMC+LxJ0FTh5rNFJwHb3JOW+jLZg3EQWNWlB/2VIMEY/8Ik9l2MUa4tqs
FOWdzHiR8nmeC43XiY5tt4QhtMSX4n0soH1LZK5r2sZ5oGpp0ex5qNG8IXIfc4T2
Cw8D9zMOUgDRpJ9u0JUcyNfzAGisKWjrPGIF0l5Xuc3d8p9n7+4d6Ghvt97rSeVY
eXrjsKWETW5uexlKbGPM1QXuT1qiwQmqlaMqbhZau1VV0k7XJci3QmiCDR/WIN8h
fzoMhEiRNZT6/mGMS4w8r/KQhPvLz0Rle6zf+8NUTsTaV+19UvuJYLquFvLFAgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQUziPpkvkTSmHjTzNyBgoEVaV+MfswHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzYz
MzJlMzUzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMTMzMzQzMS5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQC
AAEwBgMEALmjNTANBgkqhkiG9w0BAQsFAAOCAQEARbzBdd4+zEPTJwtwgJKHpJ3p
I9Qwgb3Wgn/spoPP4qRi/Di0grSKG5jZqFJQhH01muBmCuixThJqjyN7ys5jLmHe
i+5VGk5I4LvQZCwArNe0ULQmGWy9wSU9VCuJhPSYvs9URLomCr+Ri7E156dkIHpb
oPpXHi3NLq+ZO5IzKPyV2/xwS9RA9zQ/CB46o9QXZX4C3qj1JsPUQnGJ68rm9UKC
O/xbRZvBXLwldbncv4rmqqSqp6F192A15hVSjR/zLk65fnJkn/NwDY/daFTKeMkz
TxPjZnaJwnlXmImeUAjGR3bYWYxxhxXxwwiq5Kr9JIvDWRIUR5wBrlIg9KoZTA==
-----END CERTIFICATE-----
Generated at Mon Feb 23 03:00:46 2026 by rpki-client