Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230312e302f32342d3234203d3e20343032323938.roa
File: 3231372e3231362e3230312e302f32342d3234203d3e20343032323938.roa (raw, json)
Hash identifier: 8H4G07KB/jyg8KYM06LACj0k0poubFjfBCWISz9Ns+w=
Subject key identifier: 6E:A5:8B:3A:E1:F6:CD:15:7E:25:8A:B2:32:29:2A:77:B2:80:63:5C
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 515BEE49FEE6100AF7C79E545E16FD9B1703FEB3
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230312e302f32342d3234203d3e20343032323938.roa
Signing time: Thu 30 Apr 2026 13:18:35 +0000
ROA not before: Thu 30 Apr 2026 13:13:35 +0000
ROA not after: Thu 29 Apr 2027 13:18:35 +0000
asID: 402298
IP address blocks: 217.216.201.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 01 May 2026 14:07:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:5b:ee:49:fe:e6:10:0a:f7:c7:9e:54:5e:16:fd:9b:17:03:fe:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Apr 30 13:13:35 2026 GMT
Not After : Apr 29 13:18:35 2027 GMT
Subject: CN=6EA58B3AE1F6CD157E258AB232292A77B280635C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:8f:e5:93:65:c5:7e:9d:01:8c:ba:56:53:1f:
6b:21:0c:b1:e5:8c:78:04:ac:50:b3:0c:b5:c3:33:
46:1c:12:43:dc:ef:b0:06:95:68:ae:27:b1:a5:7f:
fb:bc:eb:8b:31:73:5a:49:ce:d2:6c:3e:70:5d:70:
97:08:c7:9d:7e:c4:48:31:66:94:4c:ff:6b:60:f6:
d6:25:30:fc:63:b9:be:c9:7c:b8:30:92:b2:d4:16:
0b:e4:8e:84:2d:73:0f:a9:fc:7d:18:c9:1f:bd:ef:
b6:a6:68:70:d1:e0:1c:ba:45:c2:78:02:f5:52:fc:
1e:6a:4a:1f:d9:2c:16:76:1b:d8:9f:4c:47:32:e1:
57:60:91:5f:03:4e:22:76:37:0e:74:06:97:2c:01:
ec:7e:35:5e:1f:89:b9:cc:ea:d0:69:ab:50:a7:96:
c2:49:ff:e4:3c:43:8a:7c:a6:41:1c:49:b6:d8:03:
dd:97:23:02:0d:67:69:51:2b:30:88:92:f6:71:e3:
96:19:1e:ef:0c:b5:31:69:af:1c:3f:77:fd:9d:29:
ea:d4:d5:97:32:0e:23:d9:6c:dd:3c:bf:5c:fd:25:
9e:05:9e:a1:82:23:9f:cd:bd:75:a2:c9:9a:2a:01:
60:99:2e:aa:94:05:29:3c:d6:28:8b:f7:3b:c6:51:
1e:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:A5:8B:3A:E1:F6:CD:15:7E:25:8A:B2:32:29:2A:77:B2:80:63:5C
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230312e302f32342d3234203d3e20343032323938.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.216.201.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:f5:c2:a4:3a:3d:f2:3c:aa:b4:f3:1d:a7:1d:43:08:8a:66:
e1:22:c6:4a:68:1d:73:86:ef:23:06:a7:24:7a:1c:f2:ad:c4:
5f:7f:d2:0b:8f:56:52:de:97:2b:a0:66:66:f4:93:23:2a:b4:
6a:3e:ca:7c:2f:7d:cc:37:a9:f8:74:71:b5:8c:e5:4e:9e:be:
98:e7:5f:f2:80:8c:22:43:c8:05:e6:17:02:aa:29:f3:79:56:
b6:d5:04:2b:6c:8d:f3:76:49:d9:25:f5:b5:be:11:db:af:1d:
9e:86:52:1c:3e:7d:66:b1:9a:f2:bd:19:6f:fa:7e:63:d1:31:
88:cf:86:74:ab:d3:1a:b5:c3:e9:ee:eb:73:8b:0f:df:0d:67:
ae:bd:06:9e:4e:2a:a4:21:d5:e2:ae:2b:a2:b8:bd:15:3f:c5:
30:d5:96:31:7d:5f:91:5b:27:8e:5f:18:26:67:c0:e9:14:87:
db:4a:34:da:20:99:09:56:a5:51:93:5f:ff:bb:9d:a1:f9:c5:
2c:b3:c8:22:51:84:75:32:43:d1:4c:e3:dd:2f:c8:43:cd:94:
85:f6:05:dc:b7:66:c0:0b:10:3c:02:9d:f2:74:db:9a:c4:92:
aa:fc:74:68:4b:90:7f:cf:66:0a:9b:e9:d8:67:5c:a0:6a:97:
52:d4:ac:51
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUUVvuSf7mEAr3x55UXhb9mxcD/rMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MzAxMzEzMzVaFw0yNzA0MjkxMzE4MzVaMDMxMTAvBgNV
BAMTKDZFQTU4QjNBRTFGNkNEMTU3RTI1OEFCMjMyMjkyQTc3QjI4MDYzNUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtj+WTZcV+nQGMulZTH2shDLHl
jHgErFCzDLXDM0YcEkPc77AGlWiuJ7Glf/u864sxc1pJztJsPnBdcJcIx51+xEgx
ZpRM/2tg9tYlMPxjub7JfLgwkrLUFgvkjoQtcw+p/H0YyR+977amaHDR4By6RcJ4
AvVS/B5qSh/ZLBZ2G9ifTEcy4VdgkV8DTiJ2Nw50BpcsAex+NV4fibnM6tBpq1Cn
lsJJ/+Q8Q4p8pkEcSbbYA92XIwINZ2lRKzCIkvZx45YZHu8MtTFprxw/d/2dKerU
1ZcyDiPZbN08v1z9JZ4FnqGCI5/NvXWiyZoqAWCZLqqUBSk81iiL9zvGUR7tAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUbqWLOuH2zRV+JYqyMikqd7KAY1wwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMy
MzAzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMjMyMzkzOC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnYyTANBgkqhkiG9w0BAQsFAAOCAQEAi/XCpDo98jyqtPMdpx1DCIpm4SLG
Smgdc4bvIwanJHoc8q3EX3/SC49WUt6XK6BmZvSTIyq0aj7KfC99zDep+HRxtYzl
Tp6+mOdf8oCMIkPIBeYXAqop83lWttUEK2yN83ZJ2SX1tb4R268dnoZSHD59ZrGa
8r0Zb/p+Y9ExiM+GdKvTGrXD6e7rc4sP3w1nrr0Gnk4qpCHV4q4rori9FT/FMNWW
MX1fkVsnjl8YJmfA6RSH20o02iCZCValUZNf/7udofnFLLPIIlGEdTJD0Uzj3S/I
Q82UhfYF3LdmwAsQPAKd8nTbmsSSqvx0aEuQf89mCpvp2GdcoGqXUtSsUQ==
-----END CERTIFICATE-----
Generated at Thu Apr 30 17:26:35 2026 by rpki-client