Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230332e302f32342d3234203d3e20343032323134.roa
File: 3231372e3231362e3230332e302f32342d3234203d3e20343032323134.roa (raw, json)
Hash identifier: PB+7Ui1N0nwhjBRUNRioC+ZaZj8Oqapu1Z/Bm6HWLM0=
Subject key identifier: E8:BB:0F:88:F1:72:A5:95:41:7B:8F:60:B7:53:7C:56:D2:57:D0:D2
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 580EB4B8C90C38AD1F59BFC29845489B4A95214C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230332e302f32342d3234203d3e20343032323134.roa
Signing time: Sun 19 Apr 2026 07:29:32 +0000
ROA not before: Sun 19 Apr 2026 07:24:32 +0000
ROA not after: Sun 18 Apr 2027 07:29:32 +0000
asID: 402214
IP address blocks: 217.216.203.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 10:56:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
58:0e:b4:b8:c9:0c:38:ad:1f:59:bf:c2:98:45:48:9b:4a:95:21:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Apr 19 07:24:32 2026 GMT
Not After : Apr 18 07:29:32 2027 GMT
Subject: CN=E8BB0F88F172A595417B8F60B7537C56D257D0D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:35:c7:41:6c:6b:06:f3:ab:14:f7:8d:e9:43:
55:5d:cc:29:f9:af:18:cc:89:da:f3:32:77:34:47:
ae:84:cf:94:a6:94:ce:07:2b:b9:28:01:1a:83:f7:
fa:aa:2d:f9:03:3b:ad:6e:1e:43:98:e7:cd:18:e5:
78:05:5f:c8:da:e6:4a:6d:bd:da:2b:94:64:61:c9:
d1:3c:2b:87:11:82:20:a8:1e:72:58:34:58:a7:7e:
1e:65:a9:a2:1e:45:6f:f8:a4:d6:45:5a:2e:89:23:
4c:7c:69:6a:65:e8:3c:9b:92:19:2b:ab:55:5a:54:
7d:f1:59:00:80:9b:be:47:68:af:a1:a1:44:37:29:
d4:9b:8c:3a:4b:a5:55:a3:c1:1e:87:13:ac:16:d7:
e8:e4:1c:ea:ec:b0:14:72:22:9d:57:e0:43:dc:38:
73:52:7e:a4:67:05:81:80:3a:6f:0b:a3:e3:cc:cb:
9b:a0:27:64:e1:9c:0f:d7:a4:8c:8c:9c:70:f1:42:
d9:89:66:3f:79:c5:5f:2f:85:27:2f:bc:dd:ae:bd:
5b:da:fd:55:62:54:d2:df:33:79:41:d5:de:85:cd:
cc:e1:25:b0:e0:27:dc:5d:b5:9b:f3:77:ea:ef:89:
13:76:84:3a:1c:63:a4:a6:0d:19:e7:24:25:a8:8f:
75:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:BB:0F:88:F1:72:A5:95:41:7B:8F:60:B7:53:7C:56:D2:57:D0:D2
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3230332e302f32342d3234203d3e20343032323134.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.216.203.0/24
Signature Algorithm: sha256WithRSAEncryption
02:86:d7:34:b7:db:04:c1:d0:1b:68:83:72:81:e3:f9:7f:3e:
49:dc:5f:9b:35:c0:1f:5e:1e:5c:fb:0d:12:09:ca:96:2d:5f:
78:d8:72:42:2b:af:d0:5a:8b:9e:ad:ac:9b:77:b2:e1:b3:9c:
f8:63:8b:bd:70:ec:b6:83:30:48:cd:35:d0:8d:c8:25:a5:c1:
21:11:30:2c:a7:00:64:f4:b6:36:d8:23:87:51:7d:8a:25:4b:
7d:4a:70:11:a1:3d:85:89:1c:91:f4:b0:6d:a6:4a:24:5c:26:
c8:7f:49:5d:28:e9:d2:2a:3e:f3:00:c4:5b:a9:a2:b7:a2:58:
17:d1:07:ac:9c:f6:05:48:e0:b5:f3:f1:28:4f:38:80:1a:60:
4d:55:3c:b4:ea:10:66:73:8e:bd:51:26:63:78:90:ff:7c:e3:
7d:60:0d:86:38:70:4f:b3:36:26:a7:95:bf:2b:ac:84:99:b4:
3e:a1:23:62:87:b0:4c:b3:16:68:60:6e:02:9f:15:b6:28:88:
86:fb:bb:5c:3e:df:fe:44:60:e3:8b:5d:4a:32:e2:55:a0:5d:
5d:b6:4e:8d:d3:90:39:9c:5b:50:40:04:6c:f2:93:be:bb:fb:
22:71:54:3d:db:57:22:5e:82:dc:4a:29:74:9d:21:06:5e:90:
57:1d:c0:0c
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUWA60uMkMOK0fWb/CmEVIm0qVIUwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MTkwNzI0MzJaFw0yNzA0MTgwNzI5MzJaMDMxMTAvBgNV
BAMTKEU4QkIwRjg4RjE3MkE1OTU0MTdCOEY2MEI3NTM3QzU2RDI1N0QwRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrNcdBbGsG86sU943pQ1VdzCn5
rxjMidrzMnc0R66Ez5SmlM4HK7koARqD9/qqLfkDO61uHkOY580Y5XgFX8ja5kpt
vdorlGRhydE8K4cRgiCoHnJYNFinfh5lqaIeRW/4pNZFWi6JI0x8aWpl6Dybkhkr
q1VaVH3xWQCAm75HaK+hoUQ3KdSbjDpLpVWjwR6HE6wW1+jkHOrssBRyIp1X4EPc
OHNSfqRnBYGAOm8Lo+PMy5ugJ2ThnA/XpIyMnHDxQtmJZj95xV8vhScvvN2uvVva
/VViVNLfM3lB1d6FzczhJbDgJ9xdtZvzd+rviRN2hDocY6SmDRnnJCWoj3X7AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU6LsPiPFypZVBe49gt1N8VtJX0NIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMy
MzAzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMjMyMzEzNC5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnYyzANBgkqhkiG9w0BAQsFAAOCAQEAAobXNLfbBMHQG2iDcoHj+X8+Sdxf
mzXAH14eXPsNEgnKli1feNhyQiuv0FqLnq2sm3ey4bOc+GOLvXDstoMwSM010I3I
JaXBIREwLKcAZPS2Ntgjh1F9iiVLfUpwEaE9hYkckfSwbaZKJFwmyH9JXSjp0io+
8wDEW6mit6JYF9EHrJz2BUjgtfPxKE84gBpgTVU8tOoQZnOOvVEmY3iQ/3zjfWAN
hjhwT7M2JqeVvyushJm0PqEjYoewTLMWaGBuAp8VtiiIhvu7XD7f/kRg44tdSjLi
VaBdXbZOjdOQOZxbUEAEbPKTvrv7InFUPdtXIl6C3EopdJ0hBl6QVx3ADA==
-----END CERTIFICATE-----
Generated at Mon Apr 20 00:26:24 2026 by rpki-client