Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3231312e302f32342d3234203d3e203332343138.roa
File: 3231372e3231362e3231312e302f32342d3234203d3e203332343138.roa (raw, json)
Hash identifier: 6e/X5kGB72aJvsN37jehw8YXv3Da+wRnAoheb0Cl928=
Subject key identifier: 88:17:AC:E0:EE:EA:8C:49:76:4A:B1:00:D0:00:DC:F7:61:AA:FE:63
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 67AB064A596848F02750C5995EFD7CD89E90C8ED
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3231312e302f32342d3234203d3e203332343138.roa
Signing time: Wed 29 Apr 2026 09:18:12 +0000
ROA not before: Wed 29 Apr 2026 09:13:12 +0000
ROA not after: Wed 28 Apr 2027 09:18:12 +0000
asID: 32418
IP address blocks: 217.216.211.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 01 May 2026 14:07:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:ab:06:4a:59:68:48:f0:27:50:c5:99:5e:fd:7c:d8:9e:90:c8:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Apr 29 09:13:12 2026 GMT
Not After : Apr 28 09:18:12 2027 GMT
Subject: CN=8817ACE0EEEA8C49764AB100D000DCF761AAFE63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:99:3b:6f:d2:06:84:4f:a3:22:02:91:17:34:
72:8c:fd:aa:96:1a:03:72:07:37:1c:1b:c9:5e:92:
f5:4a:df:c9:45:c2:d6:0a:b8:42:7b:aa:1e:b1:42:
9a:5f:fe:af:68:f1:1b:5d:d3:e0:9a:b2:99:01:c1:
3e:87:ef:b7:ce:9f:80:09:26:a3:db:82:04:2f:dd:
b4:8e:f9:44:cb:dc:33:e6:4a:ed:a0:eb:9d:9d:7c:
a6:ca:49:f8:80:81:75:06:8f:1b:32:6e:69:0f:ce:
66:5f:33:5f:62:72:b3:fb:c5:a0:87:e9:9a:5d:1b:
84:70:4f:44:24:94:3b:bd:df:74:7b:99:54:e9:c4:
4f:3c:1f:fb:ff:d5:b0:4f:80:b5:e4:2d:41:a6:21:
6a:f8:92:a2:c5:d5:58:3d:0e:0e:90:1c:a4:48:b0:
dd:83:9a:c2:3d:ed:71:a2:59:8b:bd:3a:35:6e:ef:
f0:56:d3:1b:d4:06:4e:48:fe:ae:ed:dc:d3:b8:a9:
f8:90:5a:b3:b7:3b:a7:2a:6a:fa:bc:bf:a5:de:e8:
d3:59:4f:86:3a:d9:ae:29:c9:67:15:7f:c7:91:fc:
37:92:9e:85:30:23:df:e3:69:2e:67:20:5b:5d:04:
3f:4d:7d:54:16:1d:c7:22:79:14:dc:49:f1:5a:b1:
fa:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:17:AC:E0:EE:EA:8C:49:76:4A:B1:00:D0:00:DC:F7:61:AA:FE:63
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3231312e302f32342d3234203d3e203332343138.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.216.211.0/24
Signature Algorithm: sha256WithRSAEncryption
00:1d:c8:40:d5:f5:37:be:0e:98:a5:7e:38:9f:f1:68:35:67:
89:2d:fd:55:0c:70:71:34:49:e3:97:f0:4f:d5:24:9b:7b:c5:
0d:4a:6f:54:5e:f5:d5:03:f5:79:21:42:64:ef:b4:6d:83:27:
2b:82:d7:c5:a5:78:0b:79:10:fa:2c:1a:0d:35:2d:0b:96:d1:
96:e1:41:d2:f8:90:17:c7:98:3f:53:3a:f6:15:11:6f:6f:2d:
fa:ad:c4:ca:6a:2a:e4:ad:0e:02:8d:28:cc:00:7b:89:15:a0:
e8:b8:88:20:7c:6d:b3:c5:f8:b3:7a:67:e4:14:bb:da:98:9d:
91:35:01:23:24:06:4e:93:7c:e8:1f:7d:2d:24:f3:c9:d8:d4:
cc:6d:94:80:ee:87:fc:a8:c5:2b:18:4a:2d:b1:29:0e:10:74:
e4:84:3b:27:ef:2b:b4:e9:7b:82:9e:fa:8d:c4:f5:ed:75:e5:
19:03:0c:03:d1:8c:78:e9:c2:58:f5:6a:61:06:48:26:4e:31:
07:4a:57:00:b8:68:57:9e:d7:84:34:e4:f4:d3:fa:f6:02:f1:
26:0d:e4:11:41:f4:7b:eb:41:0e:2a:ad:b6:8b:91:06:2e:94:
8d:91:a8:51:d8:4c:0c:d3:54:c1:fd:0d:c5:47:d6:40:bf:ce:
7b:9e:41:4f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUZ6sGSlloSPAnUMWZXv182J6QyO0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MjkwOTEzMTJaFw0yNzA0MjgwOTE4MTJaMDMxMTAvBgNV
BAMTKDg4MTdBQ0UwRUVFQThDNDk3NjRBQjEwMEQwMDBEQ0Y3NjFBQUZFNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJmTtv0gaET6MiApEXNHKM/aqW
GgNyBzccG8lekvVK38lFwtYKuEJ7qh6xQppf/q9o8Rtd0+CaspkBwT6H77fOn4AJ
JqPbggQv3bSO+UTL3DPmSu2g652dfKbKSfiAgXUGjxsybmkPzmZfM19icrP7xaCH
6ZpdG4RwT0QklDu933R7mVTpxE88H/v/1bBPgLXkLUGmIWr4kqLF1Vg9Dg6QHKRI
sN2DmsI97XGiWYu9OjVu7/BW0xvUBk5I/q7t3NO4qfiQWrO3O6cqavq8v6Xe6NNZ
T4Y62a4pyWcVf8eR/DeSnoUwI9/jaS5nIFtdBD9NfVQWHccieRTcSfFasfq1AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUiBes4O7qjEl2SrEA0ADc92Gq/mMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMy
MzEzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzIzNDMxMzgucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADZ2NMwDQYJKoZIhvcNAQELBQADggEBAAAdyEDV9Te+Dpilfjif8Wg1Z4kt/VUM
cHE0SeOX8E/VJJt7xQ1Kb1Re9dUD9XkhQmTvtG2DJyuC18WleAt5EPosGg01LQuW
0ZbhQdL4kBfHmD9TOvYVEW9vLfqtxMpqKuStDgKNKMwAe4kVoOi4iCB8bbPF+LN6
Z+QUu9qYnZE1ASMkBk6TfOgffS0k88nY1MxtlIDuh/yoxSsYSi2xKQ4QdOSEOyfv
K7Tpe4Ke+o3E9e115RkDDAPRjHjpwlj1amEGSCZOMQdKVwC4aFee14Q05PTT+vYC
8SYN5BFB9HvrQQ4qrbaLkQYulI2RqFHYTAzTVMH9DcVH1kC/znueQU8=
-----END CERTIFICATE-----
Generated at Thu Apr 30 17:32:15 2026 by rpki-client