Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3235332e302f32342d3234203d3e20323031333431.roa
File: 38352e3139302e3235332e302f32342d3234203d3e20323031333431.roa (raw, json)
Hash identifier: stRKZ+x0OCQ5I7EYlo2mR6Tqn5NbUWaQSjgIvu4D7cc=
Subject key identifier: 87:3F:02:32:44:1B:B5:08:51:EF:5F:EC:14:8B:31:D4:8F:BA:9C:AA
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 4E46530E953D5812D783D987BA56C679A129E7AC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3235332e302f32342d3234203d3e20323031333431.roa
Signing time: Mon 29 Dec 2025 09:50:59 +0000
ROA not before: Mon 29 Dec 2025 09:45:59 +0000
ROA not after: Mon 28 Dec 2026 09:50:59 +0000
asID: 201341
IP address blocks: 85.190.253.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 23 Feb 2026 21:36:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4e:46:53:0e:95:3d:58:12:d7:83:d9:87:ba:56:c6:79:a1:29:e7:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Dec 29 09:45:59 2025 GMT
Not After : Dec 28 09:50:59 2026 GMT
Subject: CN=873F0232441BB50851EF5FEC148B31D48FBA9CAA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:79:b2:54:a7:ab:f7:68:8e:bd:5c:87:37:ec:
46:c3:36:b2:1d:8e:1f:b3:5f:6f:95:16:87:f4:22:
c0:62:44:c7:a5:6a:4b:f3:e4:f5:56:10:2a:8c:ab:
c8:d8:3d:27:cd:d2:f8:ee:55:73:71:3b:04:ae:d8:
61:7c:94:67:f3:93:13:5b:45:24:dc:48:b2:7f:e0:
c1:82:ec:87:73:5c:a8:71:1e:bd:87:20:e0:71:a2:
2d:47:02:54:78:7f:19:80:b3:a0:d5:79:76:16:37:
21:89:1c:dd:47:a5:2c:22:f4:67:b7:8f:cd:85:32:
10:6d:1e:e9:58:2f:88:b1:b0:9a:ac:e0:2a:b3:a4:
92:29:90:99:e5:25:b2:fe:29:d1:11:e4:30:e2:55:
1d:77:38:89:49:cb:16:8c:b8:90:ba:2d:e2:b1:11:
90:fa:cc:e9:c0:8f:98:be:ef:c4:b1:71:b1:33:83:
fa:f5:e5:9b:bb:ab:1e:60:18:71:b6:9b:7a:88:3b:
d1:b3:4d:b7:77:3d:4f:a2:e0:5e:14:fa:2a:24:2f:
da:73:3f:98:67:fe:2c:65:7d:84:0e:d2:72:85:30:
aa:db:8b:ee:9d:c3:2a:27:e7:05:6a:a8:91:e3:87:
04:1b:76:bd:a1:87:47:d6:f7:a8:db:01:64:08:dd:
64:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:3F:02:32:44:1B:B5:08:51:EF:5F:EC:14:8B:31:D4:8F:BA:9C:AA
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/38352e3139302e3235332e302f32342d3234203d3e20323031333431.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.190.253.0/24
Signature Algorithm: sha256WithRSAEncryption
19:b6:ee:00:37:50:eb:31:c3:9f:db:ac:6c:fe:01:6a:f4:23:
73:e1:6e:33:ad:65:29:80:e0:d4:52:23:0c:18:fe:6f:25:ef:
36:b1:32:7f:bd:1c:38:9b:2c:98:db:07:47:48:d5:7a:9b:74:
8b:0f:02:73:e9:e0:0b:84:54:7a:65:c5:6c:ad:4c:da:1f:36:
0b:6d:51:d3:62:93:e8:12:97:6a:56:7e:c5:24:c2:cf:d3:d5:
d2:c4:30:a2:3a:5d:72:3d:5d:57:ff:b1:09:e5:00:8f:2c:9f:
38:a3:18:b5:40:3a:da:fe:4a:38:9f:0f:80:82:dc:5e:46:ba:
f5:ca:1a:f4:b3:11:c3:88:de:00:78:35:2d:51:7e:6d:74:af:
59:04:a2:9f:55:a0:68:15:f4:9d:79:12:b9:a5:da:ff:f9:c1:
6b:ce:9d:87:6e:d6:f0:33:92:7e:1a:32:09:ba:00:00:7d:2a:
68:66:ba:9b:df:b3:ed:90:85:99:81:fb:1b:53:a3:be:ce:45:
e5:d0:81:e2:08:59:7d:57:21:dd:7f:93:f6:2e:82:e9:e6:12:
fd:a0:d1:08:d1:be:ca:03:ed:9a:51:df:d3:67:9c:f4:30:16:
5d:8b:53:71:3d:55:4a:97:ec:52:ef:a1:da:12:54:6c:ea:5b:
1c:dc:35:2d
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUTkZTDpU9WBLXg9mHulbGeaEp56wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTEyMjkwOTQ1NTlaFw0yNjEyMjgwOTUwNTlaMDMxMTAvBgNV
BAMTKDg3M0YwMjMyNDQxQkI1MDg1MUVGNUZFQzE0OEIzMUQ0OEZCQTlDQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmebJUp6v3aI69XIc37EbDNrId
jh+zX2+VFof0IsBiRMelakvz5PVWECqMq8jYPSfN0vjuVXNxOwSu2GF8lGfzkxNb
RSTcSLJ/4MGC7IdzXKhxHr2HIOBxoi1HAlR4fxmAs6DVeXYWNyGJHN1HpSwi9Ge3
j82FMhBtHulYL4ixsJqs4CqzpJIpkJnlJbL+KdER5DDiVR13OIlJyxaMuJC6LeKx
EZD6zOnAj5i+78SxcbEzg/r15Zu7qx5gGHG2m3qIO9GzTbd3PU+i4F4U+iokL9pz
P5hn/ixlfYQO0nKFMKrbi+6dwyon5wVqqJHjhwQbdr2hh0fW96jbAWQI3WTTAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUhz8CMkQbtQhR71/sFIsx1I+6nKowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzgzNTJlMzEzOTMwMmUzMjM1
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM0MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABVvv0wDQYJKoZIhvcNAQELBQADggEBABm27gA3UOsxw5/brGz+AWr0I3PhbjOt
ZSmA4NRSIwwY/m8l7zaxMn+9HDibLJjbB0dI1XqbdIsPAnPp4AuEVHplxWytTNof
NgttUdNik+gSl2pWfsUkws/T1dLEMKI6XXI9XVf/sQnlAI8snzijGLVAOtr+Sjif
D4CC3F5GuvXKGvSzEcOI3gB4NS1Rfm10r1kEop9VoGgV9J15Erml2v/5wWvOnYdu
1vAzkn4aMgm6AAB9Kmhmupvfs+2QhZmB+xtTo77OReXQgeIIWX1XId1/k/Yugunm
Ev2g0QjRvsoD7ZpR39NnnPQwFl2LU3E9VUqX7FLvodoSVGzqWxzcNS0=
-----END CERTIFICATE-----
Generated at Mon Feb 23 03:00:46 2026 by rpki-client