Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135332e302f32342d3234203d3e203133313934.roa
File: 3138352e3134392e3135332e302f32342d3234203d3e203133313934.roa (raw, json)
Hash identifier: QbwoBEnpKwFJwsOgE5BSkaanZZexGA6c5rVJbKDREKo=
Subject key identifier: 85:FE:22:0D:AC:37:DC:D4:7D:C1:51:98:0A:3A:A5:2A:68:94:63:B7
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 58103E5F1D2B0FDE41519EDA6155A064B63F50C8
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135332e302f32342d3234203d3e203133313934.roa
Signing time: Fri 10 Apr 2026 10:10:58 +0000
ROA not before: Fri 10 Apr 2026 10:05:58 +0000
ROA not after: Fri 09 Apr 2027 10:10:58 +0000
asID: 13194
IP address blocks: 185.149.153.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
58:10:3e:5f:1d:2b:0f:de:41:51:9e:da:61:55:a0:64:b6:3f:50:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: Apr 10 10:05:58 2026 GMT
Not After : Apr 9 10:10:58 2027 GMT
Subject: CN=85FE220DAC37DCD47DC151980A3AA52A689463B7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:98:08:24:90:7f:4a:eb:5c:6f:f5:ed:62:bf:
53:59:14:f4:dd:b5:e9:78:14:1c:49:02:85:fb:39:
d2:97:e5:68:57:40:9c:9b:b6:12:65:b3:e5:41:8a:
7c:6d:76:79:33:a3:d8:49:83:ae:cd:09:a6:23:79:
be:c8:fa:0e:b0:a2:dd:29:a0:d5:f0:f4:4f:3f:2d:
5e:46:b7:87:e1:91:37:30:cc:94:e0:10:f8:41:4a:
23:13:86:db:93:f9:b3:a7:91:4b:e3:3b:93:16:09:
c6:5c:ca:d2:52:99:ef:7e:35:97:d4:d6:eb:e0:ff:
60:82:9e:7b:6c:b2:95:98:2b:82:8c:89:37:83:f2:
08:5e:e6:48:15:a0:93:77:c6:b3:78:e7:61:bb:f3:
52:aa:0b:8a:2c:c8:5c:77:c3:ad:5f:ab:83:b2:c4:
47:d0:47:58:bf:0a:3a:47:89:e5:b4:aa:b6:b4:90:
ff:6d:a4:4b:5f:9b:e4:de:4f:55:80:0d:a9:41:c5:
59:5e:8c:09:76:6c:8d:f1:df:be:ed:bf:e4:c7:94:
7c:65:87:8c:64:99:79:2b:02:b9:af:ed:61:39:12:
52:77:4c:cd:19:0b:aa:e1:f9:b0:be:3d:18:66:c4:
83:6e:5e:ee:76:8a:7e:0c:6f:86:34:78:a6:94:c1:
fa:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:FE:22:0D:AC:37:DC:D4:7D:C1:51:98:0A:3A:A5:2A:68:94:63:B7
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135332e302f32342d3234203d3e203133313934.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.149.153.0/24
Signature Algorithm: sha256WithRSAEncryption
3d:d2:a0:15:af:66:0a:ed:3a:e4:83:0a:2d:3f:c3:18:67:60:
a3:33:65:68:22:d5:a6:ed:db:36:28:15:f4:22:64:a5:c0:04:
67:0c:2c:ef:7c:f1:d5:89:2e:67:29:be:fe:c1:23:c3:23:a9:
fc:23:86:c4:b6:25:5d:c8:95:b0:5a:2c:3d:e3:e8:96:77:01:
b7:0e:cf:ec:0a:c1:d4:40:47:6a:b6:72:94:ad:6b:ae:cc:fa:
e1:5b:95:2c:1f:eb:09:a2:e0:66:00:e5:0c:4e:cf:0d:d1:5f:
7c:82:85:f8:d9:0b:fd:3f:41:11:ee:8f:d1:3a:1f:1d:b7:95:
89:c4:a3:28:ac:bd:dd:45:e2:73:70:99:89:57:f9:d8:11:6f:
5c:ba:21:1e:22:a4:52:3c:81:9e:f0:6a:a9:db:43:58:41:2c:
6d:ec:7e:4e:fa:19:20:28:f8:a0:d6:9f:41:da:8e:2d:93:87:
8d:bd:ea:be:4d:61:51:12:77:f3:ec:30:3a:6e:ed:52:4d:ef:
e4:e1:22:8a:c4:1e:fb:91:9b:48:ef:28:f4:42:90:63:60:a1:
0e:d4:d4:64:3d:14:17:6e:69:0b:e6:32:89:25:58:ed:b3:56:
ab:f8:fa:9f:ca:a1:c7:3e:93:af:d3:7d:98:9c:d8:d9:bd:b8:
80:dd:f2:79
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUWBA+Xx0rD95BUZ7aYVWgZLY/UMgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA1NThaFw0yNzA0MDkxMDEwNThaMDMxMTAvBgNV
BAMTKDg1RkUyMjBEQUMzN0RDRDQ3REMxNTE5ODBBM0FBNTJBNjg5NDYzQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzmAgkkH9K61xv9e1iv1NZFPTd
tel4FBxJAoX7OdKX5WhXQJybthJls+VBinxtdnkzo9hJg67NCaYjeb7I+g6wot0p
oNXw9E8/LV5Gt4fhkTcwzJTgEPhBSiMThtuT+bOnkUvjO5MWCcZcytJSme9+NZfU
1uvg/2CCnntsspWYK4KMiTeD8ghe5kgVoJN3xrN452G781KqC4osyFx3w61fq4Oy
xEfQR1i/CjpHieW0qra0kP9tpEtfm+TeT1WADalBxVlejAl2bI3x377tv+THlHxl
h4xkmXkrArmv7WE5ElJ3TM0ZC6rh+bC+PRhmxINuXu52in4Mb4Y0eKaUwfphAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUhf4iDaw33NR9wVGYCjqlKmiUY7cwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzEzODM1MmUzMTM0MzkyZTMx
MzUzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzMTM5MzQucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5lZkwDQYJKoZIhvcNAQELBQADggEBAD3SoBWvZgrtOuSDCi0/wxhnYKMzZWgi
1abt2zYoFfQiZKXABGcMLO988dWJLmcpvv7BI8MjqfwjhsS2JV3IlbBaLD3j6JZ3
AbcOz+wKwdRAR2q2cpSta67M+uFblSwf6wmi4GYA5QxOzw3RX3yChfjZC/0/QRHu
j9E6Hx23lYnEoyisvd1F4nNwmYlX+dgRb1y6IR4ipFI8gZ7waqnbQ1hBLG3sfk76
GSAo+KDWn0Haji2Th4296r5NYVESd/PsMDpu7VJN7+ThIorEHvuRm0jvKPRCkGNg
oQ7U1GQ9FBduaQvmMoklWO2zVqv4+p/Kocc+k6/TfZic2Nm9uIDd8nk=
-----END CERTIFICATE-----
Generated at Fri Apr 17 14:46:29 2026 by rpki-client