Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135332e302f32342d3234203d3e203434373731.roa
File: 3138352e3134392e3135332e302f32342d3234203d3e203434373731.roa (raw, json)
Hash identifier: 8yuN3MCh3uYcW+DbtvxPqGplTmthXGYCL3Ax7r80myw=
Subject key identifier: C4:BA:D1:DD:5A:82:F8:EF:3C:1A:51:65:EA:B1:4A:54:68:02:CB:2E
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 6743BBAE963BCA7F2B14989B6FEB49E98D2B0FF5
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135332e302f32342d3234203d3e203434373731.roa
Signing time: Fri 10 Apr 2026 10:10:59 +0000
ROA not before: Fri 10 Apr 2026 10:05:59 +0000
ROA not after: Fri 09 Apr 2027 10:10:59 +0000
asID: 44771
IP address blocks: 185.149.153.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 12:16:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:43:bb:ae:96:3b:ca:7f:2b:14:98:9b:6f:eb:49:e9:8d:2b:0f:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: Apr 10 10:05:59 2026 GMT
Not After : Apr 9 10:10:59 2027 GMT
Subject: CN=C4BAD1DD5A82F8EF3C1A5165EAB14A546802CB2E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:ba:1d:b4:6a:8f:07:5c:72:7d:70:eb:c9:c6:
cf:e9:8f:3d:41:29:f0:d8:99:3f:ee:0f:5a:b3:ac:
9d:18:e6:73:18:0e:b3:12:32:43:30:d7:19:c7:e5:
96:9a:5c:5d:72:06:1a:e9:fa:aa:35:3b:d5:e3:fe:
6d:ab:93:4e:96:df:c6:d4:6f:1d:21:20:c7:94:19:
bf:17:32:22:ac:9c:19:61:f8:8e:dd:5f:37:90:11:
c0:b4:81:f8:05:57:17:c4:ba:71:41:3c:77:71:4e:
90:f2:46:fc:ee:1b:3d:31:3e:d9:0e:eb:71:bd:cb:
60:94:75:00:12:29:9c:a7:7f:e9:f5:e5:54:a6:98:
a1:19:17:6b:e4:48:de:f9:e7:ff:a9:40:2e:c0:83:
25:7a:45:53:0d:18:c6:de:05:62:a3:b6:ae:cf:db:
08:ed:72:4b:60:c9:a0:91:08:83:83:90:04:37:ba:
1f:d1:a8:f3:c7:c9:b3:7a:77:0b:95:b7:fa:42:85:
28:5c:1f:b5:4b:f7:b0:22:81:ac:32:96:07:68:06:
84:d4:dc:4f:2b:73:68:12:65:e8:27:3c:26:6e:a8:
06:b6:18:73:5b:94:1f:03:f1:4a:bb:be:75:56:dc:
b1:54:a2:f2:9b:d3:dd:17:71:54:cb:82:14:15:95:
c2:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:BA:D1:DD:5A:82:F8:EF:3C:1A:51:65:EA:B1:4A:54:68:02:CB:2E
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135332e302f32342d3234203d3e203434373731.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.149.153.0/24
Signature Algorithm: sha256WithRSAEncryption
22:9c:00:90:d6:3e:37:fe:6e:99:40:f5:81:8c:22:a0:eb:17:
69:25:39:1a:5b:89:4e:ef:8e:1f:af:d1:06:0c:93:1e:5d:6a:
64:83:2c:bd:d9:c7:59:53:97:48:44:b6:38:65:7c:f5:67:3c:
9a:7b:de:80:6c:79:33:85:93:7f:54:09:08:b8:e8:b8:ad:27:
15:1b:43:c7:df:64:37:18:8c:69:e4:2d:b1:9f:a1:b4:44:85:
e1:5d:88:a3:75:8a:42:da:20:4d:16:71:10:ec:07:2f:f2:fa:
c5:a9:11:4e:8d:be:c3:a2:f1:a3:de:89:26:ed:1f:e9:d8:cd:
f6:d2:a8:34:3a:da:08:15:28:a9:4d:38:50:07:a3:43:f5:4d:
fd:aa:75:af:c4:a8:44:47:6d:34:37:a8:4d:69:54:65:ff:3f:
ea:1c:96:fc:2b:79:15:61:b8:e6:45:2b:c9:6e:78:5b:50:25:
1a:67:3c:c8:11:ed:7b:2e:07:a8:fe:c7:46:33:e3:a8:26:c8:
50:07:55:f0:e1:2b:25:2e:e7:ba:0d:2c:1c:fe:b8:3a:9c:5c:
ed:42:67:97:bc:1f:f1:e5:24:ee:a9:b6:23:22:ad:ef:12:3a:
71:4e:48:d3:93:99:af:98:5b:05:e7:b2:d1:bf:a4:1c:41:a1:
2e:62:7d:27
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUZ0O7rpY7yn8rFJibb+tJ6Y0rD/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA1NTlaFw0yNzA0MDkxMDEwNTlaMDMxMTAvBgNV
BAMTKEM0QkFEMURENUE4MkY4RUYzQzFBNTE2NUVBQjE0QTU0NjgwMkNCMkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8uh20ao8HXHJ9cOvJxs/pjz1B
KfDYmT/uD1qzrJ0Y5nMYDrMSMkMw1xnH5ZaaXF1yBhrp+qo1O9Xj/m2rk06W38bU
bx0hIMeUGb8XMiKsnBlh+I7dXzeQEcC0gfgFVxfEunFBPHdxTpDyRvzuGz0xPtkO
63G9y2CUdQASKZynf+n15VSmmKEZF2vkSN755/+pQC7AgyV6RVMNGMbeBWKjtq7P
2wjtcktgyaCRCIODkAQ3uh/RqPPHybN6dwuVt/pChShcH7VL97AigawylgdoBoTU
3E8rc2gSZegnPCZuqAa2GHNblB8D8Uq7vnVW3LFUovKb090XcVTLghQVlcI5AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUxLrR3VqC+O88GlFl6rFKVGgCyy4wHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzEzODM1MmUzMTM0MzkyZTMx
MzUzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzQzNzM3MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5lZkwDQYJKoZIhvcNAQELBQADggEBACKcAJDWPjf+bplA9YGMIqDrF2klORpb
iU7vjh+v0QYMkx5damSDLL3Zx1lTl0hEtjhlfPVnPJp73oBseTOFk39UCQi46Lit
JxUbQ8ffZDcYjGnkLbGfobREheFdiKN1ikLaIE0WcRDsBy/y+sWpEU6NvsOi8aPe
iSbtH+nYzfbSqDQ62ggVKKlNOFAHo0P1Tf2qda/EqERHbTQ3qE1pVGX/P+oclvwr
eRVhuOZFK8lueFtQJRpnPMgR7XsuB6j+x0Yz46gmyFAHVfDhKyUu57oNLBz+uDqc
XO1CZ5e8H/HlJO6ptiMire8SOnFOSNOTma+YWwXnstG/pBxBoS5ifSc=
-----END CERTIFICATE-----
Generated at Fri Apr 17 19:01:06 2026 by rpki-client