Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135342e302f32342d3234203d3e203434373731.roa
File: 3138352e3134392e3135342e302f32342d3234203d3e203434373731.roa (raw, json)
Hash identifier: m3qyMw/oJQApcKE+tTHmQHJByXjG/Fh99MnZmfiTNq8=
Subject key identifier: 58:07:9A:D2:4C:17:F3:15:3B:06:08:F3:4B:E2:B6:37:8D:6F:7E:FF
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 3D0979AA1D4DC117F4EFB4E63EE8D8197E7C28D8
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135342e302f32342d3234203d3e203434373731.roa
Signing time: Fri 10 Apr 2026 10:11:02 +0000
ROA not before: Fri 10 Apr 2026 10:06:02 +0000
ROA not after: Fri 09 Apr 2027 10:11:02 +0000
asID: 44771
IP address blocks: 185.149.154.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 19:16:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:09:79:aa:1d:4d:c1:17:f4:ef:b4:e6:3e:e8:d8:19:7e:7c:28:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: Apr 10 10:06:02 2026 GMT
Not After : Apr 9 10:11:02 2027 GMT
Subject: CN=58079AD24C17F3153B0608F34BE2B6378D6F7EFF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:a5:7b:1b:68:d8:df:57:09:1e:85:89:26:05:
a0:dc:6d:a2:56:39:ac:5c:31:f0:5d:1c:ba:c8:b4:
bc:ee:c1:b7:e0:5c:d7:92:02:cb:ab:14:ab:e8:7f:
cd:17:a9:8f:4e:51:a3:74:3b:24:e4:2f:1c:73:78:
43:41:f1:66:70:9a:9d:1b:a2:aa:76:2a:f5:03:af:
f8:2d:7d:db:0a:01:44:a5:19:88:33:9c:70:2c:ae:
82:17:5a:4f:4c:5b:b7:00:f3:de:f4:2e:56:3a:17:
14:7b:c9:15:71:13:46:8b:4e:91:9e:a7:96:e5:cd:
cd:9b:cd:8e:24:1e:66:3c:ef:5b:34:53:7b:71:98:
5f:b2:42:9b:21:16:7a:d7:74:91:c6:77:55:e0:6a:
81:ac:41:fd:09:d4:3b:9a:74:0f:5e:3b:6a:5b:d1:
77:dc:c1:5d:3f:05:c9:b7:52:98:5c:2b:8f:19:e7:
8b:4b:86:0f:7b:8e:88:4b:7a:78:e2:8a:7e:bb:41:
9d:f8:fa:5f:28:de:dd:b4:fb:de:1d:95:bc:cc:67:
1e:d2:d9:9c:f2:c3:b7:f8:3d:7b:95:6f:5c:3f:59:
d8:df:96:21:40:71:01:65:c3:47:62:68:61:a4:6e:
e8:d0:40:95:ac:55:e8:64:7b:fe:92:84:de:eb:a2:
46:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:07:9A:D2:4C:17:F3:15:3B:06:08:F3:4B:E2:B6:37:8D:6F:7E:FF
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135342e302f32342d3234203d3e203434373731.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.149.154.0/24
Signature Algorithm: sha256WithRSAEncryption
5d:86:3a:55:86:e7:15:3b:ff:04:60:c2:f2:8e:52:a4:11:8b:
0d:68:09:7d:7e:92:1a:55:03:73:66:67:12:d6:28:0f:98:9b:
14:4e:68:dd:36:24:a2:c9:79:bb:7d:f9:8a:4f:37:c0:7d:91:
90:e6:b8:ee:5b:41:3e:a3:d4:37:c1:d0:33:09:e6:24:fc:62:
89:02:53:52:45:c0:b5:74:9c:56:b8:82:49:ae:43:a4:6f:83:
6f:77:09:0f:b4:65:fc:91:7f:c9:d9:32:ea:9b:d5:0e:f6:91:
63:66:cb:f6:56:0a:87:3a:88:0e:4a:03:22:7f:84:08:f4:91:
16:d8:9f:a1:ad:71:f8:90:62:5b:14:ad:e9:f4:b3:a2:48:aa:
07:30:90:05:c1:04:9d:0b:3d:34:58:ae:ba:6c:6e:f1:9c:52:
56:9a:7d:2f:a8:e8:2e:2f:50:c4:f9:e7:50:43:dd:25:0c:3f:
94:a1:b9:01:ea:08:b5:c4:8d:01:66:f2:2a:1c:0c:87:86:a9:
1f:c0:96:d5:9f:74:c2:b0:17:c7:81:e6:2a:8d:24:88:97:44:
1c:09:b4:cb:85:61:95:a5:c3:55:0e:a2:e1:55:07:5b:3a:60:
e3:cc:ba:5b:95:7b:d1:f6:49:4b:dd:7c:33:00:49:25:ad:af:
55:50:47:8f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUPQl5qh1NwRf077TmPujYGX58KNgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA2MDJaFw0yNzA0MDkxMDExMDJaMDMxMTAvBgNV
BAMTKDU4MDc5QUQyNEMxN0YzMTUzQjA2MDhGMzRCRTJCNjM3OEQ2RjdFRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJpXsbaNjfVwkehYkmBaDcbaJW
OaxcMfBdHLrItLzuwbfgXNeSAsurFKvof80XqY9OUaN0OyTkLxxzeENB8WZwmp0b
oqp2KvUDr/gtfdsKAUSlGYgznHAsroIXWk9MW7cA8970LlY6FxR7yRVxE0aLTpGe
p5blzc2bzY4kHmY871s0U3txmF+yQpshFnrXdJHGd1XgaoGsQf0J1DuadA9eO2pb
0XfcwV0/Bcm3UphcK48Z54tLhg97johLenjiin67QZ34+l8o3t20+94dlbzMZx7S
2Zzyw7f4PXuVb1w/WdjfliFAcQFlw0diaGGkbujQQJWsVehke/6ShN7rokZRAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUWAea0kwX8xU7BgjzS+K2N41vfv8wHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzEzODM1MmUzMTM0MzkyZTMx
MzUzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzQzNzM3MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5lZowDQYJKoZIhvcNAQELBQADggEBAF2GOlWG5xU7/wRgwvKOUqQRiw1oCX1+
khpVA3NmZxLWKA+YmxROaN02JKLJebt9+YpPN8B9kZDmuO5bQT6j1DfB0DMJ5iT8
YokCU1JFwLV0nFa4gkmuQ6Rvg293CQ+0ZfyRf8nZMuqb1Q72kWNmy/ZWCoc6iA5K
AyJ/hAj0kRbYn6GtcfiQYlsUren0s6JIqgcwkAXBBJ0LPTRYrrpsbvGcUlaafS+o
6C4vUMT551BD3SUMP5ShuQHqCLXEjQFm8iocDIeGqR/AltWfdMKwF8eB5iqNJIiX
RBwJtMuFYZWlw1UOouFVB1s6YOPMuluVe9H2SUvdfDMASSWtr1VQR48=
-----END CERTIFICATE-----
Generated at Fri Apr 17 12:21:17 2026 by rpki-client