Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135352e302f32342d3234203d3e203434373731.roa
File: 3138352e3134392e3135352e302f32342d3234203d3e203434373731.roa (raw, json)
Hash identifier: W19aTL73kDmq4VpxFcM/5jWE3HfVKXSDK7YuTWHNOTU=
Subject key identifier: 92:B9:B8:01:6D:12:72:D4:11:FF:F9:A9:B4:85:5C:67:4E:15:E3:92
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 60F08E65B3165CC6FED1C10EA257DA8F25D46B0A
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135352e302f32342d3234203d3e203434373731.roa
Signing time: Fri 10 Apr 2026 10:10:58 +0000
ROA not before: Fri 10 Apr 2026 10:05:58 +0000
ROA not after: Fri 09 Apr 2027 10:10:58 +0000
asID: 44771
IP address blocks: 185.149.155.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 19:16:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:f0:8e:65:b3:16:5c:c6:fe:d1:c1:0e:a2:57:da:8f:25:d4:6b:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: Apr 10 10:05:58 2026 GMT
Not After : Apr 9 10:10:58 2027 GMT
Subject: CN=92B9B8016D1272D411FFF9A9B4855C674E15E392
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:db:11:7a:0e:85:58:54:f6:bb:e8:e0:f2:d4:
30:a1:89:8d:09:d6:67:3c:2d:54:61:01:71:dd:8b:
d5:58:71:95:df:b0:ed:82:cd:17:76:36:9e:0a:57:
bc:6f:b1:9e:8a:8a:f8:3b:00:66:21:6c:01:c9:3c:
b9:fa:fc:0e:3a:74:c8:12:25:58:86:79:3a:54:de:
4b:6f:bc:a1:78:95:b5:a3:5f:74:c8:ce:d8:68:68:
ea:fb:7f:e3:fd:03:56:b0:89:38:f1:64:e1:71:9d:
66:4b:1e:5c:74:7e:79:d3:8a:26:76:77:b7:3a:34:
c7:ae:44:01:96:5f:3a:6b:9c:65:20:31:c5:b4:d3:
ed:cf:9c:d5:ed:36:54:1b:df:44:e5:d5:03:a1:cb:
88:96:4e:07:09:f0:70:78:f8:bd:e5:a6:fa:5a:c6:
70:66:73:a2:58:7d:6d:69:e9:eb:1d:b4:ac:da:2c:
66:99:91:f6:da:eb:05:9b:90:e4:6f:f0:b5:7e:84:
23:3f:7d:b2:e9:af:78:2f:8b:8d:2a:24:10:0a:e9:
b3:01:d9:3b:ed:82:bb:77:32:07:25:70:14:f0:d2:
33:f8:f7:72:a7:0f:f3:55:dc:90:f6:cb:5f:b0:f2:
62:6a:b2:a0:ce:86:84:9c:8a:fb:55:44:52:29:f4:
03:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:B9:B8:01:6D:12:72:D4:11:FF:F9:A9:B4:85:5C:67:4E:15:E3:92
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3138352e3134392e3135352e302f32342d3234203d3e203434373731.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.149.155.0/24
Signature Algorithm: sha256WithRSAEncryption
9f:3a:fb:34:e0:72:89:39:05:4c:a7:e0:1c:45:e6:9f:6d:0a:
8c:e7:f3:4a:d5:a4:ea:cc:47:f6:f1:87:47:cc:49:78:e7:2b:
f1:c3:2b:d4:09:b4:93:a3:c1:61:2a:e1:fe:6c:5b:6f:ba:b4:
6b:b2:3a:af:3e:ff:50:83:d9:91:76:f2:30:f5:4a:38:f3:0f:
8b:30:4b:4c:eb:4a:e8:c0:e2:88:d9:66:ae:d5:3f:0e:cb:07:
4c:d5:ec:9b:77:3c:da:3f:32:bb:0a:b4:61:dc:cd:2b:50:df:
c1:39:47:b5:94:d0:9a:af:b3:58:a6:ae:60:ab:bc:a7:6e:3d:
2f:00:35:58:b9:28:24:77:79:df:2d:f0:88:dc:39:bf:f5:2f:
0e:7e:b2:6f:3c:c9:53:83:e5:89:1a:a1:93:b1:63:bb:0d:49:
68:74:48:3b:bc:08:0a:84:78:bc:7f:4d:a2:be:cd:b2:aa:42:
7e:9f:cf:b1:b6:bc:05:b2:a3:7a:28:69:0c:d3:4e:79:ff:11:
51:c1:dd:cd:a4:7b:5a:37:28:1c:e6:e3:0a:9b:a2:e0:dd:b8:
82:4b:bc:da:95:16:2e:4c:28:df:3e:4d:45:ca:45:ad:2e:af:
3b:cf:de:a0:25:98:f2:cc:ad:df:34:19:36:4d:a3:f7:f0:5d:
7b:25:bc:3f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUYPCOZbMWXMb+0cEOolfajyXUawowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA1NThaFw0yNzA0MDkxMDEwNThaMDMxMTAvBgNV
BAMTKDkyQjlCODAxNkQxMjcyRDQxMUZGRjlBOUI0ODU1QzY3NEUxNUUzOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW2xF6DoVYVPa76ODy1DChiY0J
1mc8LVRhAXHdi9VYcZXfsO2CzRd2Np4KV7xvsZ6Kivg7AGYhbAHJPLn6/A46dMgS
JViGeTpU3ktvvKF4lbWjX3TIzthoaOr7f+P9A1awiTjxZOFxnWZLHlx0fnnTiiZ2
d7c6NMeuRAGWXzprnGUgMcW00+3PnNXtNlQb30Tl1QOhy4iWTgcJ8HB4+L3lpvpa
xnBmc6JYfW1p6esdtKzaLGaZkfba6wWbkORv8LV+hCM/fbLpr3gvi40qJBAK6bMB
2Tvtgrt3MgclcBTw0jP493KnD/NV3JD2y1+w8mJqsqDOhoScivtVRFIp9APpAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUkrm4AW0SctQR//mptIVcZ04V45IwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzEzODM1MmUzMTM0MzkyZTMx
MzUzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzQzNzM3MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5lZswDQYJKoZIhvcNAQELBQADggEBAJ86+zTgcok5BUyn4BxF5p9tCozn80rV
pOrMR/bxh0fMSXjnK/HDK9QJtJOjwWEq4f5sW2+6tGuyOq8+/1CD2ZF28jD1Sjjz
D4swS0zrSujA4ojZZq7VPw7LB0zV7Jt3PNo/MrsKtGHczStQ38E5R7WU0Jqvs1im
rmCrvKduPS8ANVi5KCR3ed8t8IjcOb/1Lw5+sm88yVOD5YkaoZOxY7sNSWh0SDu8
CAqEeLx/TaK+zbKqQn6fz7G2vAWyo3ooaQzTTnn/EVHB3c2ke1o3KBzm4wqbouDd
uIJLvNqVFi5MKN8+TUXKRa0urzvP3qAlmPLMrd80GTZNo/fwXXslvD8=
-----END CERTIFICATE-----
Generated at Fri Apr 17 12:20:21 2026 by rpki-client