Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e382e302f32312d3231203d3e203135343139.roa
File: 38362e33382e382e302f32312d3231203d3e203135343139.roa (raw, json)
Hash identifier: RBjXMLj20ozhJFLy1WSIfc7wq7Cyuu+KQRQSUNSEpNg=
Subject key identifier: EC:44:DE:61:B2:F8:B6:AC:E8:D7:17:7D:34:76:5B:E9:81:93:E0:45
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 78FAAA7BBCC583776E91D28670288B7AD57B6ADF
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e382e302f32312d3231203d3e203135343139.roa
Signing time: Fri 10 Apr 2026 10:11:01 +0000
ROA not before: Fri 10 Apr 2026 10:06:01 +0000
ROA not after: Fri 09 Apr 2027 10:11:01 +0000
asID: 15419
IP address blocks: 86.38.8.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 19:16:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
78:fa:aa:7b:bc:c5:83:77:6e:91:d2:86:70:28:8b:7a:d5:7b:6a:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: Apr 10 10:06:01 2026 GMT
Not After : Apr 9 10:11:01 2027 GMT
Subject: CN=EC44DE61B2F8B6ACE8D7177D34765BE98193E045
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:6e:c7:11:7a:d1:1a:25:e0:7f:8e:e1:96:c6:
42:50:b3:89:f4:ab:bb:18:97:05:de:df:e0:d6:3e:
43:39:19:b6:e1:c8:f0:d6:5a:8e:e8:28:ca:c1:61:
a8:bf:87:1f:1a:f9:8a:16:30:66:7f:5b:c9:ea:d8:
02:29:74:57:69:58:ff:79:93:cb:2c:ef:17:60:fc:
74:82:5c:26:3c:f3:f0:25:b0:59:81:9e:be:31:da:
05:fe:c4:32:14:22:34:52:91:e1:f2:02:42:b7:59:
43:39:98:2c:94:f9:b3:e2:ca:40:8c:e0:11:5b:f6:
4e:e1:02:52:bf:25:8b:70:2e:51:74:b5:7c:0b:af:
a9:7c:a1:c1:ea:3a:5d:d2:d7:17:7d:c5:7c:9c:75:
aa:fd:dc:61:30:41:74:d0:39:0b:08:86:cf:58:5e:
19:a4:01:2f:15:28:bd:e0:41:4d:47:bc:04:73:7f:
7c:d8:de:36:dc:25:5b:28:e0:3b:00:94:5e:06:ee:
f7:fd:e6:4b:86:42:6a:50:8b:1b:71:2f:e5:2d:48:
57:48:52:6c:6a:87:86:5f:b4:2a:ea:8f:d3:81:5d:
49:17:ff:9c:1c:ba:6f:84:e5:61:04:02:68:b8:f2:
ac:20:64:d1:46:1b:66:bf:f4:6f:a9:ca:aa:cc:66:
a8:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:44:DE:61:B2:F8:B6:AC:E8:D7:17:7D:34:76:5B:E9:81:93:E0:45
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38362e33382e382e302f32312d3231203d3e203135343139.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.38.8.0/21
Signature Algorithm: sha256WithRSAEncryption
53:66:a2:3e:9a:a3:41:f5:4c:6c:27:fe:43:6e:c6:94:81:72:
2d:33:b9:38:b8:c3:5c:0b:a4:e6:73:2d:46:70:4f:43:cc:99:
ae:53:e9:38:0b:1e:2a:1d:23:05:7c:ab:ce:12:a2:2a:a9:6e:
a8:6c:55:be:48:53:e0:51:6d:32:a4:4a:0a:76:8c:f7:8b:6d:
37:95:59:ef:70:36:4f:8e:d1:6b:80:3d:f2:29:2e:ed:e2:ba:
bc:ef:08:66:c8:64:e5:b0:90:a6:40:1c:a0:24:e4:41:e3:7e:
47:6e:d9:f0:29:31:37:05:e3:3b:9f:29:96:07:1a:59:7b:6c:
60:9b:d2:a6:1b:45:94:97:5d:93:8c:ca:15:b5:f4:3d:cf:a6:
7a:2f:25:7a:18:6c:74:17:ec:12:78:8f:d2:f8:f3:a5:7c:ac:
9c:8e:d3:76:38:84:c5:4b:0b:ef:cb:c9:27:34:80:6c:18:d1:
5b:95:81:4b:2e:85:05:46:34:35:51:40:1c:6c:da:6f:21:b2:
41:c7:89:16:68:04:eb:50:71:aa:68:d7:95:20:70:ab:0b:8c:
1a:ea:83:1b:9a:fd:00:40:36:47:0e:d6:e4:e1:3b:d6:06:92:
0a:c6:95:e7:60:a4:cd:4e:d1:1f:ef:a7:0e:e9:97:a4:0a:eb:
11:33:c7:bc
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUePqqe7zFg3dukdKGcCiLetV7at8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA2MDFaFw0yNzA0MDkxMDExMDFaMDMxMTAvBgNV
BAMTKEVDNDRERTYxQjJGOEI2QUNFOEQ3MTc3RDM0NzY1QkU5ODE5M0UwNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsbscRetEaJeB/juGWxkJQs4n0
q7sYlwXe3+DWPkM5GbbhyPDWWo7oKMrBYai/hx8a+YoWMGZ/W8nq2AIpdFdpWP95
k8ss7xdg/HSCXCY88/AlsFmBnr4x2gX+xDIUIjRSkeHyAkK3WUM5mCyU+bPiykCM
4BFb9k7hAlK/JYtwLlF0tXwLr6l8ocHqOl3S1xd9xXycdar93GEwQXTQOQsIhs9Y
XhmkAS8VKL3gQU1HvARzf3zY3jbcJVso4DsAlF4G7vf95kuGQmpQixtxL+UtSFdI
Umxqh4ZftCrqj9OBXUkX/5wcum+E5WEEAmi48qwgZNFGG2a/9G+pyqrMZqh/AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU7ETeYbL4tqzo1xd9NHZb6YGT4EUwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzNjJlMzMzODJlMzgyZTMw
MmYzMjMxMmQzMjMxMjAzZDNlMjAzMTM1MzQzMTM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDViYIMA0G
CSqGSIb3DQEBCwUAA4IBAQBTZqI+mqNB9UxsJ/5DbsaUgXItM7k4uMNcC6Tmcy1G
cE9DzJmuU+k4Cx4qHSMFfKvOEqIqqW6obFW+SFPgUW0ypEoKdoz3i203lVnvcDZP
jtFrgD3yKS7t4rq87whmyGTlsJCmQBygJORB435HbtnwKTE3BeM7nymWBxpZe2xg
m9KmG0WUl12TjMoVtfQ9z6Z6LyV6GGx0F+wSeI/S+POlfKycjtN2OITFSwvvy8kn
NIBsGNFblYFLLoUFRjQ1UUAcbNpvIbJBx4kWaATrUHGqaNeVIHCrC4wa6oMbmv0A
QDZHDtbk4TvWBpIKxpXnYKTNTtEf76cO6ZekCusRM8e8
-----END CERTIFICATE-----
Generated at Fri Apr 17 07:09:25 2026 by rpki-client