Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e312e302f32342d3234203d3e203135343139.roa
File: 38392e3131362e312e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier: rx28ukAYIi7QdbkrNWf+57kJyDhNeE212LGEgmkq0Dk=
Subject key identifier: B2:B6:70:1D:1F:BE:FD:BB:87:0F:CD:6B:2E:63:B7:58:26:25:06:26
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 50FDFA432814696EE68E71DCD965F876F42E740D
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e312e302f32342d3234203d3e203135343139.roa
Signing time: Fri 10 Apr 2026 10:11:00 +0000
ROA not before: Fri 10 Apr 2026 10:06:00 +0000
ROA not after: Fri 09 Apr 2027 10:11:00 +0000
asID: 15419
IP address blocks: 89.116.1.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:fd:fa:43:28:14:69:6e:e6:8e:71:dc:d9:65:f8:76:f4:2e:74:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: Apr 10 10:06:00 2026 GMT
Not After : Apr 9 10:11:00 2027 GMT
Subject: CN=B2B6701D1FBEFDBB870FCD6B2E63B75826250626
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:cb:af:c0:19:ba:a0:26:ab:08:b3:ec:2c:ac:
41:75:3e:8b:ec:51:ab:7f:30:fe:0f:e4:37:0a:2f:
17:3a:64:35:ad:bc:76:46:3a:18:83:42:72:b6:01:
d0:3e:72:29:32:31:ea:b0:09:92:04:4d:bb:37:9f:
65:01:b4:0f:eb:57:ed:bb:c5:00:a4:57:53:f5:b7:
41:58:e8:6b:97:db:b8:94:38:d3:43:45:94:b1:1a:
d3:d7:e3:da:2a:e3:60:81:39:52:61:27:cd:d1:bd:
45:77:54:d0:d5:0f:97:61:7e:a9:85:a2:12:9a:e8:
1f:ea:f9:e8:4d:08:fc:2b:bd:c8:db:d6:4d:4b:73:
fa:51:41:66:32:ff:86:de:1b:f1:93:74:25:d9:4c:
45:50:41:68:f3:d2:f1:2b:53:57:ef:09:a7:8c:bd:
22:5c:05:60:b0:e6:02:94:cd:15:82:da:bd:05:1b:
2b:73:21:4a:a1:a2:b3:d0:a7:b7:a8:9b:e6:22:84:
01:4c:2b:76:49:5c:b0:88:d0:e7:31:79:8a:5f:22:
18:50:2f:32:16:c1:81:7d:49:ea:63:0d:f7:b3:91:
23:d9:a1:7d:d9:18:51:d4:f6:2b:18:ed:d8:be:8c:
c0:9c:7b:f5:71:27:f7:cd:08:48:c0:8d:a8:e3:0a:
be:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:B6:70:1D:1F:BE:FD:BB:87:0F:CD:6B:2E:63:B7:58:26:25:06:26
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e312e302f32342d3234203d3e203135343139.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.116.1.0/24
Signature Algorithm: sha256WithRSAEncryption
9a:22:4f:90:40:5c:e5:cf:78:1f:8f:1f:95:03:94:20:f4:87:
2e:05:9e:b4:4b:52:a5:ba:b8:13:c2:ca:e3:1c:6e:40:ec:9f:
69:48:01:d3:38:e2:41:ac:a4:8f:91:7c:49:57:80:de:85:6c:
9f:bb:b5:c6:9c:31:0a:68:ac:16:32:83:41:f9:af:be:19:5b:
9c:47:c9:cd:3f:15:81:4e:02:ec:c2:56:97:fc:e0:2e:45:d1:
2e:93:bc:97:e6:6f:c2:82:ab:16:cb:21:42:ff:2b:74:f7:f8:
68:19:53:44:ae:e4:12:68:8f:db:91:05:06:33:bc:7a:57:b7:
9c:6c:c1:40:26:7d:17:a2:cb:5d:d0:85:aa:88:be:f3:a1:74:
a1:49:f9:76:35:83:8e:40:4c:db:c2:43:c5:67:74:cc:a9:1d:
bc:2e:b9:4f:cd:48:88:7a:7f:5d:df:69:3b:cc:13:fc:7d:57:
82:c4:62:78:6e:a0:c7:d2:26:d5:73:d0:34:e1:ef:48:5a:36:
dd:1d:c3:f0:48:75:42:16:17:7f:7a:d5:dd:52:0f:ad:f5:c9:
c6:bb:bd:bd:36:79:a6:ed:13:64:ae:af:a1:ab:54:49:ea:a6:
dc:b0:3a:eb:47:cd:cc:7a:8b:a1:66:7a:d2:e7:47:af:1d:17:
d3:9e:c8:85
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUP36QygUaW7mjnHc2WX4dvQudA0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA2MDBaFw0yNzA0MDkxMDExMDBaMDMxMTAvBgNV
BAMTKEIyQjY3MDFEMUZCRUZEQkI4NzBGQ0Q2QjJFNjNCNzU4MjYyNTA2MjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTy6/AGbqgJqsIs+wsrEF1Povs
Uat/MP4P5DcKLxc6ZDWtvHZGOhiDQnK2AdA+cikyMeqwCZIETbs3n2UBtA/rV+27
xQCkV1P1t0FY6GuX27iUONNDRZSxGtPX49oq42CBOVJhJ83RvUV3VNDVD5dhfqmF
ohKa6B/q+ehNCPwrvcjb1k1Lc/pRQWYy/4beG/GTdCXZTEVQQWjz0vErU1fvCaeM
vSJcBWCw5gKUzRWC2r0FGytzIUqhorPQp7eom+YihAFMK3ZJXLCI0OcxeYpfIhhQ
LzIWwYF9SepjDfezkSPZoX3ZGFHU9isY7di+jMCce/VxJ/fNCEjAjajjCr5NAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUsrZwHR++/buHD81rLmO3WCYlBiYwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzOTJlMzEzMTM2MmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzUzNDMxMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZdAEw
DQYJKoZIhvcNAQELBQADggEBAJoiT5BAXOXPeB+PH5UDlCD0hy4FnrRLUqW6uBPC
yuMcbkDsn2lIAdM44kGspI+RfElXgN6FbJ+7tcacMQporBYyg0H5r74ZW5xHyc0/
FYFOAuzCVpf84C5F0S6TvJfmb8KCqxbLIUL/K3T3+GgZU0Su5BJoj9uRBQYzvHpX
t5xswUAmfReiy13QhaqIvvOhdKFJ+XY1g45ATNvCQ8VndMypHbwuuU/NSIh6f13f
aTvME/x9V4LEYnhuoMfSJtVz0DTh70haNt0dw/BIdUIWF3961d1SD631yca7vb02
eabtE2Sur6GrVEnqptywOutHzcx6i6FmetLnR68dF9OeyIU=
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:57:17 2026 by rpki-client