Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31322e302f32332d3233203d3e203135343139.roa
File: 38392e3131362e31322e302f32332d3233203d3e203135343139.roa (raw, json)
Hash identifier: UzAk6y5i6qWN9IVFlhmoZTRjcqrtlajGQzrPjOGpriU=
Subject key identifier: BC:E9:22:91:3C:9B:5A:08:B3:03:44:E8:B4:CC:EE:1D:DF:5B:23:5F
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 313FCDB9F3BF0BB77F59BFF5EECC5E10B4029DC3
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31322e302f32332d3233203d3e203135343139.roa
Signing time: Fri 10 Apr 2026 10:11:02 +0000
ROA not before: Fri 10 Apr 2026 10:06:02 +0000
ROA not after: Fri 09 Apr 2027 10:11:02 +0000
asID: 15419
IP address blocks: 89.116.12.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 19:16:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
31:3f:cd:b9:f3:bf:0b:b7:7f:59:bf:f5:ee:cc:5e:10:b4:02:9d:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: Apr 10 10:06:02 2026 GMT
Not After : Apr 9 10:11:02 2027 GMT
Subject: CN=BCE922913C9B5A08B30344E8B4CCEE1DDF5B235F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:5e:0c:8b:65:74:ba:bd:ff:d4:0b:c3:0c:b8:
1f:31:fb:82:ec:1c:32:60:e2:38:e8:b0:b1:0f:5c:
68:58:8a:2d:90:60:9c:e6:7a:fd:cb:b9:e9:ae:08:
e5:97:b8:f5:93:39:4c:35:89:7a:90:d1:92:19:3f:
95:e9:36:fb:85:eb:13:b7:aa:73:85:f3:0c:3d:40:
20:31:e6:ae:c4:8b:82:f7:96:70:eb:f7:c8:0f:fa:
55:ce:26:b2:0c:23:0f:5a:2d:a4:c6:dc:01:00:05:
68:e8:e3:80:7a:34:57:40:6f:e1:21:4f:d9:18:87:
0b:88:f7:62:c4:c8:60:44:00:ba:fd:94:8e:aa:67:
f2:23:b2:e2:df:3f:05:1b:77:de:a4:3a:77:f1:aa:
91:16:6a:b9:13:0e:78:16:a8:d2:8a:33:13:ce:29:
e1:0c:f5:1e:e3:3a:31:88:f6:e2:24:bb:29:8d:b5:
08:99:48:d1:83:b3:03:6d:0d:88:dc:3e:e2:c0:33:
a0:6c:3a:66:d0:b0:4a:41:a1:54:d7:0d:a0:b0:87:
42:48:da:88:0b:6d:4b:db:f9:8c:9f:00:6c:11:b9:
4b:7e:dc:6e:bf:42:9a:9e:56:f9:f0:c4:a8:37:f0:
74:67:46:a3:51:f4:95:a0:a8:05:37:67:a6:70:e6:
55:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:E9:22:91:3C:9B:5A:08:B3:03:44:E8:B4:CC:EE:1D:DF:5B:23:5F
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31322e302f32332d3233203d3e203135343139.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.116.12.0/23
Signature Algorithm: sha256WithRSAEncryption
09:cc:b2:a3:49:1b:28:fe:5b:ad:39:a6:be:8a:8f:18:0b:6b:
73:98:5f:39:1d:0c:8b:51:0b:4d:7c:99:ea:d0:2a:28:ba:07:
26:0b:ca:bb:ab:d0:f1:0f:81:b4:30:60:af:0d:9b:21:f8:3b:
02:1c:f2:83:d5:7f:22:7e:ce:0d:f1:6a:f0:4b:e0:18:25:03:
cf:fe:63:e3:b5:46:16:1d:4a:ea:e3:3e:4c:a5:5e:ea:1c:b9:
99:6d:44:f8:cb:e1:46:a7:45:f3:aa:64:fa:c4:38:b1:e4:ac:
07:fa:79:b5:2d:c4:80:fb:5c:5b:21:5a:26:90:bd:8a:20:db:
4d:74:77:2f:14:45:ad:9d:19:0c:56:a7:7c:04:95:15:da:5f:
5c:aa:be:a2:74:4c:3d:99:22:d8:ba:b8:27:14:1d:f6:7c:95:
cc:43:ad:4e:42:98:14:94:99:11:e8:8f:a5:fd:07:3f:bc:85:
ee:89:71:b0:b3:3a:a0:0b:0d:c6:60:0d:8c:14:56:8d:8f:d0:
06:a9:fe:ca:ad:c1:15:e8:4b:d5:54:50:67:0f:56:8b:c4:45:
19:50:6f:71:37:cb:e2:0e:9c:df:ff:f1:25:47:13:16:92:9d:
1a:d1:1e:9e:d4:47:34:b6:e6:86:97:1a:72:17:a0:e3:e7:1f:
87:c4:10:29
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMT/NufO/C7d/Wb/17sxeELQCncMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA2MDJaFw0yNzA0MDkxMDExMDJaMDMxMTAvBgNV
BAMTKEJDRTkyMjkxM0M5QjVBMDhCMzAzNDRFOEI0Q0NFRTFEREY1QjIzNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4XgyLZXS6vf/UC8MMuB8x+4Ls
HDJg4jjosLEPXGhYii2QYJzmev3LuemuCOWXuPWTOUw1iXqQ0ZIZP5XpNvuF6xO3
qnOF8ww9QCAx5q7Ei4L3lnDr98gP+lXOJrIMIw9aLaTG3AEABWjo44B6NFdAb+Eh
T9kYhwuI92LEyGBEALr9lI6qZ/IjsuLfPwUbd96kOnfxqpEWarkTDngWqNKKMxPO
KeEM9R7jOjGI9uIkuymNtQiZSNGDswNtDYjcPuLAM6BsOmbQsEpBoVTXDaCwh0JI
2ogLbUvb+YyfAGwRuUt+3G6/QpqeVvnwxKg38HRnRqNR9JWgqAU3Z6Zw5lUrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvOkikTybWgizA0TotMzuHd9bI18wHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzOTJlMzEzMTM2MmUzMTMy
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVl0
DDANBgkqhkiG9w0BAQsFAAOCAQEACcyyo0kbKP5brTmmvoqPGAtrc5hfOR0Mi1EL
TXyZ6tAqKLoHJgvKu6vQ8Q+BtDBgrw2bIfg7Ahzyg9V/In7ODfFq8EvgGCUDz/5j
47VGFh1K6uM+TKVe6hy5mW1E+MvhRqdF86pk+sQ4seSsB/p5tS3EgPtcWyFaJpC9
iiDbTXR3LxRFrZ0ZDFanfASVFdpfXKq+onRMPZki2Lq4JxQd9nyVzEOtTkKYFJSZ
EeiPpf0HP7yF7olxsLM6oAsNxmANjBRWjY/QBqn+yq3BFehL1VRQZw9Wi8RFGVBv
cTfL4g6c3//xJUcTFpKdGtEentRHNLbmhpcacheg4+cfh8QQKQ==
-----END CERTIFICATE-----
Generated at Fri Apr 17 11:26:48 2026 by rpki-client