Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31362e302f32332d3233203d3e203135343139.roa
File: 38392e3131362e31362e302f32332d3233203d3e203135343139.roa (raw, json)
Hash identifier: 0ETOHqFxfMol2LhEQMME+DAkxTkGy4ojRF4+9fieTEQ=
Subject key identifier: B3:E4:01:0F:6B:42:41:37:BD:04:2C:2F:DD:F2:96:04:4D:25:91:D4
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 5DDD3D3AFFEC1B9CCE6EA510CA7F8C7655E6BB57
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31362e302f32332d3233203d3e203135343139.roa
Signing time: Fri 10 Apr 2026 10:10:59 +0000
ROA not before: Fri 10 Apr 2026 10:05:59 +0000
ROA not after: Fri 09 Apr 2027 10:10:59 +0000
asID: 15419
IP address blocks: 89.116.16.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 19:16:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:dd:3d:3a:ff:ec:1b:9c:ce:6e:a5:10:ca:7f:8c:76:55:e6:bb:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: Apr 10 10:05:59 2026 GMT
Not After : Apr 9 10:10:59 2027 GMT
Subject: CN=B3E4010F6B424137BD042C2FDDF296044D2591D4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:e8:12:02:6b:cd:bb:a0:2c:1a:ac:0f:f5:7d:
b7:19:d5:7b:9f:26:6c:8b:04:f1:b7:bd:ec:eb:73:
1b:7f:25:36:29:cc:bd:09:ff:eb:25:f0:ac:8f:a6:
5f:16:04:13:69:d3:42:2d:b9:4d:c2:ff:97:48:58:
3a:41:53:b2:79:63:51:cc:7c:68:aa:81:6a:96:10:
6c:1c:61:67:9b:24:78:4c:cc:7c:06:43:86:af:2b:
e1:99:29:71:d6:96:65:75:50:45:69:3e:73:73:e5:
98:76:22:ae:f9:b6:4b:36:79:c2:47:ff:e0:c6:be:
c1:47:c3:6e:a9:36:56:8e:77:d6:f2:79:1e:0c:0a:
43:48:67:4d:c3:c7:e7:e4:9f:7f:ec:8b:9b:3d:98:
c2:cb:eb:8b:07:6b:70:91:81:b5:ff:f5:27:d9:3d:
a0:e9:4d:81:63:25:25:99:5d:4a:b1:6e:2b:2b:78:
da:fe:31:11:bd:2a:8b:4c:61:7f:87:19:5d:89:27:
48:7e:b7:c4:89:23:1e:b8:8b:09:c2:47:65:89:52:
b0:4e:9f:fb:f6:31:c6:ce:4e:b3:dc:04:97:83:ae:
b4:39:7c:3c:1e:50:30:86:33:6e:bc:5a:f7:e5:ec:
c2:98:c8:df:74:4f:ca:97:78:fa:52:40:28:02:f2:
5b:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:E4:01:0F:6B:42:41:37:BD:04:2C:2F:DD:F2:96:04:4D:25:91:D4
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31362e302f32332d3233203d3e203135343139.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.116.16.0/23
Signature Algorithm: sha256WithRSAEncryption
86:62:f5:e1:c3:56:0b:3f:21:d4:06:f4:81:ac:53:1a:94:24:
2d:bd:66:70:dd:09:f2:9b:9e:67:66:23:e3:c7:2a:e5:76:29:
b5:cd:d2:d4:ca:11:aa:c7:6f:98:1f:7c:61:08:48:e0:02:2f:
72:87:f4:0d:17:03:17:24:41:fa:2d:89:d7:16:2d:72:e4:61:
22:56:61:64:67:4d:2e:c6:58:2d:a6:37:24:bc:5b:76:85:1f:
0f:cc:db:6b:d0:e2:cb:ed:c2:d2:21:25:e8:40:25:f8:75:8c:
72:ff:f1:b1:29:f5:78:69:b0:e5:97:7e:a4:86:66:3b:c5:eb:
cd:27:e4:9c:55:93:d5:fa:16:6a:70:2c:62:21:fc:c2:d5:13:
1e:d6:97:41:dd:d7:96:f8:c0:0a:cc:b9:b0:27:86:03:4e:8b:
d4:2d:4f:0e:a2:40:4c:c1:01:c5:e8:30:3d:ec:41:62:e4:8d:
21:e4:89:0e:1c:3a:e5:c0:e2:a9:1a:1b:b8:45:32:9e:aa:ef:
8d:43:ff:23:8e:a2:84:fc:87:80:ff:16:15:a1:63:85:2e:3e:
6b:d4:3a:1d:e4:07:1a:b2:5f:10:10:aa:da:95:7d:65:d8:bb:
12:85:e5:b9:35:c7:14:a5:c8:53:64:f4:af:ed:d6:28:78:68:
fa:95:d5:10
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXd09Ov/sG5zObqUQyn+MdlXmu1cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA1NTlaFw0yNzA0MDkxMDEwNTlaMDMxMTAvBgNV
BAMTKEIzRTQwMTBGNkI0MjQxMzdCRDA0MkMyRkRERjI5NjA0NEQyNTkxRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCT6BICa827oCwarA/1fbcZ1Xuf
JmyLBPG3vezrcxt/JTYpzL0J/+sl8KyPpl8WBBNp00ItuU3C/5dIWDpBU7J5Y1HM
fGiqgWqWEGwcYWebJHhMzHwGQ4avK+GZKXHWlmV1UEVpPnNz5Zh2Iq75tks2ecJH
/+DGvsFHw26pNlaOd9byeR4MCkNIZ03Dx+fkn3/si5s9mMLL64sHa3CRgbX/9SfZ
PaDpTYFjJSWZXUqxbisreNr+MRG9KotMYX+HGV2JJ0h+t8SJIx64iwnCR2WJUrBO
n/v2McbOTrPcBJeDrrQ5fDweUDCGM268Wvfl7MKYyN90T8qXePpSQCgC8luNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUs+QBD2tCQTe9BCwv3fKWBE0lkdQwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzOTJlMzEzMTM2MmUzMTM2
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVl0
EDANBgkqhkiG9w0BAQsFAAOCAQEAhmL14cNWCz8h1Ab0gaxTGpQkLb1mcN0J8pue
Z2Yj48cq5XYptc3S1MoRqsdvmB98YQhI4AIvcof0DRcDFyRB+i2J1xYtcuRhIlZh
ZGdNLsZYLaY3JLxbdoUfD8zba9Diy+3C0iEl6EAl+HWMcv/xsSn1eGmw5Zd+pIZm
O8XrzSfknFWT1foWanAsYiH8wtUTHtaXQd3XlvjACsy5sCeGA06L1C1PDqJATMEB
xegwPexBYuSNIeSJDhw65cDiqRobuEUynqrvjUP/I46ihPyHgP8WFaFjhS4+a9Q6
HeQHGrJfEBCq2pV9Zdi7EoXluTXHFKXIU2T0r+3WKHho+pXVEA==
-----END CERTIFICATE-----
Generated at Fri Apr 17 07:30:35 2026 by rpki-client