Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e34312e302f32342d3234203d3e203135343139.roa
File: 38392e3131362e34312e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier: kGai0vt9wA/86vZjdukxOGnISfChmqA46SxZbgRXmkY=
Subject key identifier: 03:B2:64:52:0E:0C:43:B5:E6:C7:B4:B8:72:17:D4:F2:FB:35:5D:77
Certificate issuer: /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial: 11D6EB10BE0D77CB3AC7F0A73D407B8BD1AAF416
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e34312e302f32342d3234203d3e203135343139.roa
Signing time: Fri 10 Apr 2026 10:11:02 +0000
ROA not before: Fri 10 Apr 2026 10:06:02 +0000
ROA not after: Fri 09 Apr 2027 10:11:02 +0000
asID: 15419
IP address blocks: 89.116.41.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 19:16:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:d6:eb:10:be:0d:77:cb:3a:c7:f0:a7:3d:40:7b:8b:d1:aa:f4:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Validity
Not Before: Apr 10 10:06:02 2026 GMT
Not After : Apr 9 10:11:02 2027 GMT
Subject: CN=03B264520E0C43B5E6C7B4B87217D4F2FB355D77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:30:77:f7:74:cc:72:30:75:ef:3a:dc:ac:d5:
0e:bb:9c:22:c2:c8:50:db:a6:c2:20:44:d0:e9:29:
82:ca:d3:f1:eb:eb:04:69:82:95:d1:b0:20:0d:af:
fa:41:17:06:6c:22:77:c5:a5:4b:64:48:e3:7a:65:
94:99:8b:2e:c0:3f:1e:d2:49:ee:a8:67:b0:e9:55:
87:60:75:48:57:3e:2a:9a:dc:34:fa:27:4f:47:16:
2e:f6:4c:7f:27:c3:c0:7b:b5:1a:cb:82:f8:a9:9d:
33:68:d7:2c:ba:2b:a4:81:60:0b:e3:3f:21:f4:53:
a1:99:c5:76:d9:f6:39:44:21:78:71:6e:ed:b3:9e:
c7:02:b0:77:39:b1:e9:3d:7c:81:58:78:59:7a:03:
42:1e:ee:c6:50:25:29:d6:fc:ab:19:b2:ea:20:21:
04:46:2e:73:3f:bd:30:06:53:1e:f5:d7:97:63:b5:
f4:b3:74:ef:dc:75:d3:44:0f:58:9f:22:f1:c0:d9:
02:4c:1f:4d:e0:6f:2c:52:03:46:2a:c7:2d:b9:4a:
1a:ae:a3:df:fb:fa:a9:17:52:b7:4f:00:f2:1e:e2:
45:d6:e1:88:c3:f5:b2:3c:f9:2a:cb:a7:ff:1c:8b:
87:38:13:73:5f:d3:9a:b8:47:2a:cd:ac:6b:21:73:
ac:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:B2:64:52:0E:0C:43:B5:E6:C7:B4:B8:72:17:D4:F2:FB:35:5D:77
X509v3 Authority Key Identifier:
keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e34312e302f32342d3234203d3e203135343139.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.116.41.0/24
Signature Algorithm: sha256WithRSAEncryption
43:4d:02:74:e0:a2:1d:26:46:de:06:5b:1a:21:fc:74:cb:c1:
aa:5a:ff:4f:cb:71:fb:7b:6e:ca:af:e8:b1:ba:38:0e:b9:d1:
86:78:ce:9f:eb:a7:99:1e:00:84:9c:f4:33:a5:18:b2:c9:14:
d9:79:45:12:4b:50:9c:02:63:b0:c9:5d:db:fa:c6:0c:c0:f1:
d3:4e:fc:70:ab:b4:57:1e:c0:87:cc:35:b0:75:a7:bd:4c:a9:
55:37:e5:a5:d0:3b:2f:32:24:f1:3a:86:e3:90:d4:8b:fa:aa:
5c:24:49:75:b8:4d:29:d3:f5:da:c6:2c:96:dc:6a:98:9d:5b:
54:57:24:b7:14:dd:19:b1:db:38:6c:1a:a9:c3:13:8e:0a:36:
8e:03:21:50:12:bb:7c:f7:9c:30:67:cb:29:6d:7d:44:da:cb:
6c:9f:a3:49:32:96:9a:42:13:88:b2:4d:01:f9:29:1e:ab:6e:
3f:66:fa:5c:13:3b:54:9e:e1:d0:b8:84:fa:15:dc:dd:93:4c:
cf:8b:a9:e8:11:c3:3c:15:a3:6f:ac:81:22:8e:71:63:f2:83:
5a:d8:27:1b:41:d4:f3:86:ba:f2:35:c0:da:aa:d6:0d:3a:73:
23:df:b3:b7:e5:df:82:1b:ca:3a:bd:01:45:5b:d7:85:c1:06:
39:69:56:50
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEdbrEL4Nd8s6x/CnPUB7i9Gq9BYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA2MDJaFw0yNzA0MDkxMDExMDJaMDMxMTAvBgNV
BAMTKDAzQjI2NDUyMEUwQzQzQjVFNkM3QjRCODcyMTdENEYyRkIzNTVENzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQMHf3dMxyMHXvOtys1Q67nCLC
yFDbpsIgRNDpKYLK0/Hr6wRpgpXRsCANr/pBFwZsInfFpUtkSON6ZZSZiy7APx7S
Se6oZ7DpVYdgdUhXPiqa3DT6J09HFi72TH8nw8B7tRrLgvipnTNo1yy6K6SBYAvj
PyH0U6GZxXbZ9jlEIXhxbu2znscCsHc5sek9fIFYeFl6A0Ie7sZQJSnW/KsZsuog
IQRGLnM/vTAGUx7115djtfSzdO/cddNED1ifIvHA2QJMH03gbyxSA0Yqxy25Shqu
o9/7+qkXUrdPAPIe4kXW4YjD9bI8+SrLp/8ci4c4E3Nf05q4RyrNrGshc6w/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUA7JkUg4MQ7Xmx7S4chfU8vs1XXcwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzOTJlMzEzMTM2MmUzNDMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFl0
KTANBgkqhkiG9w0BAQsFAAOCAQEAQ00CdOCiHSZG3gZbGiH8dMvBqlr/T8tx+3tu
yq/osbo4DrnRhnjOn+unmR4AhJz0M6UYsskU2XlFEktQnAJjsMld2/rGDMDx0078
cKu0Vx7Ah8w1sHWnvUypVTflpdA7LzIk8TqG45DUi/qqXCRJdbhNKdP12sYsltxq
mJ1bVFcktxTdGbHbOGwaqcMTjgo2jgMhUBK7fPecMGfLKW19RNrLbJ+jSTKWmkIT
iLJNAfkpHqtuP2b6XBM7VJ7h0LiE+hXc3ZNMz4up6BHDPBWjb6yBIo5xY/KDWtgn
G0HU84a68jXA2qrWDTpzI9+zt+XfghvKOr0BRVvXhcEGOWlWUA==
-----END CERTIFICATE-----
Generated at Fri Apr 17 11:24:19 2026 by rpki-client