Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32382e302f32342d3234203d3e20313938323530.roa
File: 38372e3235342e32382e302f32342d3234203d3e20313938323530.roa (raw, json)
Hash identifier: qLeT0qC2aRYaYvqMA7On+tHD955+P3rkrlhBt6zEGQc=
Subject key identifier: 35:15:0C:C2:E7:95:51:F8:AC:5A:B5:0D:DB:19:72:DF:2C:35:80:BD
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 76D5BBC7A84AE8832D2F3AA880B294C3E65A76E3
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32382e302f32342d3234203d3e20313938323530.roa
Signing time: Tue 14 Apr 2026 05:56:51 +0000
ROA not before: Tue 14 Apr 2026 05:51:51 +0000
ROA not after: Tue 13 Apr 2027 05:56:51 +0000
asID: 198250
IP address blocks: 87.254.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 03:34:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:d5:bb:c7:a8:4a:e8:83:2d:2f:3a:a8:80:b2:94:c3:e6:5a:76:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Apr 14 05:51:51 2026 GMT
Not After : Apr 13 05:56:51 2027 GMT
Subject: CN=35150CC2E79551F8AC5AB50DDB1972DF2C3580BD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:43:39:89:70:e9:6e:67:f8:42:6f:83:51:c1:
3a:a2:c5:22:0c:44:88:5b:5d:1c:88:44:b6:64:ea:
0d:9d:d1:6b:be:46:4c:79:e5:52:b9:ad:fc:53:3a:
f9:70:8d:25:e5:0d:50:5f:d8:d6:65:5e:e1:fc:66:
2f:a1:93:2b:6d:d7:02:70:c3:ba:10:40:86:37:ff:
38:3e:07:56:81:f1:da:d4:38:2a:42:32:27:24:ae:
5b:25:91:58:63:f0:0c:13:26:e0:e6:2e:d1:b6:82:
93:9e:8d:6e:68:2e:32:42:75:98:69:d1:40:11:b8:
0d:5b:65:9f:ec:88:07:e3:3c:6d:f7:a2:9d:07:20:
0e:5f:91:30:f7:23:7e:36:d6:99:7d:43:ae:b1:12:
fc:a2:48:52:ca:7f:0d:0e:60:f0:0b:df:51:1f:53:
b6:a7:40:08:0b:00:85:59:34:dd:fe:03:95:a6:65:
07:fe:2c:5a:bb:12:22:fc:68:4b:ee:53:64:bd:58:
6f:8e:71:a5:ea:de:ec:74:33:ae:a7:21:86:3a:9f:
74:8e:3b:5e:da:97:62:1a:10:a8:8d:3c:e9:48:77:
a1:cc:ec:9b:0d:fa:9f:44:90:6c:bb:f3:e1:40:6c:
cf:7c:d9:96:ae:61:23:30:07:be:77:ff:36:20:ce:
ed:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:15:0C:C2:E7:95:51:F8:AC:5A:B5:0D:DB:19:72:DF:2C:35:80:BD
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32382e302f32342d3234203d3e20313938323530.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.28.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:f6:d2:75:0e:c7:11:a6:5c:f1:a6:13:df:0f:50:62:d7:52:
6f:1b:74:2f:d1:b2:37:1a:8c:e4:5a:93:54:02:f5:4b:94:03:
0e:15:0b:9d:e1:67:de:1b:d7:ea:23:52:b1:d1:79:db:e8:73:
3d:f5:0f:33:1a:1d:0c:fc:03:88:8c:43:60:76:67:45:71:67:
73:57:6e:d7:03:6a:3e:d5:59:fe:7d:3c:e3:0d:97:71:24:88:
1b:a7:4a:9b:06:7e:31:0c:7c:01:a2:9e:31:41:8a:0b:86:68:
41:92:f4:08:43:f7:cf:da:2b:08:b3:ec:10:05:c4:d4:86:87:
e6:63:e3:6f:6e:3c:a9:07:11:ba:58:e0:22:12:74:71:11:12:
b9:27:db:fa:7f:af:06:ca:ce:2c:92:b6:f1:f8:8a:83:32:e6:
04:9b:45:97:94:a3:f4:8d:ea:63:e3:c2:f2:fd:76:bf:e5:3f:
05:65:33:9f:03:e8:d1:fe:9e:34:39:57:ec:1e:2d:f8:1b:be:
a7:f8:ed:83:54:30:61:50:eb:1c:52:b6:ab:c5:6f:4b:8f:7b:
08:a0:5e:d1:05:14:05:60:31:c5:b2:39:21:38:c9:56:a2:af:
c8:73:b2:5f:3a:f9:a3:b3:e6:70:4c:af:a0:e7:5d:33:0a:2c:
b7:d8:78:b8
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUdtW7x6hK6IMtLzqogLKUw+ZaduMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA0MTQwNTUxNTFaFw0yNzA0MTMwNTU2NTFaMDMxMTAvBgNV
BAMTKDM1MTUwQ0MyRTc5NTUxRjhBQzVBQjUwRERCMTk3MkRGMkMzNTgwQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTQzmJcOluZ/hCb4NRwTqixSIM
RIhbXRyIRLZk6g2d0Wu+Rkx55VK5rfxTOvlwjSXlDVBf2NZlXuH8Zi+hkytt1wJw
w7oQQIY3/zg+B1aB8drUOCpCMickrlslkVhj8AwTJuDmLtG2gpOejW5oLjJCdZhp
0UARuA1bZZ/siAfjPG33op0HIA5fkTD3I3421pl9Q66xEvyiSFLKfw0OYPAL31Ef
U7anQAgLAIVZNN3+A5WmZQf+LFq7EiL8aEvuU2S9WG+OcaXq3ux0M66nIYY6n3SO
O17al2IaEKiNPOlId6HM7JsN+p9EkGy78+FAbM982ZauYSMwB753/zYgzu0FAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUNRUMwueVUfisWrUN2xly3yw1gL0wHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMjM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzOTM4MzIzNTMwLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
V/4cMA0GCSqGSIb3DQEBCwUAA4IBAQCM9tJ1DscRplzxphPfD1Bi11JvG3Qv0bI3
GozkWpNUAvVLlAMOFQud4WfeG9fqI1Kx0Xnb6HM99Q8zGh0M/AOIjENgdmdFcWdz
V27XA2o+1Vn+fTzjDZdxJIgbp0qbBn4xDHwBop4xQYoLhmhBkvQIQ/fP2isIs+wQ
BcTUhofmY+NvbjypBxG6WOAiEnRxERK5J9v6f68Gys4skrbx+IqDMuYEm0WXlKP0
jepj48Ly/Xa/5T8FZTOfA+jR/p40OVfsHi34G76n+O2DVDBhUOscUrarxW9Lj3sI
oF7RBRQFYDHFsjkhOMlWoq/Ic7JfOvmjs+ZwTK+g510zCiy32Hi4
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:29:28 2026 by rpki-client