Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32392e302f32342d3234203d3e20343031383536.roa
File: 38372e3235342e32392e302f32342d3234203d3e20343031383536.roa (raw, json)
Hash identifier: QHFnVOaeEPk8OHFM/vvl17YuczgNqBKqrZuDNL93LS0=
Subject key identifier: B8:DD:79:2D:0C:CF:97:82:8C:96:F9:70:80:B1:D5:50:02:9C:52:28
Certificate issuer: /CN=22bfd4e021547d030ac10b0213535d4c6968eede
Certificate serial: 457CBA7E753DB1EC728A2A944C28E370868A1891
Authority key identifier: 22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32392e302f32342d3234203d3e20343031383536.roa
Signing time: Fri 10 Apr 2026 13:23:31 +0000
ROA not before: Fri 10 Apr 2026 13:18:31 +0000
ROA not after: Fri 09 Apr 2027 13:23:31 +0000
asID: 401856
IP address blocks: 87.254.29.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.mft
rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 03:34:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:7c:ba:7e:75:3d:b1:ec:72:8a:2a:94:4c:28:e3:70:86:8a:18:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22bfd4e021547d030ac10b0213535d4c6968eede
Validity
Not Before: Apr 10 13:18:31 2026 GMT
Not After : Apr 9 13:23:31 2027 GMT
Subject: CN=B8DD792D0CCF97828C96F97080B1D550029C5228
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:35:06:22:6d:85:34:93:22:1a:83:1d:85:bc:
be:a5:c4:a2:77:58:ee:a5:f7:7e:db:b0:f1:1e:e9:
ed:8d:a9:26:0e:35:a9:83:84:d7:71:85:26:f0:c1:
bd:0d:a4:50:5c:8c:3f:76:b5:b3:6a:2b:47:f3:bb:
35:bc:c1:83:2d:fc:98:60:69:fd:45:49:35:ff:96:
9b:a6:9c:f3:5e:60:b7:b6:bd:ce:85:ef:6d:34:5b:
ab:c0:26:2b:18:cf:96:29:b7:1e:36:ba:d6:52:c8:
f0:b2:dd:98:75:47:03:cf:6c:3a:54:a2:af:f9:44:
1d:cb:2c:92:0a:6d:67:53:2c:e0:34:b4:e8:0d:9b:
bd:3e:f9:b8:3b:5f:34:f3:e7:ce:73:78:87:03:7e:
68:29:3e:98:79:40:21:12:d4:a7:f3:27:ec:88:93:
6a:ec:fd:f9:1f:44:43:a4:59:5e:f0:33:de:25:f0:
7f:86:a9:94:36:6a:4e:ac:c0:b2:75:e8:44:70:b8:
05:f3:14:a4:0f:3d:5e:d9:82:45:3a:5e:29:d9:83:
c6:7f:57:b1:7d:f0:49:93:11:6c:9d:56:aa:6a:d9:
8a:b1:54:77:4f:0c:27:4b:d8:b9:07:43:6f:28:5e:
0f:86:d5:82:28:b3:fe:09:33:3e:e0:89:be:a2:d9:
bf:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:DD:79:2D:0C:CF:97:82:8C:96:F9:70:80:B1:D5:50:02:9C:52:28
X509v3 Authority Key Identifier:
keyid:22:BF:D4:E0:21:54:7D:03:0A:C1:0B:02:13:53:5D:4C:69:68:EE:DE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/22BFD4E021547D030AC10B0213535D4C6968EEDE.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ir_U4CFUfQMKwQsCE1NdTGlo7t4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23aacd17-bf9d-47db-864d-f9c7c2be183a/0/38372e3235342e32392e302f32342d3234203d3e20343031383536.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.29.0/24
Signature Algorithm: sha256WithRSAEncryption
3d:69:b2:73:c3:b7:31:f6:b6:ec:23:1f:94:c2:5e:72:9e:be:
40:6d:91:9d:07:97:39:33:e9:c9:02:76:e7:8c:05:dd:44:dd:
48:d2:ef:26:5f:c7:7b:f8:7e:36:f8:d9:b2:eb:04:0d:fa:e6:
c0:de:de:01:c3:a5:5b:d5:96:a9:7b:88:40:6b:59:13:1d:01:
c8:27:dd:53:af:1f:ed:e5:9a:17:6f:f2:2b:88:ce:e3:e2:11:
e8:ee:80:e7:1c:68:05:d9:90:5d:98:5d:4d:6e:4b:5d:fc:6c:
c2:ff:3e:21:a1:a8:c9:55:41:77:28:1c:c5:c4:96:08:b4:a2:
56:cb:91:4f:ae:5e:9e:5d:3b:e0:50:eb:9a:90:8b:25:59:9e:
fa:8a:b1:2f:89:d9:f7:3c:5e:ef:77:31:6c:70:c6:76:c7:b0:
5e:97:a4:c6:a0:01:d8:2e:dc:2b:0c:5a:4e:49:40:44:44:45:
72:8c:11:f7:b8:ca:56:30:3f:52:ec:38:97:f9:ac:f1:fd:fe:
7a:9f:fb:18:5e:e7:ad:5e:7e:4b:34:ab:68:40:82:21:1d:eb:
85:c7:f3:5a:06:c1:ff:bb:d1:67:3e:a4:64:91:6d:d8:c0:ce:
3d:d0:da:1e:c8:15:da:dd:82:2b:8c:e2:8e:9a:8d:f7:be:af:
12:a1:cd:10
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIURXy6fnU9sexyiiqUTCjjcIaKGJEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJiZmQ0ZTAyMTU0N2QwMzBhYzEwYjAyMTM1MzVkNGM2
OTY4ZWVkZTAeFw0yNjA0MTAxMzE4MzFaFw0yNzA0MDkxMzIzMzFaMDMxMTAvBgNV
BAMTKEI4REQ3OTJEMENDRjk3ODI4Qzk2Rjk3MDgwQjFENTUwMDI5QzUyMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVNQYibYU0kyIagx2FvL6lxKJ3
WO6l937bsPEe6e2NqSYONamDhNdxhSbwwb0NpFBcjD92tbNqK0fzuzW8wYMt/Jhg
af1FSTX/lpumnPNeYLe2vc6F7200W6vAJisYz5Yptx42utZSyPCy3Zh1RwPPbDpU
oq/5RB3LLJIKbWdTLOA0tOgNm70++bg7XzTz585zeIcDfmgpPph5QCES1KfzJ+yI
k2rs/fkfREOkWV7wM94l8H+GqZQ2ak6swLJ16ERwuAXzFKQPPV7ZgkU6XinZg8Z/
V7F98EmTEWydVqpq2YqxVHdPDCdL2LkHQ28oXg+G1YIos/4JMz7gib6i2b+pAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUuN15LQzPl4KMlvlwgLHVUAKcUigwHwYDVR0j
BBgwFoAUIr/U4CFUfQMKwQsCE1NdTGlo7t4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNhYWNkMTctYmY5ZC00N2RiLTg2NGQtZjljN2MyYmUx
ODNhLzAvMjJCRkQ0RTAyMTU0N0QwMzBBQzEwQjAyMTM1MzVENEM2OTY4RUVERS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lyX1U0Q0ZVZlFNS3dRc0NFMU5kVEds
bzd0NC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjNhYWNkMTct
YmY5ZC00N2RiLTg2NGQtZjljN2MyYmUxODNhLzAvMzgzNzJlMzIzNTM0MmUzMjM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMDMxMzgzNTM2LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
V/4dMA0GCSqGSIb3DQEBCwUAA4IBAQA9abJzw7cx9rbsIx+Uwl5ynr5AbZGdB5c5
M+nJAnbnjAXdRN1I0u8mX8d7+H42+Nmy6wQN+ubA3t4Bw6Vb1Zape4hAa1kTHQHI
J91Trx/t5ZoXb/IriM7j4hHo7oDnHGgF2ZBdmF1Nbktd/GzC/z4hoajJVUF3KBzF
xJYItKJWy5FPrl6eXTvgUOuakIslWZ76irEvidn3PF7vdzFscMZ2x7Bel6TGoAHY
LtwrDFpOSUBEREVyjBH3uMpWMD9S7DiX+azx/f56n/sYXuetXn5LNKtoQIIhHeuF
x/NaBsH/u9FnPqRkkW3YwM490NoeyBXa3YIrjOKOmo33vq8Soc0Q
-----END CERTIFICATE-----
Generated at Fri Apr 17 15:55:13 2026 by rpki-client