Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/5/326130313a6234303a3a2f32392d3438203d3e203136353039.roa
File: 326130313a6234303a3a2f32392d3438203d3e203136353039.roa (raw, json)
Hash identifier: CivQf/u/Gk+LE+nokddTRzH9kTLqet4Y/E+g0q0KfIo=
Subject key identifier: DD:89:36:E7:AF:70:B4:1C:03:84:45:66:90:C0:B4:31:D8:4E:54:81
Certificate issuer: /CN=295b60bb0cbb4a53d9545bc20b774ffa036b4a46
Certificate serial: 298324AF1916BD24D51F6E165E07E0EC11EF04A3
Authority key identifier: 29:5B:60:BB:0C:BB:4A:53:D9:54:5B:C2:0B:77:4F:FA:03:6B:4A:46
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KVtguwy7SlPZVFvCC3dP-gNrSkY.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/5/326130313a6234303a3a2f32392d3438203d3e203136353039.roa
Signing time: Thu 04 Jun 2026 12:23:49 +0000
ROA not before: Thu 04 Jun 2026 12:18:49 +0000
ROA not after: Thu 03 Jun 2027 12:23:49 +0000
asID: 16509
IP address blocks: 2a01:b40::/29 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/5/295B60BB0CBB4A53D9545BC20B774FFA036B4A46.crl
rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/5/295B60BB0CBB4A53D9545BC20B774FFA036B4A46.mft
rsync://rpki.ripe.net/repository/DEFAULT/KVtguwy7SlPZVFvCC3dP-gNrSkY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 10:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
29:83:24:af:19:16:bd:24:d5:1f:6e:16:5e:07:e0:ec:11:ef:04:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=295b60bb0cbb4a53d9545bc20b774ffa036b4a46
Validity
Not Before: Jun 4 12:18:49 2026 GMT
Not After : Jun 3 12:23:49 2027 GMT
Subject: CN=DD8936E7AF70B41C0384456690C0B431D84E5481
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:5b:c2:82:87:ea:3f:26:37:bc:ad:9b:7f:3d:
c4:b5:0f:4c:3c:bb:5e:ea:b1:b6:de:e3:95:cd:f0:
d7:15:b9:1c:d9:29:64:15:de:50:67:dc:78:d7:ea:
46:1c:e3:34:35:0e:25:53:8d:77:fd:d5:ac:42:5e:
6d:94:06:65:0b:23:64:dd:9f:f4:1a:94:51:ca:9b:
ce:8d:f3:67:ab:ff:d3:5a:aa:32:92:0d:cb:b6:f2:
9e:4c:18:0d:da:e9:66:38:a0:a0:31:dd:0d:9c:be:
5e:01:cf:7a:3d:68:5e:de:79:d8:5d:18:68:23:23:
4d:3d:38:b2:e7:6d:66:2b:50:d8:fd:56:43:38:50:
84:7e:a3:a3:1e:c2:b0:61:17:de:b0:6c:4c:2c:ed:
2a:fb:19:51:7b:e6:88:79:cf:f2:b7:27:e1:3c:b6:
7f:89:a6:53:d4:50:b2:0c:52:6c:40:a3:83:d9:2e:
3d:0d:25:65:c2:27:dd:30:e0:60:92:ff:e3:8a:3c:
d0:df:fd:0f:0d:24:23:d6:cb:8b:6b:c5:4e:16:e2:
0c:a0:48:5a:c9:fc:db:e0:23:f5:47:bf:23:e3:3b:
ca:29:7f:ea:60:5d:4f:bd:ad:bf:0a:ed:3e:c3:0d:
d6:73:b7:aa:96:6b:85:f1:b0:b4:f8:e1:e6:50:c7:
63:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:89:36:E7:AF:70:B4:1C:03:84:45:66:90:C0:B4:31:D8:4E:54:81
X509v3 Authority Key Identifier:
keyid:29:5B:60:BB:0C:BB:4A:53:D9:54:5B:C2:0B:77:4F:FA:03:6B:4A:46
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/5/295B60BB0CBB4A53D9545BC20B774FFA036B4A46.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVtguwy7SlPZVFvCC3dP-gNrSkY.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2af73a9c-2058-43bb-9ac6-5ab42dfbf409/5/326130313a6234303a3a2f32392d3438203d3e203136353039.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:b40::/29
Signature Algorithm: sha256WithRSAEncryption
11:1e:92:cf:12:e8:2d:a5:fd:f4:c2:b5:75:ca:2f:d8:36:cd:
0e:f3:81:c2:9f:c7:38:d4:05:ec:da:7f:32:ec:9c:3d:22:44:
8f:54:b0:fb:bc:85:62:c5:16:99:3b:d1:a7:5b:fe:9e:ad:c8:
58:20:2d:79:ac:00:7f:4f:96:c2:cc:9c:9a:21:6c:a8:b2:57:
e5:5c:29:9f:69:18:a7:93:cb:ae:2b:33:2d:11:1d:58:50:27:
b5:fb:28:8d:a0:e0:1a:24:a8:82:22:a3:db:50:70:15:3e:96:
e1:d1:95:24:99:56:83:b0:c2:0e:ea:d1:5d:2e:8c:64:48:a2:
84:35:81:cc:d7:17:a6:9a:8c:a3:90:e4:e1:0f:9f:72:69:b8:
52:98:b8:67:7e:b3:e4:70:36:03:d2:7f:ad:83:04:48:23:89:
4a:0c:ac:e7:27:48:77:2f:16:ea:03:e1:81:29:e7:92:81:30:
44:60:30:38:80:a0:8b:27:4c:c9:70:d4:1b:e2:d5:c3:68:ba:
f9:f5:bd:4d:5e:b4:45:be:c9:bb:34:0f:f3:54:83:e0:53:a7:
13:19:91:b9:0b:a7:e5:0f:13:48:7b:c1:aa:59:7a:ed:fe:04:
02:91:e1:9f:8c:01:22:01:45:f4:67:42:3b:dd:10:39:94:58:
3c:cc:14:a1
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUKYMkrxkWvSTVH24WXgfg7BHvBKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjk1YjYwYmIwY2JiNGE1M2Q5NTQ1YmMyMGI3NzRmZmEw
MzZiNGE0NjAeFw0yNjA2MDQxMjE4NDlaFw0yNzA2MDMxMjIzNDlaMDMxMTAvBgNV
BAMTKEREODkzNkU3QUY3MEI0MUMwMzg0NDU2NjkwQzBCNDMxRDg0RTU0ODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5W8KCh+o/Jje8rZt/PcS1D0w8
u17qsbbe45XN8NcVuRzZKWQV3lBn3HjX6kYc4zQ1DiVTjXf91axCXm2UBmULI2Td
n/QalFHKm86N82er/9NaqjKSDcu28p5MGA3a6WY4oKAx3Q2cvl4Bz3o9aF7eedhd
GGgjI009OLLnbWYrUNj9VkM4UIR+o6MewrBhF96wbEws7Sr7GVF75oh5z/K3J+E8
tn+JplPUULIMUmxAo4PZLj0NJWXCJ90w4GCS/+OKPNDf/Q8NJCPWy4trxU4W4gyg
SFrJ/NvgI/VHvyPjO8opf+pgXU+9rb8K7T7DDdZzt6qWa4XxsLT44eZQx2PfAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQU3Yk2569wtBwDhEVmkMC0MdhOVIEwHwYDVR0j
BBgwFoAUKVtguwy7SlPZVFvCC3dP+gNrSkYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMtMjA1OC00M2JiLTlhYzYtNWFiNDJkZmJm
NDA5LzUvMjk1QjYwQkIwQ0JCNEE1M0Q5NTQ1QkMyMEI3NzRGRkEwMzZCNEE0Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0tWdGd1d3k3U2xQWlZGdkNDM2RQLWdO
clNrWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmFmNzNhOWMt
MjA1OC00M2JiLTlhYzYtNWFiNDJkZmJmNDA5LzUvMzI2MTMwMzEzYTYyMzQzMDNh
M2EyZjMyMzkyZDM0MzgyMDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqAQtA
MA0GCSqGSIb3DQEBCwUAA4IBAQARHpLPEugtpf30wrV1yi/YNs0O84HCn8c41AXs
2n8y7Jw9IkSPVLD7vIVixRaZO9GnW/6erchYIC15rAB/T5bCzJyaIWyoslflXCmf
aRink8uuKzMtER1YUCe1+yiNoOAaJKiCIqPbUHAVPpbh0ZUkmVaDsMIO6tFdLoxk
SKKENYHM1xemmoyjkOThD59yabhSmLhnfrPkcDYD0n+tgwRII4lKDKznJ0h3Lxbq
A+GBKeeSgTBEYDA4gKCLJ0zJcNQb4tXDaLr59b1NXrRFvsm7NA/zVIPgU6cTGZG5
C6flDxNIe8GqWXrt/gQCkeGfjAEiAUX0Z0I73RA5lFg8zBSh
-----END CERTIFICATE-----
Generated at Sat Jun 13 20:28:49 2026 by rpki-client