Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2dfb30ca-e1c2-4921-b054-d4af09165af1/0/326130653a666434353a326535303a3a2f34382d3438203d3e20323135333730.roa
File: 326130653a666434353a326535303a3a2f34382d3438203d3e20323135333730.roa (raw, json)
Hash identifier: S2x/glwBFQqLmSWyNwtm4qEtJyulbbnFBue99o2JPS8=
Subject key identifier: DB:3B:A0:23:12:2D:C9:DD:81:43:78:66:CB:13:F0:9E:48:F4:2F:F3
Certificate issuer: /CN=7f216f49a3b9a84a0e85e80a2c42874f09ea3985
Certificate serial: 21AA15A4D75D174F18F2D542802C05A568B709AB
Authority key identifier: 7F:21:6F:49:A3:B9:A8:4A:0E:85:E8:0A:2C:42:87:4F:09:EA:39:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fyFvSaO5qEoOhegKLEKHTwnqOYU.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/2dfb30ca-e1c2-4921-b054-d4af09165af1/0/326130653a666434353a326535303a3a2f34382d3438203d3e20323135333730.roa
Signing time: Sat 01 Nov 2025 12:23:47 +0000
ROA not before: Sat 01 Nov 2025 12:18:47 +0000
ROA not after: Sat 31 Oct 2026 12:23:47 +0000
asID: 215370
IP address blocks: 2a0e:fd45:2e50::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/2dfb30ca-e1c2-4921-b054-d4af09165af1/0/7F216F49A3B9A84A0E85E80A2C42874F09EA3985.crl
rsync://rsync.paas.rpki.ripe.net/repository/2dfb30ca-e1c2-4921-b054-d4af09165af1/0/7F216F49A3B9A84A0E85E80A2C42874F09EA3985.mft
rsync://rpki.ripe.net/repository/DEFAULT/fyFvSaO5qEoOhegKLEKHTwnqOYU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 06:31:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:aa:15:a4:d7:5d:17:4f:18:f2:d5:42:80:2c:05:a5:68:b7:09:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7f216f49a3b9a84a0e85e80a2c42874f09ea3985
Validity
Not Before: Nov 1 12:18:47 2025 GMT
Not After : Oct 31 12:23:47 2026 GMT
Subject: CN=DB3BA023122DC9DD81437866CB13F09E48F42FF3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:ac:b7:6b:d2:ae:d5:d1:5e:8c:da:1f:22:48:
ba:a5:8d:0d:ec:33:48:6c:32:6f:6a:c6:73:b8:be:
15:6f:fe:54:15:3b:a0:9d:0b:83:20:47:d6:54:37:
98:2c:22:f8:e6:9d:d4:87:2f:ea:22:3a:e1:49:ef:
b5:bf:e8:75:07:ce:fa:81:75:0b:66:bf:0e:2a:5b:
06:be:23:a7:c8:b4:49:91:97:39:62:91:ca:15:6e:
04:53:b1:c0:4c:8b:19:60:92:fb:a1:7f:03:b9:40:
5e:27:b8:d7:dc:e9:6a:12:6f:d2:6e:0a:05:c7:5e:
d4:c2:97:bc:b1:b6:ba:9e:80:e8:b4:92:80:c3:56:
26:15:ce:a2:78:0e:a5:e0:f5:ee:e7:58:2a:e5:ab:
c3:d9:5f:03:1f:21:a3:2c:b7:52:54:45:36:9b:17:
58:5d:ca:5a:67:3d:45:ab:83:d1:16:a7:48:67:07:
82:03:3b:5e:97:f8:93:be:5c:81:30:83:29:66:01:
ba:da:db:61:31:1d:e8:71:96:a7:12:2c:e7:79:54:
89:83:80:0d:94:6d:4f:9f:6c:4b:fe:e9:d1:ea:bb:
de:f4:a2:3d:49:fe:6f:de:98:72:0e:1c:89:ef:d5:
b8:6c:20:e4:54:49:e3:1d:e9:ae:5b:af:f2:46:de:
8e:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:3B:A0:23:12:2D:C9:DD:81:43:78:66:CB:13:F0:9E:48:F4:2F:F3
X509v3 Authority Key Identifier:
keyid:7F:21:6F:49:A3:B9:A8:4A:0E:85:E8:0A:2C:42:87:4F:09:EA:39:85
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/2dfb30ca-e1c2-4921-b054-d4af09165af1/0/7F216F49A3B9A84A0E85E80A2C42874F09EA3985.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fyFvSaO5qEoOhegKLEKHTwnqOYU.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2dfb30ca-e1c2-4921-b054-d4af09165af1/0/326130653a666434353a326535303a3a2f34382d3438203d3e20323135333730.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:fd45:2e50::/48
Signature Algorithm: sha256WithRSAEncryption
83:c9:07:4a:da:60:a8:70:f0:38:ed:89:9e:9f:28:b5:67:65:
2d:87:ac:b6:0a:ea:68:82:ff:69:47:1b:57:4b:84:01:c2:9c:
6e:6f:5b:a0:ac:fc:5a:ae:4c:d0:b9:0b:fa:64:5b:ce:0e:54:
df:4a:c8:7f:df:c2:59:ec:c5:ac:1d:21:d4:a3:b0:00:bd:64:
98:a7:47:22:b0:38:70:f7:7b:86:52:ba:27:03:0e:88:75:23:
07:c1:14:59:ca:01:c5:37:99:27:54:5e:be:2e:07:5b:85:7c:
bc:56:ea:29:db:7d:0d:70:19:9d:df:ac:4f:6b:81:1b:1a:be:
3c:16:88:8a:46:63:20:1d:1d:68:57:93:c8:32:62:cf:65:0c:
2b:9d:fa:fd:ea:0e:12:10:3d:d2:c8:ea:d8:4f:03:4d:88:fe:
c7:79:c0:4a:e9:f7:93:cf:a4:d7:7f:92:cf:00:f6:18:bf:fa:
13:28:88:61:f2:f0:c2:d8:d0:06:37:f6:25:27:8b:17:45:d4:
03:26:61:a8:ae:16:e4:28:90:f6:bc:22:b7:21:4f:f8:5b:7f:
0e:48:33:0f:ca:2b:d9:5a:93:c3:b3:6d:86:de:dc:50:56:17:
d8:bb:40:44:17:85:36:a4:20:f6:5c:73:ad:46:cb:8b:4f:e8:
12:6f:91:78
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIUIaoVpNddF08Y8tVCgCwFpWi3CaswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2YyMTZmNDlhM2I5YTg0YTBlODVlODBhMmM0Mjg3NGYw
OWVhMzk4NTAeFw0yNTExMDExMjE4NDdaFw0yNjEwMzExMjIzNDdaMDMxMTAvBgNV
BAMTKERCM0JBMDIzMTIyREM5REQ4MTQzNzg2NkNCMTNGMDlFNDhGNDJGRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQrLdr0q7V0V6M2h8iSLqljQ3s
M0hsMm9qxnO4vhVv/lQVO6CdC4MgR9ZUN5gsIvjmndSHL+oiOuFJ77W/6HUHzvqB
dQtmvw4qWwa+I6fItEmRlzlikcoVbgRTscBMixlgkvuhfwO5QF4nuNfc6WoSb9Ju
CgXHXtTCl7yxtrqegOi0koDDViYVzqJ4DqXg9e7nWCrlq8PZXwMfIaMst1JURTab
F1hdylpnPUWrg9EWp0hnB4IDO16X+JO+XIEwgylmAbra22ExHehxlqcSLOd5VImD
gA2UbU+fbEv+6dHqu970oj1J/m/emHIOHInv1bhsIORUSeMd6a5br/JG3o4/AgMB
AAGjggJKMIICRjAdBgNVHQ4EFgQU2zugIxItyd2BQ3hmyxPwnkj0L/MwHwYDVR0j
BBgwFoAUfyFvSaO5qEoOhegKLEKHTwnqOYUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmRmYjMwY2EtZTFjMi00OTIxLWIwNTQtZDRhZjA5MTY1
YWYxLzAvN0YyMTZGNDlBM0I5QTg0QTBFODVFODBBMkM0Mjg3NEYwOUVBMzk4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Z5RnZTYU81cUVvT2hlZ0tMRUtIVHdu
cU9ZVS5jZXIwgbcGCCsGAQUFBwELBIGqMIGnMIGkBggrBgEFBQcwC4aBl3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmRmYjMwY2Et
ZTFjMi00OTIxLWIwNTQtZDRhZjA5MTY1YWYxLzAvMzI2MTMwNjUzYTY2NjQzNDM1
M2EzMjY1MzUzMDNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEzNTMzMzczMC5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACoO/UUuUDANBgkqhkiG9w0BAQsFAAOCAQEAg8kHStpgqHDwOO2J
np8otWdlLYestgrqaIL/aUcbV0uEAcKcbm9boKz8Wq5M0LkL+mRbzg5U30rIf9/C
WezFrB0h1KOwAL1kmKdHIrA4cPd7hlK6JwMOiHUjB8EUWcoBxTeZJ1Revi4HW4V8
vFbqKdt9DXAZnd+sT2uBGxq+PBaIikZjIB0daFeTyDJiz2UMK536/eoOEhA90sjq
2E8DTYj+x3nASun3k8+k13+SzwD2GL/6EyiIYfLwwtjQBjf2JSeLF0XUAyZhqK4W
5CiQ9rwityFP+Ft/DkgzD8or2VqTw7Ntht7cUFYX2LtARBeFNqQg9lxzrUbLi0/o
Em+ReA==
-----END CERTIFICATE-----
Generated at Wed Nov 5 17:25:53 2025 by rpki-client