Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e38362e3232352e302f32342d3234203d3e20323038353130.roa
File: 3138352e38362e3232352e302f32342d3234203d3e20323038353130.roa (raw, json)
Hash identifier: B1WkR8JEi0YvfF2O8WJ1WkIBgT6rv6BraP8LYdNMDhY=
Subject key identifier: 88:86:0E:BC:AE:11:9E:C2:0F:6F:31:26:F0:6A:DD:02:A3:B4:5D:00
Certificate issuer: /CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Certificate serial: 78B6D2A6989DA62919B0C9A22756E05064AF261B
Authority key identifier: FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e38362e3232352e302f32342d3234203d3e20323038353130.roa
Signing time: Mon 30 Mar 2026 10:55:22 +0000
ROA not before: Mon 30 Mar 2026 10:50:22 +0000
ROA not after: Mon 29 Mar 2027 10:55:22 +0000
asID: 208510
IP address blocks: 185.86.225.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 05:59:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
78:b6:d2:a6:98:9d:a6:29:19:b0:c9:a2:27:56:e0:50:64:af:26:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Validity
Not Before: Mar 30 10:50:22 2026 GMT
Not After : Mar 29 10:55:22 2027 GMT
Subject: CN=88860EBCAE119EC20F6F3126F06ADD02A3B45D00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:d3:91:aa:cb:83:4e:f2:a9:95:ab:c2:bf:03:
8b:ba:ea:03:50:a8:9f:9a:8f:1a:39:b4:19:ba:d9:
0d:0b:08:c7:b0:08:e2:96:df:5e:7f:14:5e:2a:ae:
d5:cd:30:ad:8a:40:a3:d7:e8:18:c6:33:c7:96:d7:
32:ad:c0:11:6a:eb:f3:72:cd:f7:60:9c:52:b8:4f:
57:41:45:c5:72:5a:e7:2b:3f:ca:4f:b2:e9:d2:bd:
53:b6:ed:74:32:00:32:5d:8d:7d:54:99:94:94:63:
f6:bc:80:e3:ef:40:b8:42:1a:95:7d:4d:35:cb:16:
55:cf:8f:72:c2:e0:64:1d:82:80:6d:0d:96:1a:cb:
90:7d:53:b9:c6:43:a6:82:c8:78:ee:3b:a9:4c:c3:
54:4d:f9:3e:5f:0c:31:68:a0:5f:1a:1c:54:fe:9c:
3b:85:8e:38:29:85:9c:f5:b8:19:af:0c:82:af:1c:
9f:78:61:08:58:a7:f2:a4:84:7f:3d:65:e4:7a:5e:
9e:d6:1e:6d:7e:5b:87:17:3f:58:96:f3:f4:98:d5:
bc:1a:a9:0a:9e:da:54:df:e4:bb:7b:27:d7:61:f8:
f1:78:71:09:f0:81:e1:26:45:9c:94:03:19:6d:13:
3d:3d:4b:5e:8f:80:1c:98:8d:ba:a1:07:6b:35:59:
62:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:86:0E:BC:AE:11:9E:C2:0F:6F:31:26:F0:6A:DD:02:A3:B4:5D:00
X509v3 Authority Key Identifier:
keyid:FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e38362e3232352e302f32342d3234203d3e20323038353130.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.86.225.0/24
Signature Algorithm: sha256WithRSAEncryption
93:4b:2c:4f:a8:e1:ac:66:4c:33:2e:2f:35:6b:ed:a1:d2:f9:
9b:5c:ce:12:21:b0:7e:aa:01:ee:a1:e1:31:6f:75:ec:ed:72:
67:94:16:2e:d1:f0:c1:bd:9e:f1:d8:bf:d4:ab:7f:72:6f:06:
0f:c8:c0:01:65:65:36:f7:33:35:10:3e:6b:2e:d5:c6:51:4a:
02:b1:3c:de:d4:64:f9:67:6a:cf:79:19:e0:2d:ac:58:14:70:
7c:50:ee:b5:e0:df:44:05:fd:2b:d3:26:dc:71:7c:d3:22:a4:
ce:0e:af:af:04:2c:2f:8d:0b:db:8d:66:2e:ca:a0:a5:09:b2:
b1:4a:59:6c:61:a3:f9:fa:f7:e5:99:62:93:9e:07:1a:d4:0c:
a4:d5:c5:9f:43:d0:55:38:31:d9:a1:5d:a3:bd:d8:df:71:e3:
32:0f:f1:2d:56:b4:b9:c7:c2:8e:ad:62:74:c6:26:f2:cd:73:
8c:5f:d3:77:3e:a0:f0:30:e7:8a:2d:0d:04:96:4c:71:2e:2f:
7d:9a:7b:8b:e9:4e:77:2c:60:c3:0d:ed:cc:f6:56:b3:ea:dd:
b0:3b:27:b6:00:6b:b0:cc:81:eb:17:6f:4c:41:4f:f3:e2:2d:
d3:8e:93:38:e7:a3:a8:53:55:8d:9a:3a:c6:30:9f:da:e6:93:
12:08:05:b5
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgIUeLbSppidpikZsMmiJ1bgUGSvJhswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmFjNDcwOGQ3ZTI2NWRiMTA0NGY5YmIwZWU4NzI4NTg3
ZjQ4YjQ4NDAeFw0yNjAzMzAxMDUwMjJaFw0yNzAzMjkxMDU1MjJaMDMxMTAvBgNV
BAMTKDg4ODYwRUJDQUUxMTlFQzIwRjZGMzEyNkYwNkFERDAyQTNCNDVEMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu05Gqy4NO8qmVq8K/A4u66gNQ
qJ+ajxo5tBm62Q0LCMewCOKW315/FF4qrtXNMK2KQKPX6BjGM8eW1zKtwBFq6/Ny
zfdgnFK4T1dBRcVyWucrP8pPsunSvVO27XQyADJdjX1UmZSUY/a8gOPvQLhCGpV9
TTXLFlXPj3LC4GQdgoBtDZYay5B9U7nGQ6aCyHjuO6lMw1RN+T5fDDFooF8aHFT+
nDuFjjgphZz1uBmvDIKvHJ94YQhYp/KkhH89ZeR6Xp7WHm1+W4cXP1iW8/SY1bwa
qQqe2lTf5Lt7J9dh+PF4cQnwgeEmRZyUAxltEz09S16PgByYjbqhB2s1WWK9AgMB
AAGjggJAMIICPDAdBgNVHQ4EFgQUiIYOvK4RnsIPbzEm8GrdAqO0XQAwHwYDVR0j
BBgwFoAU+sRwjX4mXbEET5uw7ocoWH9ItIQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNWI1OGU2NDYtZTdhMi00NjVjLTg3YzUtNDNjMzU5YWQ5
MzY5LzAvRkFDNDcwOEQ3RTI2NURCMTA0NEY5QkIwRUU4NzI4NTg3RjQ4QjQ4NC5j
cmwwZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEtc1J3alg0bVhiRUVUNXV3N29jb1dI
OUl0SVEuY2VyMIGvBggrBgEFBQcBCwSBojCBnzCBnAYIKwYBBQUHMAuGgY9yc3lu
YzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzViNThlNjQ2
LWU3YTItNDY1Yy04N2M1LTQzYzM1OWFkOTM2OS8wLzMxMzgzNTJlMzgzNjJlMzIz
MjM1MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM4MzUzMTMwLnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQAuVbhMA0GCSqGSIb3DQEBCwUAA4IBAQCTSyxPqOGsZkwzLi81a+2h0vmbXM4S
IbB+qgHuoeExb3Xs7XJnlBYu0fDBvZ7x2L/Uq39ybwYPyMABZWU29zM1ED5rLtXG
UUoCsTze1GT5Z2rPeRngLaxYFHB8UO614N9EBf0r0ybccXzTIqTODq+vBCwvjQvb
jWYuyqClCbKxSllsYaP5+vflmWKTngca1Ayk1cWfQ9BVODHZoV2jvdjfceMyD/Et
VrS5x8KOrWJ0xibyzXOMX9N3PqDwMOeKLQ0ElkxxLi99mnuL6U53LGDDDe3M9laz
6t2wOye2AGuwzIHrF29MQU/z4i3TjpM456OoU1WNmjrGMJ/a5pMSCAW1
-----END CERTIFICATE-----
Generated at Fri Apr 17 10:16:58 2026 by rpki-client