Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e38362e3232382e302f32332d3234203d3e203538323939.roa
File: 3138352e38362e3232382e302f32332d3234203d3e203538323939.roa (raw, json)
Hash identifier: kORUsTlSpwZoSRtTKDAyNPdyJA9v1UZrWgQ4T3/dRU4=
Subject key identifier: CF:DC:23:45:DF:D8:F5:3C:0E:22:F8:73:D4:68:6D:AB:5A:3A:56:05
Certificate issuer: /CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Certificate serial: 6993E73D8D3E405122DA89C718A581CE35D84463
Authority key identifier: FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e38362e3232382e302f32332d3234203d3e203538323939.roa
Signing time: Fri 12 Jun 2026 14:13:49 +0000
ROA not before: Fri 12 Jun 2026 14:08:49 +0000
ROA not after: Fri 11 Jun 2027 14:13:49 +0000
asID: 58299
IP address blocks: 185.86.228.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 08:43:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:93:e7:3d:8d:3e:40:51:22:da:89:c7:18:a5:81:ce:35:d8:44:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Validity
Not Before: Jun 12 14:08:49 2026 GMT
Not After : Jun 11 14:13:49 2027 GMT
Subject: CN=CFDC2345DFD8F53C0E22F873D4686DAB5A3A5605
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:48:7f:d9:c9:a8:a1:30:24:4f:f7:d6:33:ca:
b1:a6:63:6e:34:44:0f:52:05:a5:cb:f5:ad:89:ef:
73:8f:19:ec:22:c8:96:32:02:20:1a:f5:ae:b0:2b:
ca:83:35:ce:7c:c3:13:1f:91:1f:b0:0a:0b:82:e6:
c5:e9:c9:f8:83:53:e3:8e:27:62:10:db:40:29:f0:
21:04:94:65:af:3d:86:57:53:0b:f3:4c:93:e9:a8:
a9:d0:5e:55:80:5c:03:7d:d1:ed:ec:ec:41:8d:5f:
bf:76:ea:21:c8:40:af:19:9a:2d:7e:37:fb:e5:2c:
c2:97:e2:fc:6c:80:74:ad:72:d0:05:2e:a0:1d:6a:
93:20:08:4e:49:72:e0:ef:37:4e:68:be:a3:9d:cf:
d3:2d:36:76:db:24:a3:5d:a0:00:98:60:90:51:35:
6d:fe:85:cf:83:1b:58:63:56:13:2c:7d:54:84:5e:
24:a7:17:a5:b4:53:8e:2b:e0:8f:b2:f2:b6:7b:e2:
e3:ba:ab:a4:34:11:e3:1d:2a:80:b9:59:07:57:47:
61:a0:2e:90:cb:38:7f:e5:72:14:5f:df:8b:3d:cc:
5b:7a:e6:98:45:44:a7:b6:30:b7:c1:af:12:88:86:
c7:41:81:1b:38:5e:2d:dd:e3:bd:1e:e8:b6:ce:8b:
20:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:DC:23:45:DF:D8:F5:3C:0E:22:F8:73:D4:68:6D:AB:5A:3A:56:05
X509v3 Authority Key Identifier:
keyid:FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/3138352e38362e3232382e302f32332d3234203d3e203538323939.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.86.228.0/23
Signature Algorithm: sha256WithRSAEncryption
42:d2:70:72:6e:c9:88:94:06:af:fa:dc:18:f2:b5:87:e6:86:
ea:f3:5a:b3:2f:a7:5d:7d:d5:4b:09:30:75:32:1b:24:0f:9d:
e1:93:d2:92:6d:31:8f:e8:70:ee:18:71:2f:36:62:f5:ce:dc:
e5:b5:58:e3:b1:14:16:2e:5a:44:43:79:cf:d0:02:06:b8:cc:
93:0c:5b:49:d7:d5:e9:c1:16:7e:75:c1:fc:09:6e:c3:d6:ee:
86:af:94:b7:b9:f6:27:c1:0a:9e:00:96:3f:21:cc:da:86:ef:
6e:08:28:6d:2c:47:c2:b3:55:65:96:3e:37:f0:d6:f2:b2:c6:
96:d4:d6:76:2c:ed:14:0e:e4:e4:26:42:8b:8b:b7:9b:dc:21:
6b:fb:8e:d4:d5:a5:b9:bd:2d:87:82:72:9f:36:1b:fc:d4:1a:
f2:80:a4:30:f7:57:9e:9b:03:9c:76:e5:c8:ee:0a:7d:4b:21:
16:d4:5c:66:e0:6b:f7:3f:dc:70:26:9b:24:35:f9:f6:8e:c8:
28:ec:f1:f5:7d:42:2d:e8:70:dc:38:73:5f:da:c7:b8:49:e5:
45:ee:f5:85:9b:a4:52:ab:35:c2:86:99:0e:1c:84:af:3d:c7:
27:51:4e:f1:5f:0c:11:94:41:82:49:e0:14:1b:9f:7f:78:ff:
16:54:e1:de
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIUaZPnPY0+QFEi2onHGKWBzjXYRGMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmFjNDcwOGQ3ZTI2NWRiMTA0NGY5YmIwZWU4NzI4NTg3
ZjQ4YjQ4NDAeFw0yNjA2MTIxNDA4NDlaFw0yNzA2MTExNDEzNDlaMDMxMTAvBgNV
BAMTKENGREMyMzQ1REZEOEY1M0MwRTIyRjg3M0Q0Njg2REFCNUEzQTU2MDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmSH/ZyaihMCRP99YzyrGmY240
RA9SBaXL9a2J73OPGewiyJYyAiAa9a6wK8qDNc58wxMfkR+wCguC5sXpyfiDU+OO
J2IQ20Ap8CEElGWvPYZXUwvzTJPpqKnQXlWAXAN90e3s7EGNX7926iHIQK8Zmi1+
N/vlLMKX4vxsgHStctAFLqAdapMgCE5JcuDvN05ovqOdz9MtNnbbJKNdoACYYJBR
NW3+hc+DG1hjVhMsfVSEXiSnF6W0U44r4I+y8rZ74uO6q6Q0EeMdKoC5WQdXR2Gg
LpDLOH/lchRf34s9zFt65phFRKe2MLfBrxKIhsdBgRs4Xi3d470e6LbOiyD3AgMB
AAGjggI+MIICOjAdBgNVHQ4EFgQUz9wjRd/Y9TwOIvhz1Ghtq1o6VgUwHwYDVR0j
BBgwFoAU+sRwjX4mXbEET5uw7ocoWH9ItIQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNWI1OGU2NDYtZTdhMi00NjVjLTg3YzUtNDNjMzU5YWQ5
MzY5LzAvRkFDNDcwOEQ3RTI2NURCMTA0NEY5QkIwRUU4NzI4NTg3RjQ4QjQ4NC5j
cmwwZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEtc1J3alg0bVhiRUVUNXV3N29jb1dI
OUl0SVEuY2VyMIGtBggrBgEFBQcBCwSBoDCBnTCBmgYIKwYBBQUHMAuGgY1yc3lu
YzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzViNThlNjQ2
LWU3YTItNDY1Yy04N2M1LTQzYzM1OWFkOTM2OS8wLzMxMzgzNTJlMzgzNjJlMzIz
MjM4MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzUzODMyMzkzOS5yb2EwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
AblW5DANBgkqhkiG9w0BAQsFAAOCAQEAQtJwcm7JiJQGr/rcGPK1h+aG6vNasy+n
XX3VSwkwdTIbJA+d4ZPSkm0xj+hw7hhxLzZi9c7c5bVY47EUFi5aREN5z9ACBrjM
kwxbSdfV6cEWfnXB/Aluw9buhq+Ut7n2J8EKngCWPyHM2obvbggobSxHwrNVZZY+
N/DW8rLGltTWdiztFA7k5CZCi4u3m9wha/uO1NWlub0th4JynzYb/NQa8oCkMPdX
npsDnHblyO4KfUshFtRcZuBr9z/ccCabJDX59o7IKOzx9X1CLehw3DhzX9rHuEnl
Re71hZukUqs1woaZDhyErz3HJ1FO8V8MEZRBgkngFBuff3j/FlTh3g==
-----END CERTIFICATE-----
Generated at Sat Jun 13 16:29:10 2026 by rpki-client