Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130653a386630323a323066303a3a2f34342d3438203d3e20323132303038.roa
File: 326130653a386630323a323066303a3a2f34342d3438203d3e20323132303038.roa (raw, json)
Hash identifier: On2eQpRsGAER0c03JWESje3izTAkMAmeRzawddcsDtc=
Subject key identifier: AA:93:0E:3B:86:4F:95:DB:1A:93:72:71:8F:DE:7B:27:85:DC:3B:3B
Certificate issuer: /CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Certificate serial: 2081C9069617FB2E6E4798B89DEA910822FA57A1
Authority key identifier: FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130653a386630323a323066303a3a2f34342d3438203d3e20323132303038.roa
Signing time: Mon 16 Feb 2026 10:33:21 +0000
ROA not before: Mon 16 Feb 2026 10:28:21 +0000
ROA not after: Mon 15 Feb 2027 10:33:21 +0000
asID: 212008
IP address blocks: 2a0e:8f02:20f0::/44 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.mft
rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 15:05:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:81:c9:06:96:17:fb:2e:6e:47:98:b8:9d:ea:91:08:22:fa:57:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Validity
Not Before: Feb 16 10:28:21 2026 GMT
Not After : Feb 15 10:33:21 2027 GMT
Subject: CN=AA930E3B864F95DB1A9372718FDE7B2785DC3B3B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:98:d4:28:6a:e4:eb:0b:04:7e:c0:93:4a:ff:
3c:fc:d4:e2:d5:8d:6b:f5:d6:2c:51:3d:f9:d3:9b:
fd:80:05:02:8e:3e:c5:4f:8c:72:15:d8:ad:7b:43:
27:a5:ae:70:f7:42:6d:3a:0c:31:21:47:6a:cb:da:
67:99:aa:77:43:bc:44:27:61:16:77:f0:19:ba:d4:
bc:77:40:d5:31:71:35:64:ed:39:87:0a:c7:2c:44:
66:e0:71:c4:ec:ec:85:25:fb:99:c1:30:a7:79:6e:
55:f6:d7:14:cc:5f:9a:75:f1:f8:0f:ba:c0:fd:6d:
ca:7e:fa:a9:43:87:cb:29:c6:0c:97:f2:2c:c4:1f:
f9:d7:c7:70:26:48:c3:ef:b3:60:fd:57:79:73:09:
5a:75:20:fe:88:96:46:6e:97:87:b4:6e:cd:62:72:
8a:d3:bb:d1:fe:a0:f5:e6:d5:ed:3e:31:a6:22:fe:
da:62:79:67:db:c9:23:27:9d:e9:01:3c:70:93:92:
f2:ea:4b:3c:9d:c9:40:1a:18:4e:27:31:90:71:b3:
c2:41:f8:02:1d:61:7e:84:2d:95:e9:4b:af:f1:d1:
51:86:6b:5c:2b:70:e0:2b:0a:6f:7d:d8:0a:9e:0f:
bd:ec:59:34:6f:a0:1a:d6:59:32:03:43:4c:cd:6b:
2a:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:93:0E:3B:86:4F:95:DB:1A:93:72:71:8F:DE:7B:27:85:DC:3B:3B
X509v3 Authority Key Identifier:
keyid:FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130653a386630323a323066303a3a2f34342d3438203d3e20323132303038.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:8f02:20f0::/44
Signature Algorithm: sha256WithRSAEncryption
71:d2:c3:90:a1:95:73:c2:bb:22:d2:80:a4:fd:27:2a:cb:ae:
57:f2:30:5f:a3:62:fb:78:c9:0c:b2:61:62:1b:ef:83:e0:33:
f5:e8:18:3b:d0:d1:cd:c4:4d:26:d1:d4:ed:34:de:80:40:4a:
4e:96:68:a6:21:05:f1:3f:f4:a8:d2:88:70:b8:4c:26:9a:8b:
c8:f9:4c:cf:0f:10:d0:0d:f9:f4:cc:a2:3e:4f:8b:4a:b4:58:
16:de:00:06:6e:3e:08:31:e3:eb:a3:69:f9:de:23:36:9f:d8:
b3:ee:1e:ef:6b:6e:93:55:23:4b:f5:d0:05:04:a1:df:8c:07:
ad:bf:11:5b:d4:1f:15:43:b1:c3:32:22:79:1c:56:da:44:1c:
98:ff:8f:94:90:52:55:14:db:b0:4d:68:7c:7e:6e:9a:38:91:
d1:07:ca:29:ac:1e:b7:4d:ea:87:d9:ec:9e:fb:d9:ae:25:7f:
0e:f0:c6:79:4e:da:28:a5:d3:86:cf:6f:e3:b3:b7:38:c0:d7:
75:75:85:6c:43:e7:5d:34:78:1c:44:29:df:36:e7:01:15:e9:
5f:08:86:4d:9b:5a:78:65:53:4f:30:7b:45:1d:48:85:77:3d:
bb:92:53:ec:b5:84:48:75:b0:e5:2e:3c:8d:8c:fc:b9:8c:df:
a7:2a:b3:ea
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgIUIIHJBpYX+y5uR5i4neqRCCL6V6EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmFjNDcwOGQ3ZTI2NWRiMTA0NGY5YmIwZWU4NzI4NTg3
ZjQ4YjQ4NDAeFw0yNjAyMTYxMDI4MjFaFw0yNzAyMTUxMDMzMjFaMDMxMTAvBgNV
BAMTKEFBOTMwRTNCODY0Rjk1REIxQTkzNzI3MThGREU3QjI3ODVEQzNCM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdmNQoauTrCwR+wJNK/zz81OLV
jWv11ixRPfnTm/2ABQKOPsVPjHIV2K17QyelrnD3Qm06DDEhR2rL2meZqndDvEQn
YRZ38Bm61Lx3QNUxcTVk7TmHCscsRGbgccTs7IUl+5nBMKd5blX21xTMX5p18fgP
usD9bcp++qlDh8spxgyX8izEH/nXx3AmSMPvs2D9V3lzCVp1IP6IlkZul4e0bs1i
corTu9H+oPXm1e0+MaYi/tpieWfbySMnnekBPHCTkvLqSzydyUAaGE4nMZBxs8JB
+AIdYX6ELZXpS6/x0VGGa1wrcOArCm992AqeD73sWTRvoBrWWTIDQ0zNayqtAgMB
AAGjggJLMIICRzAdBgNVHQ4EFgQUqpMOO4ZPldsak3Jxj957J4XcOzswHwYDVR0j
BBgwFoAU+sRwjX4mXbEET5uw7ocoWH9ItIQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNWI1OGU2NDYtZTdhMi00NjVjLTg3YzUtNDNjMzU5YWQ5
MzY5LzAvRkFDNDcwOEQ3RTI2NURCMTA0NEY5QkIwRUU4NzI4NTg3RjQ4QjQ4NC5j
cmwwZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEtc1J3alg0bVhiRUVUNXV3N29jb1dI
OUl0SVEuY2VyMIG3BggrBgEFBQcBCwSBqjCBpzCBpAYIKwYBBQUHMAuGgZdyc3lu
YzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzViNThlNjQ2
LWU3YTItNDY1Yy04N2M1LTQzYzM1OWFkOTM2OS8wLzMyNjEzMDY1M2EzODY2MzAz
MjNhMzIzMDY2MzAzYTNhMmYzNDM0MmQzNDM4MjAzZDNlMjAzMjMxMzIzMDMwMzgu
cm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzAR
MA8EAgACMAkDBwQqDo8CIPAwDQYJKoZIhvcNAQELBQADggEBAHHSw5ChlXPCuyLS
gKT9JyrLrlfyMF+jYvt4yQyyYWIb74PgM/XoGDvQ0c3ETSbR1O003oBASk6WaKYh
BfE/9KjSiHC4TCaai8j5TM8PENAN+fTMoj5Pi0q0WBbeAAZuPggx4+ujafneIzaf
2LPuHu9rbpNVI0v10AUEod+MB62/EVvUHxVDscMyInkcVtpEHJj/j5SQUlUU27BN
aHx+bpo4kdEHyimsHrdN6ofZ7J772a4lfw7wxnlO2iil04bPb+OztzjA13V1hWxD
5100eBxEKd825wEV6V8Ihk2bWnhlU08we0UdSIV3PbuSU+y1hEh1sOUuPI2M/LmM
36cqs+o=
-----END CERTIFICATE-----
Generated at Mon Mar 2 21:40:48 2026 by rpki-client