Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3135302e3235312e3232382e302f32342d3234203d3e20313530323933.roa
File: 3135302e3235312e3232382e302f32342d3234203d3e20313530323933.roa (raw, json)
Hash identifier: y1DIDArsoeyb5bBo3+7mcFktw9jnmZ5dGyg68vVIV44=
Subject key identifier: 84:AB:32:7E:77:FB:80:35:F0:B1:78:E4:FC:F0:E0:28:1C:FE:95:95
Certificate issuer: /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial: 3A91871258B31C52DE5348D86A053E69130CBBA9
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3135302e3235312e3232382e302f32342d3234203d3e20313530323933.roa
Signing time: Tue 07 Apr 2026 09:37:54 +0000
ROA not before: Tue 07 Apr 2026 09:32:54 +0000
ROA not after: Tue 06 Apr 2027 09:37:54 +0000
asID: 150293
IP address blocks: 150.251.228.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3a:91:87:12:58:b3:1c:52:de:53:48:d8:6a:05:3e:69:13:0c:bb:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Validity
Not Before: Apr 7 09:32:54 2026 GMT
Not After : Apr 6 09:37:54 2027 GMT
Subject: CN=84AB327E77FB8035F0B178E4FCF0E0281CFE9595
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:6d:97:58:39:11:67:8f:9c:e6:16:84:67:4b:
b1:38:93:77:83:f4:60:79:ab:aa:ec:84:68:af:cf:
12:f0:5b:3c:d8:0d:d9:2b:8b:60:2a:9d:ca:85:fc:
2b:09:b4:85:4d:db:48:ff:ba:08:a2:30:3e:1b:5a:
43:fd:34:52:46:16:17:0d:69:f6:0f:41:54:0c:ec:
06:24:5a:a8:e7:bc:0e:c8:f5:7f:64:7d:70:62:da:
92:e5:89:bf:75:9c:06:62:20:e2:fc:9a:0e:99:93:
55:c9:23:9a:bd:ab:4a:eb:0d:83:e9:d7:52:b2:da:
e2:c1:bf:ad:d0:10:48:d4:ad:18:48:7f:12:5d:16:
e5:41:70:ea:66:80:38:02:d4:fe:47:a7:c6:30:6f:
d9:d2:5d:e2:01:d3:ac:ee:1d:c4:3a:64:a4:f2:9c:
72:cb:71:2d:a8:12:dc:dc:69:98:a5:a3:c9:76:6c:
53:17:2f:9c:89:e8:08:76:91:38:ec:fa:08:10:4c:
6b:65:a5:a6:3c:7a:24:c3:64:51:b1:37:f9:9c:b5:
1a:98:07:ef:d3:10:b7:39:ca:a5:ea:75:3b:1a:af:
9a:bb:f8:81:75:62:87:78:d0:66:af:92:04:ee:fd:
41:e3:70:93:04:1e:a0:de:54:02:06:5e:0c:cd:1c:
b1:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:AB:32:7E:77:FB:80:35:F0:B1:78:E4:FC:F0:E0:28:1C:FE:95:95
X509v3 Authority Key Identifier:
keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3135302e3235312e3232382e302f32342d3234203d3e20313530323933.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
150.251.228.0/24
Signature Algorithm: sha256WithRSAEncryption
68:b1:6f:00:dc:b6:4d:81:f7:98:cb:05:4f:d4:33:7a:72:cd:
97:be:5b:66:ae:3c:44:25:6d:c0:55:ba:97:07:eb:41:38:00:
9e:16:42:db:f6:90:93:67:b2:ec:fc:b9:c9:c7:c2:0f:c6:f2:
dc:bb:8f:25:5b:cd:9d:65:6a:7e:21:9e:0f:60:37:e0:9b:52:
36:13:30:49:a3:bf:11:a5:fe:ce:eb:f3:e6:35:bf:7d:4b:b0:
1b:27:b7:1d:ec:ac:f4:13:c9:54:b4:d1:cb:a2:39:31:d2:1f:
52:ad:17:19:30:ba:54:8f:c2:0f:e5:b3:2a:c5:bf:42:cf:d3:
62:e8:80:36:47:38:af:e4:4b:91:85:de:cf:ca:b4:ec:e3:81:
b8:f5:21:ae:71:95:3d:9c:21:c2:4b:30:cc:8d:17:14:1d:90:
a8:57:b0:fe:2b:66:ec:4d:96:1a:18:3c:b3:3b:f4:49:63:94:
87:34:c4:d9:db:58:b1:5c:e6:14:bf:10:ef:7c:bd:13:60:96:
cb:a5:7f:6b:5b:cf:f2:e9:0f:fa:95:66:08:7a:5b:08:1e:fb:
2f:c5:cc:f7:0b:b1:0c:9c:bb:b0:0f:87:10:e2:ff:47:2d:dd:
e2:54:78:19:5b:6b:5f:54:31:ba:85:fe:cd:f3:e0:bc:d9:71:
88:f2:57:ef
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUOpGHElizHFLeU0jYagU+aRMMu6kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjA0MDcwOTMyNTRaFw0yNzA0MDYwOTM3NTRaMDMxMTAvBgNV
BAMTKDg0QUIzMjdFNzdGQjgwMzVGMEIxNzhFNEZDRjBFMDI4MUNGRTk1OTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqbZdYORFnj5zmFoRnS7E4k3eD
9GB5q6rshGivzxLwWzzYDdkri2AqncqF/CsJtIVN20j/ugiiMD4bWkP9NFJGFhcN
afYPQVQM7AYkWqjnvA7I9X9kfXBi2pLlib91nAZiIOL8mg6Zk1XJI5q9q0rrDYPp
11Ky2uLBv63QEEjUrRhIfxJdFuVBcOpmgDgC1P5Hp8Ywb9nSXeIB06zuHcQ6ZKTy
nHLLcS2oEtzcaZilo8l2bFMXL5yJ6Ah2kTjs+ggQTGtlpaY8eiTDZFGxN/mctRqY
B+/TELc5yqXqdTsar5q7+IF1Yod40GavkgTu/UHjcJMEHqDeVAIGXgzNHLGvAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUhKsyfnf7gDXwsXjk/PDgKBz+lZUwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzNTMwMmUzMjM1MzEyZTMy
MzIzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzUzMDMyMzkzMy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAJb75DANBgkqhkiG9w0BAQsFAAOCAQEAaLFvANy2TYH3mMsFT9QzenLNl75b
Zq48RCVtwFW6lwfrQTgAnhZC2/aQk2ey7Py5ycfCD8by3LuPJVvNnWVqfiGeD2A3
4JtSNhMwSaO/EaX+zuvz5jW/fUuwGye3Heys9BPJVLTRy6I5MdIfUq0XGTC6VI/C
D+WzKsW/Qs/TYuiANkc4r+RLkYXez8q07OOBuPUhrnGVPZwhwkswzI0XFB2QqFew
/itm7E2WGhg8szv0SWOUhzTE2dtYsVzmFL8Q73y9E2CWy6V/a1vP8ukP+pVmCHpb
CB77L8XM9wuxDJy7sA+HEOL/Ry3d4lR4GVtrX1QxuoX+zfPgvNlxiPJX7w==
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:03:00 2026 by rpki-client