Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a3230383a3a2f34382d3438203d3e20343031383034.roa
File: 326130663a316363353a3230383a3a2f34382d3438203d3e20343031383034.roa (raw, json)
Hash identifier: uIC4d2TjCMwJx+rv7IYOxegYqLmVPJq1o7dRGJQKSaw=
Subject key identifier: 40:A7:93:8C:45:11:7E:77:86:87:7E:D5:F8:3B:C3:F9:15:29:D5:FE
Certificate issuer: /CN=1be240021a287f298973d9ea28dfc80735fd5800
Certificate serial: 77DA24903BE11DE693EABAD107EF3410E5C48F07
Authority key identifier: 1B:E2:40:02:1A:28:7F:29:89:73:D9:EA:28:DF:C8:07:35:FD:58:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a3230383a3a2f34382d3438203d3e20343031383034.roa
Signing time: Tue 02 Jun 2026 12:18:04 +0000
ROA not before: Tue 02 Jun 2026 12:13:04 +0000
ROA not after: Tue 01 Jun 2027 12:18:04 +0000
asID: 401804
IP address blocks: 2a0f:1cc5:208::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.crl
rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.mft
rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 13 Jun 2026 22:39:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
77:da:24:90:3b:e1:1d:e6:93:ea:ba:d1:07:ef:34:10:e5:c4:8f:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1be240021a287f298973d9ea28dfc80735fd5800
Validity
Not Before: Jun 2 12:13:04 2026 GMT
Not After : Jun 1 12:18:04 2027 GMT
Subject: CN=40A7938C45117E7786877ED5F83BC3F91529D5FE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:94:f4:56:d1:af:c9:3f:22:ef:a5:a2:9e:1b:
ee:3e:e5:c5:b5:52:52:09:3b:b3:f0:f3:9c:6d:9c:
2f:f9:bf:26:df:f0:e3:c5:ce:8d:a9:b9:c7:31:1e:
34:cd:ca:6e:0a:cd:33:b6:be:a2:9c:09:e0:20:ad:
83:0f:c5:4c:81:a8:6b:e0:43:7f:78:6a:da:2b:6a:
e1:a0:bd:f8:cd:2d:c0:f5:ab:01:20:10:5a:e5:c0:
d2:7d:4d:ec:36:e3:2f:85:98:a8:a1:89:f1:66:50:
e9:18:5a:fa:f6:3b:30:b8:ee:2a:8d:f4:1f:8f:2b:
89:6e:25:16:f6:79:c5:67:41:54:f1:cb:b0:93:cf:
e6:85:ac:a5:54:90:ee:d9:24:4e:ec:68:64:21:97:
8c:93:8e:61:f1:b1:d1:80:b2:d1:9a:a8:0a:b0:b7:
f3:37:45:84:7b:10:ba:15:da:92:99:99:0f:8d:86:
c2:f5:62:b2:cf:7b:0d:2b:ad:09:2b:cd:62:ba:98:
f8:b3:08:a0:9c:f2:0e:1e:38:8c:08:eb:95:75:8b:
7a:86:1d:8b:c3:fa:1f:5d:3b:ac:00:9f:b1:3e:69:
87:0a:97:00:59:db:e0:4c:0b:65:f0:ae:1f:47:da:
4d:5a:e8:ff:76:5a:53:0d:ff:7e:68:95:b4:73:9b:
7f:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:A7:93:8C:45:11:7E:77:86:87:7E:D5:F8:3B:C3:F9:15:29:D5:FE
X509v3 Authority Key Identifier:
keyid:1B:E2:40:02:1A:28:7F:29:89:73:D9:EA:28:DF:C8:07:35:FD:58:00
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a3230383a3a2f34382d3438203d3e20343031383034.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:1cc5:208::/48
Signature Algorithm: sha256WithRSAEncryption
86:2b:04:e2:bd:06:c3:ba:62:e7:51:bb:cf:01:22:01:dd:31:
b9:44:38:fd:dd:fb:66:0a:b4:ce:d5:44:14:3b:19:99:ed:8d:
44:1b:03:e7:a7:f3:c0:92:a4:f1:d8:45:f1:be:38:d2:30:a7:
49:a8:3e:4d:a4:a6:5c:78:07:4b:37:aa:fb:74:86:3f:6e:8f:
08:5a:9c:6e:fb:93:d5:af:94:8a:a8:6e:fc:0e:cc:52:87:06:
e2:10:bc:8d:b6:f7:82:87:73:3a:49:48:9b:7d:b8:8a:90:0c:
5d:d3:b7:a1:91:3a:84:c4:e5:b9:55:d8:81:eb:c6:88:77:f3:
e3:91:7c:f3:68:6b:f8:75:65:b7:30:fc:15:9f:72:2a:7b:47:
f2:b9:fe:c8:de:9a:9f:01:07:aa:f6:a6:0d:67:85:79:a0:25:
06:09:9f:6b:95:cb:e3:32:97:34:ab:36:cb:80:04:ae:69:5e:
b3:bd:71:2f:a0:61:f3:4b:bc:1a:55:94:24:3d:d3:77:fc:ca:
6a:fd:3d:17:d0:38:cb:8f:ba:d7:45:bb:94:ae:df:32:15:c9:
64:da:56:cc:e8:a7:bb:24:f2:a3:f1:75:4b:b8:67:13:44:4c:
94:ed:e2:a2:1a:78:90:8b:ec:d3:33:74:42:3f:78:dc:5c:06:
54:32:7d:b0
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgIUd9okkDvhHeaT6rrRB+80EOXEjwcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWJlMjQwMDIxYTI4N2YyOTg5NzNkOWVhMjhkZmM4MDcz
NWZkNTgwMDAeFw0yNjA2MDIxMjEzMDRaFw0yNzA2MDExMjE4MDRaMDMxMTAvBgNV
BAMTKDQwQTc5MzhDNDUxMTdFNzc4Njg3N0VENUY4M0JDM0Y5MTUyOUQ1RkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNlPRW0a/JPyLvpaKeG+4+5cW1
UlIJO7Pw85xtnC/5vybf8OPFzo2puccxHjTNym4KzTO2vqKcCeAgrYMPxUyBqGvg
Q394atorauGgvfjNLcD1qwEgEFrlwNJ9Tew24y+FmKihifFmUOkYWvr2OzC47iqN
9B+PK4luJRb2ecVnQVTxy7CTz+aFrKVUkO7ZJE7saGQhl4yTjmHxsdGAstGaqAqw
t/M3RYR7ELoV2pKZmQ+NhsL1YrLPew0rrQkrzWK6mPizCKCc8g4eOIwI65V1i3qG
HYvD+h9dO6wAn7E+aYcKlwBZ2+BMC2Xwrh9H2k1a6P92WlMN/35olbRzm383AgMB
AAGjggJIMIICRDAdBgNVHQ4EFgQUQKeTjEURfneGh37V+DvD+RUp1f4wHwYDVR0j
BBgwFoAUG+JAAhoofymJc9nqKN/IBzX9WAAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGFmYjVmZTItM2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0
ZjBlLzAvMUJFMjQwMDIxQTI4N0YyOTg5NzNEOUVBMjhERkM4MDczNUZENTgwMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0ctSkFBaG9vZnltSmM5bnFLTl9JQnpY
OVdBQS5jZXIwgbUGCCsGAQUFBwELBIGoMIGlMIGiBggrBgEFBQcwC4aBlXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGFmYjVmZTIt
M2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0ZjBlLzAvMzI2MTMwNjYzYTMxNjM2MzM1
M2EzMjMwMzgzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzNDMwMzEzODMwMzQucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8E
AgACMAkDBwAqDxzFAggwDQYJKoZIhvcNAQELBQADggEBAIYrBOK9BsO6YudRu88B
IgHdMblEOP3d+2YKtM7VRBQ7GZntjUQbA+en88CSpPHYRfG+ONIwp0moPk2kplx4
B0s3qvt0hj9ujwhanG77k9WvlIqobvwOzFKHBuIQvI2294KHczpJSJt9uIqQDF3T
t6GROoTE5blV2IHrxoh38+ORfPNoa/h1Zbcw/BWfcip7R/K5/sjemp8BB6r2pg1n
hXmgJQYJn2uVy+MylzSrNsuABK5pXrO9cS+gYfNLvBpVlCQ903f8ymr9PRfQOMuP
utdFu5Su3zIVyWTaVszop7sk8qPxdUu4ZxNETJTt4qIaeJCL7NMzdEI/eNxcBlQy
fbA=
-----END CERTIFICATE-----
Generated at Sat Jun 13 15:10:20 2026 by rpki-client