Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a3335303a3a2f34342d3438203d3e203331383938.roa
File: 326130663a316363353a3335303a3a2f34342d3438203d3e203331383938.roa (raw, json)
Hash identifier: QJ1csjeuHABkpJ32K/1KJg7dS60h731VP2eAeXrOYVQ=
Subject key identifier: C4:B0:BA:0B:B2:8D:D0:63:AB:26:19:33:4A:6F:A8:C8:06:A0:26:F1
Certificate issuer: /CN=411e2d411d687bcb4449c3df45beedc041007d94
Certificate serial: 648AD46648EDF854B016A11D7CF1BA3DFC3FAF5C
Authority key identifier: 41:1E:2D:41:1D:68:7B:CB:44:49:C3:DF:45:BE:ED:C0:41:00:7D:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QR4tQR1oe8tEScPfRb7twEEAfZQ.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a3335303a3a2f34342d3438203d3e203331383938.roa
Signing time: Thu 26 Feb 2026 15:14:03 +0000
ROA not before: Thu 26 Feb 2026 15:09:03 +0000
ROA not after: Thu 25 Feb 2027 15:14:03 +0000
asID: 31898
IP address blocks: 2a0f:1cc5:350::/44 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/411E2D411D687BCB4449C3DF45BEEDC041007D94.crl
rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/411E2D411D687BCB4449C3DF45BEEDC041007D94.mft
rsync://rpki.ripe.net/repository/DEFAULT/QR4tQR1oe8tEScPfRb7twEEAfZQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 01 Mar 2026 23:08:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:8a:d4:66:48:ed:f8:54:b0:16:a1:1d:7c:f1:ba:3d:fc:3f:af:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=411e2d411d687bcb4449c3df45beedc041007d94
Validity
Not Before: Feb 26 15:09:03 2026 GMT
Not After : Feb 25 15:14:03 2027 GMT
Subject: CN=C4B0BA0BB28DD063AB2619334A6FA8C806A026F1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:81:a3:2d:99:af:66:9b:41:ab:26:49:bf:8d:
42:84:8e:bb:57:07:1a:f0:d0:2c:3c:19:0f:3b:51:
c0:0d:60:35:38:bf:57:75:a0:a1:8f:fe:9c:5e:17:
bb:9b:8d:b4:e5:93:76:f1:a5:9e:5c:98:b4:18:74:
c2:d3:67:49:73:79:31:0a:8e:d8:e5:6a:07:17:a0:
98:79:61:ae:d8:20:da:b4:5f:fd:c2:14:4b:2c:ca:
49:26:8e:3c:7b:a9:29:d5:b0:6a:e7:c2:d3:39:cb:
e8:d9:84:ed:b1:9c:d9:49:0b:7b:72:7b:26:e5:91:
5d:31:60:7c:fc:81:a9:99:b9:98:63:7b:ab:dd:fa:
d1:26:92:4e:77:de:0d:c7:23:47:41:5c:21:e4:14:
0f:72:8b:db:4d:eb:13:87:86:fd:25:69:f8:61:73:
f9:0b:fe:67:a7:7e:07:c1:c6:8f:71:a1:63:3a:35:
9e:40:a1:20:08:1b:ff:8f:20:23:34:4a:76:ca:95:
5e:d5:d9:0a:c0:20:ca:dc:33:53:04:35:99:23:84:
83:25:91:bf:a9:d5:a1:59:ca:cb:4c:e0:90:33:ff:
3e:43:aa:f0:ed:54:60:dd:c5:60:6c:ff:2f:42:85:
eb:ca:9c:de:e9:23:d2:db:21:f1:c3:dd:60:a9:1a:
33:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:B0:BA:0B:B2:8D:D0:63:AB:26:19:33:4A:6F:A8:C8:06:A0:26:F1
X509v3 Authority Key Identifier:
keyid:41:1E:2D:41:1D:68:7B:CB:44:49:C3:DF:45:BE:ED:C0:41:00:7D:94
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/411E2D411D687BCB4449C3DF45BEEDC041007D94.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QR4tQR1oe8tEScPfRb7twEEAfZQ.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a3335303a3a2f34342d3438203d3e203331383938.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:1cc5:350::/44
Signature Algorithm: sha256WithRSAEncryption
44:f1:1a:d5:e0:ae:28:6c:d7:1d:e1:a5:b3:62:8d:3d:67:b1:
b9:da:40:5b:b2:35:bd:da:02:35:50:4d:8e:05:03:b1:f9:51:
ee:4c:8a:cc:87:bb:cb:5e:b2:54:99:9c:ee:e1:40:91:6e:c8:
e6:73:ef:cf:b7:97:e7:98:4a:29:8b:6d:27:ed:70:15:8c:57:
5f:0f:5c:a6:82:1f:68:e5:b8:7a:be:7c:0a:6b:40:4e:28:76:
7b:70:e3:63:2d:1c:cc:ac:26:83:6e:1b:8e:f9:19:60:31:b5:
99:c0:48:94:30:a5:ce:70:ba:81:db:e3:b2:ff:bb:b8:ab:7d:
2d:66:59:37:03:fb:10:3d:c1:33:bc:68:7e:6c:4f:f5:9e:e2:
2b:4c:be:f3:92:26:25:e5:ce:82:40:c4:75:56:ef:2d:c4:23:
80:46:e4:be:36:f7:3e:74:6e:4a:7c:90:39:56:3a:34:d6:b9:
ee:86:cb:33:9a:80:40:45:33:56:25:f1:72:83:50:a1:dc:4d:
cd:b6:d1:13:df:8d:e6:ee:0d:29:a9:e7:5e:16:1a:09:39:bc:
f8:46:4b:46:b0:b4:8f:36:4c:7d:5d:00:c2:89:33:41:b8:ef:
3b:ab:3d:c8:6c:8e:07:b5:e1:d5:cc:18:11:e3:47:61:82:9f:
38:86:be:60
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUZIrUZkjt+FSwFqEdfPG6Pfw/r1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDExZTJkNDExZDY4N2JjYjQ0NDljM2RmNDViZWVkYzA0
MTAwN2Q5NDAeFw0yNjAyMjYxNTA5MDNaFw0yNzAyMjUxNTE0MDNaMDMxMTAvBgNV
BAMTKEM0QjBCQTBCQjI4REQwNjNBQjI2MTkzMzRBNkZBOEM4MDZBMDI2RjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/gaMtma9mm0GrJkm/jUKEjrtX
Bxrw0Cw8GQ87UcANYDU4v1d1oKGP/pxeF7ubjbTlk3bxpZ5cmLQYdMLTZ0lzeTEK
jtjlagcXoJh5Ya7YINq0X/3CFEssykkmjjx7qSnVsGrnwtM5y+jZhO2xnNlJC3ty
eyblkV0xYHz8gamZuZhje6vd+tEmkk533g3HI0dBXCHkFA9yi9tN6xOHhv0lafhh
c/kL/menfgfBxo9xoWM6NZ5AoSAIG/+PICM0SnbKlV7V2QrAIMrcM1MENZkjhIMl
kb+p1aFZystM4JAz/z5DqvDtVGDdxWBs/y9ChevKnN7pI9LbIfHD3WCpGjO7AgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQUxLC6C7KN0GOrJhkzSm+oyAagJvEwHwYDVR0j
BBgwFoAUQR4tQR1oe8tEScPfRb7twEEAfZQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGFmYjVmZTItM2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0
ZjBlLzAvNDExRTJENDExRDY4N0JDQjQ0NDlDM0RGNDVCRUVEQzA0MTAwN0Q5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1FSNHRRUjFvZTh0RVNjUGZSYjd0d0VF
QWZaUS5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGFmYjVmZTIt
M2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0ZjBlLzAvMzI2MTMwNjYzYTMxNjM2MzM1
M2EzMzM1MzAzYTNhMmYzNDM0MmQzNDM4MjAzZDNlMjAzMzMxMzgzOTM4LnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcEKg8cxQNQMA0GCSqGSIb3DQEBCwUAA4IBAQBE8RrV4K4obNcd4aWzYo09
Z7G52kBbsjW92gI1UE2OBQOx+VHuTIrMh7vLXrJUmZzu4UCRbsjmc+/Pt5fnmEop
i20n7XAVjFdfD1ymgh9o5bh6vnwKa0BOKHZ7cONjLRzMrCaDbhuO+RlgMbWZwEiU
MKXOcLqB2+Oy/7u4q30tZlk3A/sQPcEzvGh+bE/1nuIrTL7zkiYl5c6CQMR1Vu8t
xCOARuS+Nvc+dG5KfJA5Vjo01rnuhsszmoBARTNWJfFyg1Ch3E3NttET343m7g0p
qedeFhoJObz4RktGsLSPNkx9XQDCiTNBuO87qz3IbI4HteHVzBgR40dhgp84hr5g
-----END CERTIFICATE-----
Generated at Sun Mar 1 16:23:26 2026 by rpki-client