Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a36303a3a2f34342d3438203d3e20323038373533.roa
File: 326130663a316363353a36303a3a2f34342d3438203d3e20323038373533.roa (raw, json)
Hash identifier: RDD6g8PAEL1HWOwQwjZyw/4ALXZK/Kzfr25y8YIHWYY=
Subject key identifier: 9F:D1:6F:7A:57:F2:D5:24:9E:80:C0:46:C6:49:03:C0:3D:9E:A1:C4
Certificate issuer: /CN=411e2d411d687bcb4449c3df45beedc041007d94
Certificate serial: 41C1D346C8EA6AED5E22737B5956A7B508F58F52
Authority key identifier: 41:1E:2D:41:1D:68:7B:CB:44:49:C3:DF:45:BE:ED:C0:41:00:7D:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QR4tQR1oe8tEScPfRb7twEEAfZQ.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a36303a3a2f34342d3438203d3e20323038373533.roa
Signing time: Tue 24 Feb 2026 12:14:07 +0000
ROA not before: Tue 24 Feb 2026 12:09:07 +0000
ROA not after: Tue 23 Feb 2027 12:14:07 +0000
asID: 208753
IP address blocks: 2a0f:1cc5:60::/44 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/411E2D411D687BCB4449C3DF45BEEDC041007D94.crl
rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/411E2D411D687BCB4449C3DF45BEEDC041007D94.mft
rsync://rpki.ripe.net/repository/DEFAULT/QR4tQR1oe8tEScPfRb7twEEAfZQ.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 09:38:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:c1:d3:46:c8:ea:6a:ed:5e:22:73:7b:59:56:a7:b5:08:f5:8f:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=411e2d411d687bcb4449c3df45beedc041007d94
Validity
Not Before: Feb 24 12:09:07 2026 GMT
Not After : Feb 23 12:14:07 2027 GMT
Subject: CN=9FD16F7A57F2D5249E80C046C64903C03D9EA1C4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:63:be:2f:8b:03:9e:87:ae:e7:b8:4d:50:dd:
68:1a:3b:4c:33:7b:3d:c7:37:c6:57:69:59:96:9f:
08:fb:41:a9:b8:2a:fb:cb:d7:23:52:06:6d:ba:8e:
40:4c:dd:78:e5:53:b0:5e:b6:54:b0:c1:d3:be:00:
e2:7b:28:6a:dc:b1:b0:d3:2e:ad:f3:e5:b7:0b:65:
b7:a6:08:fd:82:50:06:3a:e8:73:ad:f2:61:b6:cf:
96:fa:08:41:fa:1a:49:f4:01:d0:0a:39:3c:cf:84:
2f:a4:70:99:73:aa:57:6d:2f:6f:76:1e:28:ac:09:
b6:26:9a:b1:60:6c:4e:7e:86:68:a6:88:bc:a8:62:
18:c6:04:a5:c5:63:1d:79:d9:b1:0c:36:0e:df:6d:
32:4a:d0:4e:af:0a:6d:ba:67:98:1a:8c:86:39:af:
5b:77:ef:63:6f:8b:af:bc:cb:c3:13:5d:65:64:e6:
04:b9:fb:f6:74:a2:22:bb:70:95:89:68:a1:27:46:
09:32:55:53:0e:8b:03:8f:df:c1:34:7b:b0:ae:d9:
12:65:01:7f:11:ad:69:9e:bd:8c:32:45:e8:c5:a7:
17:5c:28:a2:29:7c:a2:02:e6:02:69:19:37:d5:59:
34:8f:42:8e:d9:39:5b:fa:ac:0b:37:de:13:a1:69:
a3:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:D1:6F:7A:57:F2:D5:24:9E:80:C0:46:C6:49:03:C0:3D:9E:A1:C4
X509v3 Authority Key Identifier:
keyid:41:1E:2D:41:1D:68:7B:CB:44:49:C3:DF:45:BE:ED:C0:41:00:7D:94
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/411E2D411D687BCB4449C3DF45BEEDC041007D94.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QR4tQR1oe8tEScPfRb7twEEAfZQ.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/326130663a316363353a36303a3a2f34342d3438203d3e20323038373533.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:1cc5:60::/44
Signature Algorithm: sha256WithRSAEncryption
35:1b:dc:a8:ae:de:cd:87:51:ba:32:9e:72:68:3d:f0:d7:de:
69:91:93:42:30:46:a2:38:23:60:38:64:06:81:b7:00:19:e0:
2f:7e:90:fb:78:47:66:4c:75:2a:c3:92:de:1e:8c:5d:5f:16:
26:84:5c:d0:7c:05:ec:a5:e1:1c:6d:62:44:c2:8e:5a:39:07:
a4:f6:b4:4f:07:30:fd:a8:32:42:99:7d:44:9c:3b:bd:39:9f:
96:0a:74:c7:96:f7:a5:94:78:fb:f9:d7:43:ef:c3:0e:47:88:
d3:2f:a1:00:d2:fe:61:1b:09:50:92:73:4e:6e:f2:53:d4:99:
27:97:a7:9b:1c:55:67:d6:46:99:c3:7b:8d:9a:b4:48:ac:2f:
e8:69:d9:d6:b4:96:d8:fa:4b:25:81:5f:37:2f:98:e4:74:40:
a3:fe:8c:8c:c5:1e:71:15:35:fa:8d:57:c4:e9:21:b5:e3:fd:
21:70:34:7d:a6:24:21:2b:b7:73:c1:57:e0:af:ea:94:25:d8:
40:c0:50:9a:2b:05:4f:ea:5f:a1:c2:0d:23:03:c7:fb:0e:b3:
89:fe:80:a6:41:9b:7a:21:03:f9:61:14:ec:1d:2d:81:b3:b1:
fa:07:db:ad:31:ba:77:10:2b:67:5e:20:41:41:bd:33:58:a0:
0d:2f:b2:b1
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUQcHTRsjqau1eInN7WVantQj1j1IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDExZTJkNDExZDY4N2JjYjQ0NDljM2RmNDViZWVkYzA0
MTAwN2Q5NDAeFw0yNjAyMjQxMjA5MDdaFw0yNzAyMjMxMjE0MDdaMDMxMTAvBgNV
BAMTKDlGRDE2RjdBNTdGMkQ1MjQ5RTgwQzA0NkM2NDkwM0MwM0Q5RUExQzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoY74viwOeh67nuE1Q3WgaO0wz
ez3HN8ZXaVmWnwj7Qam4KvvL1yNSBm26jkBM3XjlU7BetlSwwdO+AOJ7KGrcsbDT
Lq3z5bcLZbemCP2CUAY66HOt8mG2z5b6CEH6Gkn0AdAKOTzPhC+kcJlzqldtL292
HiisCbYmmrFgbE5+hmimiLyoYhjGBKXFYx152bEMNg7fbTJK0E6vCm26Z5gajIY5
r1t372Nvi6+8y8MTXWVk5gS5+/Z0oiK7cJWJaKEnRgkyVVMOiwOP38E0e7Cu2RJl
AX8RrWmevYwyRejFpxdcKKIpfKIC5gJpGTfVWTSPQo7ZOVv6rAs33hOhaaORAgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQUn9Fvelfy1SSegMBGxkkDwD2eocQwHwYDVR0j
BBgwFoAUQR4tQR1oe8tEScPfRb7twEEAfZQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGFmYjVmZTItM2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0
ZjBlLzAvNDExRTJENDExRDY4N0JDQjQ0NDlDM0RGNDVCRUVEQzA0MTAwN0Q5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1FSNHRRUjFvZTh0RVNjUGZSYjd0d0VF
QWZaUS5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGFmYjVmZTIt
M2MyYS00OTM5LTk1ZTktMDA3N2I4MGI0ZjBlLzAvMzI2MTMwNjYzYTMxNjM2MzM1
M2EzNjMwM2EzYTJmMzQzNDJkMzQzODIwM2QzZTIwMzIzMDM4MzczNTMzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcEKg8cxQBgMA0GCSqGSIb3DQEBCwUAA4IBAQA1G9yort7Nh1G6Mp5yaD3w
195pkZNCMEaiOCNgOGQGgbcAGeAvfpD7eEdmTHUqw5LeHoxdXxYmhFzQfAXspeEc
bWJEwo5aOQek9rRPBzD9qDJCmX1EnDu9OZ+WCnTHlvellHj7+ddD78MOR4jTL6EA
0v5hGwlQknNObvJT1Jknl6ebHFVn1kaZw3uNmrRIrC/oadnWtJbY+kslgV83L5jk
dECj/oyMxR5xFTX6jVfE6SG14/0hcDR9piQhK7dzwVfgr+qUJdhAwFCaKwVP6l+h
wg0jA8f7DrOJ/oCmQZt6IQP5YRTsHS2Bs7H6B9utMbp3ECtnXiBBQb0zWKANL7Kx
-----END CERTIFICATE-----
Generated at Sun Mar 1 20:05:38 2026 by rpki-client