Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36372e302f32342d3234203d3e203231383430.roa
File: 3231332e3133392e36372e302f32342d3234203d3e203231383430.roa (raw, json)
Hash identifier: pFdE5gy29hjYZhB9VvrsN9wvvGJKHZXcNTzoJSuW9uE=
Subject key identifier: 14:A8:B2:66:1C:8E:6E:25:EB:7A:B3:76:48:34:58:0A:0F:D4:B4:4D
Certificate issuer: /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial: 3CE2F2E2B1D3E1A5CC81477DA6E413C79C26898C
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36372e302f32342d3234203d3e203231383430.roa
Signing time: Tue 03 Feb 2026 04:31:10 +0000
ROA not before: Tue 03 Feb 2026 04:26:10 +0000
ROA not after: Tue 02 Feb 2027 04:31:10 +0000
asID: 21840
IP address blocks: 213.139.67.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:e2:f2:e2:b1:d3:e1:a5:cc:81:47:7d:a6:e4:13:c7:9c:26:89:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Validity
Not Before: Feb 3 04:26:10 2026 GMT
Not After : Feb 2 04:31:10 2027 GMT
Subject: CN=14A8B2661C8E6E25EB7AB3764834580A0FD4B44D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:17:ca:0d:ef:b1:43:70:06:b3:dc:09:ff:53:
00:e4:2c:97:fb:3d:0c:37:09:0a:36:b1:75:1e:78:
73:26:85:fc:3c:dd:8c:dd:6e:84:08:1e:0c:03:5f:
87:66:21:a5:9b:4f:0f:ea:1a:1a:1c:c5:42:42:91:
b8:f8:d5:56:7b:45:ad:48:75:6c:a4:5f:87:62:b0:
ff:91:32:5d:3c:51:14:fb:53:dc:5d:ce:39:e6:9d:
74:62:93:16:de:46:28:a5:c7:46:48:a6:ca:32:3e:
9e:a9:1c:32:3a:c9:1f:ed:4c:41:99:c2:13:4d:44:
8a:ad:9d:50:10:89:88:f2:c9:66:f3:4e:1f:43:5f:
0b:d8:7c:4e:91:07:89:0c:1e:4c:7b:6c:97:2e:bd:
ee:1b:50:32:2d:4c:e8:8e:08:ba:e4:c9:94:38:e8:
a2:33:06:69:23:61:1b:09:35:01:3e:6e:6a:62:78:
66:88:2a:7e:a3:eb:29:2f:09:d1:05:3d:e7:2a:9b:
6b:30:67:26:20:f0:b0:e7:65:57:15:d5:e6:1a:e6:
a0:ed:b0:75:e4:5d:4c:f0:ce:d2:83:e2:fa:88:cc:
d9:09:f2:76:97:c3:55:54:95:fd:da:b0:ca:eb:bd:
d9:fa:ac:b7:45:f5:70:fc:a2:b2:39:14:4b:25:b9:
de:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:A8:B2:66:1C:8E:6E:25:EB:7A:B3:76:48:34:58:0A:0F:D4:B4:4D
X509v3 Authority Key Identifier:
keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36372e302f32342d3234203d3e203231383430.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.139.67.0/24
Signature Algorithm: sha256WithRSAEncryption
4d:54:34:e0:35:81:08:7f:c5:8f:8f:00:82:73:2f:5a:ff:7e:
6d:39:5c:5f:77:fb:32:a1:e6:1e:cf:eb:4a:fe:61:9e:2c:7c:
40:e9:e0:e2:02:ef:ab:a4:88:aa:7e:df:a8:da:dc:6f:a5:f3:
98:a0:3b:8e:f7:fd:89:5c:0a:ba:f4:df:97:6e:0b:77:32:4b:
23:b0:3e:e8:69:0a:8a:44:00:03:7d:a6:b6:f1:2f:f0:c2:ef:
bf:8d:e9:c5:49:2c:92:58:0a:d4:7c:bf:13:82:c4:ec:a6:cc:
c7:08:6d:16:c7:eb:dd:4e:81:fc:a0:af:7d:b7:d5:10:11:9e:
b9:9f:d1:e0:60:32:20:6e:2e:e9:bf:ba:14:23:1f:a2:e3:c8:
76:b7:f0:a1:6e:4e:6f:f4:23:02:31:b8:3e:72:9e:af:04:9a:
be:72:d9:f8:83:36:ae:5f:18:72:23:d0:98:fe:0f:b2:cb:26:
89:4e:e8:bd:d7:74:d8:4b:7e:7d:73:fe:63:d9:ec:dd:94:37:
16:03:72:e7:b9:75:1f:b9:db:9f:10:b2:c8:35:92:47:b6:91:
cf:ca:7c:75:2d:30:da:2f:06:08:f4:8c:4a:a5:d0:b7:fd:fc:
89:5f:66:eb:74:ed:19:de:b7:66:b1:d9:d1:5e:8f:6b:13:b2:
b1:1f:2b:0e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUPOLy4rHT4aXMgUd9puQTx5wmiYwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjAyMDMwNDI2MTBaFw0yNzAyMDIwNDMxMTBaMDMxMTAvBgNV
BAMTKDE0QThCMjY2MUM4RTZFMjVFQjdBQjM3NjQ4MzQ1ODBBMEZENEI0NEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAF8oN77FDcAaz3An/UwDkLJf7
PQw3CQo2sXUeeHMmhfw83YzdboQIHgwDX4dmIaWbTw/qGhocxUJCkbj41VZ7Ra1I
dWykX4disP+RMl08URT7U9xdzjnmnXRikxbeRiilx0ZIpsoyPp6pHDI6yR/tTEGZ
whNNRIqtnVAQiYjyyWbzTh9DXwvYfE6RB4kMHkx7bJcuve4bUDItTOiOCLrkyZQ4
6KIzBmkjYRsJNQE+bmpieGaIKn6j6ykvCdEFPecqm2swZyYg8LDnZVcV1eYa5qDt
sHXkXUzwztKD4vqIzNkJ8naXw1VUlf3asMrrvdn6rLdF9XD8orI5FEslud7tAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUFKiyZhyObiXrerN2SDRYCg/UtE0wHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM2
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzgzNDMwLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
1YtDMA0GCSqGSIb3DQEBCwUAA4IBAQBNVDTgNYEIf8WPjwCCcy9a/35tOVxfd/sy
oeYez+tK/mGeLHxA6eDiAu+rpIiqft+o2txvpfOYoDuO9/2JXAq69N+Xbgt3Mksj
sD7oaQqKRAADfaa28S/wwu+/jenFSSySWArUfL8TgsTspszHCG0Wx+vdToH8oK99
t9UQEZ65n9HgYDIgbi7pv7oUIx+i48h2t/Chbk5v9CMCMbg+cp6vBJq+ctn4gzau
XxhyI9CY/g+yyyaJTui913TYS359c/5j2ezdlDcWA3LnuXUfudufELLINZJHtpHP
ynx1LTDaLwYI9IxKpdC3/fyJX2brdO0Z3rdmsdnRXo9rE7KxHysO
-----END CERTIFICATE-----
Generated at Mon Mar 2 00:02:08 2026 by rpki-client