Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/3139332e3130392e3139342e302f32342d3234203d3e203239383032.roa
File: 3139332e3130392e3139342e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier: n3iopVjNaFlDcTZtA+tapn6VKb/aDkF7EzDKO/rkBYI=
Subject key identifier: C8:C1:B4:57:24:F0:CC:C0:33:2D:31:D4:AA:5A:FF:36:EB:80:75:89
Certificate issuer: /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial: 4AB06B9477D79D46F90AB2B1B99639D9C150E9D8
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/3139332e3130392e3139342e302f32342d3234203d3e203239383032.roa
Signing time: Tue 03 Feb 2026 14:38:52 +0000
ROA not before: Tue 03 Feb 2026 14:33:52 +0000
ROA not after: Tue 02 Feb 2027 14:38:52 +0000
asID: 29802
IP address blocks: 193.109.194.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:b0:6b:94:77:d7:9d:46:f9:0a:b2:b1:b9:96:39:d9:c1:50:e9:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Validity
Not Before: Feb 3 14:33:52 2026 GMT
Not After : Feb 2 14:38:52 2027 GMT
Subject: CN=C8C1B45724F0CCC0332D31D4AA5AFF36EB807589
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:26:41:04:8b:94:96:2f:19:38:66:73:9b:c6:
8b:d0:47:2b:74:d1:ee:4a:8d:7c:4d:08:de:c4:87:
d1:77:61:cf:e3:b4:49:62:0c:07:79:e2:0d:b0:3e:
8c:d8:12:18:6b:da:d7:2f:19:27:e2:a6:40:22:fa:
0e:91:a6:ae:60:58:72:82:be:d5:7c:5f:d5:bb:c2:
45:6c:11:75:fa:ca:d7:6b:fe:f2:90:94:97:b2:21:
28:54:39:4f:86:ba:87:06:63:47:1e:86:ac:24:57:
88:e4:72:03:84:23:01:2b:cb:c2:3b:9a:a3:85:3d:
75:4c:5c:cc:8f:89:03:aa:e1:00:00:84:8e:74:7a:
1d:86:3d:bd:e5:ce:2a:87:c4:0a:02:0e:7f:5f:46:
7b:38:ef:71:40:fe:db:22:14:a1:73:32:1c:24:c8:
4e:e6:1f:30:ab:03:4d:37:bf:d9:1e:9b:3a:da:98:
f0:a0:3b:a3:5a:88:7a:b5:71:8d:72:92:b5:65:f5:
04:f1:ef:20:4c:cb:26:a1:21:be:81:7e:a2:97:49:
d5:5e:99:02:a2:22:b4:ec:d5:c9:f9:83:87:cf:f8:
f2:cc:a6:a2:88:53:50:be:99:92:a3:fe:82:bb:3c:
ce:86:6a:e4:ca:58:21:70:c9:63:c0:ad:d8:bb:4d:
d5:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:C1:B4:57:24:F0:CC:C0:33:2D:31:D4:AA:5A:FF:36:EB:80:75:89
X509v3 Authority Key Identifier:
keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/3139332e3130392e3139342e302f32342d3234203d3e203239383032.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.109.194.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:0e:aa:f7:57:81:c6:af:81:ff:3e:79:1f:63:96:50:4b:18:
d8:6a:ed:c4:0e:92:24:88:1d:c2:57:8f:b3:79:1b:04:2e:98:
36:04:55:e9:0d:c3:9f:4f:26:f4:4b:01:9a:ec:45:e3:11:ab:
ca:ed:f6:5c:14:44:4a:c5:de:17:70:3a:95:78:23:c6:c9:8f:
2d:83:4d:9d:aa:cf:7b:8d:c5:0d:fb:d9:0b:f4:db:59:81:91:
2a:fe:90:ca:0a:da:e6:f3:62:ee:2d:5f:17:9b:67:56:0f:33:
55:32:e1:53:51:99:df:03:08:7d:65:8e:f9:99:3e:ac:07:6d:
0e:ba:9c:28:b7:63:56:07:e1:f3:3d:63:92:e2:e0:9c:ee:7f:
aa:68:3c:87:58:ac:77:b6:e6:b0:32:52:81:00:c0:8a:a0:03:
40:cc:2b:4d:c8:88:d8:c3:db:ab:79:46:5e:16:6a:21:41:c4:
98:8a:0f:d5:85:27:2f:d1:47:8f:74:9a:58:4b:bf:a1:3c:4c:
5f:06:f3:b2:3d:98:c0:00:16:d1:d1:f7:fe:7c:55:5b:c3:6a:
ca:a4:66:b7:25:e1:d0:7b:94:54:8b:d4:78:1e:32:5a:50:2f:
fc:62:f0:b7:c5:a1:0c:a0:e3:2f:9d:46:6c:4d:f9:33:c0:e1:
d6:8d:d8:3c
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUSrBrlHfXnUb5CrKxuZY52cFQ6dgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjAyMDMxNDMzNTJaFw0yNzAyMDIxNDM4NTJaMDMxMTAvBgNV
BAMTKEM4QzFCNDU3MjRGMENDQzAzMzJEMzFENEFBNUFGRjM2RUI4MDc1ODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzJkEEi5SWLxk4ZnObxovQRyt0
0e5KjXxNCN7Eh9F3Yc/jtEliDAd54g2wPozYEhhr2tcvGSfipkAi+g6Rpq5gWHKC
vtV8X9W7wkVsEXX6ytdr/vKQlJeyIShUOU+GuocGY0cehqwkV4jkcgOEIwEry8I7
mqOFPXVMXMyPiQOq4QAAhI50eh2GPb3lziqHxAoCDn9fRns473FA/tsiFKFzMhwk
yE7mHzCrA003v9kemzramPCgO6NaiHq1cY1ykrVl9QTx7yBMyyahIb6BfqKXSdVe
mQKiIrTs1cn5g4fP+PLMpqKIU1C+mZKj/oK7PM6GauTKWCFwyWPArdi7TdXxAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUyMG0VyTwzMAzLTHUqlr/NuuAdYkwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzEzOTMzMmUzMTMwMzkyZTMx
MzkzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzkzODMwMzIucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADBbcIwDQYJKoZIhvcNAQELBQADggEBABsOqvdXgcavgf8+eR9jllBLGNhq7cQO
kiSIHcJXj7N5GwQumDYEVekNw59PJvRLAZrsReMRq8rt9lwURErF3hdwOpV4I8bJ
jy2DTZ2qz3uNxQ372Qv021mBkSr+kMoK2ubzYu4tXxebZ1YPM1Uy4VNRmd8DCH1l
jvmZPqwHbQ66nCi3Y1YH4fM9Y5Li4Jzuf6poPIdYrHe25rAyUoEAwIqgA0DMK03I
iNjD26t5Rl4WaiFBxJiKD9WFJy/RR490mlhLv6E8TF8G87I9mMAAFtHR9/58VVvD
asqkZrcl4dB7lFSL1HgeMlpQL/xi8LfFoQyg4y+dRmxN+TPA4daN2Dw=
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:27:49 2026 by rpki-client