Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230342e302f32342d3234203d3e203239383032.roa
File: 38352e3233372e3230342e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier: HLwaFocC+cTRAEzHlUojujIAm+pz1PXRXv50+vXgATY=
Subject key identifier: BA:7B:17:5D:A5:3E:E6:76:0E:79:E9:84:56:C6:89:FD:78:CA:13:D3
Certificate issuer: /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial: 384415A7E2A41390DC3CCC7B1E3015C2BCCDBA30
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230342e302f32342d3234203d3e203239383032.roa
Signing time: Tue 03 Feb 2026 14:38:51 +0000
ROA not before: Tue 03 Feb 2026 14:33:51 +0000
ROA not after: Tue 02 Feb 2027 14:38:51 +0000
asID: 29802
IP address blocks: 85.237.204.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 12:03:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:44:15:a7:e2:a4:13:90:dc:3c:cc:7b:1e:30:15:c2:bc:cd:ba:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Validity
Not Before: Feb 3 14:33:51 2026 GMT
Not After : Feb 2 14:38:51 2027 GMT
Subject: CN=BA7B175DA53EE6760E79E98456C689FD78CA13D3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:b8:68:a1:a3:26:41:ba:fd:81:bd:a6:84:e5:
91:6a:8f:87:b3:b9:cb:55:d6:cd:ee:b3:d6:a6:db:
75:d3:07:3a:89:e6:d7:ae:ef:7a:5e:99:1c:de:c7:
d3:64:a3:e4:b4:1a:ed:b1:53:5b:cd:fe:2d:f2:37:
8e:6e:22:3a:a3:22:37:71:87:1b:e6:cc:e5:a5:0f:
63:05:6a:16:b9:82:76:e4:de:46:b4:f5:8d:02:4f:
64:2f:bc:11:71:81:db:0d:54:0d:10:e3:e5:7f:d0:
4b:0b:de:e7:88:ab:a5:25:6e:50:a2:09:ac:a9:e7:
f6:d3:ee:17:25:7b:f4:e9:17:38:a9:62:03:ea:43:
7d:58:17:ad:e6:e1:a1:2a:05:51:d2:d0:0f:9f:3a:
7c:a2:09:18:cf:65:d2:d0:b4:35:3b:9d:36:d6:60:
2d:5f:99:16:04:8e:7c:5d:42:9b:94:ea:92:93:2f:
41:ce:2f:16:1d:57:6e:82:bc:31:78:0b:94:14:59:
00:82:8c:b9:8d:0d:f1:60:9b:9f:c6:72:31:6a:83:
8b:0c:3b:8a:61:1f:e0:06:82:b0:39:d3:94:f9:0d:
d6:b9:08:e1:44:43:9f:7d:87:03:1c:85:99:0b:15:
4d:99:f9:ba:a2:ed:d4:04:b0:5f:c8:67:33:5b:4a:
51:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:7B:17:5D:A5:3E:E6:76:0E:79:E9:84:56:C6:89:FD:78:CA:13:D3
X509v3 Authority Key Identifier:
keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3230342e302f32342d3234203d3e203239383032.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.237.204.0/24
Signature Algorithm: sha256WithRSAEncryption
10:b7:69:86:e2:48:22:a3:b9:c7:76:86:e5:c8:71:ac:b5:91:
a8:83:4d:2d:9c:a7:27:8c:13:76:ba:ed:bb:83:56:81:48:f7:
5e:61:66:67:b3:ee:b7:f0:34:0b:1f:04:3c:c5:5c:97:cb:34:
6c:38:c4:c5:94:09:41:88:a0:bb:43:31:4a:73:fa:9e:b2:eb:
cc:ed:a8:e6:4d:f5:44:f8:96:94:23:31:4b:fe:31:58:2e:47:
d3:6e:38:37:d3:86:25:64:0a:0d:17:80:4e:53:97:ba:8d:7a:
d9:7c:45:d4:7c:26:61:c7:ed:85:47:1c:6d:0d:f1:c7:ef:2c:
45:ba:3a:23:22:3a:fc:25:5c:ff:46:f3:3e:2d:d1:7e:e6:f1:
34:e2:cc:c1:9f:ea:ed:ec:b2:3b:77:de:60:e1:94:a5:5b:f2:
7f:0c:5e:ec:a9:3c:cc:80:e6:96:e2:02:37:a3:71:42:d4:05:
cd:5a:53:93:a4:6a:18:62:8c:df:f2:ae:e2:19:44:c3:b0:e6:
fe:5d:a6:00:b7:6b:8d:11:61:1c:32:95:f3:87:a7:62:a1:8f:
ab:35:45:74:07:54:14:07:4a:58:ee:c3:c2:24:3a:01:2a:a6:
53:fd:7e:7a:69:7b:bb:22:f0:58:8b:d5:78:d3:d1:c0:4f:84:
82:ae:79:ad
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUOEQVp+KkE5DcPMx7HjAVwrzNujAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjAyMDMxNDMzNTFaFw0yNzAyMDIxNDM4NTFaMDMxMTAvBgNV
BAMTKEJBN0IxNzVEQTUzRUU2NzYwRTc5RTk4NDU2QzY4OUZENzhDQTEzRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbuGihoyZBuv2BvaaE5ZFqj4ez
uctV1s3us9am23XTBzqJ5teu73pemRzex9Nko+S0Gu2xU1vN/i3yN45uIjqjIjdx
hxvmzOWlD2MFaha5gnbk3ka09Y0CT2QvvBFxgdsNVA0Q4+V/0EsL3ueIq6UlblCi
Cayp5/bT7hcle/TpFzipYgPqQ31YF63m4aEqBVHS0A+fOnyiCRjPZdLQtDU7nTbW
YC1fmRYEjnxdQpuU6pKTL0HOLxYdV26CvDF4C5QUWQCCjLmNDfFgm5/GcjFqg4sM
O4phH+AGgrA505T5Dda5COFEQ599hwMchZkLFU2Z+bqi7dQEsF/IZzNbSlELAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUunsXXaU+5nYOeemEVsaJ/XjKE9MwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzgzMDMyLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
Ve3MMA0GCSqGSIb3DQEBCwUAA4IBAQAQt2mG4kgio7nHdoblyHGstZGog00tnKcn
jBN2uu27g1aBSPdeYWZns+638DQLHwQ8xVyXyzRsOMTFlAlBiKC7QzFKc/qesuvM
7ajmTfVE+JaUIzFL/jFYLkfTbjg304YlZAoNF4BOU5e6jXrZfEXUfCZhx+2FRxxt
DfHH7yxFujojIjr8JVz/RvM+LdF+5vE04szBn+rt7LI7d95g4ZSlW/J/DF7sqTzM
gOaW4gI3o3FC1AXNWlOTpGoYYozf8q7iGUTDsOb+XaYAt2uNEWEcMpXzh6dioY+r
NUV0B1QUB0pY7sPCJDoBKqZT/X56aXu7IvBYi9V409HAT4SCrnmt
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:53:21 2026 by rpki-client