Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3231342e302f32342d3234203d3e203239383032.roa
File: 38352e3233372e3231342e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier: Lo9sioC6DhKLuLLmCChPxq279TiwjmXBJGh28fdzAfM=
Subject key identifier: A6:0C:7F:19:B3:52:E9:C0:50:74:5C:0B:4D:81:71:45:FC:54:83:C1
Certificate issuer: /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial: 6D0028C487FBF88F3E8A6E25D1605AC935C4A5D7
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3231342e302f32342d3234203d3e203239383032.roa
Signing time: Tue 03 Feb 2026 14:38:50 +0000
ROA not before: Tue 03 Feb 2026 14:33:50 +0000
ROA not after: Tue 02 Feb 2027 14:38:50 +0000
asID: 29802
IP address blocks: 85.237.214.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 09:38:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:00:28:c4:87:fb:f8:8f:3e:8a:6e:25:d1:60:5a:c9:35:c4:a5:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Validity
Not Before: Feb 3 14:33:50 2026 GMT
Not After : Feb 2 14:38:50 2027 GMT
Subject: CN=A60C7F19B352E9C050745C0B4D817145FC5483C1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:26:6f:e2:55:2f:7a:36:7b:76:bf:04:92:a1:
00:a1:11:2b:9c:b9:aa:7e:dc:09:36:09:64:b2:2c:
69:48:05:72:29:a5:a3:a5:d1:bf:c3:ce:3f:5d:19:
2d:9e:e1:3c:dd:57:43:d9:21:c3:69:3f:3d:2f:0d:
05:55:f4:ad:c6:84:11:35:7d:c2:45:3a:d2:78:03:
f4:b2:fe:c8:a6:30:6a:ed:af:89:a9:e1:e9:02:c0:
5b:7c:d4:ec:0d:96:09:08:5d:56:93:32:04:60:ea:
20:79:cb:2b:84:e2:1f:bc:82:29:35:1d:7d:a7:50:
1f:e9:24:6f:b8:e2:48:34:d2:a8:37:f5:f0:8b:08:
4a:86:e3:06:3b:ed:c7:cd:17:ad:61:86:43:df:cf:
ef:38:63:13:39:4a:98:46:61:ec:00:22:66:df:29:
83:de:18:c5:69:fb:aa:88:14:bd:dc:a6:80:94:4c:
9e:4a:ab:85:92:c5:b4:ce:c7:fb:71:d1:0b:79:bb:
87:3a:50:a1:aa:cb:e3:a6:9d:c6:53:b6:0e:f8:f5:
8f:83:13:6a:8c:c8:1e:f5:59:1a:21:13:8d:13:21:
b1:37:26:4a:b3:62:b2:be:0c:b2:cd:a9:9f:a5:a3:
a1:f1:c6:cf:02:81:ad:51:0a:61:db:db:28:81:4c:
f9:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:0C:7F:19:B3:52:E9:C0:50:74:5C:0B:4D:81:71:45:FC:54:83:C1
X509v3 Authority Key Identifier:
keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3233372e3231342e302f32342d3234203d3e203239383032.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.237.214.0/24
Signature Algorithm: sha256WithRSAEncryption
72:ac:0e:20:67:31:62:49:03:e4:9d:8a:42:7b:fc:a7:d9:9f:
0a:c7:04:af:b3:95:90:61:cd:32:7b:c2:e0:c4:40:ea:98:0e:
78:ea:47:43:4e:ab:0f:1f:56:aa:73:ec:ea:2f:e2:7a:12:6a:
09:02:97:4b:ac:ad:63:ce:93:45:49:79:e9:df:af:a8:8a:5e:
ee:5c:55:63:c6:08:f5:cc:55:39:7d:57:c6:0d:17:b6:63:c9:
a5:bc:db:1b:a4:dd:11:b0:9f:15:d2:66:72:01:51:dd:48:76:
b4:ed:10:85:15:71:fa:de:6c:dc:96:43:c0:87:1c:58:79:f0:
b1:17:5f:71:f8:61:f4:e3:81:5a:85:8f:c9:55:c0:71:1a:cf:
de:ab:bd:a8:5e:56:fe:c4:34:af:1c:ce:f6:a3:66:5c:06:02:
88:cc:78:a9:a0:a6:21:98:76:80:d7:f9:d5:ad:14:0a:af:03:
5d:8f:aa:d7:be:b4:4d:b9:9f:d2:8d:b8:b1:ac:50:86:16:3d:
6b:f8:ad:bd:45:4e:04:24:ea:d2:e7:c7:e0:ba:ce:32:d5:53:
10:02:a8:49:a9:ee:02:c1:26:38:1e:c7:13:97:b8:7b:9a:e0:
dd:ab:00:2b:ef:3b:48:5b:de:f4:50:9c:29:25:b6:ce:ca:41:
a0:15:88:a0
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUbQAoxIf7+I8+im4l0WBayTXEpdcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjAyMDMxNDMzNTBaFw0yNzAyMDIxNDM4NTBaMDMxMTAvBgNV
BAMTKEE2MEM3RjE5QjM1MkU5QzA1MDc0NUMwQjREODE3MTQ1RkM1NDgzQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUJm/iVS96Nnt2vwSSoQChESuc
uap+3Ak2CWSyLGlIBXIppaOl0b/Dzj9dGS2e4TzdV0PZIcNpPz0vDQVV9K3GhBE1
fcJFOtJ4A/Sy/simMGrtr4mp4ekCwFt81OwNlgkIXVaTMgRg6iB5yyuE4h+8gik1
HX2nUB/pJG+44kg00qg39fCLCEqG4wY77cfNF61hhkPfz+84YxM5SphGYewAImbf
KYPeGMVp+6qIFL3cpoCUTJ5Kq4WSxbTOx/tx0Qt5u4c6UKGqy+OmncZTtg749Y+D
E2qMyB71WRohE40TIbE3JkqzYrK+DLLNqZ+lo6Hxxs8Cga1RCmHb2yiBTPlNAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUpgx/GbNS6cBQdFwLTYFxRfxUg8EwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzgzNTJlMzIzMzM3MmUzMjMx
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzgzMDMyLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
Ve3WMA0GCSqGSIb3DQEBCwUAA4IBAQByrA4gZzFiSQPknYpCe/yn2Z8KxwSvs5WQ
Yc0ye8LgxEDqmA546kdDTqsPH1aqc+zqL+J6EmoJApdLrK1jzpNFSXnp36+oil7u
XFVjxgj1zFU5fVfGDRe2Y8mlvNsbpN0RsJ8V0mZyAVHdSHa07RCFFXH63mzclkPA
hxxYefCxF19x+GH044FahY/JVcBxGs/eq72oXlb+xDSvHM72o2ZcBgKIzHipoKYh
mHaA1/nVrRQKrwNdj6rXvrRNuZ/SjbixrFCGFj1r+K29RU4EJOrS58fgus4y1VMQ
AqhJqe4CwSY4HscTl7h7muDdqwAr7ztIW970UJwpJbbOykGgFYig
-----END CERTIFICATE-----
Generated at Sun Mar 1 20:19:42 2026 by rpki-client