Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3231322e32332e3231392e302f32342d3234203d3e20333939343638.roa
File: 3231322e32332e3231392e302f32342d3234203d3e20333939343638.roa (raw, json)
Hash identifier: it4Vn9O7nN7R7qCYO8Na+QS+UpzeO0rOYCI81bM3D8U=
Subject key identifier: 5A:DA:5F:35:A2:87:2E:46:88:CE:2D:9B:B5:C4:E0:0E:5C:2B:26:1F
Certificate issuer: /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial: 46099EBFE8CF900CEAB2C511F140BF68B0F5DB9A
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3231322e32332e3231392e302f32342d3234203d3e20333939343638.roa
Signing time: Wed 01 Apr 2026 07:29:24 +0000
ROA not before: Wed 01 Apr 2026 07:24:24 +0000
ROA not after: Wed 31 Mar 2027 07:29:24 +0000
asID: 399468
IP address blocks: 212.23.219.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
46:09:9e:bf:e8:cf:90:0c:ea:b2:c5:11:f1:40:bf:68:b0:f5:db:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Validity
Not Before: Apr 1 07:24:24 2026 GMT
Not After : Mar 31 07:29:24 2027 GMT
Subject: CN=5ADA5F35A2872E4688CE2D9BB5C4E00E5C2B261F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:02:1d:e0:8c:e0:9e:02:32:d9:62:da:dd:2c:
c0:2d:39:16:0a:e2:4f:11:48:91:36:23:7a:71:14:
23:1f:d7:22:53:44:05:5b:08:62:28:70:93:b4:af:
68:f7:46:b5:09:66:74:87:55:60:e7:d7:3c:f0:a0:
94:18:28:53:d0:50:ef:00:2d:65:dd:c1:ec:f5:db:
fc:c7:90:46:98:ac:4e:6b:5c:bf:53:72:ef:08:c0:
63:2f:b8:9c:d7:f7:b8:64:60:f8:ac:3b:ce:43:cd:
13:55:a4:53:e0:d2:ae:42:dc:bf:58:f2:d9:03:9a:
76:cf:70:18:e2:90:41:69:8d:60:05:1f:88:0e:de:
21:7f:1e:9c:04:5a:ae:53:df:23:a7:59:73:58:38:
df:7e:7d:06:d4:8a:c7:2c:8b:c5:df:15:0d:31:58:
14:31:5f:5a:7a:12:b3:50:1f:d5:2d:76:17:a1:a1:
e8:81:46:b4:ee:37:23:76:36:44:d9:e9:d6:5d:62:
b7:62:f1:87:00:81:0c:68:75:84:45:59:53:03:57:
b9:cd:da:3d:78:98:a6:63:d2:9f:e6:cd:93:c5:2b:
cc:46:b1:65:4a:8d:38:9e:06:7b:be:d3:82:8c:4d:
83:2f:5d:10:25:52:bc:84:17:6e:b8:05:13:b3:2f:
8c:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:DA:5F:35:A2:87:2E:46:88:CE:2D:9B:B5:C4:E0:0E:5C:2B:26:1F
X509v3 Authority Key Identifier:
keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3231322e32332e3231392e302f32342d3234203d3e20333939343638.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.23.219.0/24
Signature Algorithm: sha256WithRSAEncryption
47:12:fc:3b:ce:60:a0:ac:c9:43:ef:53:a6:45:41:36:b2:e3:
bb:fd:7f:b3:08:26:b7:2a:a9:f4:99:ca:82:0c:b7:3b:e2:99:
89:22:06:d0:64:dc:35:1d:b8:2b:de:28:e6:49:d9:55:b4:10:
f5:38:fd:fb:ef:24:11:5e:96:9a:0f:a0:62:b9:e8:6b:96:38:
c4:cc:08:b7:a3:1a:9f:d9:15:23:e6:59:4f:0b:79:00:6c:2a:
f9:41:62:f5:5b:ae:d2:bf:96:25:13:72:0c:fe:07:05:a7:03:
96:04:8a:26:91:99:3b:e8:05:47:8e:c8:e8:b5:9a:d9:f8:37:
e7:ab:8b:87:bd:80:7e:5a:65:6f:7a:38:93:c9:63:8b:a1:73:
1e:5a:d3:dc:5c:55:d5:ae:97:2d:ea:e8:6a:8c:1a:c4:cc:e3:
c6:2a:38:25:68:be:39:e8:d4:75:5f:4c:ad:20:cc:a0:c8:e9:
f9:8d:ea:fa:08:51:fd:c3:6f:c5:15:01:76:9b:a3:60:7b:53:
f4:28:81:9b:4c:71:5c:39:63:14:f3:e7:f5:bc:2f:b4:61:d0:
06:9c:dc:1c:84:3c:eb:78:e4:8e:4f:cf:f9:03:bd:e2:35:94:
4d:47:f5:cb:03:5d:69:05:42:1b:d0:8f:16:ba:ad:1e:a1:f8:
ef:1d:f8:7f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIURgmev+jPkAzqssUR8UC/aLD125owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjA0MDEwNzI0MjRaFw0yNzAzMzEwNzI5MjRaMDMxMTAvBgNV
BAMTKDVBREE1RjM1QTI4NzJFNDY4OENFMkQ5QkI1QzRFMDBFNUMyQjI2MUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Ah3gjOCeAjLZYtrdLMAtORYK
4k8RSJE2I3pxFCMf1yJTRAVbCGIocJO0r2j3RrUJZnSHVWDn1zzwoJQYKFPQUO8A
LWXdwez12/zHkEaYrE5rXL9Tcu8IwGMvuJzX97hkYPisO85DzRNVpFPg0q5C3L9Y
8tkDmnbPcBjikEFpjWAFH4gO3iF/HpwEWq5T3yOnWXNYON9+fQbUiscsi8XfFQ0x
WBQxX1p6ErNQH9UtdhehoeiBRrTuNyN2NkTZ6dZdYrdi8YcAgQxodYRFWVMDV7nN
2j14mKZj0p/mzZPFK8xGsWVKjTieBnu+04KMTYMvXRAlUryEF264BROzL4z5AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUWtpfNaKHLkaIzi2btcTgDlwrJh8wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIzMTMyMmUzMjMzMmUzMjMx
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzkzNDM2Mzgucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADUF9swDQYJKoZIhvcNAQELBQADggEBAEcS/DvOYKCsyUPvU6ZFQTay47v9f7MI
JrcqqfSZyoIMtzvimYkiBtBk3DUduCveKOZJ2VW0EPU4/fvvJBFelpoPoGK56GuW
OMTMCLejGp/ZFSPmWU8LeQBsKvlBYvVbrtK/liUTcgz+BwWnA5YEiiaRmTvoBUeO
yOi1mtn4N+eri4e9gH5aZW96OJPJY4uhcx5a09xcVdWuly3q6GqMGsTM48YqOCVo
vjno1HVfTK0gzKDI6fmN6voIUf3Db8UVAXabo2B7U/QogZtMcVw5YxTz5/W8L7Rh
0Aac3ByEPOt45I5Pz/kDveI1lE1H9csDXWkFQhvQjxa6rR6h+O8d+H8=
-----END CERTIFICATE-----
Generated at Fri Apr 17 12:26:12 2026 by rpki-client