Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/3/3138352e3230302e3230392e302f32342d3234203d3e203136353039.roa
File: 3138352e3230302e3230392e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier: CuXfjWH6sNSmDX0CVenmxSFqV6xo/B4MPUYw4r8/ALk=
Subject key identifier: 9B:E4:ED:3D:BB:0F:55:26:12:7A:5D:85:AD:7B:79:05:DA:A3:87:C0
Certificate issuer: /CN=fddee908a9ad2dfbe32ff35b402a5ab2198dc907
Certificate serial: 6A2CE005F255C1697C8D37DDF80CB97C19AAD394
Authority key identifier: FD:DE:E9:08:A9:AD:2D:FB:E3:2F:F3:5B:40:2A:5A:B2:19:8D:C9:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_d7pCKmtLfvjL_NbQCpashmNyQc.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/3/3138352e3230302e3230392e302f32342d3234203d3e203136353039.roa
Signing time: Wed 08 Apr 2026 11:44:03 +0000
ROA not before: Wed 08 Apr 2026 11:39:03 +0000
ROA not after: Wed 07 Apr 2027 11:44:03 +0000
asID: 16509
IP address blocks: 185.200.209.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/3/FDDEE908A9AD2DFBE32FF35B402A5AB2198DC907.crl
rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/3/FDDEE908A9AD2DFBE32FF35B402A5AB2198DC907.mft
rsync://rpki.ripe.net/repository/DEFAULT/_d7pCKmtLfvjL_NbQCpashmNyQc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6a:2c:e0:05:f2:55:c1:69:7c:8d:37:dd:f8:0c:b9:7c:19:aa:d3:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fddee908a9ad2dfbe32ff35b402a5ab2198dc907
Validity
Not Before: Apr 8 11:39:03 2026 GMT
Not After : Apr 7 11:44:03 2027 GMT
Subject: CN=9BE4ED3DBB0F5526127A5D85AD7B7905DAA387C0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:c0:5c:d5:24:f5:22:7b:8a:23:99:7f:4a:8e:
90:b2:7b:4a:df:0a:c9:5f:bf:6b:fb:a4:4a:91:f8:
a0:d9:32:be:52:13:90:b1:15:69:90:62:85:c8:16:
5d:41:29:ed:89:b6:50:f8:34:03:cd:2a:f1:e3:a5:
97:dc:99:26:26:6d:76:51:e8:73:35:b8:3f:09:9c:
15:f8:5b:50:e1:e2:13:0f:57:0a:0b:f1:87:08:b8:
81:7c:e3:ce:92:61:61:40:30:27:58:d3:e3:af:5c:
ab:6c:01:de:b8:e2:19:64:16:74:6d:4e:24:1a:79:
03:3c:dc:09:10:dc:42:fb:ef:52:7f:fd:1c:42:7c:
08:79:3c:1e:af:9a:8c:2e:89:6e:68:1e:57:8a:90:
68:4b:a8:cb:43:fb:43:88:cf:df:c9:16:b5:8e:4f:
bd:83:90:9e:7e:ea:b1:73:29:1f:fa:ab:7b:d4:55:
11:71:45:7e:e9:2c:fc:8d:f0:a6:89:99:bc:24:9f:
86:3d:3b:c9:72:20:39:fa:8d:a3:93:00:d3:0f:04:
63:c7:bc:9d:9e:a1:f0:47:a0:9c:c6:0f:d2:ba:bf:
eb:46:43:3b:f2:10:85:3b:7c:b0:68:75:65:e9:b1:
1e:34:e6:e3:48:02:5a:80:f1:4b:4a:62:8d:6f:be:
31:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:E4:ED:3D:BB:0F:55:26:12:7A:5D:85:AD:7B:79:05:DA:A3:87:C0
X509v3 Authority Key Identifier:
keyid:FD:DE:E9:08:A9:AD:2D:FB:E3:2F:F3:5B:40:2A:5A:B2:19:8D:C9:07
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/3/FDDEE908A9AD2DFBE32FF35B402A5AB2198DC907.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_d7pCKmtLfvjL_NbQCpashmNyQc.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/3/3138352e3230302e3230392e302f32342d3234203d3e203136353039.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.200.209.0/24
Signature Algorithm: sha256WithRSAEncryption
65:d2:ca:bd:65:b3:93:c0:f5:8a:1e:69:c5:a0:d8:74:d3:b9:
6c:96:7f:77:fb:7a:69:8f:4c:c6:d8:2b:b1:c4:02:49:b5:af:
5e:8b:db:d1:59:05:61:66:3e:7c:cb:30:c6:7d:a6:02:e5:53:
4a:6d:50:f6:46:8d:52:4d:42:8c:6f:b0:20:ab:f2:e3:37:5d:
9f:c5:9e:b8:dd:a5:e5:98:11:38:68:dc:86:e9:90:24:3f:eb:
e0:e8:02:f5:7c:19:b4:cb:f5:90:f0:d9:0f:e1:d3:1b:d8:de:
3a:54:96:a5:4b:c1:14:4d:8c:72:ee:fc:d7:90:03:56:b4:7a:
81:19:2f:9d:f0:9f:6d:b6:50:bd:21:e0:2f:e8:8c:ff:1e:a3:
28:32:ec:5d:df:ee:75:5b:62:a6:12:ab:1a:1f:9a:7b:fc:0c:
d9:dc:ce:cd:81:4e:14:50:9d:46:24:21:3c:e4:e0:ba:44:d8:
f4:a6:db:72:17:70:f8:07:54:18:6a:7e:41:68:52:05:96:b9:
ee:40:0b:7f:8b:60:71:e7:fd:b1:45:4a:31:8e:5d:98:9a:b5:
d1:4f:90:bc:ff:94:b6:ec:c1:ff:bc:a0:a9:52:63:9c:fc:cc:
6d:3a:80:27:71:b8:6a:ef:44:09:f7:34:43:e4:53:89:f9:7e:
65:1d:29:d1
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUaizgBfJVwWl8jTfd+Ay5fBmq05QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmRkZWU5MDhhOWFkMmRmYmUzMmZmMzViNDAyYTVhYjIx
OThkYzkwNzAeFw0yNjA0MDgxMTM5MDNaFw0yNzA0MDcxMTQ0MDNaMDMxMTAvBgNV
BAMTKDlCRTRFRDNEQkIwRjU1MjYxMjdBNUQ4NUFEN0I3OTA1REFBMzg3QzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxwFzVJPUie4ojmX9KjpCye0rf
Cslfv2v7pEqR+KDZMr5SE5CxFWmQYoXIFl1BKe2JtlD4NAPNKvHjpZfcmSYmbXZR
6HM1uD8JnBX4W1Dh4hMPVwoL8YcIuIF8486SYWFAMCdY0+OvXKtsAd644hlkFnRt
TiQaeQM83AkQ3EL771J//RxCfAh5PB6vmowuiW5oHleKkGhLqMtD+0OIz9/JFrWO
T72DkJ5+6rFzKR/6q3vUVRFxRX7pLPyN8KaJmbwkn4Y9O8lyIDn6jaOTANMPBGPH
vJ2eofBHoJzGD9K6v+tGQzvyEIU7fLBodWXpsR405uNIAlqA8UtKYo1vvjFBAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUm+TtPbsPVSYSel2FrXt5Bdqjh8AwHwYDVR0j
BBgwFoAU/d7pCKmtLfvjL/NbQCpashmNyQcwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmU0MTcwNGYtNzgxNS00ZjJjLWE1MDMtNThhZTA4ZTU1
NmI2LzMvRkRERUU5MDhBOUFEMkRGQkUzMkZGMzVCNDAyQTVBQjIxOThEQzkwNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL19kN3BDS210TGZ2akxfTmJRQ3Bhc2ht
TnlRYy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmU0MTcwNGYt
NzgxNS00ZjJjLWE1MDMtNThhZTA4ZTU1NmI2LzMvMzEzODM1MmUzMjMwMzAyZTMy
MzAzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC5yNEwDQYJKoZIhvcNAQELBQADggEBAGXSyr1ls5PA9YoeacWg2HTTuWyWf3f7
emmPTMbYK7HEAkm1r16L29FZBWFmPnzLMMZ9pgLlU0ptUPZGjVJNQoxvsCCr8uM3
XZ/FnrjdpeWYETho3IbpkCQ/6+DoAvV8GbTL9ZDw2Q/h0xvY3jpUlqVLwRRNjHLu
/NeQA1a0eoEZL53wn222UL0h4C/ojP8eoygy7F3f7nVbYqYSqxofmnv8DNnczs2B
ThRQnUYkITzk4LpE2PSm23IXcPgHVBhqfkFoUgWWue5AC3+LYHHn/bFFSjGOXZia
tdFPkLz/lLbswf+8oKlSY5z8zG06gCdxuGrvRAn3NEPkU4n5fmUdKdE=
-----END CERTIFICATE-----
Generated at Fri Apr 17 03:37:40 2026 by rpki-client