Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3231332e3234302e302f32342d3234203d3e20323135373033.roa
File: 3138352e3231332e3234302e302f32342d3234203d3e20323135373033.roa (raw, json)
Hash identifier: KdpamzjNMoBH12606SSHSE8fPB2oVEwY+/Ehf6CDJmA=
Subject key identifier: AD:50:1F:C7:F0:A6:D4:B3:6F:D9:02:96:7F:1C:7A:32:E1:8D:E7:B2
Certificate issuer: /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial: 14DECEB383CBD1AEC732111A3D4B6F446256E232
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3231332e3234302e302f32342d3234203d3e20323135373033.roa
Signing time: Sun 12 Apr 2026 17:47:05 +0000
ROA not before: Sun 12 Apr 2026 17:42:05 +0000
ROA not after: Sun 11 Apr 2027 17:47:05 +0000
asID: 215703
IP address blocks: 185.213.240.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 03:38:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:de:ce:b3:83:cb:d1:ae:c7:32:11:1a:3d:4b:6f:44:62:56:e2:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Validity
Not Before: Apr 12 17:42:05 2026 GMT
Not After : Apr 11 17:47:05 2027 GMT
Subject: CN=AD501FC7F0A6D4B36FD902967F1C7A32E18DE7B2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:51:f8:5f:48:25:44:1b:ec:b2:28:c7:1e:bb:
70:27:bf:b1:70:45:c0:1d:65:94:8a:00:0d:3e:aa:
da:d7:b5:5d:05:f8:d6:00:8c:0d:a2:30:65:bd:3b:
ff:95:c6:bb:87:f8:04:d8:a9:e0:bd:dc:71:ff:d3:
05:40:09:20:d8:f7:c3:cf:b3:e3:74:f8:9f:73:ad:
c2:30:8c:a9:a1:a7:1c:04:76:e8:74:15:24:1f:b2:
b8:54:75:73:03:02:cf:c0:29:f3:0a:d7:a7:27:8d:
31:e0:9d:02:dc:2f:be:68:24:7a:14:a2:97:d5:77:
28:6b:3a:ee:44:8a:16:7e:b3:10:74:be:c0:82:5d:
ac:a8:06:e2:77:4f:6d:9e:c5:53:81:5d:e0:6b:ed:
66:a7:6c:43:17:34:98:08:33:6e:df:c2:ef:9d:ad:
5f:d3:2b:6e:b6:f2:85:fb:ef:74:d0:9e:0f:54:86:
e7:51:15:d7:a6:40:ae:be:4d:86:f9:cf:5e:1c:24:
06:18:fb:df:75:49:a4:63:14:0c:19:b5:75:8f:76:
51:0c:3a:d1:be:d9:af:28:85:e9:30:af:2a:c2:e2:
bc:b8:c8:93:70:42:75:e5:6b:31:80:92:bb:62:57:
e0:72:35:e8:dc:21:01:30:33:0b:23:9c:c7:8c:bf:
1e:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:50:1F:C7:F0:A6:D4:B3:6F:D9:02:96:7F:1C:7A:32:E1:8D:E7:B2
X509v3 Authority Key Identifier:
keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3231332e3234302e302f32342d3234203d3e20323135373033.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.213.240.0/24
Signature Algorithm: sha256WithRSAEncryption
bf:bb:44:d9:84:d5:14:40:14:ee:cb:c9:f1:57:d5:93:21:a5:
eb:f5:ec:eb:2d:c9:f1:fd:fc:1b:8e:e9:83:9d:03:9f:ce:09:
b4:ee:53:ea:df:c8:a0:26:17:d0:57:7b:39:37:a6:55:87:f2:
16:26:4e:eb:66:ce:68:fd:c0:23:84:7b:04:55:06:5f:2d:d5:
ef:ae:93:8d:b2:be:fb:57:95:4f:43:af:47:68:25:ac:03:61:
e8:53:23:04:e6:23:36:65:4d:e0:b5:65:b2:8c:8a:cb:6b:c1:
0a:d7:06:64:4c:b5:8f:91:f6:28:f6:21:73:eb:c8:ae:19:81:
c2:cc:c2:20:5c:2e:78:95:c9:44:b1:d6:b2:7e:59:0f:3f:6d:
34:d1:2a:96:c4:3c:cd:32:cd:c6:77:12:b8:27:17:e6:ec:cf:
a0:24:34:90:c3:28:8d:8a:8d:dd:c7:d0:4c:41:ec:ae:04:da:
24:11:97:18:d6:76:bb:b4:ad:66:01:9f:47:49:5a:a8:dd:46:
01:f2:0a:5b:d5:74:c2:ff:38:0f:8b:61:da:73:1a:ba:34:ef:
a3:d6:1b:8d:17:bd:25:1e:95:6f:f6:2c:e2:1f:5f:f9:d1:b7:
1a:dd:07:e7:5c:bd:32:1a:b8:bf:64:5f:41:3c:87:10:0b:86:
d1:bc:8b:9d
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUFN7Os4PL0a7HMhEaPUtvRGJW4jIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yNjA0MTIxNzQyMDVaFw0yNzA0MTExNzQ3MDVaMDMxMTAvBgNV
BAMTKEFENTAxRkM3RjBBNkQ0QjM2RkQ5MDI5NjdGMUM3QTMyRTE4REU3QjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAUfhfSCVEG+yyKMceu3Anv7Fw
RcAdZZSKAA0+qtrXtV0F+NYAjA2iMGW9O/+VxruH+ATYqeC93HH/0wVACSDY98PP
s+N0+J9zrcIwjKmhpxwEduh0FSQfsrhUdXMDAs/AKfMK16cnjTHgnQLcL75oJHoU
opfVdyhrOu5EihZ+sxB0vsCCXayoBuJ3T22exVOBXeBr7WanbEMXNJgIM27fwu+d
rV/TK2628oX773TQng9UhudRFdemQK6+TYb5z14cJAYY+991SaRjFAwZtXWPdlEM
OtG+2a8ohekwryrC4ry4yJNwQnXlazGAkrtiV+ByNejcIQEwMwsjnMeMvx61AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUrVAfx/Cm1LNv2QKWfxx6MuGN57IwHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzEzODM1MmUzMjMxMzMyZTMy
MzQzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNTM3MzAzMy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALnV8DANBgkqhkiG9w0BAQsFAAOCAQEAv7tE2YTVFEAU7svJ8VfVkyGl6/Xs
6y3J8f38G47pg50Dn84JtO5T6t/IoCYX0Fd7OTemVYfyFiZO62bOaP3AI4R7BFUG
Xy3V766TjbK++1eVT0OvR2glrANh6FMjBOYjNmVN4LVlsoyKy2vBCtcGZEy1j5H2
KPYhc+vIrhmBwszCIFwueJXJRLHWsn5ZDz9tNNEqlsQ8zTLNxncSuCcX5uzPoCQ0
kMMojYqN3cfQTEHsrgTaJBGXGNZ2u7StZgGfR0laqN1GAfIKW9V0wv84D4th2nMa
ujTvo9YbjRe9JR6Vb/Ys4h9f+dG3Gt0H51y9Mhq4v2RfQTyHEAuG0byLnQ==
-----END CERTIFICATE-----
Generated at Fri Apr 17 17:14:55 2026 by rpki-client