Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231332e3232352e3233372e302f32342d3234203d3e203538303631.roa
File: 3231332e3232352e3233372e302f32342d3234203d3e203538303631.roa (raw, json)
Hash identifier: 8UBcrBGIxZo60irVr28Bi5OYSE5ftJ/XRCDxxwd9m54=
Subject key identifier: 3F:D8:B2:52:99:3C:35:3D:A4:ED:A0:A6:F5:3D:95:14:1E:36:8C:31
Certificate issuer: /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial: 654C0937E48ED391DB260D90E241ED019A179672
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231332e3232352e3233372e302f32342d3234203d3e203538303631.roa
Signing time: Thu 05 Feb 2026 11:55:36 +0000
ROA not before: Thu 05 Feb 2026 11:50:36 +0000
ROA not after: Thu 04 Feb 2027 11:55:36 +0000
asID: 58061
IP address blocks: 213.225.237.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 21:30:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:4c:09:37:e4:8e:d3:91:db:26:0d:90:e2:41:ed:01:9a:17:96:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
Validity
Not Before: Feb 5 11:50:36 2026 GMT
Not After : Feb 4 11:55:36 2027 GMT
Subject: CN=3FD8B252993C353DA4EDA0A6F53D95141E368C31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:3d:a9:27:4e:95:b1:62:7a:3d:cb:50:67:f4:
3a:b4:c5:f9:a6:03:c6:a9:56:36:42:30:e3:a4:f0:
2c:3e:7e:d6:5d:6b:13:55:de:b6:27:2f:46:d7:7b:
83:1a:10:6e:6c:32:b9:0c:47:0b:36:48:9b:ee:7b:
03:3f:e8:23:22:3f:c1:6d:65:de:7d:dc:22:6a:5b:
29:1b:77:95:07:03:16:d2:99:7c:e4:c1:06:e9:08:
ac:a9:53:4d:31:d5:c6:e0:b7:db:88:7f:69:b8:dc:
e3:0e:1e:06:fc:37:45:3a:38:fd:63:b7:21:79:11:
5d:88:0f:c5:99:1d:dc:92:4b:13:2b:70:08:c3:b8:
40:71:f6:5e:84:5d:2d:f5:aa:10:5c:7d:b9:10:df:
b2:76:df:5a:e9:6d:9e:fd:5e:a6:05:fb:cc:3e:9c:
99:3b:24:05:d9:39:38:31:48:4f:ff:89:6b:d8:d1:
55:d3:a3:1e:be:4e:02:f4:83:e2:fb:4b:1c:56:f5:
5f:48:b5:15:0b:5b:45:1f:5e:6a:a3:0d:75:3a:7d:
1d:92:97:6c:cd:6c:3a:6d:b3:c3:42:63:d2:bb:28:
71:38:7d:6e:fb:b6:a0:61:50:75:8b:40:7b:32:6e:
2c:5d:ce:7a:48:ee:27:8f:99:5b:c6:59:42:82:8e:
76:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:D8:B2:52:99:3C:35:3D:A4:ED:A0:A6:F5:3D:95:14:1E:36:8C:31
X509v3 Authority Key Identifier:
keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231332e3232352e3233372e302f32342d3234203d3e203538303631.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.225.237.0/24
Signature Algorithm: sha256WithRSAEncryption
09:d2:61:9f:5e:7f:d4:df:e2:7d:a9:3c:0d:d0:b1:f8:50:76:
45:1c:9c:17:2e:53:b8:80:e4:46:c7:09:72:e5:41:e1:0c:e8:
c0:86:c6:9b:18:a2:f6:e9:27:3b:47:9a:2c:f2:47:e1:06:6f:
3b:11:2a:7f:8f:5c:d3:e7:48:03:4b:3d:44:c0:23:4a:db:1e:
fd:28:df:f1:d1:ef:50:9e:9d:da:31:40:40:7d:23:fe:a4:e3:
10:02:31:d4:79:5d:91:9d:f3:70:17:23:38:33:8a:14:7d:fa:
7d:2a:40:2e:f8:84:81:a6:7c:14:07:f6:f2:cf:c3:8a:62:9d:
27:be:03:d6:ed:6c:bf:5c:e4:52:6e:fa:8f:f4:c9:7c:bd:5b:
1c:ee:22:52:63:2a:45:26:4f:79:1b:cd:af:b7:a8:a0:28:32:
ee:9d:39:91:08:a0:da:4f:f1:5d:24:bf:34:c7:d7:b3:0e:26:
af:14:06:83:67:10:8e:b5:aa:6a:50:da:95:81:3f:ff:e6:ac:
1a:e4:04:49:22:1f:dd:6b:cf:cf:0f:f8:8b:1a:9a:3b:1a:5a:
ba:7f:26:77:05:12:f0:5c:53:ed:e1:08:92:49:1b:47:aa:40:
6f:d2:a4:e2:7f:71:1d:74:94:f4:3e:0e:17:9d:bf:fd:47:5d:
12:60:53:09
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUZUwJN+SO05HbJg2Q4kHtAZoXlnIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAyMDUxMTUwMzZaFw0yNzAyMDQxMTU1MzZaMDMxMTAvBgNV
BAMTKDNGRDhCMjUyOTkzQzM1M0RBNEVEQTBBNkY1M0Q5NTE0MUUzNjhDMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKPaknTpWxYno9y1Bn9Dq0xfmm
A8apVjZCMOOk8Cw+ftZdaxNV3rYnL0bXe4MaEG5sMrkMRws2SJvuewM/6CMiP8Ft
Zd593CJqWykbd5UHAxbSmXzkwQbpCKypU00x1cbgt9uIf2m43OMOHgb8N0U6OP1j
tyF5EV2ID8WZHdySSxMrcAjDuEBx9l6EXS31qhBcfbkQ37J231rpbZ79XqYF+8w+
nJk7JAXZOTgxSE//iWvY0VXTox6+TgL0g+L7SxxW9V9ItRULW0UfXmqjDXU6fR2S
l2zNbDpts8NCY9K7KHE4fW77tqBhUHWLQHsybixdznpI7iePmVvGWUKCjnYtAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUP9iyUpk8NT2k7aCm9T2VFB42jDEwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzIzMTMzMmUzMjMyMzUyZTMy
MzMzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzgzMDM2MzEucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADV4e0wDQYJKoZIhvcNAQELBQADggEBAAnSYZ9ef9Tf4n2pPA3QsfhQdkUcnBcu
U7iA5EbHCXLlQeEM6MCGxpsYovbpJztHmizyR+EGbzsRKn+PXNPnSANLPUTAI0rb
Hv0o3/HR71CendoxQEB9I/6k4xACMdR5XZGd83AXIzgzihR9+n0qQC74hIGmfBQH
9vLPw4pinSe+A9btbL9c5FJu+o/0yXy9WxzuIlJjKkUmT3kbza+3qKAoMu6dOZEI
oNpP8V0kvzTH17MOJq8UBoNnEI61qmpQ2pWBP//mrBrkBEkiH91rz88P+Isamjsa
Wrp/JncFEvBcU+3hCJJJG0eqQG/SpOJ/cR10lPQ+Dhedv/1HXRJgUwk=
-----END CERTIFICATE-----
Generated at Mon Mar 2 13:40:48 2026 by rpki-client