Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231332e3232352e3233392e302f32342d3234203d3e20323030343335.roa
File: 3231332e3232352e3233392e302f32342d3234203d3e20323030343335.roa (raw, json)
Hash identifier: O7QMeYzn5CU54U41dRj25GyQDZmXVewrr09DSGAvfjQ=
Subject key identifier: 8E:38:B5:F7:7E:E1:E8:CD:3F:88:8D:7D:8E:73:A6:52:58:8E:32:C8
Certificate issuer: /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial: 27B168DBB33DCA5BBCAE65A743CE3F7CC0076208
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231332e3232352e3233392e302f32342d3234203d3e20323030343335.roa
Signing time: Thu 05 Feb 2026 11:55:37 +0000
ROA not before: Thu 05 Feb 2026 11:50:37 +0000
ROA not after: Thu 04 Feb 2027 11:55:37 +0000
asID: 200435
IP address blocks: 213.225.239.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 13:50:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:b1:68:db:b3:3d:ca:5b:bc:ae:65:a7:43:ce:3f:7c:c0:07:62:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
Validity
Not Before: Feb 5 11:50:37 2026 GMT
Not After : Feb 4 11:55:37 2027 GMT
Subject: CN=8E38B5F77EE1E8CD3F888D7D8E73A652588E32C8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:0f:d6:2a:34:53:b4:ab:8d:c8:64:6b:ff:4f:
f7:4a:26:75:a5:35:02:54:f4:70:f6:12:0e:c9:88:
1c:f5:9e:87:39:a3:69:fb:4b:48:77:46:eb:ca:08:
a9:f8:1e:65:5a:60:0d:03:c3:0e:16:70:69:7a:f7:
5c:d9:2e:59:0f:32:43:4d:11:1d:01:4f:96:46:50:
a7:1d:f2:5b:ce:7d:5a:44:26:85:36:5b:38:6b:0e:
bf:22:e7:62:c4:09:32:41:17:78:40:65:c6:44:69:
c8:02:81:da:a5:ad:3a:55:0f:4a:b4:4a:6a:9f:c0:
e8:0c:ca:b3:af:2d:22:90:a9:7d:49:b7:2f:4d:9d:
2c:97:b6:f9:d5:63:f5:76:68:59:1e:de:ca:0f:a0:
41:ba:9b:cd:e0:c4:30:15:58:f6:1f:2b:5a:54:4f:
1e:ce:ae:f3:b1:66:6f:26:60:d6:5b:9c:97:cf:52:
59:72:7f:d9:df:0a:52:2d:1e:61:f5:ff:08:29:85:
87:1f:b3:74:40:a8:2c:f6:0c:93:43:ad:81:93:dd:
ba:49:b4:f1:09:e0:25:88:c5:8f:1b:18:98:ed:04:
cc:d7:0e:b3:b5:6b:9d:12:39:74:c0:ab:c4:ed:d6:
86:8a:77:59:21:95:53:1d:de:ba:94:83:3f:78:4a:
82:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:38:B5:F7:7E:E1:E8:CD:3F:88:8D:7D:8E:73:A6:52:58:8E:32:C8
X509v3 Authority Key Identifier:
keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231332e3232352e3233392e302f32342d3234203d3e20323030343335.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.225.239.0/24
Signature Algorithm: sha256WithRSAEncryption
b6:8d:3c:78:79:88:28:4c:53:be:91:d1:4e:d2:fc:de:e6:f6:
eb:48:a2:19:14:a7:e5:ab:4a:a2:a9:97:b3:9e:16:47:2e:34:
53:02:ba:95:38:8a:03:97:83:da:b0:22:df:83:eb:cf:6b:2b:
6e:88:99:e5:e3:e1:f7:83:6f:36:b8:82:c7:a4:69:33:78:c6:
b0:dc:49:56:93:26:cb:23:b6:05:b6:15:a3:a8:36:92:7d:f1:
5a:f2:21:db:ce:fc:a1:19:f7:39:e6:43:00:ce:c3:4b:68:7e:
a8:61:0c:85:39:4b:55:b3:bc:f1:20:91:5d:97:ac:8c:93:c4:
08:67:e0:f7:82:07:07:f7:ff:a4:64:3f:24:50:86:c8:2f:87:
d5:95:e8:2f:98:27:b2:70:06:d1:98:16:bc:af:e8:65:23:4a:
b6:88:bf:f1:f3:ec:e6:cf:a8:7c:53:a1:fa:f4:a6:82:8d:16:
30:97:77:a9:90:40:b7:71:a1:cd:ca:1d:63:a9:06:69:7c:3b:
78:fb:40:da:f2:ed:cb:4f:a8:70:f2:81:d8:2e:46:2e:f1:e1:
92:03:ec:0c:43:8c:6f:b2:48:c1:01:1f:10:98:ea:52:6c:31:
24:3b:44:45:be:65:9a:23:2e:49:e4:db:31:5c:d9:2e:de:2d:
d3:14:15:7e
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUJ7Fo27M9ylu8rmWnQ84/fMAHYggwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAyMDUxMTUwMzdaFw0yNzAyMDQxMTU1MzdaMDMxMTAvBgNV
BAMTKDhFMzhCNUY3N0VFMUU4Q0QzRjg4OEQ3RDhFNzNBNjUyNTg4RTMyQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXD9YqNFO0q43IZGv/T/dKJnWl
NQJU9HD2Eg7JiBz1noc5o2n7S0h3RuvKCKn4HmVaYA0Dww4WcGl691zZLlkPMkNN
ER0BT5ZGUKcd8lvOfVpEJoU2WzhrDr8i52LECTJBF3hAZcZEacgCgdqlrTpVD0q0
SmqfwOgMyrOvLSKQqX1Jty9NnSyXtvnVY/V2aFke3soPoEG6m83gxDAVWPYfK1pU
Tx7OrvOxZm8mYNZbnJfPUllyf9nfClItHmH1/wgphYcfs3RAqCz2DJNDrYGT3bpJ
tPEJ4CWIxY8bGJjtBMzXDrO1a50SOXTAq8Tt1oaKd1khlVMd3rqUgz94SoKxAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUjji1937h6M0/iI19jnOmUliOMsgwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzIzMTMzMmUzMjMyMzUyZTMy
MzMzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMDM0MzMzNS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANXh7zANBgkqhkiG9w0BAQsFAAOCAQEAto08eHmIKExTvpHRTtL83ub260ii
GRSn5atKoqmXs54WRy40UwK6lTiKA5eD2rAi34Prz2srboiZ5ePh94NvNriCx6Rp
M3jGsNxJVpMmyyO2BbYVo6g2kn3xWvIh2878oRn3OeZDAM7DS2h+qGEMhTlLVbO8
8SCRXZesjJPECGfg94IHB/f/pGQ/JFCGyC+H1ZXoL5gnsnAG0ZgWvK/oZSNKtoi/
8fPs5s+ofFOh+vSmgo0WMJd3qZBAt3GhzcodY6kGaXw7ePtA2vLty0+ocPKB2C5G
LvHhkgPsDEOMb7JIwQEfEJjqUmwxJDtERb5lmiMuSeTbMVzZLt4t0xQVfg==
-----END CERTIFICATE-----
Generated at Mon Mar 2 17:11:33 2026 by rpki-client