Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3137302e3139362e302f32332d3234203d3e203437353833.roa
File: 3138352e3137302e3139362e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier: 9NdzKkmau6v9G0GlTtH4DnmIbASjWgKtGlDE5L04eBs=
Subject key identifier: D6:8E:02:B4:F4:43:61:C0:21:5D:1E:23:3F:6A:58:24:3F:D6:05:9D
Certificate issuer: /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial: 3D123F44AEA46FABF84B30F140942EBAE99D37C8
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3137302e3139362e302f32332d3234203d3e203437353833.roa
Signing time: Wed 15 Apr 2026 00:23:38 +0000
ROA not before: Wed 15 Apr 2026 00:18:38 +0000
ROA not after: Wed 14 Apr 2027 00:23:38 +0000
asID: 47583
IP address blocks: 185.170.196.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:12:3f:44:ae:a4:6f:ab:f8:4b:30:f1:40:94:2e:ba:e9:9d:37:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Validity
Not Before: Apr 15 00:18:38 2026 GMT
Not After : Apr 14 00:23:38 2027 GMT
Subject: CN=D68E02B4F44361C0215D1E233F6A58243FD6059D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:b2:0e:38:92:e2:37:90:90:a7:d0:7b:95:74:
7a:3f:9f:1f:36:85:e0:91:fc:89:00:ff:7b:69:02:
92:d0:8f:e4:a1:4b:8e:4e:d3:51:08:9d:17:e3:97:
bd:22:c7:ff:02:df:83:0f:40:02:19:5b:ab:9c:78:
ac:42:fb:f4:65:a7:e5:ba:5a:14:9d:df:a9:02:f1:
93:12:15:f3:f0:8a:e0:74:ce:a5:80:13:61:9e:2a:
7a:3b:2e:e6:fb:4b:de:15:9d:f8:e0:25:cf:ef:e9:
a1:a3:00:d7:4c:d5:7f:93:dc:4f:ed:ec:8c:c7:41:
13:b4:17:1c:46:54:db:ef:d3:9b:cc:2b:5b:ce:0c:
df:d6:18:1f:5a:d7:67:79:e4:4e:b3:81:66:fc:6a:
9b:e0:7b:db:26:e6:b4:fb:a9:d8:9a:ec:ef:c2:7f:
24:83:ae:ea:e8:5b:d0:86:ce:4d:a4:19:9c:ff:59:
d7:1d:09:36:05:75:1d:4e:f4:19:ae:fa:73:48:91:
e0:10:b9:55:e1:fb:e2:9b:63:b3:81:09:48:77:3a:
de:e2:24:ec:f1:97:c1:d0:5a:fe:4d:36:d3:f4:6c:
d7:0b:ac:0a:ee:71:7b:ef:fb:07:c0:d5:b3:9a:d0:
e0:48:d6:24:37:da:8f:3e:d2:c1:b6:31:60:d6:20:
48:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:8E:02:B4:F4:43:61:C0:21:5D:1E:23:3F:6A:58:24:3F:D6:05:9D
X509v3 Authority Key Identifier:
keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3138352e3137302e3139362e302f32332d3234203d3e203437353833.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.170.196.0/23
Signature Algorithm: sha256WithRSAEncryption
bf:96:8f:01:d5:21:be:5b:98:c3:fd:e9:84:89:3a:f9:b2:59:
94:39:d3:0c:67:a6:f8:45:cb:a2:05:85:92:30:28:9c:a3:33:
7e:20:df:8e:e4:68:0a:ea:4f:e1:e4:ef:13:2f:98:22:eb:b4:
1c:d1:ef:df:92:a1:a1:9f:b0:d1:39:46:11:a9:52:41:dd:9d:
71:41:8a:51:b1:82:94:77:ac:0b:fa:09:da:d1:f6:59:ca:a2:
13:a8:90:21:bd:d7:0e:4d:5d:05:23:20:ab:d1:a3:ed:99:4d:
24:36:3e:71:8e:50:8a:b0:0b:3a:0d:26:46:a9:48:d4:e4:f0:
1a:13:f0:f7:9d:4e:26:de:0a:58:71:aa:63:ef:45:91:ac:20:
ff:ee:76:ac:2a:7f:1c:7d:a6:13:e8:7a:35:58:48:91:16:4f:
ec:b1:e9:91:99:91:44:17:e8:80:6a:c4:93:d7:10:52:71:5c:
95:77:73:fd:fa:cc:5c:09:19:fc:de:67:ab:1e:2c:37:db:2c:
e4:d4:94:d8:91:17:45:0f:6f:7a:f4:53:43:45:33:ff:fb:88:
4f:85:94:da:6d:24:23:56:cd:fe:59:8e:f9:3c:12:f4:d8:85:
36:7b:4a:00:42:9f:21:76:1c:00:ec:ff:a9:5b:13:62:c3:57:
fc:55:b9:06
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIUPRI/RK6kb6v4SzDxQJQuuumdN8gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNjA0MTUwMDE4MzhaFw0yNzA0MTQwMDIzMzhaMDMxMTAvBgNV
BAMTKEQ2OEUwMkI0RjQ0MzYxQzAyMTVEMUUyMzNGNkE1ODI0M0ZENjA1OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAsg44kuI3kJCn0HuVdHo/nx82
heCR/IkA/3tpApLQj+ShS45O01EInRfjl70ix/8C34MPQAIZW6uceKxC+/Rlp+W6
WhSd36kC8ZMSFfPwiuB0zqWAE2GeKno7Lub7S94VnfjgJc/v6aGjANdM1X+T3E/t
7IzHQRO0FxxGVNvv05vMK1vODN/WGB9a12d55E6zgWb8apvge9sm5rT7qdia7O/C
fySDruroW9CGzk2kGZz/WdcdCTYFdR1O9Bmu+nNIkeAQuVXh++KbY7OBCUh3Ot7i
JOzxl8HQWv5NNtP0bNcLrArucXvv+wfA1bOa0OBI1iQ32o8+0sG2MWDWIEh1AgMB
AAGjggJEMIICQDAdBgNVHQ4EFgQU1o4CtPRDYcAhXR4jP2pYJD/WBZ0wHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM4MzUyZTMxMzcz
MDJlMzEzOTM2MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2Ew
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQC
AAEwBgMEAbmqxDANBgkqhkiG9w0BAQsFAAOCAQEAv5aPAdUhvluYw/3phIk6+bJZ
lDnTDGem+EXLogWFkjAonKMzfiDfjuRoCupP4eTvEy+YIuu0HNHv35KhoZ+w0TlG
EalSQd2dcUGKUbGClHesC/oJ2tH2WcqiE6iQIb3XDk1dBSMgq9Gj7ZlNJDY+cY5Q
irALOg0mRqlI1OTwGhPw951OJt4KWHGqY+9Fkawg/+52rCp/HH2mE+h6NVhIkRZP
7LHpkZmRRBfogGrEk9cQUnFclXdz/frMXAkZ/N5nqx4sN9ss5NSU2JEXRQ9vevRT
Q0Uz//uIT4WU2m0kI1bN/lmO+TwS9NiFNntKAEKfIXYcAOz/qVsTYsNX/FW5Bg==
-----END CERTIFICATE-----
Generated at Fri Apr 17 15:20:30 2026 by rpki-client