Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3131312e3135372e302f32342d3234203d3e20313337343039.roa
File: 3138352e3131312e3135372e302f32342d3234203d3e20313337343039.roa (raw, json)
Hash identifier: DBAuZSmqjb8c44rfWdnGbHpDNe/ETZXI17FICPdGzb8=
Subject key identifier: F5:07:5D:56:30:52:D9:3D:F9:6F:AC:D5:00:48:6A:0F:3B:0B:75:E4
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 59C466AE922D75F6FAEEA65619EB3D56064DA665
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3131312e3135372e302f32342d3234203d3e20313337343039.roa
Signing time: Thu 12 Feb 2026 10:23:20 +0000
ROA not before: Thu 12 Feb 2026 10:18:20 +0000
ROA not after: Thu 11 Feb 2027 10:23:20 +0000
asID: 137409
IP address blocks: 185.111.157.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 06:04:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
59:c4:66:ae:92:2d:75:f6:fa:ee:a6:56:19:eb:3d:56:06:4d:a6:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Feb 12 10:18:20 2026 GMT
Not After : Feb 11 10:23:20 2027 GMT
Subject: CN=F5075D563052D93DF96FACD500486A0F3B0B75E4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:fc:e4:51:69:6d:41:0d:0a:15:84:80:7a:16:
a7:7c:b8:4d:5b:52:cc:1a:bc:8c:c1:a1:b9:82:48:
2f:3b:fb:55:1b:ca:ba:1b:cb:e3:e5:67:e0:4c:5d:
84:10:8f:1e:bd:33:52:30:a4:5b:54:0e:17:1a:0b:
7a:a2:60:1b:2a:4a:32:74:c7:4d:c6:dd:3b:64:0d:
b0:f9:b2:3b:91:d7:f1:73:9e:e3:bc:a5:cf:5d:83:
f6:46:be:43:63:64:f1:0e:e9:31:7b:fb:60:6c:e4:
72:6f:db:b5:e5:4c:10:23:31:36:0d:77:63:88:ad:
7e:bb:b7:82:b8:82:f7:9f:70:66:e5:c0:17:fb:db:
c1:1e:f1:3b:b0:b6:4a:52:69:67:3b:39:8f:db:86:
be:c8:f9:95:c7:d6:37:03:42:71:3f:ae:62:a6:08:
63:e7:ae:e0:a3:ad:b9:3e:6c:bb:a7:c9:7a:79:70:
a3:df:7b:bf:82:74:67:5b:9c:53:6d:ca:40:55:91:
79:45:8e:36:33:b5:5e:8f:5d:af:c7:c0:84:1d:7d:
42:8e:d7:b9:14:65:64:e5:01:c5:ff:78:a8:0e:20:
f7:b4:b7:04:38:32:f8:86:45:a4:be:5d:06:cf:7d:
b5:ff:a2:1e:fe:9f:c8:f1:9a:1e:a0:6e:19:b0:45:
ad:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:07:5D:56:30:52:D9:3D:F9:6F:AC:D5:00:48:6A:0F:3B:0B:75:E4
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3131312e3135372e302f32342d3234203d3e20313337343039.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.111.157.0/24
Signature Algorithm: sha256WithRSAEncryption
40:1e:24:57:ac:c9:b4:5f:14:c9:ff:81:e0:47:71:40:9a:82:
d2:2f:c8:24:21:17:a5:5c:13:82:62:15:fc:f1:c1:de:09:ec:
00:b7:f6:59:08:db:64:0c:1e:93:f7:a8:e2:3d:7f:44:8d:31:
9f:e5:2f:43:57:d8:87:09:91:75:f4:59:e0:91:24:9a:c1:f1:
13:e7:9e:64:b7:9a:5f:b7:05:cf:c2:be:5f:b5:bc:fd:4c:67:
14:27:ff:f4:57:9b:8d:87:e6:13:51:73:34:be:54:2b:56:73:
d5:85:17:b1:70:a2:31:f4:d4:78:75:7d:70:d8:bd:84:74:aa:
dc:3d:a7:e1:ad:fe:f0:9c:1f:20:7d:50:9c:ef:dc:28:6d:0e:
85:48:66:95:f7:d5:c2:da:40:08:ae:4a:e7:04:55:f2:72:51:
9f:96:49:a5:87:03:cc:4d:ed:b2:cb:19:3a:03:e1:31:7d:ad:
ec:07:49:83:d7:82:16:a0:51:65:be:5b:4f:df:29:ef:d0:11:
56:41:69:0a:87:fb:36:80:54:a0:78:56:44:42:a5:54:f7:fa:
86:29:6c:ba:f2:be:00:c3:17:45:d6:ae:c5:58:b8:af:a7:34:
85:5e:65:94:62:43:e1:54:5e:06:dd:38:4a:b5:dc:32:9b:a1:
dd:c8:f0:8d
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUWcRmrpItdfb67qZWGes9VgZNpmUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAyMTIxMDE4MjBaFw0yNzAyMTExMDIzMjBaMDMxMTAvBgNV
BAMTKEY1MDc1RDU2MzA1MkQ5M0RGOTZGQUNENTAwNDg2QTBGM0IwQjc1RTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq/ORRaW1BDQoVhIB6Fqd8uE1b
UswavIzBobmCSC87+1Ubyroby+PlZ+BMXYQQjx69M1IwpFtUDhcaC3qiYBsqSjJ0
x03G3TtkDbD5sjuR1/FznuO8pc9dg/ZGvkNjZPEO6TF7+2Bs5HJv27XlTBAjMTYN
d2OIrX67t4K4gvefcGblwBf728Ee8TuwtkpSaWc7OY/bhr7I+ZXH1jcDQnE/rmKm
CGPnruCjrbk+bLunyXp5cKPfe7+CdGdbnFNtykBVkXlFjjYztV6PXa/HwIQdfUKO
17kUZWTlAcX/eKgOIPe0twQ4MviGRaS+XQbPfbX/oh7+n8jxmh6gbhmwRa2/AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU9QddVjBS2T35b6zVAEhqDzsLdeQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMTMxMzEyZTMx
MzUzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNzM0MzAzOS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEALlvnTANBgkqhkiG9w0BAQsFAAOCAQEAQB4kV6zJtF8Uyf+B4EdxQJqC0i/I
JCEXpVwTgmIV/PHB3gnsALf2WQjbZAwek/eo4j1/RI0xn+UvQ1fYhwmRdfRZ4JEk
msHxE+eeZLeaX7cFz8K+X7W8/UxnFCf/9FebjYfmE1FzNL5UK1Zz1YUXsXCiMfTU
eHV9cNi9hHSq3D2n4a3+8JwfIH1QnO/cKG0OhUhmlffVwtpACK5K5wRV8nJRn5ZJ
pYcDzE3tsssZOgPhMX2t7AdJg9eCFqBRZb5bT98p79ARVkFpCof7NoBUoHhWREKl
VPf6hilsuvK+AMMXRdauxVi4r6c0hV5llGJD4VReBt04SrXcMpuh3cjwjQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 20:46:08 2026 by rpki-client