Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3139342e302f32342d3234203d3e20343031373736.roa
File: 3231372e3231362e3139342e302f32342d3234203d3e20343031373736.roa (raw, json)
Hash identifier: payEAy5EelkZT4IuLLK/4KGBUkecaekEcX6oQ3BnCi0=
Subject key identifier: AF:84:93:7A:1B:66:CD:61:47:D6:A5:46:83:B5:2D:09:87:67:99:D5
Certificate issuer: /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial: 4142DC71E29F86418B13B282E8566BE74CD72CB9
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3139342e302f32342d3234203d3e20343031373736.roa
Signing time: Fri 03 Apr 2026 12:08:14 +0000
ROA not before: Fri 03 Apr 2026 12:03:14 +0000
ROA not after: Fri 02 Apr 2027 12:08:14 +0000
asID: 401776
IP address blocks: 217.216.194.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:42:dc:71:e2:9f:86:41:8b:13:b2:82:e8:56:6b:e7:4c:d7:2c:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Validity
Not Before: Apr 3 12:03:14 2026 GMT
Not After : Apr 2 12:08:14 2027 GMT
Subject: CN=AF84937A1B66CD6147D6A54683B52D09876799D5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:e7:19:1e:00:68:55:32:0a:36:ed:94:37:43:
40:2e:77:c7:1b:20:e9:86:64:e2:11:90:98:44:67:
f0:0b:c8:ef:5b:57:00:17:35:62:ce:91:9c:f2:83:
37:8d:d9:20:21:c3:bb:9e:e9:ad:96:2e:56:1e:c3:
35:16:fb:95:02:f4:15:9a:db:49:eb:9f:26:0a:e3:
55:f8:2d:65:5f:55:35:79:c8:0a:58:40:f8:9d:bf:
1c:18:19:73:c5:bd:29:e5:e5:7f:a3:68:18:2a:6b:
1e:8d:f1:8a:fc:3c:c8:5c:97:66:2a:76:21:f2:28:
a4:4d:03:8d:4e:a8:4d:c2:83:35:a0:11:0a:6c:62:
62:d7:67:c4:cf:10:8a:88:43:b2:14:9b:54:39:99:
f9:06:77:a3:b6:e4:a7:0a:cf:3a:41:4b:0e:0e:81:
e8:11:c7:1a:0b:2a:36:3c:35:cd:c5:7f:48:ab:45:
ce:84:46:93:4d:09:f1:8d:63:43:88:77:9e:e7:67:
85:31:15:07:59:d3:79:84:67:4f:90:a1:52:5e:9e:
5e:3d:9a:87:4e:c6:46:43:5e:32:f4:52:3b:48:93:
09:31:e4:ea:48:4d:a8:ef:b4:3d:19:73:41:26:a0:
fc:50:8a:83:c9:c7:a0:55:c3:b6:87:e2:a6:c4:36:
c6:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:84:93:7A:1B:66:CD:61:47:D6:A5:46:83:B5:2D:09:87:67:99:D5
X509v3 Authority Key Identifier:
keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3231372e3231362e3139342e302f32342d3234203d3e20343031373736.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.216.194.0/24
Signature Algorithm: sha256WithRSAEncryption
67:de:43:7b:68:6f:28:4b:17:59:e1:ea:60:f9:15:93:2c:eb:
99:d7:98:2f:19:21:94:3c:43:be:19:84:bb:09:9c:b1:1a:73:
9b:99:2d:f6:e2:8d:8b:3f:3f:cc:96:1f:5a:66:0d:56:e5:bd:
89:65:a6:be:c7:8e:14:15:41:a5:99:dc:90:5c:87:d1:78:fd:
a0:6e:73:8c:cd:43:b9:87:96:46:b1:25:bc:f1:4d:e8:1d:88:
a1:b1:35:26:c8:9e:d6:83:cd:01:d8:1a:87:bf:fd:fc:9d:92:
58:bb:5a:f1:be:94:ef:31:1a:49:5b:6b:db:94:97:20:df:5f:
cc:b8:6f:e5:1f:74:15:f7:2b:28:22:5b:4e:3a:71:30:02:73:
b6:8a:96:a3:7e:6d:0f:5c:ac:8e:a2:86:c1:dc:06:38:dd:2d:
df:64:48:06:6b:c9:52:de:1b:a0:98:41:5a:d7:62:e3:f1:d4:
bc:0b:a7:ff:1d:2a:0f:50:6c:ed:cd:10:41:c6:2e:89:14:c3:
00:01:0c:05:0d:0c:7c:7a:0c:88:32:28:a3:35:ee:f9:e5:9b:
a9:e7:2b:6b:c0:1b:cf:5a:1a:8c:e6:84:17:61:f6:1d:42:aa:
aa:de:e9:6e:b4:80:0d:48:f5:06:9d:ef:7b:25:0d:dd:fa:23:
d0:a9:64:30
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUQULcceKfhkGLE7KC6FZr50zXLLkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MDMxMjAzMTRaFw0yNzA0MDIxMjA4MTRaMDMxMTAvBgNV
BAMTKEFGODQ5MzdBMUI2NkNENjE0N0Q2QTU0NjgzQjUyRDA5ODc2Nzk5RDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDq5xkeAGhVMgo27ZQ3Q0Aud8cb
IOmGZOIRkJhEZ/ALyO9bVwAXNWLOkZzygzeN2SAhw7ue6a2WLlYewzUW+5UC9BWa
20nrnyYK41X4LWVfVTV5yApYQPidvxwYGXPFvSnl5X+jaBgqax6N8Yr8PMhcl2Yq
diHyKKRNA41OqE3CgzWgEQpsYmLXZ8TPEIqIQ7IUm1Q5mfkGd6O25KcKzzpBSw4O
gegRxxoLKjY8Nc3Ff0irRc6ERpNNCfGNY0OId57nZ4UxFQdZ03mEZ0+QoVJenl49
modOxkZDXjL0UjtIkwkx5OpITajvtD0Zc0EmoPxQioPJx6BVw7aH4qbENsYLAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUr4STehtmzWFH1qVGg7UtCYdnmdUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzIzMTM3MmUzMjMxMzYyZTMx
MzkzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMTM3MzczNi5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEANnYwjANBgkqhkiG9w0BAQsFAAOCAQEAZ95De2hvKEsXWeHqYPkVkyzrmdeY
LxkhlDxDvhmEuwmcsRpzm5kt9uKNiz8/zJYfWmYNVuW9iWWmvseOFBVBpZnckFyH
0Xj9oG5zjM1DuYeWRrElvPFN6B2IobE1Jsie1oPNAdgah7/9/J2SWLta8b6U7zEa
SVtr25SXIN9fzLhv5R90FfcrKCJbTjpxMAJztoqWo35tD1ysjqKGwdwGON0t32RI
BmvJUt4boJhBWtdi4/HUvAun/x0qD1Bs7c0QQcYuiRTDAAEMBQ0MfHoMiDIoozXu
+eWbqecra8Abz1oajOaEF2H2HUKqqt7pbrSADUj1Bp3veyUN3foj0KlkMA==
-----END CERTIFICATE-----
Generated at Fri Apr 17 14:39:06 2026 by rpki-client