Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135391.roa
File: AS135391.roa (raw, json)
Hash identifier: 9DSTlPEOGN12+pWeJVMOfyhqw5mR3Q9E3mGNv/VUXYE=
Subject key identifier: D8:A3:91:59:45:B8:A8:21:03:CB:5E:C1:A5:42:33:CC:E3:80:73:DF
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 2FD38CA8871EF0C19D3EA815C9A3BECFEA8C9E67
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135391.roa
Signing time: Mon 13 Oct 2025 07:34:33 +0000
ROA not before: Mon 13 Oct 2025 07:29:33 +0000
ROA not after: Mon 12 Oct 2026 07:34:33 +0000
asID: 135391
IP address blocks: 146.103.31.0/24 maxlen: 24
147.79.56.0/24 maxlen: 24
155.117.1.0/24 maxlen: 24
155.117.216.0/24 maxlen: 24
162.141.39.0/24 maxlen: 24
162.141.65.0/24 maxlen: 24
162.141.140.0/24 maxlen: 24
162.141.179.0/24 maxlen: 24
162.141.183.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:d3:8c:a8:87:1e:f0:c1:9d:3e:a8:15:c9:a3:be:cf:ea:8c:9e:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 13 07:29:33 2025 GMT
Not After : Oct 12 07:34:33 2026 GMT
Subject: CN=D8A3915945B8A82103CB5EC1A54233CCE38073DF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:19:68:d7:58:d8:6e:c1:cf:8b:79:e4:a9:fc:
3e:5e:78:d7:d2:20:33:ed:cd:d6:53:9b:68:9e:64:
cd:04:1c:45:b0:72:3d:14:63:ec:0f:77:4f:92:91:
b7:fe:e6:a3:85:fa:30:93:e1:d0:4a:0d:31:75:ae:
7f:92:10:52:02:e6:dd:3b:73:a7:3f:f8:83:81:b9:
e4:c3:bc:51:4c:ee:bd:fa:ac:7b:4d:4a:c6:a6:ac:
20:d8:b8:d4:60:8b:68:4b:4d:95:7a:a8:59:20:9c:
4d:85:b4:b8:3e:99:6c:e0:6d:6d:c0:83:42:75:fb:
20:2a:b0:a5:28:e0:a7:5b:e2:2e:7b:ef:d2:8b:49:
00:9b:92:15:63:7d:92:d4:67:6b:28:ca:79:21:90:
75:54:9f:85:bc:89:07:00:e7:88:89:07:3c:96:b8:
19:bf:9f:4a:39:ce:f5:11:31:dc:b2:55:da:4e:2f:
31:dc:d5:70:3f:6f:b6:25:1e:7b:88:32:b4:95:6f:
83:19:2d:7d:9a:e9:14:6f:95:92:0d:2d:6d:64:a7:
e4:88:cf:37:d7:f7:2d:69:ab:1c:a7:56:3b:17:4a:
f9:de:5c:ce:eb:6a:4c:2d:a6:86:ac:0b:db:8a:4f:
cf:be:39:26:f8:18:c9:0a:23:13:7a:70:ea:97:c5:
d9:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:A3:91:59:45:B8:A8:21:03:CB:5E:C1:A5:42:33:CC:E3:80:73:DF
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS135391.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
146.103.31.0/24
147.79.56.0/24
155.117.1.0/24
155.117.216.0/24
162.141.39.0/24
162.141.65.0/24
162.141.140.0/24
162.141.179.0/24
162.141.183.0/24
Signature Algorithm: sha256WithRSAEncryption
11:2a:7e:f4:df:34:39:89:b2:34:68:0e:b1:2c:64:13:32:a4:
ec:bf:e6:d1:d6:f1:a0:ec:c3:c0:61:74:f1:1d:d6:11:6d:3d:
8d:ff:62:62:9b:f6:30:2d:00:ce:20:0b:2d:86:c7:68:0c:9a:
7b:f1:b3:a3:6e:5b:f5:93:27:3f:4f:f8:b0:52:24:fe:5e:42:
9f:d8:07:d9:3f:51:e2:95:42:72:4f:d6:4c:64:4d:db:61:cf:
27:a2:89:85:6b:36:10:c0:10:40:47:18:23:9c:5b:96:ed:5e:
19:4d:5f:04:02:31:f1:e1:29:2e:15:2d:98:90:1d:39:bd:62:
a5:b4:61:f8:59:95:fa:8c:5a:33:26:f3:7a:d5:df:fe:11:c1:
e8:09:bf:42:fc:34:5a:c4:ac:00:a0:9c:31:cf:fb:9a:24:47:
24:a5:e4:0a:8c:85:f1:7c:ef:71:02:20:f5:df:a2:52:e9:3c:
52:48:eb:72:57:e2:95:d8:6e:b0:a3:53:85:73:72:84:df:89:
df:51:12:ba:3d:78:7d:4c:f7:b0:c8:3e:36:ef:f3:61:a3:99:
d4:c5:c6:3b:23:19:e9:a1:64:ab:74:9e:57:6e:c5:de:4c:be:
46:a4:db:b1:1f:c5:a9:68:7c:c0:3d:b1:ab:4a:61:5b:66:ee:
cd:fa:2b:f6
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUL9OMqIce8MGdPqgVyaO+z+qMnmcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMTMwNzI5MzNaFw0yNjEwMTIwNzM0MzNaMDMxMTAvBgNV
BAMTKEQ4QTM5MTU5NDVCOEE4MjEwM0NCNUVDMUE1NDIzM0NDRTM4MDczREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPGWjXWNhuwc+LeeSp/D5eeNfS
IDPtzdZTm2ieZM0EHEWwcj0UY+wPd0+Skbf+5qOF+jCT4dBKDTF1rn+SEFIC5t07
c6c/+IOBueTDvFFM7r36rHtNSsamrCDYuNRgi2hLTZV6qFkgnE2FtLg+mWzgbW3A
g0J1+yAqsKUo4Kdb4i5779KLSQCbkhVjfZLUZ2soynkhkHVUn4W8iQcA54iJBzyW
uBm/n0o5zvURMdyyVdpOLzHc1XA/b7YlHnuIMrSVb4MZLX2a6RRvlZINLW1kp+SI
zzfX9y1pqxynVjsXSvneXM7rakwtpoasC9uKT8++OSb4GMkKIxN6cOqXxdmNAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQU2KORWUW4qCEDy17BpUIzzOOAc98wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTM1MzkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAkmcf
AwQAk084AwQAm3UBAwQAm3XYAwQAoo0nAwQAoo1BAwQAoo2MAwQAoo2zAwQAoo23
MA0GCSqGSIb3DQEBCwUAA4IBAQARKn703zQ5ibI0aA6xLGQTMqTsv+bR1vGg7MPA
YXTxHdYRbT2N/2Jim/YwLQDOIAsthsdoDJp78bOjblv1kyc/T/iwUiT+XkKf2AfZ
P1HilUJyT9ZMZE3bYc8noomFazYQwBBARxgjnFuW7V4ZTV8EAjHx4SkuFS2YkB05
vWKltGH4WZX6jFozJvN61d/+EcHoCb9C/DRaxKwAoJwxz/uaJEckpeQKjIXxfO9x
AiD136JS6TxSSOtyV+KV2G6wo1OFc3KE34nfURK6PXh9TPewyD427/Nho5nUxcY7
IxnpoWSrdJ5XbsXeTL5GpNuxH8WpaHzAPbGrSmFbZu7N+iv2
-----END CERTIFICATE-----
Generated at Mon Oct 20 07:23:41 2025 by rpki-client