Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
File: AS20115.roa (raw, json)
Hash identifier: w4Lx/vymsGsOVgCkcI/7/iKmlYWOOdQOmI+pbQntk/w=
Subject key identifier: 60:62:71:60:85:23:97:14:20:E3:4A:82:86:F5:AD:04:29:F5:57:25
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 160A93EDA18CA053FDC4843AC0BDF4CF5F8F86DF
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
Signing time: Mon 18 Aug 2025 19:04:13 +0000
ROA not before: Mon 18 Aug 2025 18:59:13 +0000
ROA not after: Mon 17 Aug 2026 19:04:13 +0000
asID: 20115
IP address blocks: 143.14.16.0/21 maxlen: 24
143.14.232.0/21 maxlen: 24
162.141.2.0/23 maxlen: 24
162.141.6.0/23 maxlen: 24
162.141.22.0/23 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.76.0/23 maxlen: 24
162.141.134.0/23 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.156.0/23 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
162.141.192.0/21 maxlen: 24
162.141.200.0/21 maxlen: 24
162.141.208.0/21 maxlen: 24
162.141.216.0/21 maxlen: 24
162.141.224.0/21 maxlen: 24
162.141.232.0/21 maxlen: 24
162.141.240.0/21 maxlen: 24
162.141.248.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.24.0/22 maxlen: 24
167.148.36.0/22 maxlen: 24
167.148.44.0/23 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.60.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.120.0/22 maxlen: 24
167.148.145.0/24 maxlen: 24
167.148.168.0/22 maxlen: 24
167.148.224.0/21 maxlen: 24
167.148.232.0/21 maxlen: 24
167.148.240.0/21 maxlen: 24
167.148.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:0a:93:ed:a1:8c:a0:53:fd:c4:84:3a:c0:bd:f4:cf:5f:8f:86:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Aug 18 18:59:13 2025 GMT
Not After : Aug 17 19:04:13 2026 GMT
Subject: CN=606271608523971420E34A8286F5AD0429F55725
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:0c:9a:05:ff:24:60:6b:9c:b2:eb:2f:56:d8:
87:49:3a:d9:db:83:fb:37:1f:49:cc:65:24:01:02:
9b:08:fe:53:8e:4e:96:df:ea:6a:40:92:e1:c8:6a:
b7:29:74:e5:2b:93:0a:bc:3c:6b:65:c8:8a:c2:88:
69:9b:32:fe:6a:bd:b6:07:8c:cd:99:27:da:ec:c7:
c6:e0:89:7b:5a:f6:f9:75:92:da:bf:f0:aa:30:78:
6b:37:b1:04:94:cd:0d:02:8d:fd:36:23:e9:07:7b:
f7:53:63:2c:80:b3:64:a5:e0:e0:bf:8c:cd:b0:21:
f0:2e:7d:61:de:81:c9:b1:a9:a6:f0:45:89:94:dc:
1f:07:2d:d8:f4:11:b9:97:f2:29:c2:fe:d3:15:f7:
08:44:06:dc:f6:bc:98:13:aa:42:dd:db:28:89:47:
dd:1f:41:c3:f8:52:28:af:b2:fa:d2:f6:d5:3d:46:
dc:ef:1f:a9:47:38:43:5a:b6:86:79:01:f7:fd:b9:
a3:5e:ec:9c:8f:c4:82:30:30:f7:7e:eb:bf:3c:54:
5d:de:9c:c0:f2:27:42:bf:d5:dd:d1:8e:77:f9:e1:
39:f0:b0:63:90:83:c0:a9:68:27:28:e5:84:ab:c5:
6f:42:5c:2b:89:e1:fe:9e:b1:e3:72:ef:20:3c:c4:
36:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:62:71:60:85:23:97:14:20:E3:4A:82:86:F5:AD:04:29:F5:57:25
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.16.0/21
143.14.232.0/21
162.141.2.0/23
162.141.6.0/23
162.141.22.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0-162.141.77.255
162.141.134.0/23
162.141.144.0/21
162.141.156.0/23
162.141.168.0/21
162.141.184.0-162.141.255.255
167.148.16.0-167.148.27.255
167.148.36.0/22
167.148.44.0/23
167.148.48.0-167.148.67.255
167.148.76.0/22
167.148.88.0/21
167.148.108.0/22
167.148.120.0/22
167.148.145.0/24
167.148.168.0/22
167.148.224.0/19
Signature Algorithm: sha256WithRSAEncryption
3a:0f:aa:44:13:37:f4:8b:c0:7d:45:98:57:e9:2c:25:12:ff:
aa:24:77:76:bb:60:f2:3d:b4:36:24:63:af:68:2e:eb:b4:a5:
88:1a:45:18:6c:7c:4e:ce:8d:41:1d:a2:d3:cb:da:79:7b:2a:
46:b1:ce:c0:63:a0:55:c4:63:1b:a9:b3:ad:5a:1c:fc:85:7d:
38:ee:3b:39:c1:12:cf:32:01:ff:2e:b3:4c:be:c9:63:ce:83:
a6:d4:e0:07:9c:98:e1:b7:73:23:63:40:f6:1b:f2:48:bc:28:
4d:f5:0e:35:22:ad:41:91:c7:44:31:2f:07:bd:e2:39:e3:50:
c3:62:0d:52:33:e5:8f:cc:ba:03:46:ee:58:07:44:38:97:c7:
97:01:ef:51:34:b7:17:b8:ba:d1:f3:90:fb:5a:1e:e8:7f:1d:
59:45:85:ca:f9:6b:84:9e:b0:12:32:ea:04:41:f1:e2:dd:36:
8c:69:d5:60:c1:6b:5e:82:f9:ca:4f:6c:e7:9b:68:4a:62:ef:
aa:53:4f:40:ed:3d:ed:60:ef:1e:b2:52:7a:b9:c6:92:80:56:
5d:6b:41:fd:05:5f:f6:29:5d:6e:bb:be:dc:eb:28:ba:f8:0e:
53:2b:1c:83:55:35:9e:5f:79:c1:37:4a:9b:12:85:ce:f3:da:
bb:b7:7f:2a
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgIUFgqT7aGMoFP9xIQ6wL30z1+Pht8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MTgxODU5MTNaFw0yNjA4MTcxOTA0MTNaMDMxMTAvBgNV
BAMTKDYwNjI3MTYwODUyMzk3MTQyMEUzNEE4Mjg2RjVBRDA0MjlGNTU3MjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsDJoF/yRga5yy6y9W2IdJOtnb
g/s3H0nMZSQBApsI/lOOTpbf6mpAkuHIarcpdOUrkwq8PGtlyIrCiGmbMv5qvbYH
jM2ZJ9rsx8bgiXta9vl1ktq/8KoweGs3sQSUzQ0Cjf02I+kHe/dTYyyAs2Sl4OC/
jM2wIfAufWHegcmxqabwRYmU3B8HLdj0EbmX8inC/tMV9whEBtz2vJgTqkLd2yiJ
R90fQcP4UiivsvrS9tU9RtzvH6lHOENatoZ5Aff9uaNe7JyPxIIwMPd+6788VF3e
nMDyJ0K/1d3Rjnf54TnwsGOQg8CpaCco5YSrxW9CXCuJ4f6eseNy7yA8xDZPAgMB
AAGjggK/MIICuzAdBgNVHQ4EFgQUYGJxYIUjlxQg40qChvWtBCn1VyUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAxMTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgdQGCCsGAQUFBwEHAQH/BIHEMIHBMIG+BAIAATCBtwME
A48OEAMEA48O6AMEAaKNAgMEAaKNBjAMAwQBoo0WAwQCoo0gAwQCoo0oAwQDoo04
MAwDBAOijUgDBAGijUwDBAGijYYDBAOijZADBAGijZwDBAOijagwCwMEA6KNuAMD
AaKMMAwDBASnlBADBAKnlBgDBAKnlCQDBAGnlCwwDAMEBKeUMAMEAqeUQAMEAqeU
TAMEA6eUWAMEAqeUbAMEAqeUeAMEAKeUkQMEAqeUqAMEBaeU4DANBgkqhkiG9w0B
AQsFAAOCAQEAOg+qRBM39IvAfUWYV+ksJRL/qiR3drtg8j20NiRjr2gu67SliBpF
GGx8Ts6NQR2i08vaeXsqRrHOwGOgVcRjG6mzrVoc/IV9OO47OcESzzIB/y6zTL7J
Y86DptTgB5yY4bdzI2NA9hvySLwoTfUONSKtQZHHRDEvB73iOeNQw2INUjPlj8y6
A0buWAdEOJfHlwHvUTS3F7i60fOQ+1oe6H8dWUWFyvlrhJ6wEjLqBEHx4t02jGnV
YMFrXoL5yk9s55toSmLvqlNPQO097WDvHrJSernGkoBWXWtB/QVf9ildbru+3Oso
uvgOUyscg1U1nl95wTdKmxKFzvPau7d/Kg==
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:41:54 2025 by rpki-client