Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
File: AS20115.roa (raw, json)
Hash identifier: AyH+EotTH8khNKHezVLZQ77GBe8a7kr4d8FufsYyS3U=
Subject key identifier: 61:4B:E9:95:8C:CE:B1:67:B3:98:FA:42:19:25:3D:DA:AF:B6:F9:7F
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 6F10DCCBBDC4E1CAE4DDDF7E6A91F525EA854FB0
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
Signing time: Thu 26 Jun 2025 00:00:32 +0000
ROA not before: Wed 25 Jun 2025 23:55:32 +0000
ROA not after: Thu 25 Jun 2026 00:00:32 +0000
asID: 20115
IP address blocks: 143.14.16.0/21 maxlen: 24
143.14.232.0/21 maxlen: 24
162.141.22.0/23 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.156.0/23 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
162.141.192.0/21 maxlen: 24
162.141.200.0/21 maxlen: 24
162.141.208.0/21 maxlen: 24
162.141.216.0/21 maxlen: 24
162.141.224.0/21 maxlen: 24
162.141.232.0/21 maxlen: 24
162.141.240.0/21 maxlen: 24
162.141.248.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.24.0/22 maxlen: 24
167.148.36.0/22 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.60.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.120.0/22 maxlen: 24
167.148.168.0/22 maxlen: 24
167.148.224.0/21 maxlen: 24
167.148.232.0/21 maxlen: 24
167.148.240.0/21 maxlen: 24
167.148.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Jun 2025 00:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6f:10:dc:cb:bd:c4:e1:ca:e4:dd:df:7e:6a:91:f5:25:ea:85:4f:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Jun 25 23:55:32 2025 GMT
Not After : Jun 25 00:00:32 2026 GMT
Subject: CN=614BE9958CCEB167B398FA4219253DDAAFB6F97F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:b2:07:24:f1:56:57:0a:33:6f:b1:f7:9d:ee:
1b:3a:07:41:82:4f:5f:01:b0:b3:5f:b0:f9:61:1f:
89:60:bc:9e:f8:0d:fd:c2:38:4a:3b:32:d1:00:97:
75:5f:3b:9a:fd:5c:43:67:6e:95:91:c2:33:24:ec:
2d:f5:ee:b6:f6:82:a1:33:b5:ea:8c:25:8b:b3:aa:
2f:8e:d1:04:92:c0:68:14:62:83:b6:eb:34:42:3d:
6e:94:f7:5b:6e:79:6e:1b:03:1c:e8:07:2f:f2:ca:
dc:4f:d5:52:96:63:82:51:87:3b:04:0f:a4:51:f6:
f7:61:97:f5:04:3d:ee:d3:06:17:4d:3c:9d:a5:e7:
8c:14:63:3c:3b:4d:5d:81:2a:ee:36:0f:d1:42:d2:
93:69:4a:7e:c8:b7:e8:56:11:2a:cd:6f:0f:77:50:
78:df:13:80:d4:b1:07:e3:bc:30:bd:04:17:0c:6a:
e3:80:f4:c6:af:12:94:3b:28:b1:2b:4d:c6:c1:e3:
08:ed:44:3e:b8:9f:ec:9a:22:5f:cf:f2:a0:36:42:
3e:fe:6e:32:88:0a:25:25:2e:6c:39:b1:93:f8:32:
07:aa:38:a9:d7:e9:2a:44:67:b2:9b:09:85:16:d8:
32:08:3a:2a:dd:49:99:bc:19:46:5c:ee:25:f8:8a:
47:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:4B:E9:95:8C:CE:B1:67:B3:98:FA:42:19:25:3D:DA:AF:B6:F9:7F
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.16.0/21
143.14.232.0/21
162.141.22.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0/22
162.141.144.0/21
162.141.156.0/23
162.141.168.0/21
162.141.184.0-162.141.255.255
167.148.16.0-167.148.27.255
167.148.36.0/22
167.148.48.0-167.148.67.255
167.148.76.0/22
167.148.88.0/21
167.148.108.0/22
167.148.120.0/22
167.148.168.0/22
167.148.224.0/19
Signature Algorithm: sha256WithRSAEncryption
30:cc:36:2d:4e:0b:b3:70:ed:29:85:9f:8b:b8:cf:09:30:96:
c8:ec:1a:c7:5d:49:ae:8a:b6:0f:4f:79:5a:e1:be:d9:a6:3d:
92:cf:37:e8:7d:e4:74:69:e0:48:c0:c0:b1:50:1a:98:5c:cf:
ba:59:71:93:a8:8c:4d:f4:1d:2b:98:38:b5:f8:c3:c4:10:a5:
2a:c9:e3:82:00:cd:32:19:a8:eb:cf:90:7b:b9:59:64:f9:98:
36:21:c9:78:a0:b2:98:2b:35:8f:c8:8a:29:78:d9:b4:89:f7:
79:1a:dc:0e:3f:de:9e:66:1f:75:a5:56:b4:cf:27:6c:40:ae:
e2:1d:97:8d:c5:8b:0b:70:fd:77:c3:52:7d:b0:c2:3e:1e:44:
5d:41:7f:10:25:ed:72:38:c9:ca:e0:98:2b:dd:2a:6f:3e:3b:
00:6a:2e:48:3d:09:f6:80:35:b5:f3:fd:74:a7:0c:d2:14:ed:
1e:e7:73:39:2f:49:b9:15:28:66:23:3c:e9:28:8c:47:b4:47:
02:69:af:5b:1d:82:85:43:1b:ab:33:08:b9:42:68:86:06:e4:
6c:eb:9e:5c:8a:e8:18:ea:66:f7:b8:6c:8d:b8:ff:88:8e:d3:
4b:d6:fd:6a:d0:54:64:b2:65:12:f5:f4:44:49:3f:c7:fa:8f:
17:9b:7b:fa
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgIUbxDcy73E4crk3d9+apH1JeqFT7AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MjUyMzU1MzJaFw0yNjA2MjUwMDAwMzJaMDMxMTAvBgNV
BAMTKDYxNEJFOTk1OENDRUIxNjdCMzk4RkE0MjE5MjUzRERBQUZCNkY5N0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCusgck8VZXCjNvsfed7hs6B0GC
T18BsLNfsPlhH4lgvJ74Df3COEo7MtEAl3VfO5r9XENnbpWRwjMk7C317rb2gqEz
teqMJYuzqi+O0QSSwGgUYoO26zRCPW6U91tueW4bAxzoBy/yytxP1VKWY4JRhzsE
D6RR9vdhl/UEPe7TBhdNPJ2l54wUYzw7TV2BKu42D9FC0pNpSn7It+hWESrNbw93
UHjfE4DUsQfjvDC9BBcMauOA9MavEpQ7KLErTcbB4wjtRD64n+yaIl/P8qA2Qj7+
bjKICiUlLmw5sZP4MgeqOKnX6SpEZ7KbCYUW2DIIOirdSZm8GUZc7iX4ikdHAgMB
AAGjggKZMIIClTAdBgNVHQ4EFgQUYUvplYzOsWezmPpCGSU92q+2+X8wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAxMTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwga4GCCsGAQUFBwEHAQH/BIGeMIGbMIGYBAIAATCBkQME
A48OEAMEA48O6DAMAwQBoo0WAwQCoo0gAwQCoo0oAwQDoo04AwQCoo1IAwQDoo2Q
AwQBoo2cAwQDoo2oMAsDBAOijbgDAwGijDAMAwQEp5QQAwQCp5QYAwQCp5QkMAwD
BASnlDADBAKnlEADBAKnlEwDBAOnlFgDBAKnlGwDBAKnlHgDBAKnlKgDBAWnlOAw
DQYJKoZIhvcNAQELBQADggEBADDMNi1OC7Nw7SmFn4u4zwkwlsjsGsddSa6Ktg9P
eVrhvtmmPZLPN+h95HRp4EjAwLFQGphcz7pZcZOojE30HSuYOLX4w8QQpSrJ44IA
zTIZqOvPkHu5WWT5mDYhyXigspgrNY/Iiil42bSJ93ka3A4/3p5mH3WlVrTPJ2xA
ruIdl43Fiwtw/XfDUn2wwj4eRF1BfxAl7XI4ycrgmCvdKm8+OwBqLkg9CfaANbXz
/XSnDNIU7R7nczkvSbkVKGYjPOkojEe0RwJpr1sdgoVDG6szCLlCaIYG5GzrnlyK
6BjqZve4bI24/4iO00vW/WrQVGSyZRL19ERJP8f6jxebe/o=
-----END CERTIFICATE-----
Generated at Sun Jun 29 07:25:05 2025 by rpki-client