Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
File: AS20326.roa (raw, json)
Hash identifier: KNZkqvIz5AAt1n0n6cjwkOXNAPi5Wb3Gkhpf/uPZllU=
Subject key identifier: 61:33:83:49:2F:2C:62:48:C9:72:F2:CA:72:1C:7F:59:69:BB:4B:99
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 67687D09208E8C85C431E179DB8A59E2891B6B96
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
Signing time: Thu 05 Mar 2026 05:03:18 +0000
ROA not before: Thu 05 Mar 2026 04:58:18 +0000
ROA not after: Thu 04 Mar 2027 05:03:18 +0000
asID: 20326
IP address blocks: 96.62.200.0/21 maxlen: 24
155.117.158.0/23 maxlen: 24
155.117.178.0/23 maxlen: 24
167.148.80.0/21 maxlen: 24
167.148.198.0/24 maxlen: 24
167.148.204.0/24 maxlen: 24
167.148.207.0/24 maxlen: 24
167.148.210.0/24 maxlen: 24
168.222.32.0/20 maxlen: 20
168.222.116.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:68:7d:09:20:8e:8c:85:c4:31:e1:79:db:8a:59:e2:89:1b:6b:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Mar 5 04:58:18 2026 GMT
Not After : Mar 4 05:03:18 2027 GMT
Subject: CN=613383492F2C6248C972F2CA721C7F5969BB4B99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:0b:b9:ac:80:91:10:0b:9a:ff:04:40:2f:4b:
15:4a:91:c7:8f:e9:6e:dd:de:2c:2e:8d:39:0e:03:
ca:59:97:e4:0f:b7:3a:f9:54:d2:3f:65:02:e0:73:
ce:f3:f5:e0:2c:72:de:91:40:47:ec:ec:62:05:31:
20:ed:4b:15:5b:18:7b:d5:f8:e0:dc:07:fd:d9:f5:
7d:87:fd:78:2d:ff:45:b6:de:32:6e:b8:54:85:63:
51:70:75:31:7a:29:8a:de:4d:ca:97:f7:7b:f2:53:
7e:7a:5c:1f:5e:0b:87:3d:91:a2:ac:96:ea:c2:ac:
9b:e9:b1:2d:9b:24:21:51:92:a6:04:76:b1:cf:42:
c4:15:18:ad:c6:11:dc:11:6b:f6:0e:64:cc:3f:d9:
7d:ab:8e:6e:00:cb:9c:c1:bc:4a:3f:39:7a:fe:95:
26:59:08:55:e2:d3:b7:ce:af:46:87:89:e8:e3:f9:
7b:a7:26:93:08:a2:bf:5e:98:d3:63:4c:70:62:87:
f6:4e:3b:4b:ce:2b:0e:a0:75:0c:24:74:f1:b2:43:
9b:45:99:08:86:a8:55:7e:f5:38:18:fe:e9:a0:dd:
0e:26:82:ec:ea:96:64:27:2c:c0:65:88:01:a2:30:
83:93:32:58:db:14:ea:bc:59:4d:0d:20:ce:3d:ed:
ee:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:33:83:49:2F:2C:62:48:C9:72:F2:CA:72:1C:7F:59:69:BB:4B:99
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.200.0/21
155.117.158.0/23
155.117.178.0/23
167.148.80.0/21
167.148.198.0/24
167.148.204.0/24
167.148.207.0/24
167.148.210.0/24
168.222.32.0/20
168.222.116.0/22
Signature Algorithm: sha256WithRSAEncryption
4b:bb:5a:c3:d7:ce:26:c7:8f:29:33:e2:31:41:00:1e:e9:73:
7a:66:35:58:1b:c2:f7:0d:c0:fd:86:05:33:25:e6:9b:e0:71:
24:19:79:e4:f4:4f:59:e0:a0:9c:c0:9d:14:81:01:b6:93:2d:
5b:96:9f:58:56:4a:18:fb:2e:ef:c7:07:1a:54:b7:a7:18:63:
c6:f1:39:25:89:b1:12:3f:d7:6e:ff:d3:a0:58:2d:92:c4:24:
da:0a:0c:51:17:3e:7f:88:33:71:e7:0b:1e:07:30:f4:7f:d7:
c8:74:75:06:49:76:7e:56:a0:73:0f:d4:d9:2b:d3:9e:31:46:
c9:8c:ad:ff:87:8a:85:ee:ea:9e:e8:da:e7:0f:2b:b3:2f:ed:
a5:8f:f2:bb:6b:4e:04:4a:57:0e:c7:c3:9c:e5:e8:b1:e9:f8:
43:84:b9:0d:32:63:fe:3b:35:a0:56:a1:9f:85:39:b3:b4:ab:
4f:5b:d1:33:7e:48:9d:89:ec:41:83:21:3c:f1:4e:a9:32:75:
ed:40:95:17:a3:1e:8c:c2:27:e6:99:a2:aa:8f:35:7a:72:e2:
61:11:db:14:40:db:56:30:e1:3f:60:a6:d4:c3:cd:ba:a3:c5:
e2:e9:28:bb:f0:a5:77:f1:64:e3:47:9b:95:35:ec:af:1a:89:
62:f1:40:71
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUZ2h9CSCOjIXEMeF524pZ4okba5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMDUwNDU4MThaFw0yNzAzMDQwNTAzMThaMDMxMTAvBgNV
BAMTKDYxMzM4MzQ5MkYyQzYyNDhDOTcyRjJDQTcyMUM3RjU5NjlCQjRCOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzC7msgJEQC5r/BEAvSxVKkceP
6W7d3iwujTkOA8pZl+QPtzr5VNI/ZQLgc87z9eAsct6RQEfs7GIFMSDtSxVbGHvV
+ODcB/3Z9X2H/Xgt/0W23jJuuFSFY1FwdTF6KYreTcqX93vyU356XB9eC4c9kaKs
lurCrJvpsS2bJCFRkqYEdrHPQsQVGK3GEdwRa/YOZMw/2X2rjm4Ay5zBvEo/OXr+
lSZZCFXi07fOr0aHiejj+XunJpMIor9emNNjTHBih/ZOO0vOKw6gdQwkdPGyQ5tF
mQiGqFV+9TgY/umg3Q4mguzqlmQnLMBliAGiMIOTMljbFOq8WU0NIM497e6nAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUYTODSS8sYkjJcvLKchx/WWm7S5kwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVQYIKwYBBQUHAQcBAf8ERjBEMEIEAgABMDwDBANgPsgD
BAGbdZ4DBAGbdbIDBAOnlFADBACnlMYDBACnlMwDBACnlM8DBACnlNIDBASo3iAD
BAKo3nQwDQYJKoZIhvcNAQELBQADggEBAEu7WsPXzibHjykz4jFBAB7pc3pmNVgb
wvcNwP2GBTMl5pvgcSQZeeT0T1ngoJzAnRSBAbaTLVuWn1hWShj7Lu/HBxpUt6cY
Y8bxOSWJsRI/127/06BYLZLEJNoKDFEXPn+IM3HnCx4HMPR/18h0dQZJdn5WoHMP
1Nkr054xRsmMrf+HioXu6p7o2ucPK7Mv7aWP8rtrTgRKVw7Hw5zl6LHp+EOEuQ0y
Y/47NaBWoZ+FObO0q09b0TN+SJ2J7EGDITzxTqkyde1AlRejHozCJ+aZoqqPNXpy
4mER2xRA21Yw4T9gptTDzbqjxeLpKLvwpXfxZONHm5U17K8aiWLxQHE=
-----END CERTIFICATE-----
Generated at Wed Mar 25 21:32:09 2026 by rpki-client