
Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: YghPPN6Z+Ikq0qfF4Hix/ip9C9PelYm1dKzmuHRgR7Y=
Subject key identifier: 51:D3:80:D7:6A:80:CA:67:D7:AC:90:38:31:14:54:FE:C0:69:B6:D6
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 128EF57FB8B01C0BE51CCDC57AC0CAB889A80654
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
Signing time: Thu 09 Oct 2025 13:35:08 +0000
ROA not before: Thu 09 Oct 2025 13:30:08 +0000
ROA not after: Thu 08 Oct 2026 13:35:08 +0000
asID: 20473
IP address blocks: 150.241.208.0/24 maxlen: 24
150.241.216.0/21 maxlen: 24
150.241.234.0/24 maxlen: 24
162.141.12.0/24 maxlen: 24
167.148.177.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
12:8e:f5:7f:b8:b0:1c:0b:e5:1c:cd:c5:7a:c0:ca:b8:89:a8:06:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 9 13:30:08 2025 GMT
Not After : Oct 8 13:35:08 2026 GMT
Subject: CN=51D380D76A80CA67D7AC9038311454FEC069B6D6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:9d:1e:63:ee:61:ab:39:e9:b7:4d:36:67:0a:
84:9a:16:f4:f6:fe:79:a1:aa:05:3f:24:f4:50:a3:
03:7a:4f:1e:76:b5:60:12:73:4e:e4:7c:45:de:93:
b3:13:98:88:d8:45:0b:16:6f:ae:7f:18:e2:66:8e:
f3:4e:c4:aa:00:76:98:93:11:f1:08:ea:37:32:e6:
dd:33:85:b7:92:4e:23:6b:92:ff:2c:73:db:da:35:
96:ab:4f:25:d8:0e:af:75:12:6a:99:25:dc:de:a1:
b1:45:46:7d:b2:a0:e4:ae:af:d6:e7:b5:77:00:02:
cd:a0:6f:14:a1:4b:d1:27:3d:11:05:bc:45:18:25:
04:77:90:f0:29:e6:ed:b7:e4:ae:f3:be:18:77:28:
84:61:f0:0f:e1:b9:27:4d:bd:cc:e6:61:1a:fb:a1:
ea:3d:f7:ec:91:23:95:d6:7a:7b:42:d5:9e:69:22:
1e:7d:bc:c8:f1:6b:1f:17:be:c6:e9:3d:b4:05:74:
15:e8:1b:9a:c2:f6:9d:fe:2a:cc:9e:6c:bd:e2:8a:
db:ac:c4:3b:fa:ca:d8:8e:92:05:a6:1d:2b:87:55:
0b:44:d5:20:2d:e3:55:5e:fb:ca:aa:3c:28:1d:c3:
bd:73:ae:88:d2:46:0a:0b:8f:1f:e2:a4:c5:3e:3e:
dc:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:D3:80:D7:6A:80:CA:67:D7:AC:90:38:31:14:54:FE:C0:69:B6:D6
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
150.241.208.0/24
150.241.216.0/21
150.241.234.0/24
162.141.12.0/24
167.148.177.0/24
Signature Algorithm: sha256WithRSAEncryption
47:1c:3d:0d:48:c2:a2:8e:5c:0c:0e:4f:4c:a3:5b:f5:10:07:
84:f9:30:25:04:37:cf:26:53:c9:58:d9:fe:e8:8d:ec:83:03:
ff:72:de:29:80:26:d9:06:2e:41:39:40:d1:78:98:1c:ca:77:
74:a5:88:74:18:f6:f6:77:e9:8c:37:41:f1:87:af:f5:a7:d4:
bb:9e:40:a1:ee:96:a5:5c:72:3d:ac:a1:72:c2:2d:ed:b0:c1:
fd:fc:cf:51:4c:f2:bc:9a:c0:43:2c:e0:2c:eb:1a:80:60:cb:
cd:44:a6:6f:45:81:f8:85:2b:ba:78:a3:5e:a3:1a:f8:80:ae:
6d:86:f1:61:cb:97:17:09:90:ac:5b:ed:7a:26:86:80:eb:e1:
1c:f9:74:0a:9d:a6:0c:db:30:e5:cb:ba:3a:95:4b:9c:7d:c6:
0a:93:9a:23:6c:d0:99:33:4d:16:a7:df:6d:5d:45:53:9d:89:
17:8b:2b:23:f8:a3:e7:eb:15:95:e7:1a:a4:83:b3:d4:1b:9d:
22:49:f4:fd:28:57:49:89:2b:74:14:0a:97:c6:32:17:15:f8:
38:b2:01:8e:c5:75:d6:06:26:c5:9b:3b:9e:95:be:ac:fa:57:
81:20:ac:38:b8:02:eb:c0:5b:42:c4:6f:00:32:fb:3c:14:6d:
9e:4b:4d:4f
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUEo71f7iwHAvlHM3FesDKuImoBlQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMDkxMzMwMDhaFw0yNjEwMDgxMzM1MDhaMDMxMTAvBgNV
BAMTKDUxRDM4MEQ3NkE4MENBNjdEN0FDOTAzODMxMTQ1NEZFQzA2OUI2RDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnnR5j7mGrOem3TTZnCoSaFvT2
/nmhqgU/JPRQowN6Tx52tWASc07kfEXek7MTmIjYRQsWb65/GOJmjvNOxKoAdpiT
EfEI6jcy5t0zhbeSTiNrkv8sc9vaNZarTyXYDq91EmqZJdzeobFFRn2yoOSur9bn
tXcAAs2gbxShS9EnPREFvEUYJQR3kPAp5u235K7zvhh3KIRh8A/huSdNvczmYRr7
oeo99+yRI5XWentC1Z5pIh59vMjxax8XvsbpPbQFdBXoG5rC9p3+KsyebL3iitus
xDv6ytiOkgWmHSuHVQtE1SAt41Ve+8qqPCgdw71zrojSRgoLjx/ipMU+PtydAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQUUdOA12qAymfXrJA4MRRU/sBpttYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBACW8dAD
BAOW8dgDBACW8eoDBACijQwDBACnlLEwDQYJKoZIhvcNAQELBQADggEBAEccPQ1I
wqKOXAwOT0yjW/UQB4T5MCUEN88mU8lY2f7ojeyDA/9y3imAJtkGLkE5QNF4mBzK
d3SliHQY9vZ36Yw3QfGHr/Wn1LueQKHulqVccj2soXLCLe2wwf38z1FM8ryawEMs
4CzrGoBgy81Epm9FgfiFK7p4o16jGviArm2G8WHLlxcJkKxb7XomhoDr4Rz5dAqd
pgzbMOXLujqVS5x9xgqTmiNs0JkzTRan321dRVOdiReLKyP4o+frFZXnGqSDs9Qb
nSJJ9P0oV0mJK3QUCpfGMhcV+DiyAY7FddYGJsWbO56Vvqz6V4EgrDi4AuvAW0LE
bwAy+zwUbZ5LTU8=
-----END CERTIFICATE-----
Generated at Mon Oct 20 19:42:50 2025 by rpki-client