Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20648.roa
File: AS20648.roa (raw, json)
Hash identifier: E17nT1F53u0/HCn4eVfGA/JBFdk+X+O3eNK45yTBkLw=
Subject key identifier: B4:9B:96:1E:8B:65:7D:10:43:1A:B3:F6:C8:66:6B:58:73:12:B1:E9
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 5BC7FB5F2DB63E7E948A55C8AF9F1B370AE1CCB5
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20648.roa
Signing time: Tue 23 Sep 2025 08:28:20 +0000
ROA not before: Tue 23 Sep 2025 08:23:20 +0000
ROA not after: Tue 22 Sep 2026 08:28:20 +0000
asID: 20648
IP address blocks: 96.62.242.0/24 maxlen: 24
96.62.244.0/24 maxlen: 24
150.241.252.0/24 maxlen: 24
155.117.225.0/24 maxlen: 24
167.148.115.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:c7:fb:5f:2d:b6:3e:7e:94:8a:55:c8:af:9f:1b:37:0a:e1:cc:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Sep 23 08:23:20 2025 GMT
Not After : Sep 22 08:28:20 2026 GMT
Subject: CN=B49B961E8B657D10431AB3F6C8666B587312B1E9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:12:9e:49:32:ce:94:75:c1:a9:db:d7:a1:e1:
0b:57:08:8d:55:68:f6:f6:da:53:70:58:c7:b0:af:
c7:72:b0:2c:e6:a0:6d:d3:32:b3:1e:7d:cf:c2:c3:
9d:e0:44:12:8d:d5:53:63:79:50:ad:42:7c:b5:31:
ba:05:94:e0:75:16:be:7b:e8:21:5b:9a:8d:67:cf:
df:76:ac:f4:df:8c:9b:b9:5c:3b:fb:44:9b:3d:62:
2f:73:d3:65:d3:45:9d:2d:20:85:a8:7f:77:3d:e4:
f5:c1:e8:5f:43:b2:1f:65:f4:f7:14:4d:42:95:52:
6a:31:74:6a:08:48:e2:a8:32:d8:c4:b5:7f:04:56:
61:c9:20:60:83:c9:e7:a9:2b:e3:85:23:40:77:a8:
00:8d:7e:89:c2:62:99:54:a4:66:55:61:c7:c3:eb:
8b:41:37:f2:af:d5:fb:06:80:ce:65:93:ac:1e:a4:
fb:7c:4e:d7:91:89:20:a8:3b:15:6f:ee:03:35:4e:
08:ba:92:e9:3b:1e:2d:83:11:f9:fe:28:13:29:7e:
d9:90:65:3d:39:53:11:57:24:6f:b2:fc:a5:5c:cb:
08:dc:47:40:63:92:c9:3f:2f:06:40:4a:c4:01:28:
4d:79:fa:de:68:aa:b5:23:c2:17:bf:ec:f1:0b:c8:
91:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:9B:96:1E:8B:65:7D:10:43:1A:B3:F6:C8:66:6B:58:73:12:B1:E9
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20648.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.242.0/24
96.62.244.0/24
150.241.252.0/24
155.117.225.0/24
167.148.115.0/24
Signature Algorithm: sha256WithRSAEncryption
0a:c8:25:64:e3:ad:17:cd:71:af:d2:15:bb:13:d2:36:1f:1f:
f2:fa:a8:fb:7c:d9:50:70:40:53:de:ca:e7:31:53:17:39:55:
ac:89:2b:ad:c5:38:46:28:b5:ca:04:24:cc:8c:38:fd:3e:d3:
e9:69:84:10:49:29:f0:76:4f:e4:71:31:46:04:0a:b0:00:97:
db:ba:00:ce:dc:be:b3:7d:a8:f8:c1:b9:18:b0:02:12:94:88:
97:d7:d1:09:57:3d:2d:91:01:0d:b6:d3:42:13:b9:b0:f0:2d:
fb:9b:f9:60:97:26:b0:e9:54:71:76:a5:9d:3a:b4:1d:25:54:
a4:3b:bf:d2:f3:30:d1:df:10:fa:8f:08:b8:b7:e4:bf:25:53:
ff:47:9b:50:09:42:c0:94:54:7d:29:5b:29:bc:74:ea:85:f8:
28:8d:16:8c:3e:a8:9f:33:82:38:b8:ee:ec:66:27:9d:75:a7:
e0:f8:1a:91:c9:ca:d6:08:4c:79:9a:45:9a:e9:e5:cd:a9:98:
4c:1a:bd:4d:95:42:9b:9c:0e:4c:b4:29:52:30:8f:34:4f:17:
32:14:6b:42:c7:d7:53:03:a0:2a:a0:06:5c:1d:78:e9:f1:d7:
3a:be:91:99:9a:75:a5:7c:48:68:59:f2:8e:0d:ad:bd:ec:e8:
f3:83:be:14
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUW8f7Xy22Pn6UilXIr58bNwrhzLUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MjMwODIzMjBaFw0yNjA5MjIwODI4MjBaMDMxMTAvBgNV
BAMTKEI0OUI5NjFFOEI2NTdEMTA0MzFBQjNGNkM4NjY2QjU4NzMxMkIxRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFEp5JMs6UdcGp29eh4QtXCI1V
aPb22lNwWMewr8dysCzmoG3TMrMefc/Cw53gRBKN1VNjeVCtQny1MboFlOB1Fr57
6CFbmo1nz992rPTfjJu5XDv7RJs9Yi9z02XTRZ0tIIWof3c95PXB6F9Dsh9l9PcU
TUKVUmoxdGoISOKoMtjEtX8EVmHJIGCDyeepK+OFI0B3qACNfonCYplUpGZVYcfD
64tBN/Kv1fsGgM5lk6wepPt8TteRiSCoOxVv7gM1Tgi6kuk7Hi2DEfn+KBMpftmQ
ZT05UxFXJG+y/KVcywjcR0Bjksk/LwZASsQBKE15+t5oqrUjwhe/7PELyJGlAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQUtJuWHotlfRBDGrP2yGZrWHMSsekwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA2NDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBABgPvID
BABgPvQDBACW8fwDBACbdeEDBACnlHMwDQYJKoZIhvcNAQELBQADggEBAArIJWTj
rRfNca/SFbsT0jYfH/L6qPt82VBwQFPeyucxUxc5VayJK63FOEYotcoEJMyMOP0+
0+lphBBJKfB2T+RxMUYECrAAl9u6AM7cvrN9qPjBuRiwAhKUiJfX0QlXPS2RAQ22
00ITubDwLfub+WCXJrDpVHF2pZ06tB0lVKQ7v9LzMNHfEPqPCLi35L8lU/9Hm1AJ
QsCUVH0pWym8dOqF+CiNFow+qJ8zgji47uxmJ511p+D4GpHJytYITHmaRZrp5c2p
mEwavU2VQpucDky0KVIwjzRPFzIUa0LH11MDoCqgBlwdeOnx1zq+kZmadaV8SGhZ
8o4Nrb3s6PODvhQ=
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:06:51 2025 by rpki-client