Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20738.roa
File: AS20738.roa (raw, json)
Hash identifier: FiQoqLEOZcBtSUQ2PgqBLJPIJTGN0WbT14Pl5gIrH7M=
Subject key identifier: 06:27:DD:D9:ED:D9:DF:E0:14:51:36:F2:F8:A0:ED:65:A2:22:3E:68
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 20FD6A01EC6AC0B121AAC9BA3101332D3021A15A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20738.roa
Signing time: Wed 06 May 2026 13:29:30 +0000
ROA not before: Wed 06 May 2026 13:24:30 +0000
ROA not after: Wed 05 May 2027 13:29:30 +0000
asID: 20738
IP address blocks: 145.223.43.0/24 maxlen: 24
145.223.46.0/24 maxlen: 24
145.223.48.0/24 maxlen: 24
145.223.49.0/24 maxlen: 24
146.103.2.0/24 maxlen: 24
146.103.3.0/24 maxlen: 24
146.103.56.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:fd:6a:01:ec:6a:c0:b1:21:aa:c9:ba:31:01:33:2d:30:21:a1:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: May 6 13:24:30 2026 GMT
Not After : May 5 13:29:30 2027 GMT
Subject: CN=0627DDD9EDD9DFE0145136F2F8A0ED65A2223E68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:59:2a:bb:c4:e2:31:d0:f2:df:21:b8:63:2c:
50:46:ac:18:4e:e2:0d:d2:34:a5:6c:18:f4:30:0d:
ab:d4:9d:a8:27:aa:3b:5e:0d:82:6d:70:9c:ab:4d:
9a:bb:a9:88:79:74:1f:c8:e0:1b:dd:c3:56:7e:a4:
75:f7:67:88:b0:52:e5:25:ee:f4:35:f8:1a:5f:7d:
14:fc:26:de:df:86:36:f4:8b:5d:26:5e:d8:aa:3d:
ea:6a:da:78:d9:db:24:e5:52:25:58:2e:46:04:83:
be:c8:19:f0:7e:fd:4d:bb:07:a4:86:6f:94:8d:8a:
be:55:5f:19:ca:8e:99:c1:b7:37:20:89:8a:d3:8a:
89:1f:4c:01:a9:eb:23:23:18:ab:a2:da:16:db:b8:
5d:d4:7c:e7:55:f6:e5:66:79:a9:d2:77:fb:ba:79:
fa:a2:cc:68:81:0e:d1:02:13:46:88:fa:87:1f:48:
a2:ea:0f:ed:84:09:5a:8d:92:0a:44:db:cd:ba:7f:
99:f1:9a:eb:45:55:f0:fd:de:d5:bf:db:f6:86:86:
a4:8c:c4:59:2f:a2:f3:45:65:33:17:c8:96:3e:a7:
f6:3a:9d:ce:0f:7d:57:ad:18:69:51:c2:5f:91:70:
11:d3:ff:e4:53:df:0f:90:75:d4:e4:20:77:b5:4c:
64:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:27:DD:D9:ED:D9:DF:E0:14:51:36:F2:F8:A0:ED:65:A2:22:3E:68
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20738.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.223.43.0/24
145.223.46.0/24
145.223.48.0/23
146.103.2.0/23
146.103.56.0/24
Signature Algorithm: sha256WithRSAEncryption
65:0b:98:ee:b1:a5:bc:c5:55:20:ab:0f:a9:24:11:67:cb:5f:
75:9f:be:fe:0c:41:9c:6c:87:82:0e:54:8e:43:41:12:f1:2b:
15:43:bd:06:71:63:45:e3:ae:fc:ae:bf:ff:e7:38:cf:e7:c9:
b4:e5:2c:3e:b1:29:27:7f:c4:fe:c7:77:89:67:77:f6:36:22:
72:87:5c:01:28:1e:3b:50:44:c0:1e:f0:d2:08:fa:0c:e9:39:
fd:bc:28:ae:73:b4:96:07:36:f3:04:b9:6f:f8:06:9c:a9:45:
88:b7:14:5c:e8:41:94:ee:31:55:0c:95:49:6c:9a:13:95:28:
9a:25:34:85:e4:f0:cb:45:f3:72:fc:ab:e2:67:c7:9d:cf:7c:
9d:96:ca:0c:e1:2a:6e:64:99:cd:bc:3e:be:0f:fb:2b:15:71:
36:cf:20:47:d0:ce:cf:e1:4c:7c:3b:23:20:bc:5a:2a:e0:9c:
66:12:2c:84:7d:83:0d:d8:88:f6:48:78:fb:d3:03:72:30:13:
73:26:72:86:55:19:b3:a5:6f:8d:f7:bd:fd:84:db:cd:6b:06:
f4:09:9e:dd:c2:29:04:62:4f:d1:3e:a2:7b:33:3a:7f:97:be:
13:5c:a1:e6:26:8e:b9:9b:9d:13:52:f9:f2:e1:61:ff:71:8d:
87:da:2c:95
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIUIP1qAexqwLEhqsm6MQEzLTAhoVowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MDYxMzI0MzBaFw0yNzA1MDUxMzI5MzBaMDMxMTAvBgNV
BAMTKDA2MjdEREQ5RUREOURGRTAxNDUxMzZGMkY4QTBFRDY1QTIyMjNFNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaWSq7xOIx0PLfIbhjLFBGrBhO
4g3SNKVsGPQwDavUnagnqjteDYJtcJyrTZq7qYh5dB/I4Bvdw1Z+pHX3Z4iwUuUl
7vQ1+BpffRT8Jt7fhjb0i10mXtiqPepq2njZ2yTlUiVYLkYEg77IGfB+/U27B6SG
b5SNir5VXxnKjpnBtzcgiYrTiokfTAGp6yMjGKui2hbbuF3UfOdV9uVmeanSd/u6
efqizGiBDtECE0aI+ocfSKLqD+2ECVqNkgpE2826f5nxmutFVfD93tW/2/aGhqSM
xFkvovNFZTMXyJY+p/Y6nc4PfVetGGlRwl+RcBHT/+RT3w+QddTkIHe1TGSbAgMB
AAGjggIhMIICHTAdBgNVHQ4EFgQUBifd2e3Z3+AUUTby+KDtZaIiPmgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA3Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBACR3ysD
BACR3y4DBAGR3zADBAGSZwIDBACSZzgwDQYJKoZIhvcNAQELBQADggEBAGULmO6x
pbzFVSCrD6kkEWfLX3Wfvv4MQZxsh4IOVI5DQRLxKxVDvQZxY0Xjrvyuv//nOM/n
ybTlLD6xKSd/xP7Hd4lnd/Y2InKHXAEoHjtQRMAe8NII+gzpOf28KK5ztJYHNvME
uW/4BpypRYi3FFzoQZTuMVUMlUlsmhOVKJolNIXk8MtF83L8q+Jnx53PfJ2Wygzh
Km5kmc28Pr4P+ysVcTbPIEfQzs/hTHw7IyC8WirgnGYSLIR9gw3YiPZIePvTA3Iw
E3MmcoZVGbOlb433vf2E281rBvQJnt3CKQRiT9E+onszOn+XvhNcoeYmjrmbnRNS
+fLhYf9xjYfaLJU=
-----END CERTIFICATE-----
Generated at Tue May 12 21:54:00 2026 by rpki-client