Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
File: AS214025.roa (raw, json)
Hash identifier: vsKq4qfEEuJ9KoOljIMOCRw+/ja5YXiQ9WDzOhBMKoE=
Subject key identifier: 51:87:15:BA:EF:BA:B2:20:A1:A8:59:37:3F:7E:CE:28:73:CB:69:AC
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 770C002EB44FFBE2B44E60C018CB83CF7C82F7E8
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
Signing time: Thu 26 Mar 2026 02:39:55 +0000
ROA not before: Thu 26 Mar 2026 02:34:55 +0000
ROA not after: Thu 25 Mar 2027 02:39:55 +0000
asID: 214025
IP address blocks: 140.150.224.0/24 maxlen: 24
140.150.239.0/24 maxlen: 24
140.233.174.0/24 maxlen: 24
140.233.187.0/24 maxlen: 24
146.103.52.0/24 maxlen: 24
150.241.138.0/24 maxlen: 24
162.141.67.0/24 maxlen: 24
168.222.14.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 09:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
77:0c:00:2e:b4:4f:fb:e2:b4:4e:60:c0:18:cb:83:cf:7c:82:f7:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Mar 26 02:34:55 2026 GMT
Not After : Mar 25 02:39:55 2027 GMT
Subject: CN=518715BAEFBAB220A1A859373F7ECE2873CB69AC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:ef:d3:29:ee:4e:a8:a5:3b:9a:0d:26:66:2c:
47:38:a4:4a:25:04:9c:c7:c7:37:c1:3d:ff:f3:c9:
d2:9c:4a:03:5d:ac:5e:e1:65:26:82:1d:ef:b6:a1:
d6:2c:12:b1:1e:98:7e:69:65:b3:63:3d:2e:4c:81:
80:bf:86:10:8a:e3:7a:d9:e2:5f:da:6d:3c:da:23:
d4:ae:76:8e:e1:e9:b5:99:90:b7:7c:0f:2f:44:8d:
23:39:0c:5a:c6:16:b5:7f:ad:df:0a:b6:cb:13:6e:
22:8b:59:54:84:6d:87:58:3d:ef:b2:6e:95:64:3c:
1b:c9:e4:5b:4d:3f:a3:57:98:87:f1:7f:8c:12:0d:
e3:83:5b:ac:b3:c6:8b:32:32:8a:88:4b:81:32:11:
d0:fe:e6:fd:09:2b:ff:61:01:41:49:30:ef:a3:73:
d5:d1:3b:5e:89:92:68:65:92:b8:d5:95:c1:e6:54:
cc:c1:4c:03:65:05:51:c2:59:19:2e:70:ba:e1:ad:
fc:43:12:fd:71:c8:c1:b8:f9:eb:f9:d7:be:d4:92:
3f:9b:d0:e0:c7:fa:4f:9c:c0:fe:8e:3c:04:2a:4a:
be:80:9b:97:fc:1c:ad:c5:fd:ce:0b:c9:c7:94:6e:
a1:14:5d:00:c8:50:18:7f:97:bd:f7:e8:ee:15:e3:
f2:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:87:15:BA:EF:BA:B2:20:A1:A8:59:37:3F:7E:CE:28:73:CB:69:AC
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.150.224.0/24
140.150.239.0/24
140.233.174.0/24
140.233.187.0/24
146.103.52.0/24
150.241.138.0/24
162.141.67.0/24
168.222.14.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:1a:5e:a7:b5:58:4d:24:3e:ed:04:0e:73:48:e1:5c:23:a6:
90:0a:42:de:44:65:03:75:70:57:22:20:b2:e6:c5:43:66:04:
e1:b1:8a:47:b5:f7:a4:d3:49:88:65:27:68:af:f2:9c:1a:35:
00:21:be:6b:2c:81:33:82:63:be:42:e2:23:1b:66:e2:70:57:
e3:37:54:cc:de:b7:fe:dc:c0:6d:ec:c7:d9:91:fa:f8:56:42:
eb:c7:6a:30:bd:ee:cb:6f:13:73:b4:b7:3b:1c:fe:05:a6:77:
f3:06:15:85:4e:21:b9:d1:53:55:55:0c:f5:92:75:93:83:8b:
85:97:56:c2:0a:5f:c4:bc:51:6d:02:94:55:91:f8:1f:92:88:
df:ae:fb:89:5e:f3:67:c1:4d:6d:bd:95:d7:4f:a1:1a:d1:4b:
4f:31:21:ea:31:37:22:28:da:e5:f2:fe:c2:d0:9a:47:4b:c2:
75:84:18:63:9c:70:04:f2:5f:1e:7e:5e:29:7b:7f:b9:19:97:
80:5c:02:b0:60:4f:17:28:55:b3:87:1d:49:87:5d:25:97:7a:
e3:d3:65:94:f9:f5:33:5e:61:cc:92:46:2b:84:98:82:7c:7e:
3c:29:51:be:86:78:78:c9:e9:55:9a:f6:3f:11:7a:51:77:a0:
34:12:c3:fd
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUdwwALrRP++K0TmDAGMuDz3yC9+gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjYwMjM0NTVaFw0yNzAzMjUwMjM5NTVaMDMxMTAvBgNV
BAMTKDUxODcxNUJBRUZCQUIyMjBBMUE4NTkzNzNGN0VDRTI4NzNDQjY5QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCT79Mp7k6opTuaDSZmLEc4pEol
BJzHxzfBPf/zydKcSgNdrF7hZSaCHe+2odYsErEemH5pZbNjPS5MgYC/hhCK43rZ
4l/abTzaI9Sudo7h6bWZkLd8Dy9EjSM5DFrGFrV/rd8KtssTbiKLWVSEbYdYPe+y
bpVkPBvJ5FtNP6NXmIfxf4wSDeODW6yzxosyMoqIS4EyEdD+5v0JK/9hAUFJMO+j
c9XRO16JkmhlkrjVlcHmVMzBTANlBVHCWRkucLrhrfxDEv1xyMG4+ev5177Ukj+b
0ODH+k+cwP6OPAQqSr6Am5f8HK3F/c4LyceUbqEUXQDIUBh/l7336O4V4/KpAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUUYcVuu+6siChqFk3P37OKHPLaawwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAjJbg
AwQAjJbvAwQAjOmuAwQAjOm7AwQAkmc0AwQAlvGKAwQAoo1DAwQAqN4OMA0GCSqG
SIb3DQEBCwUAA4IBAQANGl6ntVhNJD7tBA5zSOFcI6aQCkLeRGUDdXBXIiCy5sVD
ZgThsYpHtfek00mIZSdor/KcGjUAIb5rLIEzgmO+QuIjG2bicFfjN1TM3rf+3MBt
7MfZkfr4VkLrx2owve7LbxNztLc7HP4FpnfzBhWFTiG50VNVVQz1knWTg4uFl1bC
Cl/EvFFtApRVkfgfkojfrvuJXvNnwU1tvZXXT6Ea0UtPMSHqMTciKNrl8v7C0JpH
S8J1hBhjnHAE8l8efl4pe3+5GZeAXAKwYE8XKFWzhx1Jh10ll3rj02WU+fUzXmHM
kkYrhJiCfH48KVG+hnh4yelVmvY/EXpRd6A0EsP9
-----END CERTIFICATE-----
Generated at Thu Mar 26 13:49:35 2026 by rpki-client