Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS2914.roa
File: AS2914.roa (raw, json)
Hash identifier: 3RkDYmuo0GyAo2LCRZw6a+pHe2ibDo2Iy5k9enEz03U=
Subject key identifier: E8:3F:D4:F6:58:BC:0A:9F:B8:EF:E3:83:22:DB:7A:74:4B:85:8B:00
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 09355FDFC22A8DAB6752C9C0F4219D4981D2473E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS2914.roa
Signing time: Tue 12 Aug 2025 00:01:57 +0000
ROA not before: Mon 11 Aug 2025 23:56:57 +0000
ROA not after: Tue 11 Aug 2026 00:01:57 +0000
asID: 2914
IP address blocks: 143.14.60.0/24 maxlen: 24
143.14.61.0/24 maxlen: 24
143.14.72.0/24 maxlen: 24
143.14.84.0/24 maxlen: 24
143.14.85.0/24 maxlen: 24
143.14.92.0/24 maxlen: 24
143.14.108.0/24 maxlen: 24
143.14.109.0/24 maxlen: 24
143.14.152.0/24 maxlen: 24
143.14.154.0/24 maxlen: 24
155.117.101.0/24 maxlen: 24
155.117.104.0/24 maxlen: 24
155.117.160.0/24 maxlen: 24
155.117.171.0/24 maxlen: 24
155.117.186.0/24 maxlen: 24
162.141.16.0/24 maxlen: 24
162.141.18.0/24 maxlen: 24
162.141.20.0/24 maxlen: 24
162.141.21.0/24 maxlen: 24
162.141.36.0/24 maxlen: 24
162.141.44.0/24 maxlen: 24
162.141.45.0/24 maxlen: 24
162.141.46.0/24 maxlen: 24
162.141.47.0/24 maxlen: 24
162.141.50.0/24 maxlen: 24
162.141.53.0/24 maxlen: 24
162.141.66.0/24 maxlen: 24
162.141.67.0/24 maxlen: 24
162.141.70.0/24 maxlen: 24
162.141.80.0/24 maxlen: 24
162.141.81.0/24 maxlen: 24
162.141.82.0/24 maxlen: 24
162.141.88.0/24 maxlen: 24
162.141.89.0/24 maxlen: 24
162.141.90.0/24 maxlen: 24
162.141.92.0/24 maxlen: 24
162.141.93.0/24 maxlen: 24
162.141.97.0/24 maxlen: 24
162.141.98.0/24 maxlen: 24
162.141.99.0/24 maxlen: 24
162.141.100.0/24 maxlen: 24
162.141.102.0/24 maxlen: 24
162.141.113.0/24 maxlen: 24
162.141.115.0/24 maxlen: 24
162.141.116.0/24 maxlen: 24
162.141.132.0/24 maxlen: 24
162.141.142.0/24 maxlen: 24
162.141.143.0/24 maxlen: 24
162.141.152.0/24 maxlen: 24
162.141.154.0/24 maxlen: 24
162.141.162.0/24 maxlen: 24
162.141.163.0/24 maxlen: 24
162.141.167.0/24 maxlen: 24
162.141.176.0/24 maxlen: 24
162.141.177.0/24 maxlen: 24
162.141.182.0/24 maxlen: 24
167.148.6.0/24 maxlen: 24
167.148.7.0/24 maxlen: 24
167.148.9.0/24 maxlen: 24
167.148.11.0/24 maxlen: 24
167.148.13.0/24 maxlen: 24
167.148.31.0/24 maxlen: 24
167.148.32.0/24 maxlen: 24
167.148.34.0/24 maxlen: 24
167.148.40.0/24 maxlen: 24
167.148.43.0/24 maxlen: 24
167.148.47.0/24 maxlen: 24
167.148.71.0/24 maxlen: 24
167.148.72.0/24 maxlen: 24
167.148.73.0/24 maxlen: 24
167.148.74.0/24 maxlen: 24
167.148.96.0/24 maxlen: 24
167.148.101.0/24 maxlen: 24
167.148.103.0/24 maxlen: 24
167.148.107.0/24 maxlen: 24
167.148.113.0/24 maxlen: 24
167.148.114.0/24 maxlen: 24
167.148.124.0/24 maxlen: 24
167.148.129.0/24 maxlen: 24
167.148.132.0/24 maxlen: 24
167.148.133.0/24 maxlen: 24
167.148.137.0/24 maxlen: 24
167.148.142.0/24 maxlen: 24
167.148.143.0/24 maxlen: 24
167.148.146.0/24 maxlen: 24
167.148.149.0/24 maxlen: 24
167.148.151.0/24 maxlen: 24
167.148.155.0/24 maxlen: 24
167.148.160.0/24 maxlen: 24
167.148.174.0/24 maxlen: 24
167.148.175.0/24 maxlen: 24
167.148.176.0/24 maxlen: 24
167.148.190.0/24 maxlen: 24
167.148.197.0/24 maxlen: 24
167.148.209.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:35:5f:df:c2:2a:8d:ab:67:52:c9:c0:f4:21:9d:49:81:d2:47:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Aug 11 23:56:57 2025 GMT
Not After : Aug 11 00:01:57 2026 GMT
Subject: CN=E83FD4F658BC0A9FB8EFE38322DB7A744B858B00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:37:81:5a:67:4e:83:61:ff:ed:ef:e0:f4:dd:
dd:ea:71:18:44:0e:74:76:d2:68:7e:2b:46:cd:cb:
6c:4b:26:b3:4c:7c:44:77:f1:3c:66:0c:8d:50:4f:
e6:a0:60:cc:bb:d6:e5:52:b2:12:f9:be:8e:d8:71:
a5:75:2f:e9:54:22:72:15:aa:74:bd:c7:b8:7a:f1:
40:48:f1:d9:81:fb:8f:48:42:8e:d9:ff:85:1f:a9:
1a:de:73:71:1f:fc:7e:56:61:4f:6a:4a:76:1d:28:
dd:ad:da:e6:4d:61:aa:3f:2c:cd:4d:f8:67:76:11:
81:c0:1c:b8:1c:d3:d6:18:f5:6d:ac:75:80:1a:23:
6f:42:49:44:e1:a5:44:f1:32:67:62:f7:46:e9:28:
cd:2e:f4:c1:75:fe:b9:4f:28:12:bf:19:a4:f5:01:
5f:77:d3:b5:4c:2d:86:4f:41:c5:77:40:5b:01:98:
4d:25:42:76:46:7f:22:1b:a4:c3:fe:82:1f:05:d3:
b2:98:d9:7b:75:01:31:e3:06:41:db:3a:50:7d:b3:
b5:3c:2b:e0:41:dd:83:47:13:35:00:e6:65:b9:6b:
64:de:7e:8e:54:c5:37:3c:39:98:7d:17:8a:6d:df:
e5:5d:ec:82:f6:7f:b2:36:03:ed:47:af:7c:4b:e0:
f8:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:3F:D4:F6:58:BC:0A:9F:B8:EF:E3:83:22:DB:7A:74:4B:85:8B:00
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS2914.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.60.0/23
143.14.72.0/24
143.14.84.0/23
143.14.92.0/24
143.14.108.0/23
143.14.152.0/24
143.14.154.0/24
155.117.101.0/24
155.117.104.0/24
155.117.160.0/24
155.117.171.0/24
155.117.186.0/24
162.141.16.0/24
162.141.18.0/24
162.141.20.0/23
162.141.36.0/24
162.141.44.0/22
162.141.50.0/24
162.141.53.0/24
162.141.66.0/23
162.141.70.0/24
162.141.80.0-162.141.82.255
162.141.88.0-162.141.90.255
162.141.92.0/23
162.141.97.0-162.141.100.255
162.141.102.0/24
162.141.113.0/24
162.141.115.0-162.141.116.255
162.141.132.0/24
162.141.142.0/23
162.141.152.0/24
162.141.154.0/24
162.141.162.0/23
162.141.167.0/24
162.141.176.0/23
162.141.182.0/24
167.148.6.0/23
167.148.9.0/24
167.148.11.0/24
167.148.13.0/24
167.148.31.0-167.148.32.255
167.148.34.0/24
167.148.40.0/24
167.148.43.0/24
167.148.47.0/24
167.148.71.0-167.148.74.255
167.148.96.0/24
167.148.101.0/24
167.148.103.0/24
167.148.107.0/24
167.148.113.0-167.148.114.255
167.148.124.0/24
167.148.129.0/24
167.148.132.0/23
167.148.137.0/24
167.148.142.0/23
167.148.146.0/24
167.148.149.0/24
167.148.151.0/24
167.148.155.0/24
167.148.160.0/24
167.148.174.0-167.148.176.255
167.148.190.0/24
167.148.197.0/24
167.148.209.0/24
Signature Algorithm: sha256WithRSAEncryption
07:c3:c5:14:0d:e3:be:02:cc:26:b7:a4:74:40:6e:bd:96:6f:
37:90:24:d0:42:d8:0c:42:43:bd:bf:c9:16:9c:9b:8b:a6:13:
12:97:d9:7c:e0:24:f1:d7:a8:1d:3b:dd:f7:f5:ce:ef:61:91:
01:12:d6:6c:eb:c6:37:34:7b:6e:de:ee:59:73:b5:22:2a:fb:
69:c1:fd:c5:05:92:34:ce:c7:11:3a:96:85:11:cf:f8:e6:ab:
12:82:38:0b:54:89:68:c1:62:c9:02:59:8a:ab:30:0b:2f:74:
a2:da:53:e6:37:d6:49:cb:ee:65:e6:2c:a7:37:ce:0e:26:5b:
bc:8b:28:34:fd:8c:70:99:21:74:2b:c6:ad:25:76:e9:ad:ef:
81:2b:95:a7:28:1d:28:b2:6e:03:1d:52:5e:47:71:b5:53:3a:
a4:f2:0a:8e:ed:36:77:f1:6f:cd:8d:7b:8b:1a:19:e8:9e:3a:
56:1f:37:98:cc:23:02:fa:5e:dc:d3:92:46:0e:b7:71:75:42:
4b:0d:c1:11:25:36:8e:bf:a1:f2:b4:a9:d4:49:94:2a:1a:6b:
09:d2:f1:24:40:79:07:17:f3:af:ba:f6:f9:9b:d0:52:07:85:
92:cf:4d:08:ac:85:72:40:e2:b0:99:32:f7:da:8c:2c:67:c3:
d1:46:a1:95
-----BEGIN CERTIFICATE-----
MIIGyDCCBbCgAwIBAgIUCTVf38IqjatnUsnA9CGdSYHSRz4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MTEyMzU2NTdaFw0yNjA4MTEwMDAxNTdaMDMxMTAvBgNV
BAMTKEU4M0ZENEY2NThCQzBBOUZCOEVGRTM4MzIyREI3QTc0NEI4NThCMDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCN4FaZ06DYf/t7+D03d3qcRhE
DnR20mh+K0bNy2xLJrNMfER38TxmDI1QT+agYMy71uVSshL5vo7YcaV1L+lUInIV
qnS9x7h68UBI8dmB+49IQo7Z/4UfqRrec3Ef/H5WYU9qSnYdKN2t2uZNYao/LM1N
+Gd2EYHAHLgc09YY9W2sdYAaI29CSUThpUTxMmdi90bpKM0u9MF1/rlPKBK/GaT1
AV9307VMLYZPQcV3QFsBmE0lQnZGfyIbpMP+gh8F07KY2Xt1ATHjBkHbOlB9s7U8
K+BB3YNHEzUA5mW5a2Tefo5UxTc8OZh9F4pt3+Vd7IL2f7I2A+1Hr3xL4PgLAgMB
AAGjggPSMIIDzjAdBgNVHQ4EFgQU6D/U9li8Cp+47+ODItt6dEuFiwAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjkxNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAecGCCsGAQUFBwEHAQH/BIIB1jCCAdIwggHOBAIAATCC
AcYDBAGPDjwDBACPDkgDBAGPDlQDBACPDlwDBAGPDmwDBACPDpgDBACPDpoDBACb
dWUDBACbdWgDBACbdaADBACbdasDBACbdboDBACijRADBACijRIDBAGijRQDBACi
jSQDBAKijSwDBACijTIDBACijTUDBAGijUIDBACijUYwDAMEBKKNUAMEAKKNUjAM
AwQDoo1YAwQAoo1aAwQBoo1cMAwDBACijWEDBACijWQDBACijWYDBACijXEwDAME
AKKNcwMEAKKNdAMEAKKNhAMEAaKNjgMEAKKNmAMEAKKNmgMEAaKNogMEAKKNpwME
AaKNsAMEAKKNtgMEAaeUBgMEAKeUCQMEAKeUCwMEAKeUDTAMAwQAp5QfAwQAp5Qg
AwQAp5QiAwQAp5QoAwQAp5QrAwQAp5QvMAwDBACnlEcDBACnlEoDBACnlGADBACn
lGUDBACnlGcDBACnlGswDAMEAKeUcQMEAKeUcgMEAKeUfAMEAKeUgQMEAaeUhAME
AKeUiQMEAaeUjgMEAKeUkgMEAKeUlQMEAKeUlwMEAKeUmwMEAKeUoDAMAwQBp5Su
AwQAp5SwAwQAp5S+AwQAp5TFAwQAp5TRMA0GCSqGSIb3DQEBCwUAA4IBAQAHw8UU
DeO+Aswmt6R0QG69lm83kCTQQtgMQkO9v8kWnJuLphMSl9l84CTx16gdO9339c7v
YZEBEtZs68Y3NHtu3u5Zc7UiKvtpwf3FBZI0zscROpaFEc/45qsSgjgLVIlowWLJ
AlmKqzALL3Si2lPmN9ZJy+5l5iynN84OJlu8iyg0/YxwmSF0K8atJXbpre+BK5Wn
KB0osm4DHVJeR3G1Uzqk8gqO7TZ38W/NjXuLGhnonjpWHzeYzCMC+l7c05JGDrdx
dUJLDcERJTaOv6HytKnUSZQqGmsJ0vEkQHkHF/Ovuvb5m9BSB4WSz00IrIVyQOKw
mTL32owsZ8PRRqGV
-----END CERTIFICATE-----
Generated at Sat Aug 23 12:52:23 2025 by rpki-client