Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS2914.roa
File: AS2914.roa (raw, json)
Hash identifier: Zem0N7mg3PDkbVHfNtXpR3ocEURXZsJTFG0GQ28nIWA=
Subject key identifier: A4:CC:1D:84:9B:D5:6B:B1:81:DA:5E:22:42:A2:58:14:84:AB:22:B9
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 3C13EB08FB49B75ED4D5406690C9E74F34163DE2
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS2914.roa
Signing time: Thu 09 Oct 2025 00:01:09 +0000
ROA not before: Wed 08 Oct 2025 23:56:09 +0000
ROA not after: Thu 08 Oct 2026 00:01:09 +0000
asID: 2914
IP address blocks: 143.14.60.0/24 maxlen: 24
143.14.61.0/24 maxlen: 24
143.14.72.0/24 maxlen: 24
143.14.84.0/24 maxlen: 24
143.14.85.0/24 maxlen: 24
143.14.92.0/24 maxlen: 24
143.14.108.0/24 maxlen: 24
143.14.109.0/24 maxlen: 24
143.14.152.0/24 maxlen: 24
143.14.154.0/24 maxlen: 24
155.117.101.0/24 maxlen: 24
155.117.104.0/24 maxlen: 24
155.117.160.0/24 maxlen: 24
155.117.171.0/24 maxlen: 24
155.117.186.0/24 maxlen: 24
162.141.16.0/24 maxlen: 24
162.141.18.0/24 maxlen: 24
162.141.20.0/24 maxlen: 24
162.141.21.0/24 maxlen: 24
162.141.44.0/24 maxlen: 24
162.141.45.0/24 maxlen: 24
162.141.46.0/24 maxlen: 24
162.141.47.0/24 maxlen: 24
162.141.50.0/24 maxlen: 24
162.141.53.0/24 maxlen: 24
162.141.67.0/24 maxlen: 24
162.141.70.0/24 maxlen: 24
162.141.80.0/24 maxlen: 24
162.141.81.0/24 maxlen: 24
162.141.82.0/24 maxlen: 24
162.141.89.0/24 maxlen: 24
162.141.90.0/24 maxlen: 24
162.141.92.0/24 maxlen: 24
162.141.93.0/24 maxlen: 24
162.141.97.0/24 maxlen: 24
162.141.98.0/24 maxlen: 24
162.141.99.0/24 maxlen: 24
162.141.100.0/24 maxlen: 24
162.141.102.0/24 maxlen: 24
162.141.113.0/24 maxlen: 24
162.141.115.0/24 maxlen: 24
162.141.116.0/24 maxlen: 24
162.141.132.0/24 maxlen: 24
162.141.142.0/24 maxlen: 24
162.141.143.0/24 maxlen: 24
162.141.152.0/24 maxlen: 24
162.141.154.0/24 maxlen: 24
162.141.162.0/24 maxlen: 24
162.141.163.0/24 maxlen: 24
162.141.167.0/24 maxlen: 24
162.141.176.0/24 maxlen: 24
162.141.177.0/24 maxlen: 24
162.141.182.0/24 maxlen: 24
167.148.6.0/24 maxlen: 24
167.148.7.0/24 maxlen: 24
167.148.9.0/24 maxlen: 24
167.148.11.0/24 maxlen: 24
167.148.13.0/24 maxlen: 24
167.148.31.0/24 maxlen: 24
167.148.32.0/24 maxlen: 24
167.148.34.0/24 maxlen: 24
167.148.40.0/24 maxlen: 24
167.148.43.0/24 maxlen: 24
167.148.47.0/24 maxlen: 24
167.148.71.0/24 maxlen: 24
167.148.72.0/24 maxlen: 24
167.148.73.0/24 maxlen: 24
167.148.74.0/24 maxlen: 24
167.148.96.0/24 maxlen: 24
167.148.101.0/24 maxlen: 24
167.148.103.0/24 maxlen: 24
167.148.107.0/24 maxlen: 24
167.148.113.0/24 maxlen: 24
167.148.114.0/24 maxlen: 24
167.148.124.0/24 maxlen: 24
167.148.129.0/24 maxlen: 24
167.148.132.0/24 maxlen: 24
167.148.133.0/24 maxlen: 24
167.148.137.0/24 maxlen: 24
167.148.142.0/24 maxlen: 24
167.148.143.0/24 maxlen: 24
167.148.146.0/24 maxlen: 24
167.148.149.0/24 maxlen: 24
167.148.151.0/24 maxlen: 24
167.148.155.0/24 maxlen: 24
167.148.160.0/24 maxlen: 24
167.148.174.0/24 maxlen: 24
167.148.175.0/24 maxlen: 24
167.148.176.0/24 maxlen: 24
167.148.190.0/24 maxlen: 24
167.148.197.0/24 maxlen: 24
167.148.209.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:13:eb:08:fb:49:b7:5e:d4:d5:40:66:90:c9:e7:4f:34:16:3d:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 8 23:56:09 2025 GMT
Not After : Oct 8 00:01:09 2026 GMT
Subject: CN=A4CC1D849BD56BB181DA5E2242A2581484AB22B9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:3b:e1:5f:2d:9f:bc:71:8c:93:ac:f7:d2:ea:
04:c3:55:cc:9c:04:bf:45:e5:94:b1:c4:1c:5b:5c:
92:b0:7d:25:63:bf:3f:a5:fe:1e:69:80:4f:18:7f:
f1:98:97:82:4f:37:2c:a5:6d:f5:27:40:fa:67:57:
b6:df:c9:5e:fb:3d:10:bd:34:18:8e:2d:cb:86:a2:
01:59:7d:19:2f:67:8a:64:fd:52:19:b3:36:34:eb:
58:7d:38:31:41:85:e6:39:c6:42:2b:48:e2:51:8c:
83:bd:fa:e4:3c:95:2b:e3:8a:ff:93:ec:44:3e:a8:
fc:fb:cc:1a:a8:4d:3e:6e:d7:9f:bc:a6:e8:8a:21:
75:a2:fd:dc:fd:e2:02:82:04:03:95:9a:fe:97:7d:
9d:7a:fe:89:ec:8a:5a:84:0f:0b:76:43:72:98:e1:
c8:f6:d7:9d:4f:15:4d:15:33:98:8e:2f:d5:f4:12:
5a:e0:a8:44:90:f8:02:f6:56:91:f3:1e:4b:62:60:
cf:6e:b5:62:70:c9:f3:1c:27:07:41:78:44:6c:21:
f3:f2:e3:66:eb:53:47:ab:19:ff:c1:81:47:61:40:
f2:13:68:b0:26:29:a4:06:d2:34:4b:09:53:a4:77:
dc:ff:ed:5c:02:ec:a5:bb:1b:de:67:19:75:51:09:
f6:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:CC:1D:84:9B:D5:6B:B1:81:DA:5E:22:42:A2:58:14:84:AB:22:B9
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS2914.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.60.0/23
143.14.72.0/24
143.14.84.0/23
143.14.92.0/24
143.14.108.0/23
143.14.152.0/24
143.14.154.0/24
155.117.101.0/24
155.117.104.0/24
155.117.160.0/24
155.117.171.0/24
155.117.186.0/24
162.141.16.0/24
162.141.18.0/24
162.141.20.0/23
162.141.44.0/22
162.141.50.0/24
162.141.53.0/24
162.141.67.0/24
162.141.70.0/24
162.141.80.0-162.141.82.255
162.141.89.0-162.141.90.255
162.141.92.0/23
162.141.97.0-162.141.100.255
162.141.102.0/24
162.141.113.0/24
162.141.115.0-162.141.116.255
162.141.132.0/24
162.141.142.0/23
162.141.152.0/24
162.141.154.0/24
162.141.162.0/23
162.141.167.0/24
162.141.176.0/23
162.141.182.0/24
167.148.6.0/23
167.148.9.0/24
167.148.11.0/24
167.148.13.0/24
167.148.31.0-167.148.32.255
167.148.34.0/24
167.148.40.0/24
167.148.43.0/24
167.148.47.0/24
167.148.71.0-167.148.74.255
167.148.96.0/24
167.148.101.0/24
167.148.103.0/24
167.148.107.0/24
167.148.113.0-167.148.114.255
167.148.124.0/24
167.148.129.0/24
167.148.132.0/23
167.148.137.0/24
167.148.142.0/23
167.148.146.0/24
167.148.149.0/24
167.148.151.0/24
167.148.155.0/24
167.148.160.0/24
167.148.174.0-167.148.176.255
167.148.190.0/24
167.148.197.0/24
167.148.209.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:ae:08:5d:58:71:a8:bf:d2:e4:7d:31:da:a3:a6:48:48:e8:
9d:a9:99:c5:b3:07:90:a8:2c:52:11:bb:fb:3b:81:e7:12:91:
40:0e:72:89:ef:fc:f1:ca:01:4a:52:cc:79:57:90:ad:7b:4f:
52:4e:0d:9c:fb:19:d8:83:f1:50:82:ce:81:3e:d1:9d:98:a7:
11:c2:0d:77:47:52:ce:c4:88:65:1f:ce:05:38:09:03:f4:dd:
83:c5:75:4d:33:2c:dc:b6:13:b3:b2:9b:62:8c:a7:73:30:c0:
a6:6e:2b:c8:66:88:dd:91:9d:4d:91:ce:46:75:61:7e:dd:32:
27:62:61:7e:8e:85:81:1a:83:13:3c:7b:75:47:1c:39:58:61:
d0:0e:86:cf:df:4f:d8:5a:7d:9e:4a:54:65:bc:21:fd:45:0d:
75:a6:26:c0:05:b1:5f:94:2f:8e:67:89:50:f6:5d:df:78:0f:
0a:5a:59:93:1d:38:7c:a3:8b:ce:26:f2:4b:fb:8e:9f:51:bc:
d0:c8:bd:b8:2e:c4:44:b4:17:53:cd:db:97:9e:d1:ec:5d:7d:
00:a3:55:b6:29:aa:46:9e:1c:0b:51:f3:73:d3:99:e5:15:f9:
72:91:0e:8a:86:59:a2:56:04:4a:57:e5:cf:5d:c3:54:3c:89:
32:b6:51:38
-----BEGIN CERTIFICATE-----
MIIGwjCCBaqgAwIBAgIUPBPrCPtJt17U1UBmkMnnTzQWPeIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMDgyMzU2MDlaFw0yNjEwMDgwMDAxMDlaMDMxMTAvBgNV
BAMTKEE0Q0MxRDg0OUJENTZCQjE4MURBNUUyMjQyQTI1ODE0ODRBQjIyQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzO+FfLZ+8cYyTrPfS6gTDVcyc
BL9F5ZSxxBxbXJKwfSVjvz+l/h5pgE8Yf/GYl4JPNyylbfUnQPpnV7bfyV77PRC9
NBiOLcuGogFZfRkvZ4pk/VIZszY061h9ODFBheY5xkIrSOJRjIO9+uQ8lSvjiv+T
7EQ+qPz7zBqoTT5u15+8puiKIXWi/dz94gKCBAOVmv6XfZ16/onsilqEDwt2Q3KY
4cj2151PFU0VM5iOL9X0ElrgqESQ+AL2VpHzHktiYM9utWJwyfMcJwdBeERsIfPy
42brU0erGf/BgUdhQPITaLAmKaQG0jRLCVOkd9z/7VwC7KW7G95nGXVRCfYHAgMB
AAGjggPMMIIDyDAdBgNVHQ4EFgQUpMwdhJvVa7GB2l4iQqJYFISrIrkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjkxNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAeEGCCsGAQUFBwEHAQH/BIIB0DCCAcwwggHIBAIAATCC
AcADBAGPDjwDBACPDkgDBAGPDlQDBACPDlwDBAGPDmwDBACPDpgDBACPDpoDBACb
dWUDBACbdWgDBACbdaADBACbdasDBACbdboDBACijRADBACijRIDBAGijRQDBAKi
jSwDBACijTIDBACijTUDBACijUMDBACijUYwDAMEBKKNUAMEAKKNUjAMAwQAoo1Z
AwQAoo1aAwQBoo1cMAwDBACijWEDBACijWQDBACijWYDBACijXEwDAMEAKKNcwME
AKKNdAMEAKKNhAMEAaKNjgMEAKKNmAMEAKKNmgMEAaKNogMEAKKNpwMEAaKNsAME
AKKNtgMEAaeUBgMEAKeUCQMEAKeUCwMEAKeUDTAMAwQAp5QfAwQAp5QgAwQAp5Qi
AwQAp5QoAwQAp5QrAwQAp5QvMAwDBACnlEcDBACnlEoDBACnlGADBACnlGUDBACn
lGcDBACnlGswDAMEAKeUcQMEAKeUcgMEAKeUfAMEAKeUgQMEAaeUhAMEAKeUiQME
AaeUjgMEAKeUkgMEAKeUlQMEAKeUlwMEAKeUmwMEAKeUoDAMAwQBp5SuAwQAp5Sw
AwQAp5S+AwQAp5TFAwQAp5TRMA0GCSqGSIb3DQEBCwUAA4IBAQCMrghdWHGov9Lk
fTHao6ZISOidqZnFsweQqCxSEbv7O4HnEpFADnKJ7/zxygFKUsx5V5Cte09STg2c
+xnYg/FQgs6BPtGdmKcRwg13R1LOxIhlH84FOAkD9N2DxXVNMyzcthOzsptijKdz
MMCmbivIZojdkZ1Nkc5GdWF+3TInYmF+joWBGoMTPHt1Rxw5WGHQDobP30/YWn2e
SlRlvCH9RQ11pibABbFflC+OZ4lQ9l3feA8KWlmTHTh8o4vOJvJL+46fUbzQyL24
LsREtBdTzduXntHsXX0Ao1W2KapGnhwLUfNz05nlFflykQ6KhlmiVgRKV+XPXcNU
PIkytlE4
-----END CERTIFICATE-----
Generated at Mon Oct 20 01:51:38 2025 by rpki-client