Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS3320.roa
File: AS3320.roa (raw, json)
Hash identifier: Jjq/9DlXtrQJW4ZB6t1cFciNmYY+3O4wxo7JRzc9+yY=
Subject key identifier: 2C:CB:22:8B:CE:E5:BA:28:9E:4F:92:AD:91:9F:CD:98:93:BC:BB:34
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 18F3A70E0959CF49B3B4B9EC7F41C2D5B170B3D3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS3320.roa
Signing time: Tue 30 Sep 2025 13:36:13 +0000
ROA not before: Tue 30 Sep 2025 13:31:13 +0000
ROA not after: Tue 29 Sep 2026 13:36:13 +0000
asID: 3320
IP address blocks: 140.233.192.0/18 maxlen: 24
140.233.192.0/24 maxlen: 24
143.14.10.0/24 maxlen: 24
143.14.128.0/24 maxlen: 24
143.14.129.0/24 maxlen: 24
143.14.130.0/24 maxlen: 24
143.14.140.0/24 maxlen: 24
143.14.164.0/24 maxlen: 24
143.14.169.0/24 maxlen: 24
143.14.170.0/24 maxlen: 24
143.14.223.0/24 maxlen: 24
143.14.225.0/24 maxlen: 24
143.14.246.0/24 maxlen: 24
147.79.8.0/21 maxlen: 24
147.79.48.0/24 maxlen: 24
147.79.49.0/24 maxlen: 24
147.79.50.0/24 maxlen: 24
147.79.51.0/24 maxlen: 24
148.135.192.0/24 maxlen: 24
150.241.192.0/24 maxlen: 24
150.241.193.0/24 maxlen: 24
150.241.194.0/24 maxlen: 24
150.241.195.0/24 maxlen: 24
155.117.17.0/24 maxlen: 24
155.117.113.0/24 maxlen: 24
155.117.124.0/24 maxlen: 24
155.117.125.0/24 maxlen: 24
155.117.126.0/24 maxlen: 24
155.117.157.0/24 maxlen: 24
155.117.167.0/24 maxlen: 24
155.117.168.0/24 maxlen: 24
155.117.200.0/24 maxlen: 24
155.117.215.0/24 maxlen: 24
155.117.221.0/24 maxlen: 24
155.117.223.0/24 maxlen: 24
155.117.241.0/24 maxlen: 24
162.141.158.0/24 maxlen: 24
167.148.69.0/24 maxlen: 24
167.148.126.0/24 maxlen: 24
167.148.159.0/24 maxlen: 24
167.148.162.0/24 maxlen: 24
167.148.192.0/24 maxlen: 24
167.148.211.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:f3:a7:0e:09:59:cf:49:b3:b4:b9:ec:7f:41:c2:d5:b1:70:b3:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Sep 30 13:31:13 2025 GMT
Not After : Sep 29 13:36:13 2026 GMT
Subject: CN=2CCB228BCEE5BA289E4F92AD919FCD9893BCBB34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:fd:b2:dd:38:80:df:18:83:1b:9b:2a:5d:e1:
5c:d2:12:89:1d:6d:b5:83:bf:80:92:05:03:99:d2:
36:46:9c:2f:7f:6c:79:fb:5b:0e:2b:8c:80:7b:9c:
6e:21:cd:92:48:f5:98:a6:09:7e:d9:10:93:7b:51:
55:50:2a:80:0f:37:10:c7:04:66:b2:4c:cd:de:f6:
b3:78:15:17:e6:1e:6b:3b:3c:ab:e8:e8:a7:40:83:
f2:de:fe:59:b4:6a:a9:8a:f8:cd:7e:37:29:55:db:
35:37:2d:2e:f2:8c:3e:31:cf:62:5f:df:8a:74:17:
a3:d2:db:4c:dc:75:08:d1:9b:73:d9:1f:54:fd:d1:
e4:9e:d3:87:89:3e:a5:c7:54:5a:22:ef:42:2a:02:
1c:7d:35:0e:37:55:3a:e4:5d:12:81:87:b2:86:4e:
71:83:af:8d:d6:7c:6b:44:2f:7d:a3:54:ed:8b:9f:
78:53:62:1a:f2:54:5d:87:d7:68:b6:6b:e9:10:a0:
c3:ad:8c:74:48:5b:9c:b4:9c:82:99:a2:9f:26:f9:
ba:c5:87:67:d3:2b:20:61:13:ca:0e:31:6b:ad:b4:
6f:90:c4:7c:09:82:25:82:76:f6:86:8a:db:76:44:
87:53:99:6b:2c:13:a6:80:00:cb:1c:65:83:33:01:
e4:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:CB:22:8B:CE:E5:BA:28:9E:4F:92:AD:91:9F:CD:98:93:BC:BB:34
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS3320.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.233.192.0/18
143.14.10.0/24
143.14.128.0-143.14.130.255
143.14.140.0/24
143.14.164.0/24
143.14.169.0-143.14.170.255
143.14.223.0/24
143.14.225.0/24
143.14.246.0/24
147.79.8.0/21
147.79.48.0/22
148.135.192.0/24
150.241.192.0/22
155.117.17.0/24
155.117.113.0/24
155.117.124.0-155.117.126.255
155.117.157.0/24
155.117.167.0-155.117.168.255
155.117.200.0/24
155.117.215.0/24
155.117.221.0/24
155.117.223.0/24
155.117.241.0/24
162.141.158.0/24
167.148.69.0/24
167.148.126.0/24
167.148.159.0/24
167.148.162.0/24
167.148.192.0/24
167.148.211.0/24
Signature Algorithm: sha256WithRSAEncryption
23:49:52:f0:ef:e4:3d:ad:6c:ca:9a:6a:81:0e:5f:e9:50:9b:
14:36:99:46:7d:8c:f2:61:56:93:01:36:e7:58:e8:4d:76:09:
f7:98:9f:c1:9d:5a:71:30:7b:60:4e:6a:89:82:a8:bb:69:81:
62:91:61:09:40:51:1e:34:e3:de:03:dd:c3:bc:53:13:05:5d:
d7:08:54:cd:34:67:5a:f5:f4:e1:b8:1c:9d:7b:a8:f9:49:5d:
ac:f2:9e:6a:fb:c5:bc:f9:8f:23:3c:b0:a3:39:40:c6:1e:f7:
af:bd:8f:cb:f3:23:39:e8:ac:f9:eb:16:67:a3:02:fe:62:6f:
cd:5f:f9:ec:50:aa:60:4f:66:7d:be:ae:76:e6:fe:a9:29:4f:
36:4f:54:a4:a6:ce:36:0d:4b:df:c0:e8:88:a2:db:b3:f4:8d:
dc:62:ef:07:26:18:8e:00:4d:d2:06:dc:30:bc:a2:98:0b:95:
dd:e8:41:63:34:dc:18:66:9a:44:f9:68:a1:3c:b9:00:7e:ca:
0f:a8:a7:f0:9b:a0:05:d5:af:99:48:4c:57:8e:d8:6f:7b:36:
43:10:ae:00:3c:ff:3d:68:c8:97:89:94:81:88:f8:a4:11:2a:
70:ec:64:ed:06:17:78:2c:46:b1:ca:ae:f3:a6:c8:3e:68:39:
a9:33:a2:16
-----BEGIN CERTIFICATE-----
MIIF0TCCBLmgAwIBAgIUGPOnDglZz0mztLnsf0HC1bFws9MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MzAxMzMxMTNaFw0yNjA5MjkxMzM2MTNaMDMxMTAvBgNV
BAMTKDJDQ0IyMjhCQ0VFNUJBMjg5RTRGOTJBRDkxOUZDRDk4OTNCQ0JCMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7/bLdOIDfGIMbmypd4VzSEokd
bbWDv4CSBQOZ0jZGnC9/bHn7Ww4rjIB7nG4hzZJI9ZimCX7ZEJN7UVVQKoAPNxDH
BGayTM3e9rN4FRfmHms7PKvo6KdAg/Le/lm0aqmK+M1+NylV2zU3LS7yjD4xz2Jf
34p0F6PS20zcdQjRm3PZH1T90eSe04eJPqXHVFoi70IqAhx9NQ43VTrkXRKBh7KG
TnGDr43WfGtEL32jVO2Ln3hTYhryVF2H12i2a+kQoMOtjHRIW5y0nIKZop8m+brF
h2fTKyBhE8oOMWuttG+QxHwJgiWCdvaGitt2RIdTmWssE6aAAMscZYMzAeQXAgMB
AAGjggLbMIIC1zAdBgNVHQ4EFgQULMsii87luiieT5KtkZ/NmJO8uzQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzMyMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCB8QYIKwYBBQUHAQcBAf8EgeEwgd4wgdsEAgABMIHUAwQG
jOnAAwQAjw4KMAwDBAePDoADBACPDoIDBACPDowDBACPDqQwDAMEAI8OqQMEAI8O
qgMEAI8O3wMEAI8O4QMEAI8O9gMEA5NPCAMEApNPMAMEAJSHwAMEApbxwAMEAJt1
EQMEAJt1cTAMAwQCm3V8AwQAm3V+AwQAm3WdMAwDBACbdacDBACbdagDBACbdcgD
BACbddcDBACbdd0DBACbdd8DBACbdfEDBACijZ4DBACnlEUDBACnlH4DBACnlJ8D
BACnlKIDBACnlMADBACnlNMwDQYJKoZIhvcNAQELBQADggEBACNJUvDv5D2tbMqa
aoEOX+lQmxQ2mUZ9jPJhVpMBNudY6E12CfeYn8GdWnEwe2BOaomCqLtpgWKRYQlA
UR40494D3cO8UxMFXdcIVM00Z1r19OG4HJ17qPlJXazynmr7xbz5jyM8sKM5QMYe
96+9j8vzIznorPnrFmejAv5ib81f+exQqmBPZn2+rnbm/qkpTzZPVKSmzjYNS9/A
6Iii27P0jdxi7wcmGI4ATdIG3DC8opgLld3oQWM03BhmmkT5aKE8uQB+yg+op/Cb
oAXVr5lITFeO2G97NkMQrgA8/z1oyJeJlIGI+KQRKnDsZO0GF3gsRrHKrvOmyD5o
OakzohY=
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:16:33 2025 by rpki-client