Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397423.roa
File: AS397423.roa (raw, json)
Hash identifier: drJqRK8HXsbe+4MJ+c1d4fl9usuRgn7d+ZnIwzXPIKg=
Subject key identifier: A1:21:81:28:84:FB:F1:07:87:61:67:6B:1F:66:FE:5A:F0:21:A9:99
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 3C9F608D3AFBCCBD195FD086309D58198D0EEA92
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397423.roa
Signing time: Thu 07 Aug 2025 10:11:24 +0000
ROA not before: Thu 07 Aug 2025 10:06:24 +0000
ROA not after: Thu 06 Aug 2026 10:11:24 +0000
asID: 397423
IP address blocks: 143.14.180.0/24 maxlen: 24
145.223.44.0/24 maxlen: 24
145.223.54.0/24 maxlen: 24
145.223.58.0/24 maxlen: 24
146.103.5.0/24 maxlen: 24
150.241.226.0/23 maxlen: 24
155.117.232.0/22 maxlen: 22
155.117.246.0/24 maxlen: 24
167.148.158.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:9f:60:8d:3a:fb:cc:bd:19:5f:d0:86:30:9d:58:19:8d:0e:ea:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Aug 7 10:06:24 2025 GMT
Not After : Aug 6 10:11:24 2026 GMT
Subject: CN=A121812884FBF1078761676B1F66FE5AF021A999
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:54:b8:25:fe:d0:49:87:38:0e:ad:3c:34:7a:
b3:ea:ec:b4:81:d0:ba:19:d3:c4:ea:9d:7f:e4:3e:
e3:13:c8:46:19:b3:9c:06:0f:2a:21:87:8e:8f:54:
25:50:83:a6:ff:05:e4:76:a1:fd:d8:fc:6a:89:e4:
e2:4c:db:c0:6d:63:0d:cd:51:36:40:38:07:c3:92:
65:12:38:7e:b0:3f:d4:86:40:c2:d6:c5:17:9a:70:
4e:48:ee:d1:10:31:7b:87:3a:b0:40:bd:a4:01:36:
5e:5f:d0:81:18:b4:8c:4d:35:d6:df:7b:94:7c:9c:
f5:d7:3b:5c:5a:87:e4:3b:38:b8:8b:10:66:87:44:
2f:86:88:45:3f:1a:85:7c:c5:6c:22:c6:53:c9:9e:
b9:20:9e:60:b4:fa:4a:00:1a:11:72:36:b9:2d:47:
78:a0:23:f1:72:7f:8e:79:0c:71:6f:62:84:95:22:
c2:bb:4b:53:b6:f9:2f:07:a7:fb:6f:7d:72:6a:c4:
bd:53:5d:62:30:f1:45:1d:a3:25:3c:40:5f:26:b1:
41:83:d5:39:40:5a:a7:d3:38:0b:bb:11:3b:7e:4f:
a4:3f:37:26:20:6d:e3:45:43:6f:e6:6f:6e:61:e9:
f0:87:b8:5a:9a:82:f9:15:7f:e5:46:ca:fb:19:ea:
e3:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:21:81:28:84:FB:F1:07:87:61:67:6B:1F:66:FE:5A:F0:21:A9:99
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397423.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.180.0/24
145.223.44.0/24
145.223.54.0/24
145.223.58.0/24
146.103.5.0/24
150.241.226.0/23
155.117.232.0/22
155.117.246.0/24
167.148.158.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:49:73:4c:7f:ed:8d:3d:0b:4e:8a:67:a0:47:15:83:da:04:
67:e8:4a:a8:ca:3c:7a:c0:da:69:8a:31:a2:e1:74:e6:f2:3f:
07:16:68:ca:97:70:1a:8a:f2:08:e7:d2:1a:ab:25:ec:14:ed:
e1:fe:ea:19:7e:fc:fb:95:74:59:9e:78:0a:15:31:a4:0d:a3:
87:61:01:f9:6a:9b:3c:bd:a2:e1:bd:8c:a8:66:16:2e:06:5c:
0e:45:5b:45:4a:db:f1:56:1d:f1:d5:ef:67:2a:ba:43:84:e5:
64:21:d7:a5:08:54:a8:b8:d8:f3:97:d5:7e:e7:dc:35:f9:f7:
55:39:e0:15:f0:d4:37:46:7f:bd:a4:61:d6:8a:e5:38:05:02:
a5:f5:e1:a7:2e:15:41:d4:13:08:bc:7e:8c:c0:56:f3:d7:6e:
34:22:e8:7f:a7:ef:9a:ff:2c:d2:69:6c:20:f6:02:c8:ca:1d:
c9:f6:a6:71:84:84:f4:ac:23:ab:d2:51:92:1a:c8:fd:bd:c7:
76:7a:86:04:61:d7:8b:d7:76:3b:b6:7b:94:8f:bf:2e:ec:49:
05:70:85:95:32:b8:43:a5:df:8e:64:ab:39:07:dd:d9:5e:e4:
19:fb:c0:68:82:fc:7c:f1:0d:3e:58:02:20:d9:69:80:38:22:
78:96:ac:a2
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUPJ9gjTr7zL0ZX9CGMJ1YGY0O6pIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDcxMDA2MjRaFw0yNjA4MDYxMDExMjRaMDMxMTAvBgNV
BAMTKEExMjE4MTI4ODRGQkYxMDc4NzYxNjc2QjFGNjZGRTVBRjAyMUE5OTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAVLgl/tBJhzgOrTw0erPq7LSB
0LoZ08TqnX/kPuMTyEYZs5wGDyohh46PVCVQg6b/BeR2of3Y/GqJ5OJM28BtYw3N
UTZAOAfDkmUSOH6wP9SGQMLWxReacE5I7tEQMXuHOrBAvaQBNl5f0IEYtIxNNdbf
e5R8nPXXO1xah+Q7OLiLEGaHRC+GiEU/GoV8xWwixlPJnrkgnmC0+koAGhFyNrkt
R3igI/Fyf455DHFvYoSVIsK7S1O2+S8Hp/tvfXJqxL1TXWIw8UUdoyU8QF8msUGD
1TlAWqfTOAu7ETt+T6Q/NyYgbeNFQ2/mb25h6fCHuFqagvkVf+VGyvsZ6uOpAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUoSGBKIT78QeHYWdrH2b+WvAhqZkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk3NDIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAjw60
AwQAkd8sAwQAkd82AwQAkd86AwQAkmcFAwQBlvHiAwQCm3XoAwQAm3X2AwQAp5Se
MA0GCSqGSIb3DQEBCwUAA4IBAQChSXNMf+2NPQtOimegRxWD2gRn6Eqoyjx6wNpp
ijGi4XTm8j8HFmjKl3AaivII59IaqyXsFO3h/uoZfvz7lXRZnngKFTGkDaOHYQH5
aps8vaLhvYyoZhYuBlwORVtFStvxVh3x1e9nKrpDhOVkIdelCFSouNjzl9V+59w1
+fdVOeAV8NQ3Rn+9pGHWiuU4BQKl9eGnLhVB1BMIvH6MwFbz1240Iuh/p++a/yzS
aWwg9gLIyh3J9qZxhIT0rCOr0lGSGsj9vcd2eoYEYdeL13Y7tnuUj78u7EkFcIWV
MrhDpd+OZKs5B93ZXuQZ+8Bogvx88Q0+WAIg2WmAOCJ4lqyi
-----END CERTIFICATE-----
Generated at Sat Aug 23 13:31:00 2025 by rpki-client