Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS399955.roa
File: AS399955.roa (raw, json)
Hash identifier: pnvv1VypbNgn+vlw+egxiCxlePRFVRw5BJtbxEVKNzo=
Subject key identifier: 3F:87:3C:2C:72:AD:8E:6B:81:E1:D5:48:80:99:AB:4C:1C:71:3D:19
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 0F8191AA0A1D987610B4136235564F6A87662C84
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS399955.roa
Signing time: Thu 30 Apr 2026 12:14:43 +0000
ROA not before: Thu 30 Apr 2026 12:09:43 +0000
ROA not after: Thu 29 Apr 2027 12:14:43 +0000
asID: 399955
IP address blocks: 143.14.232.0/21 maxlen: 24
162.141.2.0/23 maxlen: 24
162.141.6.0/23 maxlen: 24
162.141.22.0/23 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.76.0/23 maxlen: 24
162.141.134.0/23 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.156.0/23 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
162.141.192.0/21 maxlen: 24
162.141.200.0/21 maxlen: 24
162.141.208.0/21 maxlen: 24
162.141.216.0/21 maxlen: 24
162.141.224.0/21 maxlen: 24
162.141.232.0/21 maxlen: 24
162.141.240.0/21 maxlen: 24
162.141.248.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.24.0/22 maxlen: 24
167.148.43.0/24 maxlen: 24
167.148.44.0/23 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.60.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.75.0/24 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.145.0/24 maxlen: 24
167.148.185.0/24 maxlen: 24
167.148.220.0/23 maxlen: 24
167.148.224.0/21 maxlen: 24
167.148.232.0/21 maxlen: 24
167.148.240.0/21 maxlen: 24
167.148.248.0/21 maxlen: 24
168.222.6.0/24 maxlen: 24
168.222.11.0/24 maxlen: 24
168.222.63.0/24 maxlen: 24
168.222.98.0/23 maxlen: 24
168.222.123.0/24 maxlen: 24
168.222.124.0/24 maxlen: 24
168.222.126.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:81:91:aa:0a:1d:98:76:10:b4:13:62:35:56:4f:6a:87:66:2c:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Apr 30 12:09:43 2026 GMT
Not After : Apr 29 12:14:43 2027 GMT
Subject: CN=3F873C2C72AD8E6B81E1D5488099AB4C1C713D19
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:49:73:38:f3:ef:98:d1:87:32:02:41:9d:c8:
74:17:6e:df:08:d9:a0:a3:74:46:18:11:3f:ee:9f:
85:55:01:67:dc:a3:b2:08:48:8a:1c:38:6e:af:72:
ee:bf:28:3f:55:db:88:b8:8c:54:37:52:53:e9:ea:
ac:89:e2:0c:c0:3b:50:b3:52:3e:ee:fc:96:d0:f8:
90:db:03:01:33:b6:4e:45:e4:55:28:0f:76:88:95:
98:1b:4d:24:ac:0f:a1:95:79:b3:e9:49:63:19:15:
b0:58:41:44:8c:37:18:5f:9d:a3:a0:8b:7a:fe:a2:
ab:69:72:79:df:7f:01:73:55:f7:0c:31:97:ee:90:
17:03:c8:9f:23:f6:9d:89:db:aa:a7:55:db:b6:41:
1e:a3:03:83:f9:76:02:db:75:60:49:5a:b9:13:05:
c7:99:d1:73:2b:a2:9c:09:49:e3:8b:18:1b:c8:6a:
dc:db:fc:5f:ae:5a:74:ed:b5:fe:73:76:d4:63:0d:
ba:e4:06:79:dc:63:4b:3d:33:fe:c6:ec:7c:f0:6a:
73:84:c7:35:3d:16:dc:e3:d8:bc:ca:c4:63:9e:06:
5c:45:51:cd:f0:34:53:03:a2:f9:fd:75:6f:e9:7b:
c2:d5:ae:80:ad:b4:24:5c:7a:f6:29:3d:83:29:a4:
08:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:87:3C:2C:72:AD:8E:6B:81:E1:D5:48:80:99:AB:4C:1C:71:3D:19
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS399955.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.232.0/21
162.141.2.0/23
162.141.6.0/23
162.141.22.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0-162.141.77.255
162.141.134.0/23
162.141.144.0/21
162.141.156.0/23
162.141.168.0/21
162.141.184.0-162.141.255.255
167.148.16.0-167.148.27.255
167.148.43.0-167.148.45.255
167.148.48.0-167.148.67.255
167.148.75.0-167.148.79.255
167.148.88.0/21
167.148.108.0/22
167.148.145.0/24
167.148.185.0/24
167.148.220.0/23
167.148.224.0/19
168.222.6.0/24
168.222.11.0/24
168.222.63.0/24
168.222.98.0/23
168.222.123.0-168.222.124.255
168.222.126.0/23
Signature Algorithm: sha256WithRSAEncryption
2c:25:b4:78:14:b4:d0:66:8c:93:ea:c3:15:2b:2b:3d:7b:38:
d7:16:8f:e5:95:bd:df:7a:21:43:94:b5:2c:6f:02:c2:a7:a5:
77:58:ed:69:61:f8:af:95:bc:c1:5c:87:e7:f5:bc:3b:72:ab:
70:b4:90:c2:99:f2:9f:6f:8a:47:52:30:5d:63:20:1d:6c:9b:
e2:99:34:d6:24:90:8f:cd:28:a4:18:b1:26:68:4b:f1:7f:2c:
38:1c:52:59:5f:12:8c:6e:08:ea:4d:76:94:f9:d0:d4:6a:72:
83:e1:f5:3e:1a:10:f4:b4:07:29:ff:1e:19:5b:83:16:d8:26:
9c:84:6c:9a:cc:25:f9:49:e3:ef:78:d7:4f:a9:bf:b4:ec:eb:
1f:e0:b5:f4:cf:2b:98:c2:29:ce:5e:b5:13:a2:c1:0a:80:1d:
e5:b1:e4:55:0a:7c:77:95:28:9f:de:4b:95:f5:ba:9e:50:b6:
d9:2e:4d:3d:30:3e:88:49:e5:85:e9:b9:cc:d9:cd:0c:56:37:
ee:32:65:13:16:cb:e6:d0:bc:f3:3d:1a:3c:8f:ae:5c:5b:5c:
fc:19:38:dc:8b:77:49:9a:72:38:da:87:71:e7:75:db:e7:a6:
61:a9:45:01:70:d1:df:d8:2a:fc:2a:b4:68:51:b0:37:4d:3e:
a3:dc:1c:61
-----BEGIN CERTIFICATE-----
MIIF5zCCBM+gAwIBAgIUD4GRqgodmHYQtBNiNVZPaodmLIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MzAxMjA5NDNaFw0yNzA0MjkxMjE0NDNaMDMxMTAvBgNV
BAMTKDNGODczQzJDNzJBRDhFNkI4MUUxRDU0ODgwOTlBQjRDMUM3MTNEMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoSXM48++Y0YcyAkGdyHQXbt8I
2aCjdEYYET/un4VVAWfco7IISIocOG6vcu6/KD9V24i4jFQ3UlPp6qyJ4gzAO1Cz
Uj7u/JbQ+JDbAwEztk5F5FUoD3aIlZgbTSSsD6GVebPpSWMZFbBYQUSMNxhfnaOg
i3r+oqtpcnnffwFzVfcMMZfukBcDyJ8j9p2J26qnVdu2QR6jA4P5dgLbdWBJWrkT
BceZ0XMropwJSeOLGBvIatzb/F+uWnTttf5zdtRjDbrkBnncY0s9M/7G7HzwanOE
xzU9Ftzj2LzKxGOeBlxFUc3wNFMDovn9dW/pe8LVroCttCRcevYpPYMppAgXAgMB
AAGjggLxMIIC7TAdBgNVHQ4EFgQUP4c8LHKtjmuB4dVIgJmrTBxxPRkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk5OTU1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMIIBBAYIKwYBBQUHAQcBAf8EgfQwgfEwge4EAgABMIHn
AwQDjw7oAwQBoo0CAwQBoo0GMAwDBAGijRYDBAKijSADBAKijSgDBAOijTgwDAME
A6KNSAMEAaKNTAMEAaKNhgMEA6KNkAMEAaKNnAMEA6KNqDALAwQDoo24AwMBooww
DAMEBKeUEAMEAqeUGDAMAwQAp5QrAwQBp5QsMAwDBASnlDADBAKnlEAwDAMEAKeU
SwMEBKeUQAMEA6eUWAMEAqeUbAMEAKeUkQMEAKeUuQMEAaeU3AMEBaeU4AMEAKje
BgMEAKjeCwMEAKjePwMEAajeYjAMAwQAqN57AwQAqN58AwQBqN5+MA0GCSqGSIb3
DQEBCwUAA4IBAQAsJbR4FLTQZoyT6sMVKys9ezjXFo/llb3feiFDlLUsbwLCp6V3
WO1pYfivlbzBXIfn9bw7cqtwtJDCmfKfb4pHUjBdYyAdbJvimTTWJJCPzSikGLEm
aEvxfyw4HFJZXxKMbgjqTXaU+dDUanKD4fU+GhD0tAcp/x4ZW4MW2CachGyazCX5
SePveNdPqb+07Osf4LX0zyuYwinOXrUTosEKgB3lseRVCnx3lSif3kuV9bqeULbZ
Lk09MD6ISeWF6bnM2c0MVjfuMmUTFsvm0LzzPRo8j65cW1z8GTjci3dJmnI42odx
53Xb56ZhqUUBcNHf2Cr8KrRoUbA3TT6j3Bxh
-----END CERTIFICATE-----
Generated at Tue May 12 23:24:34 2026 by rpki-client