Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa
File: AS40676.roa (raw, json)
Hash identifier: nGprzk540Vxc3IrlQfla+HCL2Bz+TV2MJ3aFN3EJwEk=
Subject key identifier: 99:50:28:5D:E7:1A:99:3D:F5:98:B0:76:2B:1F:6B:06:23:E3:C0:CF
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 4E2EC5AF34AAFFCF8AF26BAC0EC30CB6F66A40CC
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa
Signing time: Thu 26 Mar 2026 02:04:42 +0000
ROA not before: Thu 26 Mar 2026 01:59:42 +0000
ROA not after: Thu 25 Mar 2027 02:04:42 +0000
asID: 40676
IP address blocks: 143.14.16.0/24 maxlen: 24
143.14.47.0/24 maxlen: 24
143.14.59.0/24 maxlen: 24
143.14.152.0/24 maxlen: 24
143.14.181.0/24 maxlen: 24
143.14.182.0/24 maxlen: 24
143.14.186.0/24 maxlen: 24
143.14.191.0/24 maxlen: 24
145.223.52.0/24 maxlen: 24
145.223.56.0/24 maxlen: 24
146.103.44.0/24 maxlen: 24
146.103.55.0/24 maxlen: 24
155.117.198.0/24 maxlen: 24
155.117.199.0/24 maxlen: 24
162.141.105.0/24 maxlen: 24
168.222.18.0/24 maxlen: 24
168.222.19.0/24 maxlen: 24
168.222.30.0/24 maxlen: 24
168.222.31.0/24 maxlen: 24
168.222.80.0/24 maxlen: 24
168.222.84.0/24 maxlen: 24
168.222.85.0/24 maxlen: 24
168.222.86.0/24 maxlen: 24
168.222.87.0/24 maxlen: 24
168.222.88.0/24 maxlen: 24
168.222.90.0/24 maxlen: 24
168.222.92.0/24 maxlen: 24
168.222.93.0/24 maxlen: 24
168.222.94.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4e:2e:c5:af:34:aa:ff:cf:8a:f2:6b:ac:0e:c3:0c:b6:f6:6a:40:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Mar 26 01:59:42 2026 GMT
Not After : Mar 25 02:04:42 2027 GMT
Subject: CN=9950285DE71A993DF598B0762B1F6B0623E3C0CF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:c5:b8:07:c3:f0:90:86:5e:88:60:bf:a8:8e:
08:be:0c:b6:16:0d:17:ed:77:95:f0:d8:1f:3b:9d:
b3:b3:37:09:ac:a4:3e:b9:93:0f:73:eb:e7:a9:46:
89:a2:00:a8:a4:41:8b:91:87:07:e5:b7:87:2f:30:
72:de:16:97:9c:f0:45:13:ab:bd:8a:e8:2e:e5:77:
a7:da:96:76:60:c6:bd:21:f9:3f:d3:aa:bb:97:3f:
4f:79:51:16:22:06:a2:0d:2d:ca:0c:26:43:7a:af:
56:1d:6a:3e:e7:1b:48:ca:6b:f4:1f:02:84:41:96:
01:5e:8c:90:b6:12:6c:bf:b8:68:92:f4:1a:af:0a:
a8:54:0a:37:f6:18:0c:a1:63:cb:ca:f8:ce:a1:17:
8f:c0:90:1e:45:d9:a2:43:92:c0:9d:27:4e:b4:bc:
e9:87:e1:a7:4f:ee:2a:1a:d9:fe:d3:e4:5c:23:5d:
a8:75:7c:3a:5a:f1:c4:66:e2:7d:4f:6c:00:d6:e5:
07:db:a2:fc:23:31:9d:a3:9b:0e:c9:79:42:78:3d:
52:69:1c:d3:4b:35:ef:c3:fa:55:cc:42:9f:40:98:
3d:14:e4:38:72:df:53:3a:33:d8:4d:ec:43:bd:dd:
fe:d8:a3:5f:80:0e:cc:b2:6d:d5:c7:40:73:4e:d5:
3c:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:50:28:5D:E7:1A:99:3D:F5:98:B0:76:2B:1F:6B:06:23:E3:C0:CF
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.16.0/24
143.14.47.0/24
143.14.59.0/24
143.14.152.0/24
143.14.181.0-143.14.182.255
143.14.186.0/24
143.14.191.0/24
145.223.52.0/24
145.223.56.0/24
146.103.44.0/24
146.103.55.0/24
155.117.198.0/23
162.141.105.0/24
168.222.18.0/23
168.222.30.0/23
168.222.80.0/24
168.222.84.0-168.222.88.255
168.222.90.0/24
168.222.92.0-168.222.94.255
Signature Algorithm: sha256WithRSAEncryption
1d:24:97:85:91:b3:b1:79:54:00:3b:b9:5a:07:c6:3a:2b:cc:
c1:b4:a2:66:b7:dc:8c:83:2c:39:9a:02:7d:8d:d2:8a:e2:09:
e7:70:f2:1d:fe:01:24:8e:9c:54:2c:95:ae:36:f4:26:fd:49:
7f:de:87:7c:79:a2:0b:a6:72:bb:d6:90:e2:76:1d:a8:96:67:
81:1a:a9:14:ce:f4:a2:6b:33:af:20:e3:d3:3b:16:d3:7a:c7:
f9:62:09:37:41:18:18:37:3c:fb:5f:ed:77:b7:82:85:e5:8b:
20:67:d0:8a:04:7c:40:0c:03:2c:8b:52:d7:0c:fc:98:33:30:
e7:87:c4:c1:7a:18:4a:64:a3:2c:f6:a6:cf:a6:2a:02:c7:66:
13:a9:a0:6f:34:8f:0a:96:f4:81:e9:3d:c5:fd:c3:1f:1c:aa:
ac:cf:01:31:23:0a:c3:ee:e8:12:c2:bd:03:60:3f:55:9a:dc:
ee:51:c6:44:e3:0b:94:cf:55:56:48:b1:fd:f7:1f:9e:c9:a4:
3e:f3:2b:51:4d:31:e3:48:d6:39:61:94:22:72:09:7c:00:77:
ba:e1:99:f5:60:89:71:c2:4d:84:17:fa:cd:bc:dd:ef:5a:1e:
03:f3:93:63:87:a4:be:41:69:aa:33:09:17:01:23:d6:a7:a2:
ad:62:08:74
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgIUTi7FrzSq/8+K8musDsMMtvZqQMwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjYwMTU5NDJaFw0yNzAzMjUwMjA0NDJaMDMxMTAvBgNV
BAMTKDk5NTAyODVERTcxQTk5M0RGNTk4QjA3NjJCMUY2QjA2MjNFM0MwQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxxbgHw/CQhl6IYL+ojgi+DLYW
DRftd5Xw2B87nbOzNwmspD65kw9z6+epRomiAKikQYuRhwflt4cvMHLeFpec8EUT
q72K6C7ld6falnZgxr0h+T/TqruXP095URYiBqINLcoMJkN6r1Ydaj7nG0jKa/Qf
AoRBlgFejJC2Emy/uGiS9BqvCqhUCjf2GAyhY8vK+M6hF4/AkB5F2aJDksCdJ060
vOmH4adP7ioa2f7T5FwjXah1fDpa8cRm4n1PbADW5QfbovwjMZ2jmw7JeUJ4PVJp
HNNLNe/D+lXMQp9AmD0U5Dhy31M6M9hN7EO93f7Yo1+ADsyybdXHQHNO1TxDAgMB
AAGjggKSMIICjjAdBgNVHQ4EFgQUmVAoXecamT31mLB2Kx9rBiPjwM8wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgacGCCsGAQUFBwEHAQH/BIGXMIGUMIGRBAIAATCBigME
AI8OEAMEAI8OLwMEAI8OOwMEAI8OmDAMAwQAjw61AwQAjw62AwQAjw66AwQAjw6/
AwQAkd80AwQAkd84AwQAkmcsAwQAkmc3AwQBm3XGAwQAoo1pAwQBqN4SAwQBqN4e
AwQAqN5QMAwDBAKo3lQDBACo3lgDBACo3lowDAMEAqjeXAMEAKjeXjANBgkqhkiG
9w0BAQsFAAOCAQEAHSSXhZGzsXlUADu5WgfGOivMwbSiZrfcjIMsOZoCfY3SiuIJ
53DyHf4BJI6cVCyVrjb0Jv1Jf96HfHmiC6Zyu9aQ4nYdqJZngRqpFM70omszryDj
0zsW03rH+WIJN0EYGDc8+1/td7eCheWLIGfQigR8QAwDLItS1wz8mDMw54fEwXoY
SmSjLPamz6YqAsdmE6mgbzSPCpb0gek9xf3DHxyqrM8BMSMKw+7oEsK9A2A/VZrc
7lHGROMLlM9VVkix/fcfnsmkPvMrUU0x40jWOWGUInIJfAB3uuGZ9WCJccJNhBf6
zbzd71oeA/OTY4ekvkFpqjMJFwEj1qeirWIIdA==
-----END CERTIFICATE-----
Generated at Thu Mar 26 05:31:15 2026 by rpki-client