Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS42831.roa
File: AS42831.roa (raw, json)
Hash identifier: IORXv5pVxIcO0r6pbyq4/dCb6ILK0WM7UMLYkoBIQNw=
Subject key identifier: 0D:85:E2:CA:9A:CE:97:85:2E:80:3D:96:99:34:42:1E:0B:66:20:87
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 7DCA4D5B0F5875F81616E9A4E9FACC063A085B2C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS42831.roa
Signing time: Thu 12 Mar 2026 22:58:21 +0000
ROA not before: Thu 12 Mar 2026 22:53:21 +0000
ROA not after: Thu 11 Mar 2027 22:58:21 +0000
asID: 42831
IP address blocks: 96.62.220.0/24 maxlen: 24
140.233.165.0/24 maxlen: 24
143.14.80.0/24 maxlen: 24
143.14.93.0/24 maxlen: 24
143.14.114.0/24 maxlen: 24
143.14.136.0/24 maxlen: 24
143.14.241.0/24 maxlen: 24
146.103.28.0/24 maxlen: 24
147.79.4.0/24 maxlen: 24
148.135.174.0/24 maxlen: 24
150.241.132.0/24 maxlen: 24
150.241.133.0/24 maxlen: 24
150.241.134.0/24 maxlen: 24
150.241.137.0/24 maxlen: 24
150.241.144.0/24 maxlen: 24
150.241.238.0/24 maxlen: 24
150.241.239.0/24 maxlen: 24
150.241.241.0/24 maxlen: 24
155.117.110.0/24 maxlen: 24
155.117.115.0/24 maxlen: 24
155.117.196.0/24 maxlen: 24
155.117.227.0/24 maxlen: 24
155.117.244.0/24 maxlen: 24
155.117.254.0/24 maxlen: 24
162.141.11.0/24 maxlen: 24
162.141.88.0/24 maxlen: 24
162.141.104.0/24 maxlen: 24
167.148.126.0/24 maxlen: 24
167.148.144.0/24 maxlen: 24
167.148.152.0/24 maxlen: 24
167.148.157.0/24 maxlen: 24
167.148.192.0/24 maxlen: 24
167.148.202.0/24 maxlen: 24
167.148.205.0/24 maxlen: 24
167.148.211.0/24 maxlen: 24
168.222.7.0/24 maxlen: 24
168.222.108.0/24 maxlen: 24
168.222.109.0/24 maxlen: 24
168.222.110.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7d:ca:4d:5b:0f:58:75:f8:16:16:e9:a4:e9:fa:cc:06:3a:08:5b:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Mar 12 22:53:21 2026 GMT
Not After : Mar 11 22:58:21 2027 GMT
Subject: CN=0D85E2CA9ACE97852E803D969934421E0B662087
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:cc:93:f5:ac:af:0f:57:5f:e4:96:1f:81:2c:
ab:63:09:74:06:44:6a:8d:a1:26:2f:0f:8b:74:5d:
df:2f:08:cc:b7:b3:ea:ab:ec:86:be:62:59:f6:b5:
3e:ea:ba:6c:90:84:8d:4e:44:b1:c7:dc:98:ce:30:
f2:70:7b:85:d1:b7:c6:4a:ae:77:61:dd:62:5a:38:
f7:d8:62:bf:16:be:ce:bb:61:43:cd:be:c3:88:41:
b9:eb:6c:ab:c2:a0:ea:a1:9f:fe:e1:24:00:be:ad:
48:a0:2c:20:89:33:e0:d6:6a:b9:84:ff:86:3e:26:
f1:dc:c4:74:db:84:48:fe:ee:ce:b9:14:29:13:10:
9f:1f:18:e7:ba:15:3b:8d:3b:d9:de:07:90:34:90:
3a:9b:4b:ad:6f:2a:db:95:ce:ff:a2:d6:30:78:06:
93:2a:11:a4:f9:12:ad:63:4f:79:f4:1c:8b:e8:8f:
8e:5f:27:31:c6:58:1e:3a:48:c7:9d:d3:bd:f3:b2:
79:be:d9:08:37:16:d7:79:fd:ac:17:d5:54:fe:03:
33:29:7b:ee:47:15:82:6e:47:8c:22:12:4b:be:aa:
54:5c:25:c5:17:71:c1:a8:2f:19:a3:60:dc:b7:e9:
2a:22:d5:cc:7f:ca:f0:25:0f:ac:aa:bc:b4:d5:f8:
42:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:85:E2:CA:9A:CE:97:85:2E:80:3D:96:99:34:42:1E:0B:66:20:87
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS42831.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.220.0/24
140.233.165.0/24
143.14.80.0/24
143.14.93.0/24
143.14.114.0/24
143.14.136.0/24
143.14.241.0/24
146.103.28.0/24
147.79.4.0/24
148.135.174.0/24
150.241.132.0-150.241.134.255
150.241.137.0/24
150.241.144.0/24
150.241.238.0/23
150.241.241.0/24
155.117.110.0/24
155.117.115.0/24
155.117.196.0/24
155.117.227.0/24
155.117.244.0/24
155.117.254.0/24
162.141.11.0/24
162.141.88.0/24
162.141.104.0/24
167.148.126.0/24
167.148.144.0/24
167.148.152.0/24
167.148.157.0/24
167.148.192.0/24
167.148.202.0/24
167.148.205.0/24
167.148.211.0/24
168.222.7.0/24
168.222.108.0-168.222.110.255
Signature Algorithm: sha256WithRSAEncryption
11:9f:9e:5b:5a:d2:ff:94:09:6a:a0:40:41:85:cb:1e:de:d0:
2e:cf:fe:ee:6a:29:18:fd:0b:0f:2b:07:0c:04:88:21:da:5a:
21:3e:68:17:d2:ca:10:f9:9d:e3:5e:1c:3b:64:8b:d3:b7:a4:
7d:cd:5d:2e:c5:c4:73:91:6a:c2:7e:7e:d6:47:3f:11:b4:57:
e8:8c:d4:32:75:56:29:a6:26:db:6d:1e:12:c8:67:ac:e3:c2:
a7:7b:55:25:e0:b6:3e:15:de:d8:fb:02:2d:9b:c7:9b:2b:df:
97:81:84:a3:f8:aa:cb:79:67:67:c3:f1:6f:8a:8a:9c:75:b4:
0d:d8:0a:b2:21:27:e0:92:21:95:26:4b:e6:b7:bc:da:83:53:
11:aa:db:fd:d3:bc:2c:d7:34:0f:b5:78:80:36:46:32:3e:8f:
36:9c:24:bd:24:ca:e3:86:79:a3:0a:90:55:da:07:ef:1e:dc:
61:5b:82:33:c5:33:58:b5:08:10:8e:c7:ea:a4:97:3c:40:bf:
05:f5:3a:bc:89:86:b0:bb:52:7c:dc:c3:ab:63:ce:f7:b8:62:
a1:e1:73:1e:0a:f3:82:a8:3d:df:3e:00:db:36:c3:0f:09:f1:
cf:2f:df:bc:81:79:e0:10:9b:58:38:62:e1:40:87:70:b9:77:
bf:33:f7:6e
-----BEGIN CERTIFICATE-----
MIIF2jCCBMKgAwIBAgIUfcpNWw9YdfgWFumk6frMBjoIWywwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTIyMjUzMjFaFw0yNzAzMTEyMjU4MjFaMDMxMTAvBgNV
BAMTKDBEODVFMkNBOUFDRTk3ODUyRTgwM0Q5Njk5MzQ0MjFFMEI2NjIwODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7zJP1rK8PV1/klh+BLKtjCXQG
RGqNoSYvD4t0Xd8vCMy3s+qr7Ia+Yln2tT7qumyQhI1ORLHH3JjOMPJwe4XRt8ZK
rndh3WJaOPfYYr8Wvs67YUPNvsOIQbnrbKvCoOqhn/7hJAC+rUigLCCJM+DWarmE
/4Y+JvHcxHTbhEj+7s65FCkTEJ8fGOe6FTuNO9neB5A0kDqbS61vKtuVzv+i1jB4
BpMqEaT5Eq1jT3n0HIvoj45fJzHGWB46SMed073zsnm+2Qg3Ftd5/awX1VT+AzMp
e+5HFYJuR4wiEku+qlRcJcUXccGoLxmjYNy36Soi1cx/yvAlD6yqvLTV+EJfAgMB
AAGjggLkMIIC4DAdBgNVHQ4EFgQUDYXiyprOl4UugD2WmTRCHgtmIIcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDI4MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgfkGCCsGAQUFBwEHAQH/BIHpMIHmMIHjBAIAATCB3AME
AGA+3AMEAIzppQMEAI8OUAMEAI8OXQMEAI8OcgMEAI8OiAMEAI8O8QMEAJJnHAME
AJNPBAMEAJSHrjAMAwQClvGEAwQAlvGGAwQAlvGJAwQAlvGQAwQBlvHuAwQAlvHx
AwQAm3VuAwQAm3VzAwQAm3XEAwQAm3XjAwQAm3X0AwQAm3X+AwQAoo0LAwQAoo1Y
AwQAoo1oAwQAp5R+AwQAp5SQAwQAp5SYAwQAp5SdAwQAp5TAAwQAp5TKAwQAp5TN
AwQAp5TTAwQAqN4HMAwDBAKo3mwDBACo3m4wDQYJKoZIhvcNAQELBQADggEBABGf
nlta0v+UCWqgQEGFyx7e0C7P/u5qKRj9Cw8rBwwEiCHaWiE+aBfSyhD5neNeHDtk
i9O3pH3NXS7FxHORasJ+ftZHPxG0V+iM1DJ1VimmJtttHhLIZ6zjwqd7VSXgtj4V
3tj7Ai2bx5sr35eBhKP4qst5Z2fD8W+Kipx1tA3YCrIhJ+CSIZUmS+a3vNqDUxGq
2/3TvCzXNA+1eIA2RjI+jzacJL0kyuOGeaMKkFXaB+8e3GFbgjPFM1i1CBCOx+qk
lzxAvwX1OryJhrC7Unzcw6tjzve4YqHhcx4K84KoPd8+ANs2ww8J8c8v37yBeeAQ
m1g4YuFAh3C5d78z924=
-----END CERTIFICATE-----
Generated at Thu Mar 26 00:48:49 2026 by rpki-client