Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS43641.roa
File: AS43641.roa (raw, json)
Hash identifier: IpQE9fWOv7isO6kCpuU+Q4td4TpQTwr0wBHnYh6iQFc=
Subject key identifier: 7E:57:93:EB:32:9C:47:3D:3C:81:3D:A9:63:08:4A:A8:B7:50:C2:2E
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 33D53B8B2009E989F1C00F9E0A8290107A48A878
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS43641.roa
Signing time: Tue 12 Aug 2025 07:00:23 +0000
ROA not before: Tue 12 Aug 2025 06:55:23 +0000
ROA not after: Tue 11 Aug 2026 07:00:23 +0000
asID: 43641
IP address blocks: 148.135.144.0/24 maxlen: 24
148.135.146.0/24 maxlen: 24
148.135.148.0/24 maxlen: 24
148.135.149.0/24 maxlen: 24
148.135.151.0/24 maxlen: 24
148.135.157.0/24 maxlen: 24
148.135.158.0/24 maxlen: 24
155.117.216.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:d5:3b:8b:20:09:e9:89:f1:c0:0f:9e:0a:82:90:10:7a:48:a8:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Aug 12 06:55:23 2025 GMT
Not After : Aug 11 07:00:23 2026 GMT
Subject: CN=7E5793EB329C473D3C813DA963084AA8B750C22E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:8f:44:74:04:a8:5d:20:f2:65:99:69:a2:f1:
5c:b9:07:cd:7c:8a:2f:f1:1d:c4:0b:73:a3:16:74:
64:4e:1e:b9:d4:70:2d:af:2b:24:18:94:41:44:b1:
e1:71:d2:d0:21:40:b2:0a:2c:60:55:c0:2e:33:fa:
16:67:c6:10:7b:ac:bc:dc:3b:ea:b2:00:ca:00:64:
69:a4:bf:45:99:92:0e:2b:17:fb:eb:32:c7:83:49:
58:48:df:3e:91:1c:c3:65:51:70:e1:f2:5d:4a:73:
55:b9:a4:1f:ca:bd:64:e4:49:b8:b4:20:10:5c:db:
ff:c9:63:ee:0d:3f:e0:8a:a2:8a:a9:63:b6:e1:4a:
6f:9d:63:2d:41:db:b3:82:f3:fe:fb:fc:db:e0:5b:
1e:43:33:03:38:62:8a:44:2a:76:4a:f3:a9:ae:99:
64:70:41:30:1c:1f:db:b1:0e:bf:7b:01:ce:32:1a:
7e:70:15:83:33:d1:13:ac:80:d5:11:56:ba:1f:dd:
d4:80:b1:97:1e:13:40:39:ac:f4:cd:d5:68:f7:aa:
4f:aa:b5:f2:28:67:d9:08:ec:15:bf:83:a5:66:8e:
4b:ed:f7:fb:5f:1f:6b:45:b8:96:c2:ac:be:f8:e7:
c2:87:6b:dd:97:95:59:35:74:3e:71:d3:0e:52:b2:
de:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:57:93:EB:32:9C:47:3D:3C:81:3D:A9:63:08:4A:A8:B7:50:C2:2E
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS43641.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
148.135.144.0/24
148.135.146.0/24
148.135.148.0/23
148.135.151.0/24
148.135.157.0-148.135.158.255
155.117.216.0/24
Signature Algorithm: sha256WithRSAEncryption
aa:11:28:0b:fe:23:42:43:45:90:54:9b:ac:39:fa:6e:e5:38:
37:e3:0a:ca:39:da:02:8c:79:41:67:44:09:bf:ee:19:be:ca:
3c:e5:9c:ce:0e:ea:6c:8e:e0:51:1e:c3:a8:08:57:88:95:fc:
b6:5d:08:e5:92:28:28:5b:6a:0d:64:2f:0b:23:ac:8b:c0:ea:
da:83:27:85:33:1b:2c:db:82:2d:41:93:9a:5c:8e:54:1d:45:
0f:c3:d9:a8:eb:56:aa:6d:de:b2:6f:9e:4b:9a:2a:35:35:5d:
6e:36:75:81:9d:81:98:1c:94:6b:fe:76:36:8b:de:b9:ec:c3:
8c:0b:ef:fa:fe:dd:3b:f2:65:e0:c8:f0:f6:6a:d9:4c:46:fe:
4a:9e:f6:9c:ce:e1:da:e7:6f:b9:3e:bc:fa:ac:04:e1:ba:1f:
b8:09:9d:cf:b9:40:9c:55:b0:1a:de:5a:37:ef:a1:b7:d1:69:
f1:e9:b2:ae:d3:bc:d6:9c:d1:4e:dc:4d:c0:a7:d5:d5:7a:9f:
e3:9f:e5:d8:93:c9:3f:b0:41:bf:ea:0e:81:8c:ac:2c:6b:7e:
71:fd:4d:32:2a:6d:f0:2d:e2:06:6d:37:0a:19:05:fb:e8:83:
ab:10:7a:3d:f0:c5:b3:29:b2:98:e4:18:9d:f4:1c:bf:e4:5d:
14:1b:b1:fc
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIUM9U7iyAJ6YnxwA+eCoKQEHpIqHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MTIwNjU1MjNaFw0yNjA4MTEwNzAwMjNaMDMxMTAvBgNV
BAMTKDdFNTc5M0VCMzI5QzQ3M0QzQzgxM0RBOTYzMDg0QUE4Qjc1MEMyMkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTj0R0BKhdIPJlmWmi8Vy5B818
ii/xHcQLc6MWdGROHrnUcC2vKyQYlEFEseFx0tAhQLIKLGBVwC4z+hZnxhB7rLzc
O+qyAMoAZGmkv0WZkg4rF/vrMseDSVhI3z6RHMNlUXDh8l1Kc1W5pB/KvWTkSbi0
IBBc2//JY+4NP+CKooqpY7bhSm+dYy1B27OC8/77/NvgWx5DMwM4YopEKnZK86mu
mWRwQTAcH9uxDr97Ac4yGn5wFYMz0ROsgNURVrof3dSAsZceE0A5rPTN1Wj3qk+q
tfIoZ9kI7BW/g6Vmjkvt9/tfH2tFuJbCrL7458KHa92XlVk1dD5x0w5Sst5bAgMB
AAGjggIvMIICKzAdBgNVHQ4EFgQUfleT6zKcRz08gT2pYwhKqLdQwi4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDM2NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwRQYIKwYBBQUHAQcBAf8ENjA0MDIEAgABMCwDBACUh5AD
BACUh5IDBAGUh5QDBACUh5cwDAMEAJSHnQMEAJSHngMEAJt12DANBgkqhkiG9w0B
AQsFAAOCAQEAqhEoC/4jQkNFkFSbrDn6buU4N+MKyjnaAox5QWdECb/uGb7KPOWc
zg7qbI7gUR7DqAhXiJX8tl0I5ZIoKFtqDWQvCyOsi8Dq2oMnhTMbLNuCLUGTmlyO
VB1FD8PZqOtWqm3esm+eS5oqNTVdbjZ1gZ2BmByUa/52NoveuezDjAvv+v7dO/Jl
4Mjw9mrZTEb+Sp72nM7h2udvuT68+qwE4bofuAmdz7lAnFWwGt5aN++ht9Fp8emy
rtO81pzRTtxNwKfV1Xqf45/l2JPJP7BBv+oOgYysLGt+cf1NMipt8C3iBm03ChkF
++iDqxB6PfDFsymymOQYnfQcv+RdFBux/A==
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:40:40 2025 by rpki-client