Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS43641.roa
File: AS43641.roa (raw, json)
Hash identifier: zty51B6zYcmud/3jYustOz6ssGI+MNxVdQp1jVvRQQk=
Subject key identifier: 53:6B:F7:27:7A:B5:54:59:D4:1E:F9:E1:92:CD:EC:8B:68:93:E5:1C
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 4F9EB2599DE453D3414CDF0C3920EE41BD9917D6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS43641.roa
Signing time: Sun 12 Oct 2025 10:34:28 +0000
ROA not before: Sun 12 Oct 2025 10:29:28 +0000
ROA not after: Sun 11 Oct 2026 10:34:28 +0000
asID: 43641
IP address blocks: 148.135.144.0/24 maxlen: 24
148.135.146.0/24 maxlen: 24
148.135.148.0/24 maxlen: 24
148.135.149.0/24 maxlen: 24
148.135.151.0/24 maxlen: 24
148.135.157.0/24 maxlen: 24
148.135.158.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 15:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4f:9e:b2:59:9d:e4:53:d3:41:4c:df:0c:39:20:ee:41:bd:99:17:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 12 10:29:28 2025 GMT
Not After : Oct 11 10:34:28 2026 GMT
Subject: CN=536BF7277AB55459D41EF9E192CDEC8B6893E51C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:0b:fc:0e:ec:c2:e0:1c:50:c5:05:fc:b6:1d:
c1:1e:9e:41:da:de:d9:33:ae:4a:8f:be:5b:9e:c3:
98:dc:c5:00:8b:7f:0f:25:04:0f:b1:d2:75:1e:75:
a8:68:1d:9e:c4:01:62:bb:ee:da:ff:f7:10:8d:5f:
11:82:e6:12:bb:23:72:0f:c4:e7:04:4b:0c:ce:f6:
8e:0a:c9:34:f5:a2:8a:52:51:80:c5:d3:36:37:b9:
e6:06:64:b1:c3:6a:bf:7c:f0:c1:69:43:82:6f:66:
19:45:00:a4:8c:d7:84:19:c2:96:ed:d9:6f:fa:68:
78:5f:a0:cd:d0:61:b6:da:1e:f9:2b:61:66:55:1d:
76:ed:5c:c7:7b:45:21:be:a6:bf:24:01:3a:a9:58:
cc:56:48:e5:47:0d:bc:47:26:67:54:3e:3e:c0:97:
0f:09:e3:a1:20:34:fa:3a:cc:33:22:20:9e:c2:43:
12:ca:80:1b:f3:0f:84:ec:03:e7:cf:1a:78:89:8a:
df:e6:10:78:bf:46:63:ca:a3:3d:73:96:16:b9:16:
f4:7b:9c:af:25:d5:16:9c:1b:18:7a:d1:90:fe:ad:
c8:9f:53:69:93:fd:e3:d0:5c:1d:8d:69:92:f8:9a:
9b:f6:79:b5:16:af:f6:1d:50:8e:ec:68:0c:66:3e:
d6:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:6B:F7:27:7A:B5:54:59:D4:1E:F9:E1:92:CD:EC:8B:68:93:E5:1C
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS43641.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
148.135.144.0/24
148.135.146.0/24
148.135.148.0/23
148.135.151.0/24
148.135.157.0-148.135.158.255
Signature Algorithm: sha256WithRSAEncryption
95:c9:61:b3:4e:4d:ff:62:de:47:0f:8a:b5:3a:4f:30:76:32:
b2:5e:b6:2b:47:5e:4b:d0:4b:d3:bf:d8:43:d9:48:e7:1d:90:
d4:6b:0a:da:81:4f:72:cb:95:e9:72:10:98:48:b3:31:57:f8:
5a:15:6a:04:55:37:45:10:ff:db:51:b2:86:dc:80:3c:fb:99:
47:44:5e:e1:85:9d:65:66:66:ee:a3:61:15:62:e1:9a:8b:92:
dd:59:8e:66:0c:e9:81:3a:ef:49:f9:59:58:83:6a:45:29:9e:
9f:9e:ef:f8:53:c6:60:2b:e7:09:bc:44:37:4b:81:6b:c1:0a:
b7:d9:9e:77:c3:5c:ba:d1:83:29:c9:5e:77:ee:cc:a5:53:1d:
ab:d1:7e:8f:f8:b1:ce:aa:53:c7:cc:6b:46:c3:8c:f2:13:fc:
09:be:b2:05:c4:ce:93:79:63:2c:25:82:24:74:9d:b0:ac:bd:
34:3d:33:53:1e:54:4a:82:cf:b1:d5:44:b0:fc:b5:58:8b:c2:
cf:26:0d:5f:ce:24:a9:16:84:0c:71:ae:b5:00:e4:54:39:18:
cc:fe:83:cc:9c:62:b0:e5:fe:c5:da:2e:eb:97:45:c0:9e:aa:
65:19:58:5c:96:d4:df:a9:91:b7:ca:95:ec:63:ef:54:6c:2f:
e8:63:b0:54
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIUT56yWZ3kU9NBTN8MOSDuQb2ZF9YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMTIxMDI5MjhaFw0yNjEwMTExMDM0MjhaMDMxMTAvBgNV
BAMTKDUzNkJGNzI3N0FCNTU0NTlENDFFRjlFMTkyQ0RFQzhCNjg5M0U1MUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLC/wO7MLgHFDFBfy2HcEenkHa
3tkzrkqPvluew5jcxQCLfw8lBA+x0nUedahoHZ7EAWK77tr/9xCNXxGC5hK7I3IP
xOcESwzO9o4KyTT1oopSUYDF0zY3ueYGZLHDar988MFpQ4JvZhlFAKSM14QZwpbt
2W/6aHhfoM3QYbbaHvkrYWZVHXbtXMd7RSG+pr8kATqpWMxWSOVHDbxHJmdUPj7A
lw8J46EgNPo6zDMiIJ7CQxLKgBvzD4TsA+fPGniJit/mEHi/RmPKoz1zlha5FvR7
nK8l1RacGxh60ZD+rcifU2mT/ePQXB2NaZL4mpv2ebUWr/YdUI7saAxmPtaPAgMB
AAGjggIpMIICJTAdBgNVHQ4EFgQUU2v3J3q1VFnUHvnhks3si2iT5RwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDM2NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPwYIKwYBBQUHAQcBAf8EMDAuMCwEAgABMCYDBACUh5AD
BACUh5IDBAGUh5QDBACUh5cwDAMEAJSHnQMEAJSHnjANBgkqhkiG9w0BAQsFAAOC
AQEAlclhs05N/2LeRw+KtTpPMHYysl62K0deS9BL07/YQ9lI5x2Q1GsK2oFPcsuV
6XIQmEizMVf4WhVqBFU3RRD/21GyhtyAPPuZR0Re4YWdZWZm7qNhFWLhmouS3VmO
ZgzpgTrvSflZWINqRSmen57v+FPGYCvnCbxEN0uBa8EKt9med8NcutGDKcled+7M
pVMdq9F+j/ixzqpTx8xrRsOM8hP8Cb6yBcTOk3ljLCWCJHSdsKy9ND0zUx5USoLP
sdVEsPy1WIvCzyYNX84kqRaEDHGutQDkVDkYzP6DzJxisOX+xdou65dFwJ6qZRlY
XJbU36mRt8qV7GPvVGwv6GOwVA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:50:02 2025 by rpki-client