Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
File: AS7843.roa (raw, json)
Hash identifier: X2NJw7sO/i+4PtnfgtoGLMtG15g793Rj7yxU4T/q+BY=
Subject key identifier: 9C:5E:5E:EA:30:C1:B2:D7:47:82:67:EA:FB:AE:CF:3C:88:D5:16:D4
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 3818CCC4BD7D11F1753B744228CDB3695C5FD8E4
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
Signing time: Mon 18 Aug 2025 19:04:13 +0000
ROA not before: Mon 18 Aug 2025 18:59:13 +0000
ROA not after: Mon 17 Aug 2026 19:04:13 +0000
asID: 7843
IP address blocks: 143.14.16.0/21 maxlen: 24
143.14.232.0/21 maxlen: 24
162.141.2.0/23 maxlen: 24
162.141.6.0/23 maxlen: 24
162.141.22.0/23 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.76.0/23 maxlen: 24
162.141.134.0/23 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.156.0/23 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
162.141.192.0/21 maxlen: 24
162.141.200.0/21 maxlen: 24
162.141.208.0/21 maxlen: 24
162.141.216.0/21 maxlen: 24
162.141.224.0/21 maxlen: 24
162.141.232.0/21 maxlen: 24
162.141.240.0/21 maxlen: 24
162.141.248.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.24.0/22 maxlen: 24
167.148.36.0/22 maxlen: 24
167.148.44.0/23 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.60.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.120.0/22 maxlen: 24
167.148.145.0/24 maxlen: 24
167.148.168.0/22 maxlen: 24
167.148.224.0/21 maxlen: 24
167.148.232.0/21 maxlen: 24
167.148.240.0/21 maxlen: 24
167.148.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:18:cc:c4:bd:7d:11:f1:75:3b:74:42:28:cd:b3:69:5c:5f:d8:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Aug 18 18:59:13 2025 GMT
Not After : Aug 17 19:04:13 2026 GMT
Subject: CN=9C5E5EEA30C1B2D7478267EAFBAECF3C88D516D4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:6a:df:03:d8:2f:02:1a:d9:93:4b:6f:f4:ac:
90:e5:79:dd:2b:e1:27:90:dc:8f:56:1c:ec:e6:6f:
ab:4b:a6:20:f1:ca:4f:0c:4d:34:58:77:91:d5:b7:
ae:e9:33:9b:68:9b:98:05:18:0d:ea:cb:b6:c3:25:
92:60:6f:39:59:98:45:6d:6b:13:a3:bb:ba:a2:f2:
59:92:53:6c:10:c6:e8:51:d6:9d:f5:8d:ce:67:0e:
99:b2:24:cc:05:c9:6a:6a:f4:1d:ec:bb:40:ff:5f:
b0:f2:0d:be:88:2e:8a:ba:92:1c:11:a3:bf:9a:50:
54:c6:3a:7c:a0:3c:06:ea:b9:07:79:dd:e2:ab:d2:
f2:98:c8:72:cc:65:3e:79:6b:cb:44:2e:fd:f3:34:
19:5a:eb:03:bf:89:65:14:3f:07:20:1a:5f:d6:01:
34:42:4b:91:37:f5:c2:cb:6a:a8:56:8e:97:95:97:
f3:68:58:33:5e:9d:c7:83:b7:f5:2b:ba:08:0e:29:
5e:eb:b9:6e:3d:3b:ac:bc:84:fe:29:9e:7c:57:5c:
d6:b4:30:e0:49:49:5c:11:67:ed:ae:a5:b4:3f:a7:
3a:04:9a:01:8b:38:ae:8b:5d:12:ec:26:86:aa:3c:
79:b1:b2:08:49:b5:b1:3c:34:14:6f:84:ff:86:94:
f0:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:5E:5E:EA:30:C1:B2:D7:47:82:67:EA:FB:AE:CF:3C:88:D5:16:D4
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.16.0/21
143.14.232.0/21
162.141.2.0/23
162.141.6.0/23
162.141.22.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0-162.141.77.255
162.141.134.0/23
162.141.144.0/21
162.141.156.0/23
162.141.168.0/21
162.141.184.0-162.141.255.255
167.148.16.0-167.148.27.255
167.148.36.0/22
167.148.44.0/23
167.148.48.0-167.148.67.255
167.148.76.0/22
167.148.88.0/21
167.148.108.0/22
167.148.120.0/22
167.148.145.0/24
167.148.168.0/22
167.148.224.0/19
Signature Algorithm: sha256WithRSAEncryption
34:03:d4:ea:41:ee:4f:a2:b7:ff:d8:bb:53:e5:26:d1:9c:6b:
4d:87:ab:f4:d7:33:98:a7:f6:19:c5:ec:08:e7:90:e8:f6:55:
88:f6:d1:0f:e0:99:7c:ee:c4:d9:ed:d3:c4:05:dd:ff:22:23:
b1:d0:c0:ad:69:7a:c1:f5:b6:7d:7e:d4:cd:d0:e6:86:3a:2f:
5f:7d:8c:11:34:55:80:ec:79:22:21:89:f9:c0:ed:11:f0:98:
18:86:0e:42:67:95:b9:0d:a9:8f:b9:c7:5d:1c:5d:d0:06:af:
4e:f4:38:d8:d3:4f:14:1e:00:65:10:f9:1c:90:a2:16:c7:28:
67:9d:4b:ec:16:cc:de:0f:72:db:4e:2f:4d:d1:24:61:bc:61:
a1:84:57:a9:96:77:6a:21:c7:42:82:bc:d5:a3:bc:ea:8c:0c:
1e:2d:14:d0:38:b7:94:16:7e:b1:d2:e8:a8:d6:87:03:40:5f:
b1:5f:e4:44:3a:b7:c4:fc:8c:a9:cc:0e:a8:fe:fe:7f:4b:46:
22:12:6a:65:70:6e:65:b8:a7:9f:a7:0f:fb:46:d9:b7:1f:33:
a9:10:28:11:04:b4:28:5d:da:11:0c:99:f7:34:7e:ea:96:e5:
31:b4:2f:4c:d0:38:80:ca:b8:6c:e4:66:3e:43:f7:55:be:0c:
4a:70:0a:3b
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIUOBjMxL19EfF1O3RCKM2zaVxf2OQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MTgxODU5MTNaFw0yNjA4MTcxOTA0MTNaMDMxMTAvBgNV
BAMTKDlDNUU1RUVBMzBDMUIyRDc0NzgyNjdFQUZCQUVDRjNDODhENTE2RDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRat8D2C8CGtmTS2/0rJDled0r
4SeQ3I9WHOzmb6tLpiDxyk8MTTRYd5HVt67pM5tom5gFGA3qy7bDJZJgbzlZmEVt
axOju7qi8lmSU2wQxuhR1p31jc5nDpmyJMwFyWpq9B3su0D/X7DyDb6ILoq6khwR
o7+aUFTGOnygPAbquQd53eKr0vKYyHLMZT55a8tELv3zNBla6wO/iWUUPwcgGl/W
ATRCS5E39cLLaqhWjpeVl/NoWDNenceDt/UruggOKV7ruW49O6y8hP4pnnxXXNa0
MOBJSVwRZ+2upbQ/pzoEmgGLOK6LXRLsJoaqPHmxsghJtbE8NBRvhP+GlPBTAgMB
AAGjggK+MIICujAdBgNVHQ4EFgQUnF5e6jDBstdHgmfq+67PPIjVFtQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNzg0My5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCB1AYIKwYBBQUHAQcBAf8EgcQwgcEwgb4EAgABMIG3AwQD
jw4QAwQDjw7oAwQBoo0CAwQBoo0GMAwDBAGijRYDBAKijSADBAKijSgDBAOijTgw
DAMEA6KNSAMEAaKNTAMEAaKNhgMEA6KNkAMEAaKNnAMEA6KNqDALAwQDoo24AwMB
oowwDAMEBKeUEAMEAqeUGAMEAqeUJAMEAaeULDAMAwQEp5QwAwQCp5RAAwQCp5RM
AwQDp5RYAwQCp5RsAwQCp5R4AwQAp5SRAwQCp5SoAwQFp5TgMA0GCSqGSIb3DQEB
CwUAA4IBAQA0A9TqQe5Porf/2LtT5SbRnGtNh6v01zOYp/YZxewI55Do9lWI9tEP
4Jl87sTZ7dPEBd3/IiOx0MCtaXrB9bZ9ftTN0OaGOi9ffYwRNFWA7HkiIYn5wO0R
8JgYhg5CZ5W5DamPucddHF3QBq9O9DjY008UHgBlEPkckKIWxyhnnUvsFszeD3Lb
Ti9N0SRhvGGhhFeplndqIcdCgrzVo7zqjAweLRTQOLeUFn6x0uio1ocDQF+xX+RE
OrfE/IypzA6o/v5/S0YiEmplcG5luKefpw/7Rtm3HzOpECgRBLQoXdoRDJn3NH7q
luUxtC9M0DiAyrhs5GY+Q/dVvgxKcAo7
-----END CERTIFICATE-----
Generated at Sat Aug 23 12:53:35 2025 by rpki-client