Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS8820.roa
File: AS8820.roa (raw, json)
Hash identifier: Mdc8odFNQPiW61JF0ebULuFSJ2w2/U693bJg+5MesSI=
Subject key identifier: F1:72:1A:C3:95:E8:1D:EF:BA:1D:47:CE:AE:E4:10:8B:22:22:ED:91
Certificate issuer: /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial: 3C319FDDAF345001F047C40DABCFBA380D8B86E0
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS8820.roa
Signing time: Tue 30 Sep 2025 10:03:13 +0000
ROA not before: Tue 30 Sep 2025 09:58:13 +0000
ROA not after: Tue 29 Sep 2026 10:03:13 +0000
asID: 8820
IP address blocks: 78.41.48.0/22 maxlen: 24
81.92.0.0/20 maxlen: 24
82.139.196.0/22 maxlen: 24
82.139.200.0/22 maxlen: 24
82.139.222.0/23 maxlen: 24
82.139.252.0/22 maxlen: 24
195.8.224.0/19 maxlen: 24
195.8.253.0/24 maxlen: 24
195.8.254.2/31 maxlen: 32
212.17.224.0/19 maxlen: 24
212.60.128.0/19 maxlen: 24
213.240.128.0/18 maxlen: 24
2a01:170::/32 maxlen: 64
2a01:170:1000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 06:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:31:9f:dd:af:34:50:01:f0:47:c4:0d:ab:cf:ba:38:0d:8b:86:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Validity
Not Before: Sep 30 09:58:13 2025 GMT
Not After : Sep 29 10:03:13 2026 GMT
Subject: CN=F1721AC395E81DEFBA1D47CEAEE4108B2222ED91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:0e:58:4b:47:b3:50:e0:97:c7:47:ea:10:2d:
09:ed:84:15:61:6e:29:d1:3a:51:30:19:ef:be:0e:
ed:b3:1a:ef:9b:1f:6a:14:62:f8:71:18:0d:65:97:
77:08:cd:fe:3a:f6:2e:c3:af:14:38:cb:ce:37:82:
46:42:ea:cc:87:42:25:4b:14:fb:ca:27:1b:89:21:
c5:6e:86:71:df:7c:6c:d1:9d:e5:45:6c:a0:60:20:
65:82:b5:81:ef:db:e5:5f:8c:57:8e:1d:b7:fb:38:
2d:25:b4:bf:21:33:ba:59:15:c8:67:8c:9f:7a:de:
ba:f9:42:91:c9:e2:b4:4f:68:0e:16:b0:3a:45:12:
8c:22:5c:bf:c6:42:22:8e:fe:5a:4d:5e:72:5a:45:
0e:95:c8:95:fd:92:bb:b6:ab:b8:01:0c:8b:06:83:
9c:e5:a8:bb:69:42:0f:8d:c4:e7:7f:1e:d5:f2:62:
d8:90:1b:bb:27:4f:ab:c3:bc:2d:c1:47:fd:71:66:
32:f2:c9:64:02:21:fb:f8:6b:15:08:3a:f1:81:5b:
30:33:84:97:cb:94:90:1e:17:24:b5:83:be:04:de:
e7:a2:cf:cc:45:87:66:e5:70:48:01:7b:6f:98:32:
02:03:02:21:ef:18:05:d9:bc:2d:4c:8f:66:dd:4e:
36:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:72:1A:C3:95:E8:1D:EF:BA:1D:47:CE:AE:E4:10:8B:22:22:ED:91
X509v3 Authority Key Identifier:
keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS8820.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.41.48.0/22
81.92.0.0/20
82.139.196.0-82.139.203.255
82.139.222.0/23
82.139.252.0/22
195.8.224.0/19
212.17.224.0/19
212.60.128.0/19
213.240.128.0/18
IPv6:
2a01:170::/32
Signature Algorithm: sha256WithRSAEncryption
36:7d:84:f5:73:e6:77:98:66:05:30:97:db:c3:5d:f3:de:63:
66:cd:07:cf:c3:df:da:c7:1d:59:d0:36:76:ea:77:6c:3d:29:
d5:fc:0f:56:68:bf:58:51:b8:d9:4e:01:b8:fd:21:b8:6d:60:
01:62:23:9c:6c:a1:90:df:88:ef:60:6b:e4:87:1b:c6:58:7e:
96:93:f6:8d:0a:fc:32:4c:e6:fa:a4:b2:e1:4e:56:eb:f8:a4:
fe:c0:61:9b:de:06:2f:2b:c7:bf:1c:4c:3f:9e:42:85:71:3c:
61:8e:3e:2d:08:b3:50:d1:0a:fd:09:23:7c:d3:bc:a3:c0:0d:
50:1d:17:62:78:98:3f:6f:c7:b2:ab:c8:65:9c:1d:ed:2e:95:
53:1b:b9:05:00:79:8d:67:25:e0:93:c1:83:ac:f8:15:be:97:
c5:ff:a1:b8:ec:f9:bd:d1:bb:bd:18:03:67:d0:07:97:2e:07:
02:85:86:59:4d:cc:2c:b8:c3:61:24:0f:38:20:90:2a:8d:8c:
27:d1:48:eb:2c:03:16:4b:6a:28:9e:51:ba:07:87:ba:51:cf:
c0:ba:cd:b9:79:a2:b8:b7:d5:9e:8f:69:ff:68:c0:dd:f8:3d:
86:00:a4:0d:8c:c6:33:21:2c:14:d3:e9:03:19:be:8e:eb:2f:
d1:2f:6c:23
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgIUPDGf3a80UAHwR8QNq8+6OA2LhuAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTNaFw0yNjA5MjkxMDAzMTNaMDMxMTAvBgNV
BAMTKEYxNzIxQUMzOTVFODFERUZCQTFENDdDRUFFRTQxMDhCMjIyMkVEOTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0DlhLR7NQ4JfHR+oQLQnthBVh
binROlEwGe++Du2zGu+bH2oUYvhxGA1ll3cIzf469i7DrxQ4y843gkZC6syHQiVL
FPvKJxuJIcVuhnHffGzRneVFbKBgIGWCtYHv2+VfjFeOHbf7OC0ltL8hM7pZFchn
jJ963rr5QpHJ4rRPaA4WsDpFEowiXL/GQiKO/lpNXnJaRQ6VyJX9kru2q7gBDIsG
g5zlqLtpQg+NxOd/HtXyYtiQG7snT6vDvC3BR/1xZjLyyWQCIfv4axUIOvGBWzAz
hJfLlJAeFyS1g74E3ueiz8xFh2blcEgBe2+YMgIDAiHvGAXZvC1Mj2bdTjaDAgMB
AAGjggJPMIICSzAdBgNVHQ4EFgQU8XIaw5XoHe+6HUfOruQQiyIi7ZEwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTODgyMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBmBggrBgEFBQcBBwEB/wRXMFUwRAQCAAEwPgMEAk4pMAME
BFFcADAMAwQCUovEAwQCUovIAwQBUoveAwQCUov8AwQFwwjgAwQF1BHgAwQF1DyA
AwQG1fCAMA0EAgACMAcDBQAqAQFwMA0GCSqGSIb3DQEBCwUAA4IBAQA2fYT1c+Z3
mGYFMJfbw13z3mNmzQfPw9/axx1Z0DZ26ndsPSnV/A9WaL9YUbjZTgG4/SG4bWAB
YiOcbKGQ34jvYGvkhxvGWH6Wk/aNCvwyTOb6pLLhTlbr+KT+wGGb3gYvK8e/HEw/
nkKFcTxhjj4tCLNQ0Qr9CSN807yjwA1QHRdieJg/b8eyq8hlnB3tLpVTG7kFAHmN
ZyXgk8GDrPgVvpfF/6G47Pm90bu9GANn0AeXLgcChYZZTcwsuMNhJA84IJAqjYwn
0UjrLAMWS2oonlG6B4e6Uc/Aus25eaK4t9Wej2n/aMDd+D2GAKQNjMYzISwU0+kD
Gb6O6y/RL2wj
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:25:13 2025 by rpki-client