Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: n8Mqd9VlrOZEehq9gYDwBH2VKRqUcLn7I70n8l/9NXs=
Subject key identifier: 6C:BE:AC:A8:24:35:2D:71:1E:E3:94:83:FF:B8:05:B2:2D:A8:96:14
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 3BABE0FDC248672350972E9030785EDF9BF68C6F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
Signing time: Fri 08 Aug 2025 10:12:02 +0000
ROA not before: Fri 08 Aug 2025 10:07:02 +0000
ROA not after: Fri 07 Aug 2026 10:12:02 +0000
asID: 20473
IP address blocks: 45.87.187.0/24 maxlen: 24
181.215.70.0/24 maxlen: 24
191.101.223.0/24 maxlen: 24
213.109.169.0/24 maxlen: 24
2a0b:500::/32 maxlen: 48
2a0b:501::/32 maxlen: 48
2a0b:502::/32 maxlen: 48
2a0b:503::/32 maxlen: 48
2a0b:504::/32 maxlen: 48
2a0b:505::/32 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 06:23:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:ab:e0:fd:c2:48:67:23:50:97:2e:90:30:78:5e:df:9b:f6:8c:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Aug 8 10:07:02 2025 GMT
Not After : Aug 7 10:12:02 2026 GMT
Subject: CN=6CBEACA824352D711EE39483FFB805B22DA89614
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:a3:63:73:17:a8:72:75:89:2b:d3:ef:aa:67:
bb:41:a4:62:d9:14:97:95:1e:f8:5a:44:dd:28:fc:
e5:45:ad:c7:05:37:38:93:90:bf:3b:4a:c4:dc:21:
85:32:f8:41:ee:49:17:8e:93:4b:d7:78:b7:ba:43:
af:c9:8d:5c:82:53:5a:6f:00:ef:30:42:27:6e:87:
15:6c:2c:84:60:15:5d:c0:e5:16:8a:b4:2d:83:4a:
bb:1a:5e:5e:8c:cf:c3:b8:95:1b:4c:80:95:dd:68:
65:da:c9:2e:21:eb:14:a1:d5:4b:05:cf:88:63:f8:
15:61:8f:73:cd:1c:6d:2a:90:0e:30:10:93:cc:7f:
ac:e0:5a:31:33:15:21:f5:5c:c4:9e:72:2a:49:c8:
73:b7:19:8d:cc:a6:53:24:d8:63:a6:f0:7b:e4:30:
a0:02:49:83:36:07:8a:a6:52:03:59:fb:56:56:86:
97:f0:2c:b1:99:df:c6:2d:c1:0e:2f:07:09:40:19:
f6:d7:56:9b:32:a6:7b:02:4c:39:35:b0:47:f2:4d:
0d:23:43:af:cc:8f:f5:91:ae:89:37:fd:27:6a:c4:
e4:fe:16:21:8a:df:ce:48:24:4f:39:f9:3d:7b:d5:
bf:ab:81:b4:df:cc:b9:12:a4:7d:67:bc:a6:0e:9b:
db:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:BE:AC:A8:24:35:2D:71:1E:E3:94:83:FF:B8:05:B2:2D:A8:96:14
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.187.0/24
181.215.70.0/24
191.101.223.0/24
213.109.169.0/24
IPv6:
2a0b:500::-2a0b:505:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
34:81:63:7d:0c:1e:67:75:45:0c:e8:cf:c6:92:d9:49:14:dc:
db:75:e8:70:30:78:05:59:56:b9:f1:7d:7d:2c:0a:d2:7f:1f:
05:f4:6e:3b:0e:df:23:49:5d:b9:ae:01:8e:84:64:8b:dc:25:
57:d1:b2:8f:29:12:aa:45:be:b5:57:15:7a:19:ee:9a:7b:c9:
d2:4a:4c:5e:d0:35:bf:8b:d4:fa:b4:6a:93:7d:86:fb:fc:11:
a3:24:9c:13:9a:b4:a8:83:c3:11:c9:b5:89:0a:00:d1:88:dc:
3b:38:18:a6:e7:1c:f0:d3:4d:e5:38:91:b8:57:8b:da:4d:b6:
be:b2:53:c0:5f:6c:19:d8:d0:b2:8c:74:8e:ed:01:a4:43:71:
d7:0b:46:1c:15:ae:ad:e8:da:b6:26:ad:b2:9d:94:b6:6d:5f:
b4:9d:21:e8:79:b5:9f:9e:bb:e0:82:48:cc:66:15:49:16:c5:
a3:8c:f6:fd:f3:4d:7b:e8:0b:6e:70:0e:8c:49:36:da:5b:d7:
26:79:aa:5f:8f:37:e3:a0:eb:b2:86:b7:77:d7:71:00:23:77:
f7:49:a7:12:aa:5a:05:ca:a9:0b:fd:35:8a:5d:00:52:10:dc:
ab:22:cd:6c:c7:70:59:49:bf:0b:12:74:61:18:ba:6e:63:14:
1f:6b:b2:1b
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUO6vg/cJIZyNQly6QMHhe35v2jG8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MDgxMDA3MDJaFw0yNjA4MDcxMDEyMDJaMDMxMTAvBgNV
BAMTKDZDQkVBQ0E4MjQzNTJENzExRUUzOTQ4M0ZGQjgwNUIyMkRBODk2MTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXo2NzF6hydYkr0++qZ7tBpGLZ
FJeVHvhaRN0o/OVFrccFNziTkL87SsTcIYUy+EHuSReOk0vXeLe6Q6/JjVyCU1pv
AO8wQiduhxVsLIRgFV3A5RaKtC2DSrsaXl6Mz8O4lRtMgJXdaGXayS4h6xSh1UsF
z4hj+BVhj3PNHG0qkA4wEJPMf6zgWjEzFSH1XMSecipJyHO3GY3MplMk2GOm8Hvk
MKACSYM2B4qmUgNZ+1ZWhpfwLLGZ38YtwQ4vBwlAGfbXVpsypnsCTDk1sEfyTQ0j
Q6/Mj/WRrok3/SdqxOT+FiGK385IJE85+T171b+rgbTfzLkSpH1nvKYOm9sTAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQUbL6sqCQ1LXEe45SD/7gFsi2olhQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSAYIKwYBBQUHAQcBAf8EOTA3MB4EAgABMBgDBAAtV7sD
BAC110YDBAC/Zd8DBADVbakwFQQCAAIwDzANAwQAKgsFAwUBKgsFBDANBgkqhkiG
9w0BAQsFAAOCAQEANIFjfQweZ3VFDOjPxpLZSRTc23XocDB4BVlWufF9fSwK0n8f
BfRuOw7fI0ldua4BjoRki9wlV9GyjykSqkW+tVcVehnumnvJ0kpMXtA1v4vU+rRq
k32G+/wRoyScE5q0qIPDEcm1iQoA0YjcOzgYpucc8NNN5TiRuFeL2k22vrJTwF9s
GdjQsox0ju0BpENx1wtGHBWurejatiatsp2Utm1ftJ0h6Hm1n5674IJIzGYVSRbF
o4z2/fNNe+gLbnAOjEk22lvXJnmqX48346Drsoa3d9dxACN390mnEqpaBcqpC/01
il0AUhDcqyLNbMdwWUm/CxJ0YRi6bmMUH2uyGw==
-----END CERTIFICATE-----
Generated at Sat Aug 23 16:49:41 2025 by rpki-client