Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20115.roa
File: AS20115.roa (raw, json)
Hash identifier: p+6lQucQ7J722mj8VuUbBvHTghaaTRjrBNc2A/ThRUM=
Subject key identifier: D0:93:36:00:E0:88:69:6A:57:8F:E6:3F:E7:50:33:C8:04:15:70:6D
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 0DA2B3FCD1907DFFC0BC4BE474FE9878226AE4F6
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20115.roa
Signing time: Fri 26 Sep 2025 00:07:00 +0000
ROA not before: Fri 26 Sep 2025 00:02:00 +0000
ROA not after: Fri 25 Sep 2026 00:07:00 +0000
asID: 20115
IP address blocks: 82.22.136.0/22 maxlen: 24
82.23.140.0/23 maxlen: 24
82.23.152.0/21 maxlen: 24
82.24.36.0/22 maxlen: 24
82.27.144.0/20 maxlen: 24
82.29.30.0/23 maxlen: 24
82.29.144.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:a2:b3:fc:d1:90:7d:ff:c0:bc:4b:e4:74:fe:98:78:22:6a:e4:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Sep 26 00:02:00 2025 GMT
Not After : Sep 25 00:07:00 2026 GMT
Subject: CN=D0933600E088696A578FE63FE75033C80415706D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:ab:e7:c6:44:34:f2:64:11:a2:a8:57:46:98:
22:a8:4a:48:67:8a:f1:d4:89:4e:c4:36:2c:43:6c:
54:cd:d9:ee:c8:33:a1:bd:33:13:e0:b4:75:db:86:
08:87:78:98:f1:a2:b1:21:17:2a:ca:2b:22:d3:fd:
b7:e0:01:2a:a0:fc:85:d1:e5:d8:ca:bf:8c:88:61:
d6:4d:6a:e3:ba:53:ac:5a:28:dc:87:2d:30:6b:cc:
e5:95:fd:d0:f4:96:1a:bf:53:a7:b6:56:36:b3:4e:
f6:e0:f2:9a:37:26:49:76:2f:c7:26:3b:97:da:0e:
2e:43:33:46:c5:7e:97:d3:63:af:72:93:a6:9a:26:
5e:39:08:c7:18:e0:db:7a:c8:6d:ba:1f:96:61:3c:
32:40:28:85:12:c7:93:fc:21:4f:fc:3a:c7:67:2a:
39:79:b0:72:4a:01:37:f1:e4:86:6e:73:39:08:4e:
43:0d:64:4c:4e:c5:11:82:1b:6a:e3:ec:4f:bb:1f:
f4:f8:a1:2b:33:aa:24:82:e6:4b:ef:70:30:53:c0:
f9:7e:73:68:39:fe:33:33:ed:cc:37:21:87:68:5f:
68:2c:5a:96:7b:d7:dd:ee:8a:4b:96:62:88:41:fe:
98:2c:1c:ec:e6:98:e9:9c:9d:b0:e8:bc:b1:3b:9c:
2a:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:93:36:00:E0:88:69:6A:57:8F:E6:3F:E7:50:33:C8:04:15:70:6D
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20115.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.22.136.0/22
82.23.140.0/23
82.23.152.0/21
82.24.36.0/22
82.27.144.0/20
82.29.30.0/23
82.29.144.0/22
Signature Algorithm: sha256WithRSAEncryption
a9:72:20:e9:57:4a:76:17:d8:8c:bf:08:8d:e4:06:9f:09:b9:
8a:33:b7:69:2e:d1:d1:a9:9c:85:df:4e:bf:31:3e:5d:ef:17:
e2:05:ce:80:e3:ab:9b:95:58:9b:18:00:61:c6:48:75:fb:89:
bf:ec:0d:29:dd:9b:05:d3:fa:a9:4e:bc:3b:7d:78:c2:a1:bd:
2c:3f:2d:fb:36:7f:e0:56:14:e7:88:79:f3:85:08:32:fc:cb:
a4:d0:9c:a8:75:e3:53:84:95:7d:d8:7f:de:07:19:47:e3:a6:
6d:74:69:d9:19:c1:1e:26:3b:ad:69:f5:83:f5:96:79:82:e1:
79:0d:9c:34:89:72:45:67:56:cb:55:9e:d4:ca:21:5a:81:8a:
cf:2b:df:b2:0e:1a:77:1e:2b:15:9f:45:7b:06:4b:fd:5c:76:
bc:9a:df:6a:6c:b4:ea:c1:0c:bf:0b:59:8e:c5:96:32:50:96:
1f:6e:74:b9:f6:28:01:8d:27:f7:3c:b2:3f:82:e4:46:a6:93:
8f:de:38:15:b5:ea:c3:73:5a:1b:6c:10:85:0d:1e:54:23:36:
1a:b3:c5:63:73:e5:24:ce:74:a0:14:f2:8f:48:db:aa:d3:bb:
e8:76:8b:eb:bf:d5:35:0f:b4:16:d3:24:a0:f4:fd:f5:7a:9c:
9e:24:69:75
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIUDaKz/NGQff/AvEvkdP6YeCJq5PYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MjYwMDAyMDBaFw0yNjA5MjUwMDA3MDBaMDMxMTAvBgNV
BAMTKEQwOTMzNjAwRTA4ODY5NkE1NzhGRTYzRkU3NTAzM0M4MDQxNTcwNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrq+fGRDTyZBGiqFdGmCKoSkhn
ivHUiU7ENixDbFTN2e7IM6G9MxPgtHXbhgiHeJjxorEhFyrKKyLT/bfgASqg/IXR
5djKv4yIYdZNauO6U6xaKNyHLTBrzOWV/dD0lhq/U6e2VjazTvbg8po3Jkl2L8cm
O5faDi5DM0bFfpfTY69yk6aaJl45CMcY4Nt6yG26H5ZhPDJAKIUSx5P8IU/8Osdn
Kjl5sHJKATfx5IZuczkITkMNZExOxRGCG2rj7E+7H/T4oSszqiSC5kvvcDBTwPl+
c2g5/jMz7cw3IYdoX2gsWpZ7193uikuWYohB/pgsHOzmmOmcnbDovLE7nCr1AgMB
AAGjggItMIICKTAdBgNVHQ4EFgQU0JM2AOCIaWpXj+Y/51AzyAQVcG0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAxMTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQwYIKwYBBQUHAQcBAf8ENDAyMDAEAgABMCoDBAJSFogD
BAFSF4wDBANSF5gDBAJSGCQDBARSG5ADBAFSHR4DBAJSHZAwDQYJKoZIhvcNAQEL
BQADggEBAKlyIOlXSnYX2Iy/CI3kBp8JuYozt2ku0dGpnIXfTr8xPl3vF+IFzoDj
q5uVWJsYAGHGSHX7ib/sDSndmwXT+qlOvDt9eMKhvSw/Lfs2f+BWFOeIefOFCDL8
y6TQnKh141OElX3Yf94HGUfjpm10adkZwR4mO61p9YP1lnmC4XkNnDSJckVnVstV
ntTKIVqBis8r37IOGnceKxWfRXsGS/1cdrya32pstOrBDL8LWY7FljJQlh9udLn2
KAGNJ/c8sj+C5Eamk4/eOBW16sNzWhtsEIUNHlQjNhqzxWNz5STOdKAU8o9I26rT
u+h2i+u/1TUPtBbTJKD0/fV6nJ4kaXU=
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:42:55 2025 by rpki-client