Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20115.roa
File: AS20115.roa (raw, json)
Hash identifier: x65ZfAzQhXaT9iW+RxGGlaaG86yR04nvWkgRc4IV+7A=
Subject key identifier: F7:D3:FC:F5:AC:AC:FB:86:7D:7B:F2:80:2F:E0:06:47:B9:8A:61:22
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 5BE011FE832DE5EC2F6EAD3AE579B764C07FBC6A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20115.roa
Signing time: Tue 17 Jun 2025 21:14:07 +0000
ROA not before: Tue 17 Jun 2025 21:09:07 +0000
ROA not after: Tue 16 Jun 2026 21:14:07 +0000
asID: 20115
IP address blocks: 82.21.138.0/24 maxlen: 24
82.22.136.0/22 maxlen: 24
82.22.190.0/24 maxlen: 24
82.23.140.0/23 maxlen: 24
82.23.152.0/21 maxlen: 24
82.23.162.0/23 maxlen: 24
82.24.0.0/22 maxlen: 24
82.24.31.0/24 maxlen: 24
82.24.36.0/22 maxlen: 24
82.26.174.0/24 maxlen: 24
82.27.144.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 11:27:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:e0:11:fe:83:2d:e5:ec:2f:6e:ad:3a:e5:79:b7:64:c0:7f:bc:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Jun 17 21:09:07 2025 GMT
Not After : Jun 16 21:14:07 2026 GMT
Subject: CN=F7D3FCF5ACACFB867D7BF2802FE00647B98A6122
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:ea:fd:ca:3e:83:b4:31:3a:35:79:50:04:1c:
64:98:ad:af:d1:8e:27:8d:62:b6:53:9c:cb:3d:93:
df:e2:6e:24:49:1d:3d:18:fd:c7:aa:92:e8:9d:97:
6d:8e:5c:cd:d3:be:59:eb:16:b9:b9:38:7d:11:d8:
16:ee:bf:f7:55:ee:21:20:2d:fb:b6:79:7c:59:8c:
e9:be:71:a5:61:01:ef:44:1f:9e:22:cc:86:8b:ff:
79:35:67:c7:83:51:9c:80:8b:ef:8e:43:42:55:f1:
5e:74:0e:76:57:d0:64:3d:d6:b0:cb:24:8f:81:8c:
0b:7d:41:7e:7f:49:40:74:74:57:26:68:5e:a4:b4:
3e:2f:5a:e4:ca:13:a1:ac:b4:9a:f4:54:00:c1:f7:
92:c4:be:98:7f:36:cc:36:02:ab:4e:36:62:fa:03:
14:48:e5:55:ce:81:74:d6:97:ca:fd:34:31:db:97:
39:6b:81:90:00:80:c8:50:ea:6f:9f:6f:35:6d:91:
52:a9:db:71:3c:52:4a:b8:e9:61:95:86:f8:f9:8d:
69:1e:33:25:06:0a:e9:10:e6:ae:17:39:a6:20:2f:
e5:9c:29:ff:a3:36:7e:c0:27:53:ca:02:80:39:c6:
20:5b:49:37:17:0d:0a:dc:6e:a6:ef:37:ee:45:6d:
bf:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:D3:FC:F5:AC:AC:FB:86:7D:7B:F2:80:2F:E0:06:47:B9:8A:61:22
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20115.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.138.0/24
82.22.136.0/22
82.22.190.0/24
82.23.140.0/23
82.23.152.0/21
82.23.162.0/23
82.24.0.0/22
82.24.31.0/24
82.24.36.0/22
82.26.174.0/24
82.27.144.0/20
Signature Algorithm: sha256WithRSAEncryption
3f:a0:c7:c0:a4:8f:8f:7e:a8:ea:88:d3:ca:5a:e3:09:8d:1b:
7e:39:86:56:91:fc:6a:f6:3e:56:5f:cf:84:ed:ae:0e:22:88:
fd:4a:51:87:57:41:fe:1a:f0:ae:a5:20:f6:0c:50:7e:e2:d1:
76:4e:9e:35:05:78:cf:57:32:70:bc:af:20:c5:87:ed:42:dd:
af:ae:cd:c1:58:43:af:60:18:63:c8:3d:19:53:24:44:8b:ff:
ca:6c:4f:76:16:b7:c4:0a:41:7b:77:c2:27:6f:05:3b:b0:c5:
10:db:ec:ab:8b:f6:c3:c0:3c:09:33:fd:f4:66:78:27:de:8e:
f2:8d:97:c1:1d:fa:7d:10:a5:dc:95:a8:51:d7:67:9b:6e:eb:
f6:c1:49:32:2e:a4:c8:1a:ed:d3:6f:76:eb:7e:3d:47:21:55:
8c:f5:1f:00:10:a9:e4:aa:6a:a6:eb:cb:12:a6:69:fc:67:5f:
06:02:51:2d:05:e5:c6:77:94:6d:3c:62:d6:4b:62:c9:a9:96:
05:58:47:c7:22:a3:cc:69:48:05:ea:2c:76:b6:00:53:6d:42:
7c:5f:85:b6:d7:29:df:1a:48:3d:cf:10:a6:17:81:70:55:9d:
e2:0b:3e:0f:63:c9:8a:b7:fa:7c:1a:7b:8f:a4:3c:4b:72:27:
68:04:9e:ac
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIUW+AR/oMt5ewvbq065Xm3ZMB/vGowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTcyMTA5MDdaFw0yNjA2MTYyMTE0MDdaMDMxMTAvBgNV
BAMTKEY3RDNGQ0Y1QUNBQ0ZCODY3RDdCRjI4MDJGRTAwNjQ3Qjk4QTYxMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV6v3KPoO0MTo1eVAEHGSYra/R
jieNYrZTnMs9k9/ibiRJHT0Y/ceqkuidl22OXM3TvlnrFrm5OH0R2Bbuv/dV7iEg
Lfu2eXxZjOm+caVhAe9EH54izIaL/3k1Z8eDUZyAi++OQ0JV8V50DnZX0GQ91rDL
JI+BjAt9QX5/SUB0dFcmaF6ktD4vWuTKE6GstJr0VADB95LEvph/Nsw2AqtONmL6
AxRI5VXOgXTWl8r9NDHblzlrgZAAgMhQ6m+fbzVtkVKp23E8Ukq46WGVhvj5jWke
MyUGCukQ5q4XOaYgL+WcKf+jNn7AJ1PKAoA5xiBbSTcXDQrcbqbvN+5Fbb8ZAgMB
AAGjggJFMIICQTAdBgNVHQ4EFgQU99P89ays+4Z9e/KAL+AGR7mKYSIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAxMTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwWwYIKwYBBQUHAQcBAf8ETDBKMEgEAgABMEIDBABSFYoD
BAJSFogDBABSFr4DBAFSF4wDBANSF5gDBAFSF6IDBAJSGAADBABSGB8DBAJSGCQD
BABSGq4DBARSG5AwDQYJKoZIhvcNAQELBQADggEBAD+gx8Ckj49+qOqI08pa4wmN
G345hlaR/Gr2PlZfz4Ttrg4iiP1KUYdXQf4a8K6lIPYMUH7i0XZOnjUFeM9XMnC8
ryDFh+1C3a+uzcFYQ69gGGPIPRlTJESL/8psT3YWt8QKQXt3widvBTuwxRDb7KuL
9sPAPAkz/fRmeCfejvKNl8Ed+n0QpdyVqFHXZ5tu6/bBSTIupMga7dNvdut+PUch
VYz1HwAQqeSqaqbryxKmafxnXwYCUS0F5cZ3lG08YtZLYsmplgVYR8cio8xpSAXq
LHa2AFNtQnxfhbbXKd8aSD3PEKYXgXBVneILPg9jyYq3+nwae4+kPEtyJ2gEnqw=
-----END CERTIFICATE-----
Generated at Sat Jun 28 23:48:37 2025 by rpki-client