Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: j7kpp6nss01T02y1L+AUqr9G+OFCZmAkVMrnJmbyigQ=
Subject key identifier: 2F:1B:94:1D:08:29:F4:A6:DD:1F:89:60:67:26:F2:1F:5C:89:DD:3C
Certificate issuer: /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial: 147189E9E2509FF19E86A895C46B985BD5A6E595
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS20473.roa
Signing time: Tue 19 Aug 2025 08:03:43 +0000
ROA not before: Tue 19 Aug 2025 07:58:43 +0000
ROA not after: Tue 18 Aug 2026 08:03:43 +0000
asID: 20473
IP address blocks: 2a14:7580:100::/40 maxlen: 48
2a14:7581:f70::/48 maxlen: 48
2a14:7581:f71::/48 maxlen: 48
2a14:7581:3600::/40 maxlen: 48
2a14:7581:3e00::/40 maxlen: 48
2a14:7581:3f00::/40 maxlen: 48
2a14:7583:f000::/40 maxlen: 48
2a14:7583:f100::/40 maxlen: 48
2a14:7584:8000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 12:25:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:71:89:e9:e2:50:9f:f1:9e:86:a8:95:c4:6b:98:5b:d5:a6:e5:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Validity
Not Before: Aug 19 07:58:43 2025 GMT
Not After : Aug 18 08:03:43 2026 GMT
Subject: CN=2F1B941D0829F4A6DD1F89606726F21F5C89DD3C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:54:b2:93:21:a8:f9:b3:11:fd:7f:d6:09:72:
59:12:78:03:91:52:c1:90:12:56:81:5a:4c:dc:94:
60:f0:02:c2:6b:db:60:20:bd:0c:ec:ee:f4:8b:80:
09:11:99:fd:ae:fb:7b:5a:c3:2f:e6:54:21:69:0a:
83:c0:1e:1a:75:5e:88:89:8f:8a:e7:82:b3:22:4b:
11:32:2a:c2:01:d4:d1:08:e5:05:62:d0:d6:e8:e4:
39:4f:34:c8:92:28:7b:fb:fc:55:33:b4:f4:4f:fa:
bb:7f:0a:c7:19:1d:a2:21:c9:9e:c8:22:72:16:d0:
62:6c:cc:c2:7a:91:b9:de:d6:67:fb:fe:39:42:7e:
a1:2d:10:97:28:c6:8a:57:47:bc:5b:50:af:c5:23:
51:5b:10:29:5e:ce:59:b7:f0:4d:8c:44:c1:d4:1d:
7e:34:66:2f:26:53:8b:30:0e:93:a0:92:72:3c:e1:
47:c3:6f:de:1f:9c:5a:5a:f1:a5:8c:ec:12:5e:71:
16:7c:dc:29:fe:df:22:b5:87:b5:19:f8:2a:08:88:
20:76:28:c5:34:fe:e5:e5:22:a2:e4:fd:d8:dc:8e:
98:f5:3c:dd:59:5d:9b:74:12:88:fc:9a:78:d4:5a:
4a:88:7d:7e:7a:9b:58:71:c0:ba:c1:7b:59:c3:ee:
33:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:1B:94:1D:08:29:F4:A6:DD:1F:89:60:67:26:F2:1F:5C:89:DD:3C
X509v3 Authority Key Identifier:
keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:7580:100::/40
2a14:7581:f70::/47
2a14:7581:3600::/40
2a14:7581:3e00::/39
2a14:7583:f000::/39
2a14:7584:8000::/36
Signature Algorithm: sha256WithRSAEncryption
05:93:a3:6a:35:96:99:51:1c:eb:fc:bc:54:ea:42:30:07:40:
3e:cd:e0:9c:a5:ce:89:11:3a:97:fd:2d:aa:6a:2d:54:1b:7a:
3e:e5:56:aa:79:cb:f7:42:b6:98:c1:a2:30:6e:a4:67:24:61:
c1:eb:a8:a1:f8:25:fb:bb:ed:cf:da:41:e0:fc:b0:63:05:70:
22:a0:38:a7:ca:5b:19:9c:16:1a:ef:e3:29:99:25:1a:b3:95:
2c:12:19:d3:5b:47:b6:bf:13:3f:d1:af:49:ea:18:0c:22:26:
65:01:83:67:17:d5:dc:81:9e:cf:a8:97:2c:ba:cb:72:ff:f6:
08:bb:26:7d:0c:90:9c:7d:13:e1:01:84:42:c4:14:f2:13:cc:
31:f8:f1:88:22:7b:6e:61:34:ad:a4:d1:ac:fd:7d:d5:0b:aa:
ba:d3:46:0f:13:9c:c9:b8:2d:bf:a9:93:cb:63:43:0b:8d:d9:
86:ab:70:71:58:26:45:d5:a2:1a:3c:fe:14:ea:09:e9:13:de:
c8:05:5f:b9:a5:dc:54:ef:bf:54:9d:44:78:2f:72:29:95:f9:
99:b3:a8:c2:44:83:7d:4a:09:7e:ba:43:17:67:58:7b:e8:14:
80:34:22:75:dc:4d:43:2d:75:42:36:a6:77:9f:1a:5b:34:7e:
e5:9e:0f:43
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUFHGJ6eJQn/GehqiVxGuYW9Wm5ZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA4MTkwNzU4NDNaFw0yNjA4MTgwODAzNDNaMDMxMTAvBgNV
BAMTKDJGMUI5NDFEMDgyOUY0QTZERDFGODk2MDY3MjZGMjFGNUM4OUREM0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6VLKTIaj5sxH9f9YJclkSeAOR
UsGQElaBWkzclGDwAsJr22AgvQzs7vSLgAkRmf2u+3tawy/mVCFpCoPAHhp1XoiJ
j4rngrMiSxEyKsIB1NEI5QVi0Nbo5DlPNMiSKHv7/FUztPRP+rt/CscZHaIhyZ7I
InIW0GJszMJ6kbne1mf7/jlCfqEtEJcoxopXR7xbUK/FI1FbEClezlm38E2MRMHU
HX40Zi8mU4swDpOgknI84UfDb94fnFpa8aWM7BJecRZ83Cn+3yK1h7UZ+CoIiCB2
KMU0/uXlIqLk/djcjpj1PN1ZXZt0Eoj8mnjUWkqIfX56m1hxwLrBe1nD7jNBAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQULxuUHQgp9KbdH4lgZybyH1yJ3TwwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSgYIKwYBBQUHAQcBAf8EOzA5MDcEAgACMDEDBgAqFHWA
AQMHASoUdYEPcAMGACoUdYE2AwYBKhR1gT4DBgEqFHWD8AMGBCoUdYSAMA0GCSqG
SIb3DQEBCwUAA4IBAQAFk6NqNZaZURzr/LxU6kIwB0A+zeCcpc6JETqX/S2qai1U
G3o+5Vaqecv3QraYwaIwbqRnJGHB66ih+CX7u+3P2kHg/LBjBXAioDinylsZnBYa
7+MpmSUas5UsEhnTW0e2vxM/0a9J6hgMIiZlAYNnF9XcgZ7PqJcsusty//YIuyZ9
DJCcfRPhAYRCxBTyE8wx+PGIIntuYTStpNGs/X3VC6q600YPE5zJuC2/qZPLY0ML
jdmGq3BxWCZF1aIaPP4U6gnpE97IBV+5pdxU779UnUR4L3IplfmZs6jCRIN9Sgl+
ukMXZ1h76BSANCJ13E1DLXVCNqZ3nxpbNH7lng9D
-----END CERTIFICATE-----
Generated at Sat Aug 23 17:40:21 2025 by rpki-client