Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214668.roa
File: AS214668.roa (raw, json)
Hash identifier: dLqQdCt2l/os/l9kVqHpu4SuYtknd0SaQ0bLQ3yDMjk=
Subject key identifier: BB:3D:E9:67:0D:DC:D8:06:A3:8E:A4:A8:11:3E:5B:98:A8:43:82:CF
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 5D7DA085309B1BDE9973862D5C7470002EE94B15
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214668.roa
Signing time: Tue 16 Sep 2025 12:22:39 +0000
ROA not before: Tue 16 Sep 2025 12:17:39 +0000
ROA not after: Tue 15 Sep 2026 12:22:39 +0000
asID: 214668
IP address blocks: 143.20.167.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 01:18:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:7d:a0:85:30:9b:1b:de:99:73:86:2d:5c:74:70:00:2e:e9:4b:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Sep 16 12:17:39 2025 GMT
Not After : Sep 15 12:22:39 2026 GMT
Subject: CN=BB3DE9670DDCD806A38EA4A8113E5B98A84382CF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:30:5b:de:91:1d:39:7c:f3:0c:06:00:34:63:
a1:b1:3f:7f:6c:b4:87:17:7e:59:11:49:60:e4:e0:
19:6b:c9:14:90:4a:14:e9:b4:72:84:7f:19:f5:81:
c9:d2:29:fd:a9:2f:dc:6b:00:2f:9f:4f:b6:49:57:
e3:f0:ab:3b:16:80:4e:fb:7a:91:49:03:52:fe:9f:
44:21:91:1d:e5:22:85:bf:ad:81:ce:70:a3:92:3e:
ff:69:b7:6e:44:ec:3a:6d:94:ae:a3:58:1e:8c:aa:
c4:f4:c0:bf:7d:95:db:c2:24:48:36:b0:04:4e:40:
b1:06:0a:42:1b:65:cc:78:4f:b3:9f:b1:93:45:06:
7c:7c:28:4e:b3:52:be:fb:b0:7f:cf:9f:7d:5c:0a:
b6:7b:b2:19:c5:78:3e:31:8f:2d:bb:c3:49:35:2a:
4c:dc:e8:ba:03:1e:01:7f:18:20:b0:f5:69:66:5a:
9c:4a:6d:1b:f6:df:96:de:a8:47:3c:4d:0f:ea:9a:
31:cd:69:15:71:eb:86:09:40:c3:4e:7b:9c:af:20:
e5:85:7e:0f:c3:87:78:b7:89:85:1b:76:aa:a3:35:
ba:60:70:03:af:e2:65:1c:d8:b6:20:4d:a7:c0:2d:
cb:25:b9:0f:fc:83:ea:ed:5f:e9:bd:61:7c:a3:d0:
ea:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:3D:E9:67:0D:DC:D8:06:A3:8E:A4:A8:11:3E:5B:98:A8:43:82:CF
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214668.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.167.0/24
Signature Algorithm: sha256WithRSAEncryption
13:42:3c:7d:e0:de:fc:4d:8a:8f:2c:bc:3d:92:1a:61:86:e9:
b9:ec:45:08:7d:c4:33:f7:cc:f6:83:af:d8:b0:46:89:bc:b9:
6c:2c:3f:92:95:c6:08:55:4a:e4:8a:d4:60:54:3f:53:8c:ed:
49:0f:5a:e5:01:c7:ef:61:81:eb:90:1e:10:15:ba:58:ec:bb:
14:09:20:eb:82:6a:db:a3:a4:97:5d:b3:e4:c4:23:ea:ca:3f:
2f:87:6f:1d:14:ec:bf:85:6c:df:95:f7:50:49:25:02:e0:b3:
d6:c1:70:9c:06:16:2b:39:88:c4:94:83:f4:3e:68:e2:9e:f4:
73:c5:19:2f:b9:55:be:62:aa:3b:c8:f8:3d:69:a8:28:7f:c5:
6c:75:9f:f4:72:35:04:14:ad:32:83:b5:0f:4a:4f:82:ae:81:
51:cb:d3:ab:eb:3a:13:ef:82:88:38:10:9e:22:3e:46:25:df:
83:9b:f0:0a:f2:30:81:48:52:d4:1f:77:c0:ad:0b:1e:c9:07:
c7:60:af:f4:d0:6f:bd:0d:93:20:b3:9e:38:b6:1f:a8:06:30:
ab:03:29:02:9e:6b:ef:3c:f5:1a:87:14:4f:13:2b:14:47:e5:
b3:d4:15:dc:43:48:44:e5:9b:7b:6a:ce:6c:a5:52:3c:96:6f:
14:09:7f:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXX2ghTCbG96Zc4YtXHRwAC7pSxUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MTYxMjE3MzlaFw0yNjA5MTUxMjIyMzlaMDMxMTAvBgNV
BAMTKEJCM0RFOTY3MEREQ0Q4MDZBMzhFQTRBODExM0U1Qjk4QTg0MzgyQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyMFvekR05fPMMBgA0Y6GxP39s
tIcXflkRSWDk4BlryRSQShTptHKEfxn1gcnSKf2pL9xrAC+fT7ZJV+PwqzsWgE77
epFJA1L+n0QhkR3lIoW/rYHOcKOSPv9pt25E7DptlK6jWB6MqsT0wL99ldvCJEg2
sAROQLEGCkIbZcx4T7OfsZNFBnx8KE6zUr77sH/Pn31cCrZ7shnFeD4xjy27w0k1
Kkzc6LoDHgF/GCCw9WlmWpxKbRv235beqEc8TQ/qmjHNaRVx64YJQMNOe5yvIOWF
fg/Dh3i3iYUbdqqjNbpgcAOv4mUc2LYgTafALcsluQ/8g+rtX+m9YXyj0OozAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUuz3pZw3c2AajjqSoET5bmKhDgs8wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0NjY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSn
MA0GCSqGSIb3DQEBCwUAA4IBAQATQjx94N78TYqPLLw9khphhum57EUIfcQz98z2
g6/YsEaJvLlsLD+SlcYIVUrkitRgVD9TjO1JD1rlAcfvYYHrkB4QFbpY7LsUCSDr
gmrbo6SXXbPkxCPqyj8vh28dFOy/hWzflfdQSSUC4LPWwXCcBhYrOYjElIP0Pmji
nvRzxRkvuVW+Yqo7yPg9aagof8VsdZ/0cjUEFK0yg7UPSk+CroFRy9Or6zoT74KI
OBCeIj5GJd+Dm/AK8jCBSFLUH3fArQseyQfHYK/00G+9DZMgs544th+oBjCrAykC
nmvvPPUahxRPEysUR+Wz1BXcQ0hE5Zt7as5spVI8lm8UCX+B
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:02:21 2025 by rpki-client