Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
File: AS834.roa (raw, json)
Hash identifier: 4m2vyHhdu9WTmCkXvjfskTyRAhVfN9O14/SQvMUKZfc=
Subject key identifier: 21:19:97:00:11:43:58:FB:E1:7B:99:2A:25:BF:C0:32:74:36:31:23
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 305988F2DCFA6D67F948FAB2CE220E7768EF171D
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
Signing time: Fri 27 Jun 2025 09:43:17 +0000
ROA not before: Fri 27 Jun 2025 09:38:17 +0000
ROA not after: Fri 26 Jun 2026 09:43:17 +0000
asID: 834
IP address blocks: 143.20.99.0/24 maxlen: 24
143.20.128.0/21 maxlen: 24
143.20.136.0/22 maxlen: 24
143.20.140.0/23 maxlen: 24
143.20.142.0/24 maxlen: 24
143.20.145.0/24 maxlen: 24
143.20.147.0/24 maxlen: 24
143.20.149.0/24 maxlen: 24
143.20.150.0/24 maxlen: 24
143.20.152.0/24 maxlen: 24
143.20.155.0/24 maxlen: 24
143.20.156.0/22 maxlen: 24
143.20.161.0/24 maxlen: 24
143.20.162.0/23 maxlen: 24
143.20.164.0/24 maxlen: 24
143.20.166.0/23 maxlen: 24
143.20.168.0/23 maxlen: 24
143.20.171.0/24 maxlen: 24
143.20.172.0/23 maxlen: 24
143.20.175.0/24 maxlen: 24
143.20.176.0/20 maxlen: 24
143.20.192.0/21 maxlen: 24
143.20.200.0/22 maxlen: 24
143.20.204.0/23 maxlen: 24
143.20.207.0/24 maxlen: 24
143.20.208.0/20 maxlen: 24
143.20.224.0/21 maxlen: 24
143.20.232.0/22 maxlen: 24
143.20.236.0/24 maxlen: 24
143.20.238.0/24 maxlen: 24
143.20.247.0/24 maxlen: 24
143.20.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:59:88:f2:dc:fa:6d:67:f9:48:fa:b2:ce:22:0e:77:68:ef:17:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Jun 27 09:38:17 2025 GMT
Not After : Jun 26 09:43:17 2026 GMT
Subject: CN=21199700114358FBE17B992A25BFC03274363123
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:11:d3:d1:1a:da:2c:bf:2c:b0:75:b0:66:10:
91:60:e9:94:ee:30:d4:bb:0e:c6:e8:d4:18:5a:b5:
c1:7a:a3:e7:f8:64:d0:91:67:c6:e2:e5:2f:0c:57:
d4:4a:f3:08:48:e5:72:f8:c9:71:74:64:3a:69:39:
68:0c:63:f5:7d:a9:8b:6e:aa:19:49:9a:9c:e3:d9:
3b:73:c7:83:3b:87:67:65:63:49:ee:e0:f4:3d:da:
82:1f:d0:58:fb:c9:a6:0c:74:9d:96:67:dd:93:0d:
b3:99:19:68:cd:2a:b7:50:2b:f8:53:5b:6b:30:8f:
28:10:f9:a2:97:aa:ae:27:e6:de:03:62:5f:15:61:
05:8d:6b:53:6e:6f:62:60:18:c3:20:1f:be:0c:16:
48:fd:32:b5:7d:ef:76:52:1d:a1:e5:50:9f:3a:92:
8f:6c:f4:9b:65:cf:18:da:51:2a:20:16:38:d4:17:
01:be:d0:b2:3d:23:78:31:d5:6d:e9:8e:f1:d1:58:
c4:d8:b1:e5:f1:20:e6:64:1d:34:84:6c:dd:2c:9b:
ef:be:cd:f6:70:ee:1c:ff:84:ad:fa:4a:68:64:a2:
2d:83:59:c3:8f:e3:69:58:32:47:8b:9b:a1:ac:ab:
fe:fa:ca:21:62:c8:6e:43:41:e6:4e:8e:2b:e6:f7:
b8:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:19:97:00:11:43:58:FB:E1:7B:99:2A:25:BF:C0:32:74:36:31:23
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.99.0/24
143.20.128.0-143.20.142.255
143.20.145.0/24
143.20.147.0/24
143.20.149.0-143.20.150.255
143.20.152.0/24
143.20.155.0-143.20.159.255
143.20.161.0-143.20.164.255
143.20.166.0-143.20.169.255
143.20.171.0-143.20.173.255
143.20.175.0-143.20.205.255
143.20.207.0-143.20.236.255
143.20.238.0/24
143.20.247.0/24
143.20.255.0/24
Signature Algorithm: sha256WithRSAEncryption
93:2e:54:b8:62:75:08:f8:ff:97:e3:f0:fa:e3:77:8f:6b:7c:
87:ab:fa:f3:7a:c8:b9:53:19:3e:b3:32:ac:a5:e1:31:a2:2c:
79:62:42:be:0e:b2:38:7b:ee:41:4c:05:d4:f0:e4:9d:32:ca:
0f:9c:b9:0b:0b:28:c6:1f:49:5a:d1:1b:4b:34:cf:f7:23:ba:
b5:b5:c7:a9:e1:61:60:e5:23:c1:5d:ed:9f:38:25:1e:39:3d:
e2:56:23:79:f9:38:07:09:c1:2e:11:83:b5:b8:2a:70:7b:1d:
98:e1:d4:3b:33:ce:c5:2f:b4:db:2d:28:bd:03:fa:0b:91:75:
24:ea:81:8c:82:16:7c:a7:00:ed:5f:4a:75:6a:56:1b:c0:b7:
a0:a6:b7:80:eb:d0:e0:eb:1c:12:d5:97:a6:10:62:72:cc:86:
2b:bc:d9:cc:88:e2:9c:92:8d:53:49:c2:12:0c:9a:e6:7c:c4:
41:0c:9c:3a:a4:21:64:b5:51:54:ef:d3:c1:a4:69:40:68:f7:
e3:75:45:cb:91:b1:67:fc:b1:c4:13:24:7c:d1:c9:1b:41:77:
d5:04:44:30:12:73:65:42:3c:1e:70:79:7f:28:48:92:dd:da:
58:07:44:38:cc:d5:a9:98:1f:f8:4b:b6:63:f5:ba:e6:b8:66:
fa:a3:79:35
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgIUMFmI8tz6bWf5SPqyziIOd2jvFx0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjcwOTM4MTdaFw0yNjA2MjYwOTQzMTdaMDMxMTAvBgNV
BAMTKDIxMTk5NzAwMTE0MzU4RkJFMTdCOTkyQTI1QkZDMDMyNzQzNjMxMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPEdPRGtosvyywdbBmEJFg6ZTu
MNS7Dsbo1BhatcF6o+f4ZNCRZ8bi5S8MV9RK8whI5XL4yXF0ZDppOWgMY/V9qYtu
qhlJmpzj2Ttzx4M7h2dlY0nu4PQ92oIf0Fj7yaYMdJ2WZ92TDbOZGWjNKrdQK/hT
W2swjygQ+aKXqq4n5t4DYl8VYQWNa1Nub2JgGMMgH74MFkj9MrV973ZSHaHlUJ86
ko9s9JtlzxjaUSogFjjUFwG+0LI9I3gx1W3pjvHRWMTYseXxIOZkHTSEbN0sm+++
zfZw7hz/hK36Smhkoi2DWcOP42lYMkeLm6Gsq/76yiFiyG5DQeZOjivm97iZAgMB
AAGjggKgMIICnDAdBgNVHQ4EFgQUIRmXABFDWPvhe5kqJb/AMnQ2MSMwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG3BggrBgEFBQcBBwEB/wSBpzCBpDCBoQQCAAEwgZoDBACP
FGMwDAMEB48UgAMEAI8UjgMEAI8UkQMEAI8UkzAMAwQAjxSVAwQAjxSWAwQAjxSY
MAwDBACPFJsDBAWPFIAwDAMEAI8UoQMEAI8UpDAMAwQBjxSmAwQBjxSoMAwDBACP
FKsDBAGPFKwwDAMEAI8UrwMEAY8UzDAMAwQAjxTPAwQAjxTsAwQAjxTuAwQAjxT3
AwQAjxT/MA0GCSqGSIb3DQEBCwUAA4IBAQCTLlS4YnUI+P+X4/D643ePa3yHq/rz
esi5Uxk+szKspeExoix5YkK+DrI4e+5BTAXU8OSdMsoPnLkLCyjGH0la0RtLNM/3
I7q1tcep4WFg5SPBXe2fOCUeOT3iViN5+TgHCcEuEYO1uCpwex2Y4dQ7M87FL7Tb
LSi9A/oLkXUk6oGMghZ8pwDtX0p1alYbwLegpreA69Dg6xwS1ZemEGJyzIYrvNnM
iOKcko1TScISDJrmfMRBDJw6pCFktVFU79PBpGlAaPfjdUXLkbFn/LHEEyR80ckb
QXfVBEQwEnNlQjwecHl/KEiS3dpYB0Q4zNWpmB/4S7Zj9brmuGb6o3k1
-----END CERTIFICATE-----
Generated at Sun Jun 29 04:58:19 2025 by rpki-client