Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS204957.roa
File: AS204957.roa (raw, json)
Hash identifier: s56qq3u/Pj6zcO9tDeVdKQypMfao2bRUQCGIIxFfAEI=
Subject key identifier: 61:08:B9:C7:D0:BD:E2:E9:4C:69:8F:03:5B:88:6A:C0:E8:94:3D:4C
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 395AC4D33BAA1D5A02FE0BB58D9F03C279D107C9
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS204957.roa
Signing time: Wed 16 Jul 2025 09:31:22 +0000
ROA not before: Wed 16 Jul 2025 09:26:22 +0000
ROA not after: Wed 15 Jul 2026 09:31:22 +0000
asID: 204957
IP address blocks: 143.20.164.0/24 maxlen: 24
143.20.169.0/24 maxlen: 24
143.20.171.0/24 maxlen: 24
143.20.172.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 23 Jul 2025 11:24:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
39:5a:c4:d3:3b:aa:1d:5a:02:fe:0b:b5:8d:9f:03:c2:79:d1:07:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Jul 16 09:26:22 2025 GMT
Not After : Jul 15 09:31:22 2026 GMT
Subject: CN=6108B9C7D0BDE2E94C698F035B886AC0E8943D4C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:8c:1d:f5:98:fa:d4:1d:84:ed:6f:09:7c:b9:
16:e7:37:81:c4:37:1e:9f:8f:8d:00:ff:68:e3:6e:
e1:ad:1f:16:6d:fa:a1:20:be:fb:8e:44:ac:6d:d3:
8c:93:15:7e:6e:5d:49:ab:16:2c:47:4c:50:10:54:
1b:6c:2d:7a:5c:0a:d4:23:88:c4:d1:87:5f:65:e5:
32:1e:a0:32:c5:61:1b:cf:92:78:a6:66:f6:45:6f:
a0:5f:51:9c:a6:61:7d:8e:97:75:41:bd:7c:77:9a:
a0:55:23:a9:30:55:02:51:cb:e5:ed:ea:0f:ee:8a:
5b:63:55:a6:94:1b:25:75:9f:17:e4:93:8d:30:64:
c9:d4:e1:7d:f8:0d:c8:e2:d0:24:9e:21:db:2c:55:
55:51:11:fd:4b:01:98:19:5a:f5:8b:6a:bb:f2:4c:
ef:b5:ae:b2:18:64:07:f5:f7:0b:d2:a7:2a:09:a6:
54:22:d5:80:17:a5:41:07:ca:69:a3:c3:a5:43:98:
7e:11:53:ed:27:c3:65:0b:08:35:57:b5:8f:87:45:
aa:c3:a5:25:f8:9b:f3:e9:6c:53:a5:d5:60:d3:c5:
5a:9f:8c:0d:74:fe:78:ce:6b:a8:6d:47:85:fe:83:
2a:3b:da:af:54:8a:e8:ab:39:40:c5:f3:42:b8:d2:
58:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:08:B9:C7:D0:BD:E2:E9:4C:69:8F:03:5B:88:6A:C0:E8:94:3D:4C
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS204957.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.164.0/24
143.20.169.0/24
143.20.171.0-143.20.172.255
Signature Algorithm: sha256WithRSAEncryption
42:86:46:14:3a:c7:6d:59:46:c2:ea:4e:7f:47:d5:6f:70:20:
1e:bb:77:cb:50:92:1c:d2:f4:4b:71:a8:66:a5:c4:09:af:7c:
81:1e:16:d5:b1:99:25:6d:46:57:37:c4:96:3a:d0:0f:07:4e:
b9:97:75:e5:b9:ca:d3:a1:e6:3c:7a:74:b8:1f:37:56:b7:79:
0b:36:b0:e8:95:18:d1:40:9c:fa:ac:00:5d:9f:74:33:73:41:
62:61:8d:39:14:32:e6:ee:e5:f9:63:9b:6d:84:f9:3f:cf:a3:
f6:5e:a4:f9:ae:bc:27:84:16:1f:75:f7:fe:77:01:cc:5d:13:
da:3b:a5:98:f3:cb:dd:c6:d0:de:eb:b5:03:6f:92:9d:ed:b7:
bb:79:7e:55:0a:4a:f8:9a:f1:e1:d3:0a:23:82:15:30:02:5e:
54:9b:01:89:dd:2e:fc:c4:d4:22:56:08:c7:ef:18:e0:c0:ee:
b4:27:f6:17:5d:2a:02:2d:55:bd:39:fe:ae:4f:e0:8f:4c:c1:
f3:23:94:2d:17:9a:96:b6:b9:59:45:a6:66:64:8f:1e:f6:55:
86:59:24:35:eb:3d:1f:29:ca:c8:2b:a5:fa:77:88:74:3f:03:
ac:00:59:45:61:15:ed:b6:9a:02:61:f4:ab:0a:0a:d1:7f:59:
62:79:3f:9f
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIUOVrE0zuqHVoC/gu1jZ8DwnnRB8kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA3MTYwOTI2MjJaFw0yNjA3MTUwOTMxMjJaMDMxMTAvBgNV
BAMTKDYxMDhCOUM3RDBCREUyRTk0QzY5OEYwMzVCODg2QUMwRTg5NDNENEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNjB31mPrUHYTtbwl8uRbnN4HE
Nx6fj40A/2jjbuGtHxZt+qEgvvuORKxt04yTFX5uXUmrFixHTFAQVBtsLXpcCtQj
iMTRh19l5TIeoDLFYRvPknimZvZFb6BfUZymYX2Ol3VBvXx3mqBVI6kwVQJRy+Xt
6g/uiltjVaaUGyV1nxfkk40wZMnU4X34Dcji0CSeIdssVVVREf1LAZgZWvWLarvy
TO+1rrIYZAf19wvSpyoJplQi1YAXpUEHymmjw6VDmH4RU+0nw2ULCDVXtY+HRarD
pSX4m/PpbFOl1WDTxVqfjA10/njOa6htR4X+gyo72q9UiuirOUDF80K40li3AgMB
AAGjggIeMIICGjAdBgNVHQ4EFgQUYQi5x9C94ulMaY8DW4hqwOiUPUwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA0OTU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAjxSk
AwQAjxSpMAwDBACPFKsDBACPFKwwDQYJKoZIhvcNAQELBQADggEBAEKGRhQ6x21Z
RsLqTn9H1W9wIB67d8tQkhzS9EtxqGalxAmvfIEeFtWxmSVtRlc3xJY60A8HTrmX
deW5ytOh5jx6dLgfN1a3eQs2sOiVGNFAnPqsAF2fdDNzQWJhjTkUMubu5fljm22E
+T/Po/ZepPmuvCeEFh919/53AcxdE9o7pZjzy93G0N7rtQNvkp3tt7t5flUKSvia
8eHTCiOCFTACXlSbAYndLvzE1CJWCMfvGODA7rQn9hddKgItVb05/q5P4I9MwfMj
lC0Xmpa2uVlFpmZkjx72VYZZJDXrPR8pysgrpfp3iHQ/A6wAWUVhFe22mgJh9KsK
CtF/WWJ5P58=
-----END CERTIFICATE-----
Generated at Tue Jul 22 19:30:27 2025 by rpki-client