Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS11404.roa
File: AS11404.roa (raw, json)
Hash identifier: vlgMIg0Ds93zTTNq4MMEQyV5bJVYjAGCFWn1fGxqpkg=
Subject key identifier: E1:47:94:8B:9C:49:17:06:88:57:A7:9B:20:F5:CB:B6:AE:5B:5D:46
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 3F7ED5F392A819892A2549B1BC023E4EDE77ABEB
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS11404.roa
Signing time: Wed 04 Jun 2025 07:00:12 +0000
ROA not before: Wed 04 Jun 2025 06:55:12 +0000
ROA not after: Wed 03 Jun 2026 07:00:12 +0000
asID: 11404
IP address blocks: 136.143.244.0/24 maxlen: 24
136.143.251.0/24 maxlen: 24
136.143.253.0/24 maxlen: 24
136.143.255.0/24 maxlen: 24
143.14.16.0/21 maxlen: 24
158.140.195.0/24 maxlen: 24
158.140.198.0/24 maxlen: 24
158.140.201.0/24 maxlen: 24
158.140.204.0/24 maxlen: 24
158.140.206.0/23 maxlen: 23
158.140.212.0/23 maxlen: 23
158.140.215.0/24 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.24.0/22 maxlen: 24
167.148.36.0/22 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.120.0/22 maxlen: 24
203.100.208.0/23 maxlen: 23
203.100.211.0/24 maxlen: 24
203.160.112.0/23 maxlen: 23
203.160.115.0/24 maxlen: 24
203.160.119.0/24 maxlen: 24
203.160.120.0/23 maxlen: 23
203.160.122.0/24 maxlen: 24
203.160.124.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 05:53:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:7e:d5:f3:92:a8:19:89:2a:25:49:b1:bc:02:3e:4e:de:77:ab:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Jun 4 06:55:12 2025 GMT
Not After : Jun 3 07:00:12 2026 GMT
Subject: CN=E147948B9C4917068857A79B20F5CBB6AE5B5D46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:25:c4:7c:4b:62:7d:36:c0:2a:45:b9:93:99:
c2:86:42:8f:9b:96:b8:19:dc:17:12:b2:d2:a3:57:
cb:df:58:d5:e4:9f:ac:e3:40:6b:cb:fb:7d:a7:68:
b5:2c:35:63:5c:7c:bc:79:90:cb:5f:5f:c8:e0:c6:
11:dc:63:26:65:9e:c6:56:bd:82:e9:08:8c:92:66:
37:f2:aa:0d:aa:01:1a:3b:11:63:5f:63:18:27:eb:
78:1e:9b:95:b8:f4:56:e2:52:08:2f:30:23:f5:9f:
69:44:4b:45:24:0c:68:53:68:12:8e:1d:90:38:81:
22:91:ea:f1:44:9b:f4:16:3a:c8:3e:35:4a:4d:05:
04:7a:2b:2f:72:6b:a2:98:3b:92:23:8f:0d:e5:ee:
8a:51:21:0b:90:b7:d5:a4:fb:e5:48:be:dd:20:6e:
ce:54:e4:78:e3:64:1c:1e:4f:69:61:e6:46:bc:ae:
a1:ac:b4:9b:5a:98:84:a9:77:14:45:f1:4b:1b:94:
24:1c:1b:3a:ff:5d:fa:b6:1d:43:89:99:97:a1:c6:
6a:f3:e1:a8:b8:0b:14:0d:21:0c:19:e8:ab:5c:df:
68:c0:a1:62:66:fd:4d:4f:89:60:93:68:9c:a1:91:
62:81:10:7f:72:a5:9c:ab:f3:9b:6d:c6:b6:c2:44:
11:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:47:94:8B:9C:49:17:06:88:57:A7:9B:20:F5:CB:B6:AE:5B:5D:46
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS11404.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
136.143.244.0/24
136.143.251.0/24
136.143.253.0/24
136.143.255.0/24
143.14.16.0/21
158.140.195.0/24
158.140.198.0/24
158.140.201.0/24
158.140.204.0/24
158.140.206.0/23
158.140.212.0/23
158.140.215.0/24
162.141.24.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0/22
162.141.144.0/21
162.141.168.0/21
162.141.184.0/21
167.148.16.0-167.148.27.255
167.148.36.0/22
167.148.48.0-167.148.59.255
167.148.64.0/22
167.148.76.0/22
167.148.88.0/21
167.148.108.0/22
167.148.120.0/22
203.100.208.0/23
203.100.211.0/24
203.160.112.0/23
203.160.115.0/24
203.160.119.0-203.160.122.255
203.160.124.0/24
Signature Algorithm: sha256WithRSAEncryption
02:4d:5c:21:ba:4c:71:25:8f:50:42:70:cd:ce:5a:51:32:f1:
ab:a1:40:0a:00:0d:b9:ce:1b:20:fe:48:ea:de:f3:01:2a:b2:
c4:b6:c9:d1:5b:0d:3c:6e:55:2c:09:af:9b:eb:b3:af:14:44:
6c:99:62:33:5c:a1:d3:43:b7:c5:bf:a3:8c:9a:9d:e0:48:f8:
84:a1:0c:ec:07:a0:aa:a7:2a:9f:2b:39:74:b3:51:b1:dd:b1:
5b:da:31:aa:42:a5:2a:ec:3d:e7:fc:2b:5f:c6:63:be:81:30:
1c:3a:cc:81:76:e7:2f:5b:8d:1d:17:46:02:c6:66:e9:6c:3a:
a2:4c:be:6f:94:6f:67:d3:53:34:31:ee:81:8e:07:5b:ae:49:
a4:90:10:f6:c6:cb:ee:14:89:28:d1:d7:09:bf:9a:56:2c:ca:
72:6d:a8:e6:6c:bd:24:73:9a:a6:2f:87:8e:52:a4:d1:b8:8d:
38:d0:23:9f:8c:a6:e6:2a:fd:42:84:d5:cd:24:22:33:f2:54:
9b:6c:65:8b:af:95:bb:dc:ae:92:b8:73:24:12:52:62:6f:91:
b0:25:d7:03:34:ca:4e:b3:c6:b5:a1:a8:bf:98:0a:97:b8:bb:
92:e5:e5:7f:6b:32:f0:f6:49:fd:68:17:eb:af:06:12:1c:52:
57:6e:aa:43
-----BEGIN CERTIFICATE-----
MIIF5TCCBM2gAwIBAgIUP37V85KoGYkqJUmxvAI+Tt53q+swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MDQwNjU1MTJaFw0yNjA2MDMwNzAwMTJaMDMxMTAvBgNV
BAMTKEUxNDc5NDhCOUM0OTE3MDY4ODU3QTc5QjIwRjVDQkI2QUU1QjVENDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiJcR8S2J9NsAqRbmTmcKGQo+b
lrgZ3BcSstKjV8vfWNXkn6zjQGvL+32naLUsNWNcfLx5kMtfX8jgxhHcYyZlnsZW
vYLpCIySZjfyqg2qARo7EWNfYxgn63gem5W49FbiUggvMCP1n2lES0UkDGhTaBKO
HZA4gSKR6vFEm/QWOsg+NUpNBQR6Ky9ya6KYO5Ijjw3l7opRIQuQt9Wk++VIvt0g
bs5U5HjjZBweT2lh5ka8rqGstJtamISpdxRF8UsblCQcGzr/Xfq2HUOJmZehxmrz
4ai4CxQNIQwZ6Ktc32jAoWJm/U1PiWCTaJyhkWKBEH9ypZyr85ttxrbCRBGtAgMB
AAGjggLvMIIC6zAdBgNVHQ4EFgQU4UeUi5xJFwaIV6ebIPXLtq5bXUYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTE0MDQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwggEDBggrBgEFBQcBBwEB/wSB8zCB8DCB7QQCAAEwgeYD
BACIj/QDBACIj/sDBACIj/0DBACIj/8DBAOPDhADBACejMMDBACejMYDBACejMkD
BACejMwDBAGejM4DBAGejNQDBACejNcwDAMEA6KNGAMEAqKNIAMEAqKNKAMEA6KN
OAMEAqKNSAMEA6KNkAMEA6KNqAMEA6KNuDAMAwQEp5QQAwQCp5QYAwQCp5QkMAwD
BASnlDADBAKnlDgDBAKnlEADBAKnlEwDBAOnlFgDBAKnlGwDBAKnlHgDBAHLZNAD
BADLZNMDBAHLoHADBADLoHMwDAMEAMugdwMEAMugegMEAMugfDANBgkqhkiG9w0B
AQsFAAOCAQEAAk1cIbpMcSWPUEJwzc5aUTLxq6FACgANuc4bIP5I6t7zASqyxLbJ
0VsNPG5VLAmvm+uzrxREbJliM1yh00O3xb+jjJqd4Ej4hKEM7Aegqqcqnys5dLNR
sd2xW9oxqkKlKuw95/wrX8ZjvoEwHDrMgXbnL1uNHRdGAsZm6Ww6oky+b5RvZ9NT
NDHugY4HW65JpJAQ9sbL7hSJKNHXCb+aVizKcm2o5my9JHOapi+HjlKk0biNONAj
n4ym5ir9QoTVzSQiM/JUm2xli6+Vu9yukrhzJBJSYm+RsCXXAzTKTrPGtaGov5gK
l7i7kuXlf2sy8PZJ/WgX668GEhxSV26qQw==
-----END CERTIFICATE-----
Generated at Sat Jun 7 13:37:26 2025 by rpki-client