Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
File: AS20115.roa (raw, json)
Hash identifier: xOkqzga+ZJxWyHDXTGyIodw4Ls1UcQCDYG66K6JiPCs=
Subject key identifier: A9:F0:CD:BD:CB:1C:F0:85:0E:E5:33:41:4B:F4:3A:5A:8B:A7:68:E5
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 738662F38D8B1A590F56045216B6718909D3A10F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
Signing time: Mon 01 Sep 2025 06:06:33 +0000
ROA not before: Mon 01 Sep 2025 06:01:33 +0000
ROA not after: Mon 31 Aug 2026 06:06:33 +0000
asID: 20115
IP address blocks: 143.14.16.0/21 maxlen: 24
143.14.232.0/21 maxlen: 24
162.141.2.0/23 maxlen: 24
162.141.6.0/23 maxlen: 24
162.141.22.0/23 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.76.0/23 maxlen: 24
162.141.134.0/23 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.156.0/23 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
162.141.192.0/21 maxlen: 24
162.141.200.0/21 maxlen: 24
162.141.208.0/21 maxlen: 24
162.141.216.0/21 maxlen: 24
162.141.224.0/21 maxlen: 24
162.141.232.0/21 maxlen: 24
162.141.240.0/21 maxlen: 24
162.141.248.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.24.0/22 maxlen: 24
167.148.44.0/23 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.60.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.120.0/22 maxlen: 24
167.148.145.0/24 maxlen: 24
167.148.224.0/21 maxlen: 24
167.148.232.0/21 maxlen: 24
167.148.240.0/21 maxlen: 24
167.148.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 02:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
73:86:62:f3:8d:8b:1a:59:0f:56:04:52:16:b6:71:89:09:d3:a1:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Sep 1 06:01:33 2025 GMT
Not After : Aug 31 06:06:33 2026 GMT
Subject: CN=A9F0CDBDCB1CF0850EE533414BF43A5A8BA768E5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:54:0f:49:65:cb:55:35:5f:d6:f2:d3:85:b0:
43:44:b8:2b:a6:e8:5b:39:69:75:70:8e:94:5c:d2:
00:dc:65:b6:f7:85:56:0c:83:47:5c:e3:4e:c5:af:
93:77:0e:71:00:79:58:ca:ac:f6:1a:d7:18:20:5e:
fb:83:0f:bf:26:3d:d7:25:9b:e7:ca:5f:14:eb:79:
98:ac:43:01:86:ed:26:f1:e4:61:ca:bb:64:be:c2:
ba:61:6d:19:61:7e:af:d8:0f:ea:3e:48:ea:7e:43:
f8:08:0f:2c:fd:76:78:c8:bb:22:66:2c:63:df:3d:
a4:88:81:01:3e:76:a0:84:19:fa:50:b2:df:ce:fd:
1d:d2:da:b1:d8:4b:8c:70:d8:ca:2a:1d:cd:cb:b7:
44:a0:09:45:7f:88:13:92:2c:b4:f5:fa:83:eb:a8:
c7:7f:d2:6a:6f:9e:39:8d:c1:8d:00:9f:fd:cb:3d:
7d:95:ca:d5:86:81:f9:97:39:0c:b4:6f:c7:2e:28:
0e:b2:5d:55:49:0a:62:23:28:39:f1:0e:49:d5:ad:
19:6f:2f:1f:14:53:09:f1:9b:f5:88:bc:a6:ce:6b:
b7:2a:05:aa:d7:6d:89:7b:86:53:fd:ad:24:38:29:
aa:02:90:a2:d9:39:fa:ce:d9:14:79:62:13:74:8a:
48:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:F0:CD:BD:CB:1C:F0:85:0E:E5:33:41:4B:F4:3A:5A:8B:A7:68:E5
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.16.0/21
143.14.232.0/21
162.141.2.0/23
162.141.6.0/23
162.141.22.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0-162.141.77.255
162.141.134.0/23
162.141.144.0/21
162.141.156.0/23
162.141.168.0/21
162.141.184.0-162.141.255.255
167.148.16.0-167.148.27.255
167.148.44.0/23
167.148.48.0-167.148.67.255
167.148.76.0/22
167.148.88.0/21
167.148.108.0/22
167.148.120.0/22
167.148.145.0/24
167.148.224.0/19
Signature Algorithm: sha256WithRSAEncryption
3e:f3:47:56:89:62:c1:9e:c4:c3:98:f5:6c:bc:9f:c4:fd:a6:
cd:eb:6f:1c:89:da:f2:15:ec:24:a0:1e:80:c6:91:b6:79:4f:
62:08:ab:e2:0d:ea:d4:90:0f:2e:23:27:6a:02:f2:d9:f5:15:
89:52:71:09:a8:8f:9b:4f:3c:33:f4:e0:a9:78:89:12:9d:6e:
b8:46:69:a0:72:82:7f:a4:36:e8:4a:ad:f5:4f:f9:d3:db:92:
21:19:d8:8b:af:7d:9a:e9:61:9f:f6:56:d8:d1:1b:2e:bd:4a:
53:6d:8f:6a:54:70:bf:3e:1a:da:97:21:f4:d8:01:67:39:a0:
ea:1c:47:be:4b:2e:cb:20:e8:56:b8:57:41:43:13:fe:10:f8:
c7:a8:8e:12:a1:77:e5:ea:56:d5:3d:be:00:3e:82:55:7d:33:
06:c2:3e:24:ce:2d:03:70:76:c0:87:c3:80:ad:9f:aa:23:a5:
d4:a2:30:72:0d:79:26:41:ee:4b:81:14:16:4c:c8:d1:4d:2d:
b1:3c:23:17:da:33:7d:50:ab:30:94:10:19:ae:4d:4e:86:79:
eb:78:33:d8:15:6d:83:ed:b4:6d:bb:03:c3:3f:79:66:92:2a:
0a:24:5b:9f:23:b6:14:46:bc:7d:a9:a1:f1:12:f8:a7:ea:3d:
d3:b0:97:3f
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgIUc4Zi842LGlkPVgRSFrZxiQnToQ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MDEwNjAxMzNaFw0yNjA4MzEwNjA2MzNaMDMxMTAvBgNV
BAMTKEE5RjBDREJEQ0IxQ0YwODUwRUU1MzM0MTRCRjQzQTVBOEJBNzY4RTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6VA9JZctVNV/W8tOFsENEuCum
6Fs5aXVwjpRc0gDcZbb3hVYMg0dc407Fr5N3DnEAeVjKrPYa1xggXvuDD78mPdcl
m+fKXxTreZisQwGG7Sbx5GHKu2S+wrphbRlhfq/YD+o+SOp+Q/gIDyz9dnjIuyJm
LGPfPaSIgQE+dqCEGfpQst/O/R3S2rHYS4xw2MoqHc3Lt0SgCUV/iBOSLLT1+oPr
qMd/0mpvnjmNwY0An/3LPX2VytWGgfmXOQy0b8cuKA6yXVVJCmIjKDnxDknVrRlv
Lx8UUwnxm/WIvKbOa7cqBarXbYl7hlP9rSQ4KaoCkKLZOfrO2RR5YhN0ikilAgMB
AAGjggKzMIICrzAdBgNVHQ4EFgQUqfDNvcsc8IUO5TNBS/Q6WounaOUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAxMTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgcgGCCsGAQUFBwEHAQH/BIG4MIG1MIGyBAIAATCBqwME
A48OEAMEA48O6AMEAaKNAgMEAaKNBjAMAwQBoo0WAwQCoo0gAwQCoo0oAwQDoo04
MAwDBAOijUgDBAGijUwDBAGijYYDBAOijZADBAGijZwDBAOijagwCwMEA6KNuAMD
AaKMMAwDBASnlBADBAKnlBgDBAGnlCwwDAMEBKeUMAMEAqeUQAMEAqeUTAMEA6eU
WAMEAqeUbAMEAqeUeAMEAKeUkQMEBaeU4DANBgkqhkiG9w0BAQsFAAOCAQEAPvNH
VoliwZ7Ew5j1bLyfxP2mzetvHIna8hXsJKAegMaRtnlPYgir4g3q1JAPLiMnagLy
2fUViVJxCaiPm088M/TgqXiJEp1uuEZpoHKCf6Q26Eqt9U/509uSIRnYi699mulh
n/ZW2NEbLr1KU22PalRwvz4a2pch9NgBZzmg6hxHvksuyyDoVrhXQUMT/hD4x6iO
EqF35epW1T2+AD6CVX0zBsI+JM4tA3B2wIfDgK2fqiOl1KIwcg15JkHuS4EUFkzI
0U0tsTwjF9ozfVCrMJQQGa5NToZ563gz2BVtg+20bbsDwz95ZpIqCiRbnyO2FEa8
famh8RL4p+o907CXPw==
-----END CERTIFICATE-----
Generated at Sat Sep 6 11:37:07 2025 by rpki-client