Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: yvbr8r/pfWK/6WqyvLuXd+trgLR6Cuir9q4qm8TWduM=
Subject key identifier: 5D:29:A2:DA:E1:38:E0:1B:C9:2E:FA:BD:5B:32:AF:0F:1E:FB:BF:8B
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 66981CE0EB78D6417D6D92BB96676F2E709E7B7C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
Signing time: Sun 19 Apr 2026 20:29:32 +0000
ROA not before: Sun 19 Apr 2026 20:24:32 +0000
ROA not after: Sun 18 Apr 2027 20:29:32 +0000
asID: 20473
IP address blocks: 148.135.161.0/24 maxlen: 24
150.241.216.0/21 maxlen: 24
162.141.12.0/24 maxlen: 24
168.222.68.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 21:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:98:1c:e0:eb:78:d6:41:7d:6d:92:bb:96:67:6f:2e:70:9e:7b:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Apr 19 20:24:32 2026 GMT
Not After : Apr 18 20:29:32 2027 GMT
Subject: CN=5D29A2DAE138E01BC92EFABD5B32AF0F1EFBBF8B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:0a:09:22:d7:86:54:0c:89:d5:43:ec:1d:bb:
39:33:fd:7e:fe:91:a9:04:f0:22:f7:4a:e2:b6:99:
d9:d6:2b:29:4c:8b:e2:3c:63:a2:3b:fc:4d:b2:f0:
2c:74:80:ec:04:23:f1:77:0b:8b:5a:0a:46:c3:94:
61:7b:de:a9:29:e7:77:bb:98:01:c0:c6:4e:64:06:
00:fa:da:44:42:d7:47:1e:ba:70:01:d2:29:6e:85:
b5:46:5e:21:25:8e:4d:1d:bc:9c:60:ae:db:bb:86:
c8:fc:7a:29:d5:33:cb:94:fe:d7:5f:34:0b:12:5d:
18:9c:28:08:f4:81:df:da:b0:97:6b:38:38:ca:5c:
07:33:01:d7:8a:8f:ab:42:9c:97:25:a9:63:0f:78:
bd:01:b7:f2:89:14:fb:ac:46:24:7a:3a:11:cb:90:
c7:90:b7:33:2c:70:95:0a:7d:c8:67:fd:16:3b:45:
80:e1:c3:3e:c5:8e:3f:0f:55:57:80:8e:30:73:8c:
2b:fb:89:0e:16:ca:ac:d0:b3:9f:25:55:52:13:de:
f5:27:70:57:04:36:d6:9f:59:ec:db:54:12:84:03:
f8:34:f2:d0:54:7a:c4:d7:ad:59:f3:a0:fb:b2:16:
36:b4:90:49:a5:06:01:0d:a7:2b:a1:2d:c5:c2:21:
dd:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:29:A2:DA:E1:38:E0:1B:C9:2E:FA:BD:5B:32:AF:0F:1E:FB:BF:8B
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
148.135.161.0/24
150.241.216.0/21
162.141.12.0/24
168.222.68.0/22
Signature Algorithm: sha256WithRSAEncryption
56:cc:70:e4:25:b6:fc:8e:91:b6:f6:8a:e8:33:7d:5b:5e:35:
95:d0:85:22:37:37:24:59:6d:ee:19:71:a8:82:8a:77:b3:5e:
1a:a6:4d:f1:0e:7c:8d:63:06:45:67:c2:30:fa:e7:17:3b:ef:
be:75:58:02:f9:05:9a:cc:8d:7c:09:b9:32:71:08:97:0d:3e:
d1:6d:13:5e:f3:a9:f3:e4:f6:7d:ac:89:20:5d:e7:4f:6d:7a:
82:10:c2:ce:ab:96:8b:bc:0b:2e:70:e8:5c:60:e0:14:eb:fe:
d0:c7:44:f2:0f:3e:a6:07:2b:fc:fc:f8:18:75:b0:7a:90:59:
f6:83:0c:b5:af:ca:cb:c0:a7:02:02:5a:c8:21:52:d5:a5:57:
ab:c1:71:2e:9a:7f:0d:f3:74:e5:bc:da:55:00:d4:16:47:72:
f4:f1:2a:e1:2b:05:2e:5d:ea:57:00:11:7c:9f:a1:ca:56:d8:
3c:14:73:ad:d6:e3:ff:b8:9e:7f:67:b1:41:c7:22:0a:21:a2:
ce:75:dc:b8:59:56:bd:4e:2d:d0:ec:45:fe:38:ab:2d:d7:ae:
d1:17:39:01:d7:d3:9b:ea:bd:05:f0:06:db:e9:a9:d1:49:4b:
09:87:1b:d8:0b:c3:d2:b9:4b:fd:b2:9a:27:f2:27:26:33:1b:
de:58:a9:23
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUZpgc4Ot41kF9bZK7lmdvLnCee3wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MTkyMDI0MzJaFw0yNzA0MTgyMDI5MzJaMDMxMTAvBgNV
BAMTKDVEMjlBMkRBRTEzOEUwMUJDOTJFRkFCRDVCMzJBRjBGMUVGQkJGOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbCgki14ZUDInVQ+wduzkz/X7+
kakE8CL3SuK2mdnWKylMi+I8Y6I7/E2y8Cx0gOwEI/F3C4taCkbDlGF73qkp53e7
mAHAxk5kBgD62kRC10ceunAB0iluhbVGXiEljk0dvJxgrtu7hsj8einVM8uU/tdf
NAsSXRicKAj0gd/asJdrODjKXAczAdeKj6tCnJclqWMPeL0Bt/KJFPusRiR6OhHL
kMeQtzMscJUKfchn/RY7RYDhwz7Fjj8PVVeAjjBzjCv7iQ4WyqzQs58lVVIT3vUn
cFcENtafWezbVBKEA/g08tBUesTXrVnzoPuyFja0kEmlBgENpyuhLcXCId0pAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUXSmi2uE44BvJLvq9WzKvDx77v4swHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBACUh6ED
BAOW8dgDBACijQwDBAKo3kQwDQYJKoZIhvcNAQELBQADggEBAFbMcOQltvyOkbb2
iugzfVteNZXQhSI3NyRZbe4ZcaiCinezXhqmTfEOfI1jBkVnwjD65xc77751WAL5
BZrMjXwJuTJxCJcNPtFtE17zqfPk9n2siSBd509teoIQws6rlou8Cy5w6Fxg4BTr
/tDHRPIPPqYHK/z8+Bh1sHqQWfaDDLWvysvApwICWsghUtWlV6vBcS6afw3zdOW8
2lUA1BZHcvTxKuErBS5d6lcAEXyfocpW2DwUc63W4/+4nn9nsUHHIgohos513LhZ
Vr1OLdDsRf44qy3XrtEXOQHX05vqvQXwBtvpqdFJSwmHG9gLw9K5S/2ymifyJyYz
G95YqSM=
-----END CERTIFICATE-----
Generated at Mon Apr 20 00:30:50 2026 by rpki-client