Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: 9cVA2J8V6knBIHEuYtczZ6eS6SFQ0mlFuL5cDOW1Keo=
Subject key identifier: 4C:AF:B7:79:04:20:F3:E0:F1:C1:B0:B6:5C:77:5E:FC:7D:D8:1D:6F
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 7DD1393DBF6D769FDF51B154B066197218ABF316
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
Signing time: Thu 04 Jun 2026 13:52:27 +0000
ROA not before: Thu 04 Jun 2026 13:47:27 +0000
ROA not after: Thu 03 Jun 2027 13:52:27 +0000
asID: 20473
IP address blocks: 140.233.173.0/24 maxlen: 24
148.135.161.0/24 maxlen: 24
150.241.216.0/21 maxlen: 24
162.141.12.0/24 maxlen: 24
168.222.47.0/24 maxlen: 24
168.222.89.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 12 Jun 2026 08:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7d:d1:39:3d:bf:6d:76:9f:df:51:b1:54:b0:66:19:72:18:ab:f3:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Jun 4 13:47:27 2026 GMT
Not After : Jun 3 13:52:27 2027 GMT
Subject: CN=4CAFB7790420F3E0F1C1B0B65C775EFC7DD81D6F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:e8:4a:61:ca:df:29:55:60:d1:2c:9e:49:0e:
76:fa:cc:a8:77:2f:c0:2c:af:44:d1:97:19:2c:b1:
c4:3a:65:3a:4a:e4:be:69:43:c6:bc:27:4a:6c:96:
c5:a8:38:e6:42:8e:d7:c0:cd:f6:44:50:e4:14:29:
03:c8:3c:85:c7:5e:ff:91:ed:88:58:92:6d:5d:b8:
80:21:b4:00:4e:e5:9c:31:cf:d1:54:a6:f0:2c:75:
f1:f2:e2:44:f3:86:1d:7f:b0:ad:8d:9b:77:fd:56:
e5:d0:93:67:17:fb:ce:5d:83:41:f6:4d:20:24:cf:
d7:83:3e:c1:72:65:26:81:da:02:24:f2:c3:cd:9a:
c8:a6:b6:eb:35:aa:21:74:ad:44:be:f9:fc:ee:7b:
80:cd:d1:18:23:3e:da:e4:a5:b3:2a:e7:25:9e:37:
3b:d2:b4:e7:1f:5e:bb:2d:56:7a:f1:29:32:e1:41:
7a:b7:cf:c3:d9:0b:8a:0a:ac:0f:cd:a6:9b:a5:ca:
25:3b:15:7e:7c:da:82:d3:48:5e:8f:35:76:b1:31:
a3:89:a5:cd:3a:4d:07:63:8e:d5:3b:01:40:ba:90:
f4:5d:dc:1c:82:e0:9a:09:87:5a:f6:ee:20:82:06:
c0:f7:d5:0c:af:42:ec:97:0c:be:e7:cb:0a:84:b3:
76:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:AF:B7:79:04:20:F3:E0:F1:C1:B0:B6:5C:77:5E:FC:7D:D8:1D:6F
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.233.173.0/24
148.135.161.0/24
150.241.216.0/21
162.141.12.0/24
168.222.47.0/24
168.222.89.0/24
Signature Algorithm: sha256WithRSAEncryption
17:5c:bb:c4:b9:2b:af:22:f0:fb:7f:6f:3b:9a:41:7e:fa:22:
38:16:2f:c3:a4:2b:27:cd:7a:12:7b:37:45:16:63:29:79:1a:
ce:ce:02:ec:81:85:78:07:2a:1f:8a:31:bc:7d:07:b2:f9:7a:
76:c4:70:89:ae:29:e1:3a:69:07:e3:16:e4:f0:c8:34:24:3a:
e1:34:76:fa:b3:a7:c9:83:2b:92:81:e7:58:b8:d2:cd:28:94:
e8:2f:f8:08:85:92:ad:90:12:2a:0e:81:ac:ee:d7:e7:07:1d:
25:0b:52:4f:66:e7:0e:27:64:29:b1:53:2e:27:59:fa:35:c9:
67:f6:40:ed:95:7a:3b:08:19:2f:b4:dc:c9:3f:90:16:7d:02:
9c:d1:e8:ff:23:33:2a:6a:8b:86:61:f2:37:ce:ec:72:0d:d2:
be:47:b4:7d:3f:55:b5:50:a0:18:48:3b:b5:94:5a:62:57:49:
4a:2d:59:43:c4:ce:e7:72:58:3f:59:d5:3c:f5:bb:e3:ac:84:
f7:af:9e:84:08:50:e9:cd:72:2c:91:18:9b:5e:5a:29:a0:6a:
4a:75:c0:b7:e4:31:fc:a0:9f:e0:60:f1:e7:7a:9c:ef:55:53:
8a:d9:f6:94:c5:8c:15:d7:84:e8:60:09:02:09:51:13:aa:4e:
67:52:56:04
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIUfdE5Pb9tdp/fUbFUsGYZchir8xYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDQxMzQ3MjdaFw0yNzA2MDMxMzUyMjdaMDMxMTAvBgNV
BAMTKDRDQUZCNzc5MDQyMEYzRTBGMUMxQjBCNjVDNzc1RUZDN0REODFENkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ6Ephyt8pVWDRLJ5JDnb6zKh3
L8Asr0TRlxksscQ6ZTpK5L5pQ8a8J0pslsWoOOZCjtfAzfZEUOQUKQPIPIXHXv+R
7YhYkm1duIAhtABO5Zwxz9FUpvAsdfHy4kTzhh1/sK2Nm3f9VuXQk2cX+85dg0H2
TSAkz9eDPsFyZSaB2gIk8sPNmsimtus1qiF0rUS++fzue4DN0RgjPtrkpbMq5yWe
NzvStOcfXrstVnrxKTLhQXq3z8PZC4oKrA/NppulyiU7FX582oLTSF6PNXaxMaOJ
pc06TQdjjtU7AUC6kPRd3ByC4JoJh1r27iCCBsD31QyvQuyXDL7nywqEs3YVAgMB
AAGjggInMIICIzAdBgNVHQ4EFgQUTK+3eQQg8+DxwbC2XHde/H3YHW8wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPQYIKwYBBQUHAQcBAf8ELjAsMCoEAgABMCQDBACM6a0D
BACUh6EDBAOW8dgDBACijQwDBACo3i8DBACo3lkwDQYJKoZIhvcNAQELBQADggEB
ABdcu8S5K68i8Pt/bzuaQX76IjgWL8OkKyfNehJ7N0UWYyl5Gs7OAuyBhXgHKh+K
Mbx9B7L5enbEcImuKeE6aQfjFuTwyDQkOuE0dvqzp8mDK5KB51i40s0olOgv+AiF
kq2QEioOgazu1+cHHSULUk9m5w4nZCmxUy4nWfo1yWf2QO2VejsIGS+03Mk/kBZ9
ApzR6P8jMypqi4Zh8jfO7HIN0r5HtH0/VbVQoBhIO7WUWmJXSUotWUPEzudyWD9Z
1Tz1u+OshPevnoQIUOnNciyRGJteWimgakp1wLfkMfygn+Bg8ed6nO9VU4rZ9pTF
jBXXhOhgCQIJUROqTmdSVgQ=
-----END CERTIFICATE-----
Generated at Thu Jun 11 14:39:58 2026 by rpki-client