Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53356.roa
File: AS53356.roa (raw, json)
Hash identifier: KTqGdh9bltlm1ZclP0AoO98KtaclRg+Ij0vgFGsUcLU=
Subject key identifier: 04:60:5A:3D:EB:86:2D:AA:3C:B1:17:9A:29:AA:30:45:2E:81:B9:A0
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 2104A30291E6B81BE7FEB663E23E1652D55B3E5A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53356.roa
Signing time: Tue 02 Sep 2025 18:26:29 +0000
ROA not before: Tue 02 Sep 2025 18:21:29 +0000
ROA not after: Tue 01 Sep 2026 18:26:29 +0000
asID: 53356
IP address blocks: 143.14.38.0/24 maxlen: 24
143.14.39.0/24 maxlen: 24
143.14.218.0/24 maxlen: 24
148.135.163.0/24 maxlen: 24
155.117.16.0/24 maxlen: 24
162.141.14.0/24 maxlen: 24
167.148.15.0/24 maxlen: 24
167.148.182.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 08 Sep 2025 00:55:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:04:a3:02:91:e6:b8:1b:e7:fe:b6:63:e2:3e:16:52:d5:5b:3e:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Sep 2 18:21:29 2025 GMT
Not After : Sep 1 18:26:29 2026 GMT
Subject: CN=04605A3DEB862DAA3CB1179A29AA30452E81B9A0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:b1:32:cc:e0:ff:10:8d:a6:49:e4:d7:90:b9:
7b:09:4a:2c:7f:e6:53:44:b8:d9:90:78:7e:bc:9c:
b4:17:fd:c9:20:c9:dd:54:32:8b:1a:09:15:52:fe:
89:c3:bf:ad:4c:ed:2a:27:4d:1f:42:d4:cf:69:fb:
a4:94:df:30:09:99:79:3e:aa:9b:b9:21:a8:37:63:
a8:2e:50:50:7d:c7:ec:69:24:15:39:e7:b5:20:24:
84:06:33:b4:4e:c3:f3:8f:1e:32:23:5d:b0:6a:2b:
80:49:cd:86:bf:8b:18:60:9e:ec:fa:9b:79:4b:e9:
bd:46:9d:ab:0d:7d:1f:75:24:2c:4d:29:5a:10:ee:
e5:56:a2:a0:09:ce:17:fa:a5:60:03:ed:5f:99:45:
af:a8:f4:23:fc:f0:bd:d5:c8:f4:67:97:43:42:ba:
3a:62:c5:2c:7e:43:b7:a7:8b:5e:d3:d5:c0:c0:f6:
c6:ae:a0:45:e1:dc:a2:dd:1a:cc:b6:56:2c:a0:17:
08:9b:85:0a:de:78:bd:5a:8c:8d:4d:f6:8c:7b:45:
ea:02:05:e2:69:83:a1:ae:81:ff:d3:eb:fe:ab:64:
5f:dd:28:05:6c:e9:3d:4b:19:6c:0c:b0:63:68:8c:
e7:7e:d4:2a:33:6d:57:6a:17:77:33:eb:6b:be:19:
12:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:60:5A:3D:EB:86:2D:AA:3C:B1:17:9A:29:AA:30:45:2E:81:B9:A0
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53356.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.38.0/23
143.14.218.0/24
148.135.163.0/24
155.117.16.0/24
162.141.14.0/24
167.148.15.0/24
167.148.182.0/24
Signature Algorithm: sha256WithRSAEncryption
0a:0b:3a:43:6e:04:a2:7d:bd:fe:d3:ce:00:33:7b:eb:d3:bf:
4e:0f:9e:0b:3e:a0:57:d8:e2:62:57:27:ef:6c:f6:70:92:08:
2f:99:2c:3d:04:7a:b2:4e:c6:6d:9c:d6:ff:bf:e9:8e:80:97:
b5:c8:7e:19:67:41:95:d9:ac:21:7f:58:b7:30:c8:af:3c:d7:
9c:fa:35:a4:41:23:f0:77:41:42:5b:f4:c5:ea:09:f5:cf:bb:
0c:dc:18:97:b0:40:fb:52:ff:25:02:ff:5f:61:86:b6:20:8e:
ed:cf:7f:ec:76:5d:ca:b2:f4:81:bb:ac:7a:e9:53:94:b3:48:
74:2e:7e:03:a1:07:9d:02:a1:93:55:98:80:58:65:e9:c6:6d:
c5:21:78:9e:7d:3f:29:01:26:03:b0:e7:70:e1:90:f5:bd:d1:
0f:93:b9:6c:54:79:78:87:99:db:67:83:8f:fb:27:1d:eb:e1:
90:78:95:77:da:6a:33:d7:a5:6b:78:5c:b8:e1:cf:1b:4c:8c:
b8:12:92:05:14:39:50:ff:a7:28:30:05:89:7f:5e:bb:80:92:
67:28:e4:cd:44:0c:cb:33:ae:05:c9:31:17:51:55:51:6a:3c:
05:14:5d:4e:1e:87:64:01:c7:2e:d0:f9:ff:22:0a:9c:85:87:
98:48:da:68
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIUIQSjApHmuBvn/rZj4j4WUtVbPlowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MDIxODIxMjlaFw0yNjA5MDExODI2MjlaMDMxMTAvBgNV
BAMTKDA0NjA1QTNERUI4NjJEQUEzQ0IxMTc5QTI5QUEzMDQ1MkU4MUI5QTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7sTLM4P8QjaZJ5NeQuXsJSix/
5lNEuNmQeH68nLQX/ckgyd1UMosaCRVS/onDv61M7SonTR9C1M9p+6SU3zAJmXk+
qpu5Iag3Y6guUFB9x+xpJBU557UgJIQGM7ROw/OPHjIjXbBqK4BJzYa/ixhgnuz6
m3lL6b1GnasNfR91JCxNKVoQ7uVWoqAJzhf6pWAD7V+ZRa+o9CP88L3VyPRnl0NC
ujpixSx+Q7eni17T1cDA9sauoEXh3KLdGsy2ViygFwibhQreeL1ajI1N9ox7ReoC
BeJpg6Gugf/T6/6rZF/dKAVs6T1LGWwMsGNojOd+1CozbVdqF3cz62u+GRIfAgMB
AAGjggItMIICKTAdBgNVHQ4EFgQUBGBaPeuGLao8sReaKaowRS6BuaAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTMzNTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQwYIKwYBBQUHAQcBAf8ENDAyMDAEAgABMCoDBAGPDiYD
BACPDtoDBACUh6MDBACbdRADBACijQ4DBACnlA8DBACnlLYwDQYJKoZIhvcNAQEL
BQADggEBAAoLOkNuBKJ9vf7TzgAze+vTv04Pngs+oFfY4mJXJ+9s9nCSCC+ZLD0E
erJOxm2c1v+/6Y6Al7XIfhlnQZXZrCF/WLcwyK8815z6NaRBI/B3QUJb9MXqCfXP
uwzcGJewQPtS/yUC/19hhrYgju3Pf+x2Xcqy9IG7rHrpU5SzSHQufgOhB50CoZNV
mIBYZenGbcUheJ59PykBJgOw53DhkPW90Q+TuWxUeXiHmdtng4/7Jx3r4ZB4lXfa
ajPXpWt4XLjhzxtMjLgSkgUUOVD/pygwBYl/XruAkmco5M1EDMszrgXJMRdRVVFq
PAUUXU4eh2QBxy7Q+f8iCpyFh5hI2mg=
-----END CERTIFICATE-----
Generated at Sun Sep 7 12:33:38 2025 by rpki-client