Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
File: AS7843.roa (raw, json)
Hash identifier: ftMmmYG9LakbXUhCnxYZYTUiWsPx9+dEzOkmLVVU+wc=
Subject key identifier: 9A:33:E0:61:66:DA:06:84:BF:F7:DE:4D:E6:7A:03:D8:DF:C3:C5:1D
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 1400508BC52CC5EC34726CB5F00867552330D6EC
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
Signing time: Wed 04 Jun 2025 07:00:15 +0000
ROA not before: Wed 04 Jun 2025 06:55:15 +0000
ROA not after: Wed 03 Jun 2026 07:00:15 +0000
asID: 7843
IP address blocks: 143.14.16.0/21 maxlen: 24
143.14.232.0/21 maxlen: 24
155.117.64.0/21 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
162.141.192.0/21 maxlen: 24
162.141.200.0/21 maxlen: 24
162.141.208.0/21 maxlen: 24
162.141.216.0/21 maxlen: 24
162.141.224.0/21 maxlen: 24
162.141.232.0/21 maxlen: 24
162.141.240.0/21 maxlen: 24
162.141.248.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.24.0/22 maxlen: 24
167.148.36.0/22 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.120.0/22 maxlen: 24
167.148.224.0/21 maxlen: 24
167.148.232.0/21 maxlen: 24
167.148.240.0/21 maxlen: 24
167.148.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 08 Jun 2025 05:53:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:00:50:8b:c5:2c:c5:ec:34:72:6c:b5:f0:08:67:55:23:30:d6:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Jun 4 06:55:15 2025 GMT
Not After : Jun 3 07:00:15 2026 GMT
Subject: CN=9A33E06166DA0684BFF7DE4DE67A03D8DFC3C51D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:47:89:5b:a4:aa:52:fa:eb:a8:71:2d:49:40:
27:05:86:54:1f:d4:93:b8:46:ec:e0:70:fd:48:89:
a4:36:ce:66:41:d3:c4:18:30:55:35:7c:6d:f1:39:
c2:8e:20:cf:42:db:9a:2e:76:d8:fb:bf:ac:f8:91:
a4:fa:ea:3e:f8:58:71:6e:8d:2f:35:1f:d0:55:e9:
d0:86:a3:29:43:8b:ea:68:f9:77:8f:95:8a:7e:dd:
f6:0d:8f:34:b1:d6:6b:9a:d5:b7:54:83:11:b5:50:
c0:c5:fb:a5:7f:82:43:19:4b:38:21:df:f4:2d:19:
81:f0:e5:6f:76:b1:4f:a4:5f:8f:4e:ee:1b:43:6e:
03:1b:3f:9f:9e:24:c1:8a:84:16:72:5a:d9:03:0e:
0b:99:42:df:82:62:b3:c6:a3:34:dc:28:f7:27:d6:
e7:93:1d:d7:c1:b6:a2:81:88:a0:db:68:55:d3:69:
38:44:7e:87:50:60:9f:d1:85:b8:b5:6b:21:8e:3c:
30:97:5d:74:f7:81:84:c3:07:86:6c:a2:42:f4:1c:
9a:77:1f:7e:0a:ed:5e:50:6c:06:3b:18:db:05:89:
c9:89:e0:19:4c:f5:8e:77:a8:16:83:8b:0c:eb:20:
15:95:d2:df:27:7c:3c:48:e5:40:32:8d:7b:ec:d9:
d2:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:33:E0:61:66:DA:06:84:BF:F7:DE:4D:E6:7A:03:D8:DF:C3:C5:1D
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.16.0/21
143.14.232.0/21
155.117.64.0/21
162.141.24.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0/22
162.141.144.0/21
162.141.168.0/21
162.141.184.0-162.141.255.255
167.148.16.0-167.148.27.255
167.148.36.0/22
167.148.48.0-167.148.59.255
167.148.64.0/22
167.148.76.0/22
167.148.88.0/21
167.148.108.0/22
167.148.120.0/22
167.148.224.0/19
Signature Algorithm: sha256WithRSAEncryption
40:82:20:24:51:56:bf:81:64:81:82:50:5d:8b:7d:80:d0:08:
ab:d1:0b:77:18:ef:67:9a:a6:72:70:b7:08:74:f8:af:2d:7b:
15:f9:0a:3d:5f:76:87:aa:e8:e4:44:ec:c1:93:a5:59:86:e9:
1b:4e:03:0a:5e:ca:da:ba:45:2e:bf:a9:a0:c0:a6:71:b6:42:
c1:9e:44:0a:b0:9c:e3:49:99:75:9b:c9:ea:be:48:09:42:ef:
48:ef:e9:62:c5:31:3e:2a:b5:af:85:f2:93:75:c3:70:52:09:
f8:eb:20:51:d9:eb:6f:f2:30:7e:85:56:b8:7e:0b:3e:fe:99:
af:78:52:bb:a2:ea:95:83:dd:ab:3e:7e:04:9f:7b:3c:9b:32:
29:be:b9:86:3e:d6:a6:fd:27:0e:37:0a:45:93:d9:b2:f8:5f:
47:7b:69:a1:2e:d7:13:b6:b6:3a:d7:a8:11:e3:d2:d3:05:d6:
f9:f3:05:d0:d1:9d:b0:36:81:66:2e:69:1b:8e:ec:a9:e8:bc:
69:84:ee:c7:f4:a7:d8:d4:ec:90:2c:9c:38:b6:0c:b1:b3:9f:
03:65:55:05:b0:20:1b:ac:e1:19:18:1f:5e:4e:b6:eb:1a:39:
0d:16:bd:d7:41:58:0a:c6:69:a5:81:15:96:80:69:7a:53:e2:
bb:68:e4:79
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIUFABQi8Usxew0cmy18AhnVSMw1uwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MDQwNjU1MTVaFw0yNjA2MDMwNzAwMTVaMDMxMTAvBgNV
BAMTKDlBMzNFMDYxNjZEQTA2ODRCRkY3REU0REU2N0EwM0Q4REZDM0M1MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJR4lbpKpS+uuocS1JQCcFhlQf
1JO4RuzgcP1IiaQ2zmZB08QYMFU1fG3xOcKOIM9C25oudtj7v6z4kaT66j74WHFu
jS81H9BV6dCGoylDi+po+XePlYp+3fYNjzSx1mua1bdUgxG1UMDF+6V/gkMZSzgh
3/QtGYHw5W92sU+kX49O7htDbgMbP5+eJMGKhBZyWtkDDguZQt+CYrPGozTcKPcn
1ueTHdfBtqKBiKDbaFXTaThEfodQYJ/Rhbi1ayGOPDCXXXT3gYTDB4ZsokL0HJp3
H34K7V5QbAY7GNsFicmJ4BlM9Y53qBaDiwzrIBWV0t8nfDxI5UAyjXvs2dKFAgMB
AAGjggKYMIIClDAdBgNVHQ4EFgQUmjPgYWbaBoS/995N5noD2N/DxR0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNzg0My5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBrgYIKwYBBQUHAQcBAf8EgZ4wgZswgZgEAgABMIGRAwQD
jw4QAwQDjw7oAwQDm3VAMAwDBAOijRgDBAKijSADBAKijSgDBAOijTgDBAKijUgD
BAOijZADBAOijagwCwMEA6KNuAMDAaKMMAwDBASnlBADBAKnlBgDBAKnlCQwDAME
BKeUMAMEAqeUOAMEAqeUQAMEAqeUTAMEA6eUWAMEAqeUbAMEAqeUeAMEBaeU4DAN
BgkqhkiG9w0BAQsFAAOCAQEAQIIgJFFWv4FkgYJQXYt9gNAIq9ELdxjvZ5qmcnC3
CHT4ry17FfkKPV92h6ro5ETswZOlWYbpG04DCl7K2rpFLr+poMCmcbZCwZ5ECrCc
40mZdZvJ6r5ICULvSO/pYsUxPiq1r4Xyk3XDcFIJ+OsgUdnrb/IwfoVWuH4LPv6Z
r3hSu6LqlYPdqz5+BJ97PJsyKb65hj7Wpv0nDjcKRZPZsvhfR3tpoS7XE7a2Oteo
EePS0wXW+fMF0NGdsDaBZi5pG47sqei8aYTux/Sn2NTskCycOLYMsbOfA2VVBbAg
G6zhGRgfXk626xo5DRa910FYCsZppYEVloBpelPiu2jkeQ==
-----END CERTIFICATE-----
Generated at Sat Jun 7 13:48:50 2025 by rpki-client