Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
File: AS7843.roa (raw, json)
Hash identifier: pjEm1jQ9vVVskJ+o5I2h6m/QJ1knqwQ5X1IH68HeV0M=
Subject key identifier: 29:72:39:76:F5:BC:22:EC:82:0D:6E:D2:9A:19:B9:EB:FC:6C:FE:1B
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 4C63731817C5D987940FE547127A846D2CBE8ADE
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
Signing time: Mon 01 Sep 2025 06:06:33 +0000
ROA not before: Mon 01 Sep 2025 06:01:33 +0000
ROA not after: Mon 31 Aug 2026 06:06:33 +0000
asID: 7843
IP address blocks: 143.14.16.0/21 maxlen: 24
143.14.232.0/21 maxlen: 24
162.141.2.0/23 maxlen: 24
162.141.6.0/23 maxlen: 24
162.141.22.0/23 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.76.0/23 maxlen: 24
162.141.134.0/23 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.156.0/23 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
162.141.192.0/21 maxlen: 24
162.141.200.0/21 maxlen: 24
162.141.208.0/21 maxlen: 24
162.141.216.0/21 maxlen: 24
162.141.224.0/21 maxlen: 24
162.141.232.0/21 maxlen: 24
162.141.240.0/21 maxlen: 24
162.141.248.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.24.0/22 maxlen: 24
167.148.44.0/23 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.60.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.120.0/22 maxlen: 24
167.148.145.0/24 maxlen: 24
167.148.224.0/21 maxlen: 24
167.148.232.0/21 maxlen: 24
167.148.240.0/21 maxlen: 24
167.148.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Sep 2025 02:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:63:73:18:17:c5:d9:87:94:0f:e5:47:12:7a:84:6d:2c:be:8a:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Sep 1 06:01:33 2025 GMT
Not After : Aug 31 06:06:33 2026 GMT
Subject: CN=29723976F5BC22EC820D6ED29A19B9EBFC6CFE1B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:c8:12:da:fe:3a:bc:c2:01:3a:ef:ce:82:75:
d1:8b:75:38:f4:50:7f:95:8d:44:ba:2f:c6:06:40:
fa:a1:9d:4c:b0:01:0b:5c:8e:51:9f:d5:cc:16:14:
62:65:18:b0:9b:a2:71:82:24:5a:ea:0d:7f:15:c0:
96:16:e5:3b:72:7d:25:89:46:f8:9f:37:2c:25:34:
82:ed:90:e7:8f:9d:d3:c2:cf:fb:b4:bb:cc:4c:00:
12:b0:76:0e:14:d9:e4:db:6a:c7:cb:23:dd:2d:35:
19:2a:f6:c7:11:de:5f:ff:78:a5:b1:52:cf:15:10:
85:db:bd:04:82:91:e7:c1:18:05:cf:15:6d:09:18:
f3:12:54:11:0a:7f:90:7b:8e:96:74:f6:1a:5d:a4:
d4:a9:1a:fe:75:45:11:b3:3f:5b:09:8d:96:50:cd:
6d:ec:cd:8c:c9:64:e1:6d:62:6e:3d:ba:77:f9:fd:
41:c8:ad:b8:1e:84:20:b1:ad:87:77:51:2d:b0:18:
a0:33:a0:73:b1:9f:de:36:69:13:34:61:db:e6:b8:
11:3e:78:bf:41:cd:77:20:3f:f1:63:98:81:f0:81:
ed:b5:4c:32:09:8f:9e:01:86:eb:b9:ce:33:f4:6f:
bf:f2:83:d5:e8:d1:3e:62:8b:c7:6b:3b:4c:ab:09:
9e:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:72:39:76:F5:BC:22:EC:82:0D:6E:D2:9A:19:B9:EB:FC:6C:FE:1B
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.16.0/21
143.14.232.0/21
162.141.2.0/23
162.141.6.0/23
162.141.22.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0-162.141.77.255
162.141.134.0/23
162.141.144.0/21
162.141.156.0/23
162.141.168.0/21
162.141.184.0-162.141.255.255
167.148.16.0-167.148.27.255
167.148.44.0/23
167.148.48.0-167.148.67.255
167.148.76.0/22
167.148.88.0/21
167.148.108.0/22
167.148.120.0/22
167.148.145.0/24
167.148.224.0/19
Signature Algorithm: sha256WithRSAEncryption
71:28:42:61:c5:26:62:7a:f4:f1:c1:89:8d:57:77:52:4b:57:
58:7c:7b:bf:c9:53:e6:8e:05:5b:b7:62:fd:77:7d:99:dc:dc:
6f:34:f6:f4:3c:b0:a4:41:00:a8:6a:87:4f:af:78:73:83:85:
bb:63:c5:b9:14:c1:c2:69:1f:a6:ca:71:78:e7:e8:41:e9:5d:
fe:76:72:de:7c:d8:39:26:6d:90:93:ec:d9:0c:8a:d5:24:90:
61:f8:89:f9:ba:51:56:49:b8:5f:a0:1b:e0:3a:ed:79:86:a4:
77:02:66:60:77:ac:57:6c:35:c9:75:0e:a7:e1:21:b9:a5:b5:
a3:5f:f4:17:66:d0:c4:d0:3b:73:7b:40:5a:5b:ab:37:28:b2:
8e:33:54:4c:d4:ee:9f:db:dc:f6:05:a6:35:7c:6b:87:f7:02:
40:2b:6d:87:21:df:5d:e1:78:8e:e3:7e:e0:b2:9d:0d:41:1f:
c7:08:90:13:4d:93:3e:a0:18:f8:dd:57:c3:01:08:30:44:d8:
0b:0e:7b:c4:ef:d2:8a:6d:2f:42:fe:c7:ee:f5:95:25:6d:bb:
a3:e1:97:49:ad:3f:a8:33:99:d7:f0:ac:06:6a:75:d8:96:59:
72:11:ae:47:21:a1:34:30:4a:07:bf:82:c8:2a:5b:49:f1:15:
a9:78:9d:12
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgIUTGNzGBfF2YeUD+VHEnqEbSy+it4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MDEwNjAxMzNaFw0yNjA4MzEwNjA2MzNaMDMxMTAvBgNV
BAMTKDI5NzIzOTc2RjVCQzIyRUM4MjBENkVEMjlBMTlCOUVCRkM2Q0ZFMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQyBLa/jq8wgE6786CddGLdTj0
UH+VjUS6L8YGQPqhnUywAQtcjlGf1cwWFGJlGLCbonGCJFrqDX8VwJYW5TtyfSWJ
RvifNywlNILtkOePndPCz/u0u8xMABKwdg4U2eTbasfLI90tNRkq9scR3l//eKWx
Us8VEIXbvQSCkefBGAXPFW0JGPMSVBEKf5B7jpZ09hpdpNSpGv51RRGzP1sJjZZQ
zW3szYzJZOFtYm49unf5/UHIrbgehCCxrYd3US2wGKAzoHOxn942aRM0YdvmuBE+
eL9BzXcgP/FjmIHwge21TDIJj54Bhuu5zjP0b7/yg9Xo0T5ii8drO0yrCZ5JAgMB
AAGjggKyMIICrjAdBgNVHQ4EFgQUKXI5dvW8IuyCDW7Smhm56/xs/hswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNzg0My5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCByAYIKwYBBQUHAQcBAf8EgbgwgbUwgbIEAgABMIGrAwQD
jw4QAwQDjw7oAwQBoo0CAwQBoo0GMAwDBAGijRYDBAKijSADBAKijSgDBAOijTgw
DAMEA6KNSAMEAaKNTAMEAaKNhgMEA6KNkAMEAaKNnAMEA6KNqDALAwQDoo24AwMB
oowwDAMEBKeUEAMEAqeUGAMEAaeULDAMAwQEp5QwAwQCp5RAAwQCp5RMAwQDp5RY
AwQCp5RsAwQCp5R4AwQAp5SRAwQFp5TgMA0GCSqGSIb3DQEBCwUAA4IBAQBxKEJh
xSZievTxwYmNV3dSS1dYfHu/yVPmjgVbt2L9d32Z3NxvNPb0PLCkQQCoaodPr3hz
g4W7Y8W5FMHCaR+mynF45+hB6V3+dnLefNg5Jm2Qk+zZDIrVJJBh+In5ulFWSbhf
oBvgOu15hqR3AmZgd6xXbDXJdQ6n4SG5pbWjX/QXZtDE0Dtze0BaW6s3KLKOM1RM
1O6f29z2BaY1fGuH9wJAK22HId9d4XiO437gsp0NQR/HCJATTZM+oBj43VfDAQgw
RNgLDnvE79KKbS9C/sfu9ZUlbbuj4ZdJrT+oM5nX8KwGanXYlllyEa5HIaE0MEoH
v4LIKltJ8RWpeJ0S
-----END CERTIFICATE-----
Generated at Sat Sep 6 11:27:13 2025 by rpki-client