Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: aVcmANBR5KM8/Dupi5xy3soaimUDpC12H0WHeDsPSV8=
Subject key identifier: 4A:97:4B:1E:2C:23:A0:72:4B:80:FC:EF:49:2B:81:4C:09:6B:82:09
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 5191EC554BAD0AEDD716163A25A1DE2A23760087
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
Signing time: Sun 07 Sep 2025 13:38:57 +0000
ROA not before: Sun 07 Sep 2025 13:33:57 +0000
ROA not after: Sun 06 Sep 2026 13:38:57 +0000
asID: 20473
IP address blocks: 181.215.70.0/24 maxlen: 24
191.101.223.0/24 maxlen: 24
213.109.169.0/24 maxlen: 24
2a0b:500::/32 maxlen: 48
2a0b:501::/32 maxlen: 48
2a0b:502::/32 maxlen: 48
2a0b:503::/32 maxlen: 48
2a0b:504::/32 maxlen: 48
2a0b:505::/32 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 14 Oct 2025 12:40:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:91:ec:55:4b:ad:0a:ed:d7:16:16:3a:25:a1:de:2a:23:76:00:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Sep 7 13:33:57 2025 GMT
Not After : Sep 6 13:38:57 2026 GMT
Subject: CN=4A974B1E2C23A0724B80FCEF492B814C096B8209
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:46:9f:8f:6b:d6:73:83:36:43:b5:1d:25:97:
08:81:17:d8:af:12:82:15:f4:39:66:81:d1:cc:db:
25:ad:1c:73:3e:5c:87:f8:a3:69:d8:52:bc:2e:79:
c1:6e:44:fe:21:cb:28:e6:94:64:fa:89:fe:47:6e:
48:47:09:7d:70:ac:e8:88:8d:4d:b5:21:32:9e:2a:
cb:e1:d0:68:2b:6c:1f:36:e7:a6:7b:bc:08:82:04:
c4:82:ff:d8:d8:5a:9f:34:8b:06:75:f1:60:a9:23:
ee:54:39:6d:7a:3b:ea:89:ea:c0:43:cb:ea:07:62:
af:91:f1:c9:36:fe:1e:9f:42:cf:e6:0e:c5:96:1d:
d0:1a:6d:d7:25:89:bf:78:15:37:43:48:f7:71:88:
1b:c9:6a:31:03:05:fa:20:39:d0:c4:04:ce:e1:71:
a1:a5:33:20:4f:1b:18:a9:79:36:ff:3d:8d:17:10:
ae:4e:54:42:28:6a:e0:78:e0:b9:3c:4d:64:3f:c2:
1f:e0:e6:4d:e7:e6:20:3d:a2:57:69:ec:f6:11:3b:
8a:2c:3d:a3:07:2d:ac:78:20:84:c3:97:33:34:f9:
2c:87:a9:1b:7f:11:b1:e2:75:ec:18:13:25:da:f2:
6c:db:fc:8b:d7:8f:96:50:c5:aa:89:cd:40:7f:42:
c9:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:97:4B:1E:2C:23:A0:72:4B:80:FC:EF:49:2B:81:4C:09:6B:82:09
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
181.215.70.0/24
191.101.223.0/24
213.109.169.0/24
IPv6:
2a0b:500::-2a0b:505:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
7d:6e:b6:11:eb:31:05:05:00:38:4e:a9:bb:c1:13:2b:64:4d:
1f:f0:a0:f7:88:1a:96:90:66:07:46:6d:db:7d:2b:35:2e:4e:
f9:83:41:20:85:1d:bb:9a:61:b9:43:f4:80:ce:4b:90:cd:a4:
a8:51:ad:d3:2b:e1:df:cd:82:f4:c8:8b:12:54:a4:f7:78:08:
99:40:a7:13:b3:89:6d:13:56:0f:da:77:5d:ec:4e:ef:8e:31:
ba:95:6d:17:f2:c2:81:64:61:4c:96:cb:1a:7a:2f:d4:f9:d1:
ab:5e:62:5d:66:d1:58:93:41:58:75:66:3f:3d:a5:2d:8c:b4:
7a:56:e5:7e:0f:bd:b4:3c:ec:ad:46:28:b7:ee:bd:66:70:c5:
bb:2e:46:2a:a1:a0:f4:ad:fd:e7:77:86:7f:5f:d6:f7:7c:c5:
9a:45:ed:ab:45:01:1e:43:71:a5:08:40:16:f1:15:bb:8b:45:
7c:ec:29:b9:39:f4:11:ef:1f:44:17:fa:f2:9b:be:50:a2:8b:
3e:b9:0c:85:45:eb:fe:30:1d:11:f1:44:53:28:b7:99:75:4a:
89:e4:47:e0:d7:c2:be:25:6e:82:0f:01:1d:4c:a2:9a:55:18:
b7:7c:69:52:24:25:42:b1:c4:ef:5f:15:00:05:3c:6a:fe:26:
32:45:a2:fe
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgIUUZHsVUutCu3XFhY6JaHeKiN2AIcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MDcxMzMzNTdaFw0yNjA5MDYxMzM4NTdaMDMxMTAvBgNV
BAMTKDRBOTc0QjFFMkMyM0EwNzI0QjgwRkNFRjQ5MkI4MTRDMDk2QjgyMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVRp+Pa9ZzgzZDtR0llwiBF9iv
EoIV9DlmgdHM2yWtHHM+XIf4o2nYUrwuecFuRP4hyyjmlGT6if5HbkhHCX1wrOiI
jU21ITKeKsvh0GgrbB8256Z7vAiCBMSC/9jYWp80iwZ18WCpI+5UOW16O+qJ6sBD
y+oHYq+R8ck2/h6fQs/mDsWWHdAabdclib94FTdDSPdxiBvJajEDBfogOdDEBM7h
caGlMyBPGxipeTb/PY0XEK5OVEIoauB44Lk8TWQ/wh/g5k3n5iA9oldp7PYRO4os
PaMHLax4IITDlzM0+SyHqRt/EbHidewYEyXa8mzb/IvXj5ZQxaqJzUB/QsndAgMB
AAGjggIsMIICKDAdBgNVHQ4EFgQUSpdLHiwjoHJLgPzvSSuBTAlrggkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQgYIKwYBBQUHAQcBAf8EMzAxMBgEAgABMBIDBAC110YD
BAC/Zd8DBADVbakwFQQCAAIwDzANAwQAKgsFAwUBKgsFBDANBgkqhkiG9w0BAQsF
AAOCAQEAfW62EesxBQUAOE6pu8ETK2RNH/Cg94galpBmB0Zt230rNS5O+YNBIIUd
u5phuUP0gM5LkM2kqFGt0yvh382C9MiLElSk93gImUCnE7OJbRNWD9p3XexO744x
upVtF/LCgWRhTJbLGnov1PnRq15iXWbRWJNBWHVmPz2lLYy0elblfg+9tDzsrUYo
t+69ZnDFuy5GKqGg9K3953eGf1/W93zFmkXtq0UBHkNxpQhAFvEVu4tFfOwpuTn0
Ee8fRBf68pu+UKKLPrkMhUXr/jAdEfFEUyi3mXVKieRH4NfCviVugg8BHUyimlUY
t3xpUiQlQrHE718VAAU8av4mMkWi/g==
-----END CERTIFICATE-----
Generated at Mon Oct 13 22:09:11 2025 by rpki-client