Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: OxL6GOL2RlQ+3nekx9vl0DCmsoPS42LKwMoPs5gwt6I=
Subject key identifier: 1A:AC:7C:00:64:EC:54:BB:66:EE:3A:E4:74:EC:31:08:8D:87:F5:C6
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 44C0084093927E6E475BF2DFD50470F20619BA2A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20473.roa
Signing time: Wed 24 Sep 2025 17:08:50 +0000
ROA not before: Wed 24 Sep 2025 17:03:50 +0000
ROA not after: Wed 23 Sep 2026 17:08:50 +0000
asID: 20473
IP address blocks: 2a13:9500:61::/48 maxlen: 48
2a13:9500:ae::/48 maxlen: 48
2a13:9500:cf::/48 maxlen: 48
2a13:9500:dd::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 14 Oct 2025 14:36:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:c0:08:40:93:92:7e:6e:47:5b:f2:df:d5:04:70:f2:06:19:ba:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Sep 24 17:03:50 2025 GMT
Not After : Sep 23 17:08:50 2026 GMT
Subject: CN=1AAC7C0064EC54BB66EE3AE474EC31088D87F5C6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:06:11:11:3b:db:de:b1:f7:a4:e2:be:a2:67:
63:8f:01:78:37:19:30:6e:3b:9a:b8:ea:8c:e4:d6:
88:29:a7:73:82:d7:4c:93:3f:2f:b5:39:26:f2:d2:
87:7b:e4:e7:12:d8:c9:bb:2f:fa:e4:1c:68:54:89:
2e:3c:72:78:f3:73:26:d4:cb:2e:78:d9:18:5f:67:
f0:b6:15:51:0b:23:c1:62:42:19:38:41:e0:56:6b:
c9:13:f9:ec:fa:ee:7a:1c:28:4b:63:37:d8:e8:e7:
72:45:c7:88:30:cb:a2:04:ad:12:0a:8d:02:11:36:
ed:10:b9:aa:b0:f5:a3:7a:4b:e6:39:18:ba:69:d0:
92:b8:be:85:44:8e:72:9e:ca:0b:ae:40:b4:3f:4f:
3c:d4:04:99:50:ac:4f:21:ba:6a:5a:a8:55:88:e1:
67:0f:63:4b:b3:29:38:5e:2c:9d:aa:8d:5b:26:e1:
07:69:d2:72:f5:aa:95:88:91:ff:2f:3e:22:bb:66:
5b:a8:78:68:b5:96:1f:e8:72:ac:ec:37:fb:f4:ea:
08:da:32:87:7c:bf:1f:af:bf:bc:0a:8a:cf:6b:ec:
b7:e8:82:5f:ba:dd:12:fc:2a:49:c1:55:b1:11:ec:
b8:c5:70:98:ef:03:c6:0d:04:cd:84:9e:1b:f8:7c:
e8:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:AC:7C:00:64:EC:54:BB:66:EE:3A:E4:74:EC:31:08:8D:87:F5:C6
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:9500:61::/48
2a13:9500:ae::/48
2a13:9500:cf::/48
2a13:9500:dd::/48
Signature Algorithm: sha256WithRSAEncryption
34:05:e9:7d:19:7c:c5:d7:e4:7a:af:6a:78:96:25:14:4d:8d:
e9:b6:37:2a:07:29:62:8c:1b:4a:83:3a:18:07:59:39:56:23:
41:06:c2:23:0c:89:15:d4:92:2a:de:f2:69:08:f2:8c:e8:79:
10:02:64:f5:92:2f:60:48:ca:5b:98:9f:e2:7c:23:5c:b1:47:
bd:90:b5:c5:6d:c0:57:07:f0:8c:3e:66:01:af:3e:88:1c:b3:
32:1a:11:83:67:33:1f:89:38:40:48:c9:89:27:47:dc:83:59:
e2:c9:34:3c:a4:91:28:32:10:62:c5:a0:4a:b0:0a:67:6f:e3:
16:eb:72:ed:e3:7f:bd:25:cd:3c:85:bc:e2:b4:f2:80:6a:8c:
04:15:d1:79:11:9d:b4:2c:76:cb:d2:9d:48:6c:19:0f:6f:63:
10:63:02:d1:3d:ab:b3:d8:3e:8b:7d:12:ec:76:4d:94:1c:e3:
bb:44:01:6e:21:ef:78:dd:31:ce:f9:75:cc:d0:c4:11:db:ff:
7a:ad:a8:f0:08:55:00:e1:5d:d0:b4:72:8c:ff:b8:7c:c2:be:
ce:b9:8c:3c:2c:3f:d9:1f:16:93:2a:86:4b:e4:46:0d:f2:44:
64:6f:be:a8:30:da:29:3a:72:7a:c4:0d:1b:56:97:76:69:01:
e9:27:c7:a0
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIURMAIQJOSfm5HW/Lf1QRw8gYZuiowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MjQxNzAzNTBaFw0yNjA5MjMxNzA4NTBaMDMxMTAvBgNV
BAMTKDFBQUM3QzAwNjRFQzU0QkI2NkVFM0FFNDc0RUMzMTA4OEQ4N0Y1QzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5BhERO9vesfek4r6iZ2OPAXg3
GTBuO5q46ozk1ogpp3OC10yTPy+1OSby0od75OcS2Mm7L/rkHGhUiS48cnjzcybU
yy542RhfZ/C2FVELI8FiQhk4QeBWa8kT+ez67nocKEtjN9jo53JFx4gwy6IErRIK
jQIRNu0Quaqw9aN6S+Y5GLpp0JK4voVEjnKeyguuQLQ/TzzUBJlQrE8humpaqFWI
4WcPY0uzKTheLJ2qjVsm4Qdp0nL1qpWIkf8vPiK7ZluoeGi1lh/ocqzsN/v06gja
Mod8vx+vv7wKis9r7Lfogl+63RL8KknBVbER7LjFcJjvA8YNBM2Enhv4fOhJAgMB
AAGjggInMIICIzAdBgNVHQ4EFgQUGqx8AGTsVLtm7jrkdOwxCI2H9cYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPQYIKwYBBQUHAQcBAf8ELjAsMCoEAgACMCQDBwAqE5UA
AGEDBwAqE5UAAK4DBwAqE5UAAM8DBwAqE5UAAN0wDQYJKoZIhvcNAQELBQADggEB
ADQF6X0ZfMXX5HqvaniWJRRNjem2NyoHKWKMG0qDOhgHWTlWI0EGwiMMiRXUkire
8mkI8ozoeRACZPWSL2BIyluYn+J8I1yxR72QtcVtwFcH8Iw+ZgGvPogcszIaEYNn
Mx+JOEBIyYknR9yDWeLJNDykkSgyEGLFoEqwCmdv4xbrcu3jf70lzTyFvOK08oBq
jAQV0XkRnbQsdsvSnUhsGQ9vYxBjAtE9q7PYPot9Eux2TZQc47tEAW4h73jdMc75
dczQxBHb/3qtqPAIVQDhXdC0coz/uHzCvs65jDwsP9kfFpMqhkvkRg3yRGRvvqgw
2ik6cnrEDRtWl3ZpAeknx6A=
-----END CERTIFICATE-----
Generated at Mon Oct 13 22:06:47 2025 by rpki-client