Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS43128.roa
File: AS43128.roa (raw, json)
Hash identifier: IpVt2P4VSxpeBfTB5JL0RqW9GjZmZp1v9ys9LCiu2fA=
Subject key identifier: 8B:C7:1E:89:B4:5C:CF:75:6F:8A:60:28:53:DB:26:83:DC:56:16:F4
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 71EBEE9E7EBF432F5B309A8D6318E7CA003C0117
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS43128.roa
Signing time: Mon 18 May 2026 13:47:14 +0000
ROA not before: Mon 18 May 2026 13:42:14 +0000
ROA not after: Mon 17 May 2027 13:47:14 +0000
asID: 43128
IP address blocks: 82.21.208.0/24 maxlen: 24
82.22.240.0/24 maxlen: 24
82.22.241.0/24 maxlen: 24
82.23.198.0/24 maxlen: 24
82.23.231.0/24 maxlen: 24
82.24.240.0/24 maxlen: 24
82.24.241.0/24 maxlen: 24
82.25.208.0/24 maxlen: 24
82.25.241.0/24 maxlen: 24
82.26.241.0/24 maxlen: 24
82.27.241.0/24 maxlen: 24
82.29.240.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 03 Jun 2026 15:55:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:eb:ee:9e:7e:bf:43:2f:5b:30:9a:8d:63:18:e7:ca:00:3c:01:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: May 18 13:42:14 2026 GMT
Not After : May 17 13:47:14 2027 GMT
Subject: CN=8BC71E89B45CCF756F8A602853DB2683DC5616F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:d9:86:61:db:a6:11:e0:f1:04:d4:97:1d:62:
67:d4:99:27:51:e6:39:25:e9:0e:d3:16:69:a2:b7:
30:90:61:cf:19:cb:d4:21:b5:5d:82:cc:b9:c9:0b:
19:af:ac:c3:61:67:a4:09:40:ed:7d:9c:a2:6c:af:
c5:fe:d8:25:93:21:f6:96:79:01:aa:73:4e:5f:3d:
92:4e:54:2e:57:84:d1:81:68:01:2d:58:3e:b0:f8:
eb:0f:34:5f:c5:ec:dc:a7:90:26:a0:f7:fd:a7:ca:
a8:59:ff:03:9a:58:fc:41:46:5e:f5:b4:a9:58:41:
c8:aa:c8:b4:06:b6:60:ea:3d:63:c8:66:ba:50:c5:
ea:72:8e:af:84:a9:0a:fc:ef:14:81:6b:fb:45:4b:
f1:3a:03:97:44:6e:67:38:88:1e:80:b0:bf:1d:67:
ea:ac:ba:05:a9:0d:bd:63:fb:da:d2:99:d7:aa:26:
52:ea:c4:09:8e:72:ff:1e:63:35:77:11:c7:c8:66:
b3:94:cb:be:7b:98:c6:d5:b1:6b:8b:6a:f2:ed:74:
6d:c3:5c:eb:91:5f:7a:0c:1b:ce:39:42:59:02:bb:
be:2e:22:4a:d8:21:2c:8d:6e:1b:a6:b2:ea:d1:f1:
05:3c:78:38:5a:fa:df:f4:c8:3a:7d:94:f5:61:b7:
05:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:C7:1E:89:B4:5C:CF:75:6F:8A:60:28:53:DB:26:83:DC:56:16:F4
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS43128.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.208.0/24
82.22.240.0/23
82.23.198.0/24
82.23.231.0/24
82.24.240.0/23
82.25.208.0/24
82.25.241.0/24
82.26.241.0/24
82.27.241.0/24
82.29.240.0/24
Signature Algorithm: sha256WithRSAEncryption
22:76:4e:2b:a4:3c:5e:24:28:e6:c7:98:6a:70:ce:0a:b5:69:
5b:1d:25:e4:ce:b5:da:58:35:af:6b:ec:32:18:1c:c7:9d:4d:
32:fa:21:27:6b:1f:1d:0b:ef:19:7f:63:80:fe:d1:63:f7:cd:
8e:0d:90:0c:7f:c8:9b:8c:5d:0a:a7:75:1a:e3:67:99:96:df:
57:a8:0d:45:c9:34:c5:69:75:2f:14:a3:85:86:30:5d:e0:33:
6a:1e:a6:d3:9c:05:ef:1e:30:10:b7:2f:6c:77:49:45:1b:a3:
49:c7:a9:13:4a:5b:fe:a7:ef:4a:9d:bf:14:f1:84:b9:46:f4:
75:41:35:72:ee:6b:34:58:c3:cd:4e:87:f9:79:02:4f:a5:c7:
13:40:28:65:96:72:40:09:a6:c0:81:dc:50:31:fb:a2:e9:68:
d1:23:e8:35:1d:ff:be:cb:54:b0:a5:29:b2:36:f1:c6:bb:14:
1f:78:97:66:6b:9d:66:62:95:46:5a:3c:53:40:22:ee:de:dc:
ed:29:b3:b5:4b:ec:98:87:bd:67:ca:41:23:75:c5:55:95:2d:
d5:54:82:0b:99:53:f6:74:ac:1f:d0:ee:6b:58:6c:03:f0:75:
f8:86:c9:c9:76:77:ff:39:6b:82:32:ee:8b:de:8f:b7:d3:3b:
c4:99:1e:30
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUcevunn6/Qy9bMJqNYxjnygA8ARcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTgxMzQyMTRaFw0yNzA1MTcxMzQ3MTRaMDMxMTAvBgNV
BAMTKDhCQzcxRTg5QjQ1Q0NGNzU2RjhBNjAyODUzREIyNjgzREM1NjE2RjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj2YZh26YR4PEE1JcdYmfUmSdR
5jkl6Q7TFmmitzCQYc8Zy9QhtV2CzLnJCxmvrMNhZ6QJQO19nKJsr8X+2CWTIfaW
eQGqc05fPZJOVC5XhNGBaAEtWD6w+OsPNF/F7NynkCag9/2nyqhZ/wOaWPxBRl71
tKlYQciqyLQGtmDqPWPIZrpQxepyjq+EqQr87xSBa/tFS/E6A5dEbmc4iB6AsL8d
Z+qsugWpDb1j+9rSmdeqJlLqxAmOcv8eYzV3EcfIZrOUy757mMbVsWuLavLtdG3D
XOuRX3oMG845QlkCu74uIkrYISyNbhumsurR8QU8eDha+t/0yDp9lPVhtwUDAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUi8ceibRcz3VvimAoU9smg9xWFvQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDMxMjgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVQYIKwYBBQUHAQcBAf8ERjBEMEIEAgABMDwDBABSFdAD
BAFSFvADBABSF8YDBABSF+cDBAFSGPADBABSGdADBABSGfEDBABSGvEDBABSG/ED
BABSHfAwDQYJKoZIhvcNAQELBQADggEBACJ2TiukPF4kKObHmGpwzgq1aVsdJeTO
tdpYNa9r7DIYHMedTTL6ISdrHx0L7xl/Y4D+0WP3zY4NkAx/yJuMXQqndRrjZ5mW
31eoDUXJNMVpdS8Uo4WGMF3gM2oeptOcBe8eMBC3L2x3SUUbo0nHqRNKW/6n70qd
vxTxhLlG9HVBNXLuazRYw81Oh/l5Ak+lxxNAKGWWckAJpsCB3FAx+6LpaNEj6DUd
/77LVLClKbI28ca7FB94l2ZrnWZilUZaPFNAIu7e3O0ps7VL7JiHvWfKQSN1xVWV
LdVUgguZU/Z0rB/Q7mtYbAPwdfiGycl2d/85a4Iy7ovej7fTO8SZHjA=
-----END CERTIFICATE-----
Generated at Tue Jun 2 21:18:15 2026 by rpki-client