Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS0.roa
File: AS0.roa (raw, json)
Hash identifier: an6dAgP71s1CHG7uAArC9BGZvHzmbY9ADXTTvyriS1Q=
Subject key identifier: 99:19:E0:85:2F:14:1A:B0:7E:5C:F0:D2:D3:AA:F6:BD:B7:DD:AA:66
Certificate issuer: /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial: 464C888A47716417F22691B397F7BF67A845C601
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS0.roa
Signing time: Wed 22 Oct 2025 07:07:21 +0000
ROA not before: Wed 22 Oct 2025 07:02:21 +0000
ROA not after: Wed 21 Oct 2026 07:07:21 +0000
asID: 0
IP address blocks: 193.150.40.0/24 maxlen: 24
2a14:7580:9000::/36 maxlen: 48
2a14:7580:c000::/36 maxlen: 48
2a14:7580:f100::/40 maxlen: 48
2a14:7580:f400::/40 maxlen: 48
2a14:7580:f500::/40 maxlen: 48
2a14:7580:f600::/40 maxlen: 48
2a14:7580:f700::/40 maxlen: 48
2a14:7580:f800::/40 maxlen: 48
2a14:7580:f900::/40 maxlen: 48
2a14:7580:ff30::/44 maxlen: 48
2a14:7581:f60::/44 maxlen: 48
2a14:7581:f90::/44 maxlen: 48
2a14:7581:fa0::/44 maxlen: 48
2a14:7581:fb0::/44 maxlen: 48
2a14:7581:fc0::/44 maxlen: 48
2a14:7581:fd0::/44 maxlen: 48
2a14:7581:fe6::/48 maxlen: 48
2a14:7581:9b00::/40 maxlen: 48
2a14:7581:9c00::/40 maxlen: 48
2a14:7581:9e00::/40 maxlen: 48
2a14:7581:9f00::/44 maxlen: 48
2a14:7581:9f10::/44 maxlen: 48
2a14:7582::/32 maxlen: 48
2a14:7583::/32 maxlen: 32
2a14:7583:3000::/36 maxlen: 48
2a14:7583:4000::/36 maxlen: 48
2a14:7583:5000::/36 maxlen: 48
2a14:7584:1000::/36 maxlen: 48
2a14:7584:6000::/36 maxlen: 48
2a14:7586::/32 maxlen: 48
2a14:7587::/32 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 23:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
46:4c:88:8a:47:71:64:17:f2:26:91:b3:97:f7:bf:67:a8:45:c6:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Validity
Not Before: Oct 22 07:02:21 2025 GMT
Not After : Oct 21 07:07:21 2026 GMT
Subject: CN=9919E0852F141AB07E5CF0D2D3AAF6BDB7DDAA66
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:b0:48:09:bf:6a:d4:c9:09:af:2e:82:d8:77:
e4:50:82:fa:4c:3a:a5:c6:33:db:f2:ee:46:3a:8b:
da:54:43:09:7b:c2:4b:80:a1:b8:5e:f4:5c:49:7c:
40:f3:b7:be:0e:24:27:a9:7a:a1:17:fe:0e:3c:7b:
ea:40:cc:65:8d:fd:64:59:44:3c:a2:ab:28:53:89:
0f:db:3f:73:89:d8:92:b5:12:80:fc:13:8e:1a:78:
4e:dd:c7:a1:1b:78:1d:eb:aa:0c:df:dc:bf:f9:c6:
a7:2f:5c:ef:b3:b1:ed:29:b2:fb:75:c9:91:bb:6a:
51:d3:d5:53:9f:12:32:48:10:df:55:4d:d2:13:34:
02:3a:b1:1c:d8:d2:33:7f:36:72:27:93:67:57:6f:
d9:2b:a1:88:3e:ef:b8:83:fc:43:51:ff:39:50:97:
6d:52:27:0f:d5:d8:01:4a:f1:0c:d1:58:b0:7c:ec:
d8:98:ac:55:20:4e:e7:5f:ac:f7:d8:94:05:7d:77:
5d:94:1b:be:17:e7:6b:9a:fb:2b:c5:76:21:f6:3d:
c0:1c:83:b6:b0:6b:37:dc:8f:2e:c3:ac:87:e3:4e:
47:fa:4e:91:90:81:be:0e:ea:c7:4c:7f:6d:06:6f:
b8:47:42:de:00:15:4a:6e:6c:58:22:3c:f9:97:d1:
40:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:19:E0:85:2F:14:1A:B0:7E:5C:F0:D2:D3:AA:F6:BD:B7:DD:AA:66
X509v3 Authority Key Identifier:
keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS0.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.150.40.0/24
IPv6:
2a14:7580:9000::/36
2a14:7580:c000::/36
2a14:7580:f100::/40
2a14:7580:f400::-2a14:7580:f9ff:ffff:ffff:ffff:ffff:ffff
2a14:7580:ff30::/44
2a14:7581:f60::/44
2a14:7581:f90::-2a14:7581:fdf:ffff:ffff:ffff:ffff:ffff
2a14:7581:fe6::/48
2a14:7581:9b00::-2a14:7581:9cff:ffff:ffff:ffff:ffff:ffff
2a14:7581:9e00::-2a14:7581:9f1f:ffff:ffff:ffff:ffff:ffff
2a14:7582::/31
2a14:7584:1000::/36
2a14:7584:6000::/36
2a14:7586::/31
Signature Algorithm: sha256WithRSAEncryption
88:bf:0c:db:45:25:a2:8e:b1:12:28:f5:f6:54:f8:3c:d4:53:
5c:86:f9:27:aa:ba:2d:44:fa:7b:3c:91:e9:45:5d:9d:28:49:
bd:cc:c3:d9:4f:0d:8f:ae:3d:13:93:fa:e2:e4:9d:7b:25:f3:
39:08:27:da:9d:fd:ac:d1:af:48:4f:25:7e:08:02:99:92:71:
f0:00:b1:f2:ca:76:e0:e4:33:f2:05:ff:fc:6b:99:16:94:24:
f1:30:53:56:39:eb:43:76:99:2c:93:db:f6:14:bb:a3:d3:ca:
51:cc:13:88:93:74:79:58:6c:9e:45:e8:66:08:8b:79:65:8e:
5e:06:d5:a5:09:e9:1a:b2:31:09:ff:f4:44:a1:6e:a3:5e:87:
d4:38:60:f1:19:91:14:7c:26:51:9c:f3:40:ac:4c:40:92:a8:
62:7b:7d:bb:01:8d:a4:ff:1e:eb:32:f4:6e:ec:76:23:48:92:
6c:02:f9:8d:04:3f:56:b9:4d:af:37:e8:b2:76:31:10:ba:84:
3f:72:e1:e0:5a:c5:0d:e0:14:46:c9:60:77:ea:16:ed:ed:b2:
ff:e6:e9:b8:07:21:bf:fc:2f:86:57:1a:f9:bf:54:fb:ae:05:
c4:03:b7:1c:8f:25:e9:55:75:04:21:ef:ab:47:7a:84:3c:2b:
27:c5:e2:58
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgIURkyIikdxZBfyJpGzl/e/Z6hFxgEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTEwMjIwNzAyMjFaFw0yNjEwMjEwNzA3MjFaMDMxMTAvBgNV
BAMTKDk5MTlFMDg1MkYxNDFBQjA3RTVDRjBEMkQzQUFGNkJEQjdEREFBNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCysEgJv2rUyQmvLoLYd+RQgvpM
OqXGM9vy7kY6i9pUQwl7wkuAobhe9FxJfEDzt74OJCepeqEX/g48e+pAzGWN/WRZ
RDyiqyhTiQ/bP3OJ2JK1EoD8E44aeE7dx6EbeB3rqgzf3L/5xqcvXO+zse0psvt1
yZG7alHT1VOfEjJIEN9VTdITNAI6sRzY0jN/NnInk2dXb9kroYg+77iD/ENR/zlQ
l21SJw/V2AFK8QzRWLB87NiYrFUgTudfrPfYlAV9d12UG74X52ua+yvFdiH2PcAc
g7awazfcjy7DrIfjTkf6TpGQgb4O6sdMf20Gb7hHQt4AFUpubFgiPPmX0UCPAgMB
AAGjggKuMIICqjAdBgNVHQ4EFgQUmRnghS8UGrB+XPDS06r2vbfdqmYwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwdgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjCBxwYIKwYBBQUHAQcBAf8EgbcwgbQwDAQCAAEwBgMEAMGWKDCB
owQCAAIwgZwDBgQqFHWAkAMGBCoUdYDAAwYAKhR1gPEwEAMGAioUdYD0AwYBKhR1
gPgDBwQqFHWA/zADBwQqFHWBD2AwEgMHBCoUdYEPkAMHBSoUdYEPwAMHACoUdYEP
5jAQAwYAKhR1gZsDBgAqFHWBnDARAwYBKhR1gZ4DBwUqFHWBnwADBQEqFHWCAwYE
KhR1hBADBgQqFHWEYAMFASoUdYYwDQYJKoZIhvcNAQELBQADggEBAIi/DNtFJaKO
sRIo9fZU+DzUU1yG+Sequi1E+ns8kelFXZ0oSb3Mw9lPDY+uPROT+uLknXsl8zkI
J9qd/azRr0hPJX4IApmScfAAsfLKduDkM/IF//xrmRaUJPEwU1Y560N2mSyT2/YU
u6PTylHME4iTdHlYbJ5F6GYIi3lljl4G1aUJ6RqyMQn/9EShbqNeh9Q4YPEZkRR8
JlGc80CsTECSqGJ7fbsBjaT/Husy9G7sdiNIkmwC+Y0EP1a5Ta836LJ2MRC6hD9y
4eBaxQ3gFEbJYHfqFu3tsv/m6bgHIb/8L4ZXGvm/VPuuBcQDtxyPJelVdQQh76tH
eoQ8KyfF4lg=
-----END CERTIFICATE-----
Generated at Wed Oct 22 08:57:15 2025 by rpki-client