Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS153923.roa
File: AS153923.roa (raw, json)
Hash identifier: 46QNM5OOtKUB4JDMzryeKQXlC9V/i3s2hL6M2TE+a6Y=
Subject key identifier: 87:2E:DD:64:BA:18:59:3D:70:7A:E8:1C:63:E2:D5:EC:BB:A2:88:69
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 1E34CB8AA1E78E104142E5F13E899B8EFE2FDC09
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS153923.roa
Signing time: Mon 25 Aug 2025 01:34:06 +0000
ROA not before: Mon 25 Aug 2025 01:29:06 +0000
ROA not after: Mon 24 Aug 2026 01:34:06 +0000
asID: 153923
IP address blocks: 143.20.23.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:34:cb:8a:a1:e7:8e:10:41:42:e5:f1:3e:89:9b:8e:fe:2f:dc:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Aug 25 01:29:06 2025 GMT
Not After : Aug 24 01:34:06 2026 GMT
Subject: CN=872EDD64BA18593D707AE81C63E2D5ECBBA28869
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:b0:e1:aa:a6:09:a8:18:54:0a:8a:fb:c8:00:
e5:79:d2:31:cb:3a:e5:2a:30:1c:6f:e0:f3:50:c9:
47:77:e5:1b:82:fb:97:35:9e:d1:e4:c2:fc:e7:66:
59:e6:9a:a5:b9:19:68:75:cb:ab:b6:9a:75:5c:7e:
cb:55:f0:cc:c1:d0:2d:57:a7:38:df:29:d7:9c:63:
c6:bf:e9:90:53:d8:d8:80:74:7a:a4:23:7b:26:3a:
e4:0b:e4:7e:d2:12:aa:c1:56:19:6b:cd:f2:9b:8c:
cf:0c:8b:31:81:cb:23:e0:fb:92:06:f5:ee:a6:01:
c2:b2:e9:3f:75:c0:db:49:2c:b5:22:bf:46:d2:6f:
ed:37:f1:e2:f9:46:fe:d4:c1:44:53:c0:53:1b:5f:
c6:f1:5f:07:c0:40:a7:92:0c:f8:66:b9:e1:ad:f9:
a3:6b:d7:a0:81:17:60:8e:89:60:b1:54:fa:ca:ee:
c7:cf:b6:7f:39:84:8e:e5:5d:29:4a:2e:fa:8a:74:
75:b2:bf:ea:37:c9:1f:6a:89:1c:e7:97:5c:27:09:
e9:cd:ef:f3:2a:34:9c:fe:f4:33:59:b1:a0:bc:4f:
87:e7:45:54:18:3f:13:64:78:30:d1:30:6b:0f:b5:
75:b9:a4:6f:73:73:a4:13:3c:9e:90:ca:dd:88:ac:
b6:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:2E:DD:64:BA:18:59:3D:70:7A:E8:1C:63:E2:D5:EC:BB:A2:88:69
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS153923.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.23.0/24
Signature Algorithm: sha256WithRSAEncryption
14:8a:62:1b:57:3c:e0:b7:1b:59:c7:69:19:bd:79:78:fe:fd:
b4:85:96:83:d1:c3:30:f0:da:34:e1:61:c3:0b:41:39:b1:62:
3d:e6:a1:2c:55:3e:b5:6d:82:e6:75:1d:72:b4:3e:9c:ec:9b:
55:78:fb:35:e1:aa:78:85:60:3a:5e:c9:95:44:47:cc:44:9f:
af:80:e6:d3:84:fe:dd:ba:d3:66:22:4f:57:22:97:ea:45:a7:
81:ab:15:92:31:6b:6d:8e:97:d7:55:04:5a:d3:e3:83:b0:f1:
0a:3c:07:c0:38:d9:62:e3:55:37:cd:db:8f:d9:f6:05:a1:67:
aa:c1:54:33:41:f0:24:3c:1c:0d:8b:2a:e5:13:22:63:31:96:
b6:c3:2b:27:59:73:e5:ee:9e:9c:d4:6b:4c:2b:c0:39:29:28:
20:5b:19:6a:69:e5:90:5f:45:55:aa:52:49:eb:be:58:75:9c:
c0:36:5b:09:9b:f2:66:df:fb:75:0b:27:a2:a0:72:72:bc:64:
65:14:3f:ce:d9:65:55:b0:3b:fd:37:85:8a:9e:55:80:42:3d:
da:23:bd:ed:94:0f:d0:a3:0b:45:0c:8d:47:72:59:2a:9d:b6:
68:d5:3a:fc:d0:b3:78:7c:d0:95:6b:4f:ea:9f:41:83:52:ad:
04:eb:04:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHjTLiqHnjhBBQuXxPombjv4v3AkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA4MjUwMTI5MDZaFw0yNjA4MjQwMTM0MDZaMDMxMTAvBgNV
BAMTKDg3MkVERDY0QkExODU5M0Q3MDdBRTgxQzYzRTJENUVDQkJBMjg4NjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfsOGqpgmoGFQKivvIAOV50jHL
OuUqMBxv4PNQyUd35RuC+5c1ntHkwvznZlnmmqW5GWh1y6u2mnVcfstV8MzB0C1X
pzjfKdecY8a/6ZBT2NiAdHqkI3smOuQL5H7SEqrBVhlrzfKbjM8MizGByyPg+5IG
9e6mAcKy6T91wNtJLLUiv0bSb+038eL5Rv7UwURTwFMbX8bxXwfAQKeSDPhmueGt
+aNr16CBF2COiWCxVPrK7sfPtn85hI7lXSlKLvqKdHWyv+o3yR9qiRznl1wnCenN
7/MqNJz+9DNZsaC8T4fnRVQYPxNkeDDRMGsPtXW5pG9zc6QTPJ6Qyt2IrLb1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhy7dZLoYWT1weugcY+LV7LuiiGkwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMTUzOTIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQX
MA0GCSqGSIb3DQEBCwUAA4IBAQAUimIbVzzgtxtZx2kZvXl4/v20hZaD0cMw8No0
4WHDC0E5sWI95qEsVT61bYLmdR1ytD6c7JtVePs14ap4hWA6XsmVREfMRJ+vgObT
hP7dutNmIk9XIpfqRaeBqxWSMWttjpfXVQRa0+ODsPEKPAfAONli41U3zduP2fYF
oWeqwVQzQfAkPBwNiyrlEyJjMZa2wysnWXPl7p6c1GtMK8A5KSggWxlqaeWQX0VV
qlJJ675YdZzANlsJm/Jm3/t1CyeioHJyvGRlFD/O2WVVsDv9N4WKnlWAQj3aI73t
lA/QowtFDI1HclkqnbZo1Tr80LN4fNCVa0/qn0GDUq0E6wRp
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:09:28 2025 by rpki-client