Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209630.roa
File: AS209630.roa (raw, json)
Hash identifier: QbkPn7RWt/iRf61JwIL6xtdXj0TajSX77uXdp8d2a/8=
Subject key identifier: E6:45:19:1F:4C:35:C5:29:D9:E8:51:41:C8:53:78:5F:80:21:8B:EE
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 339BE7EF6385CCC5256BA97C3EEA35A15F164027
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209630.roa
Signing time: Tue 21 Oct 2025 08:07:08 +0000
ROA not before: Tue 21 Oct 2025 08:02:08 +0000
ROA not after: Tue 20 Oct 2026 08:07:08 +0000
asID: 209630
IP address blocks: 143.20.140.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 19:12:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:9b:e7:ef:63:85:cc:c5:25:6b:a9:7c:3e:ea:35:a1:5f:16:40:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Oct 21 08:02:08 2025 GMT
Not After : Oct 20 08:07:08 2026 GMT
Subject: CN=E645191F4C35C529D9E85141C853785F80218BEE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:fb:80:1d:8c:d2:8e:64:95:48:73:f2:3d:69:
c6:da:78:8d:15:83:e1:88:ef:4d:1e:ab:a4:68:c8:
b9:16:91:88:2a:23:e2:ed:68:5c:28:35:7b:18:d3:
fb:d8:ed:bb:6b:52:48:75:89:70:01:ad:b6:ba:c3:
dd:bb:ef:6b:ba:82:b1:6e:20:ea:69:20:f5:e3:9b:
d9:d8:52:06:15:55:d2:b9:3e:7f:3d:62:20:fa:77:
24:82:d9:b6:d8:1b:6d:10:b6:6e:4b:13:df:9f:23:
d2:cc:77:b6:92:93:a4:d2:df:c1:87:6f:dd:17:68:
4a:d7:4d:7f:fe:e6:8c:09:ab:96:73:9d:3d:40:d0:
64:41:47:44:ba:45:36:47:28:bc:20:68:d3:6f:31:
59:83:cc:d4:34:e8:5c:f2:66:c5:cb:ed:51:0d:7c:
fd:72:84:3f:bc:c1:b9:05:3b:39:c1:8f:fd:d6:af:
b8:36:b3:56:da:a3:bd:aa:b3:72:58:df:0a:eb:42:
4e:39:4b:cb:58:b8:1a:c1:3a:9f:09:0a:0c:f7:24:
76:37:57:ea:2b:7c:1a:cf:be:68:98:57:8d:54:96:
2a:ff:b9:26:3f:bc:c9:98:ba:9a:5c:f7:ce:93:2e:
76:3a:51:67:a7:6b:43:8f:46:5f:68:57:59:e6:43:
3b:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:45:19:1F:4C:35:C5:29:D9:E8:51:41:C8:53:78:5F:80:21:8B:EE
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS209630.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.140.0/24
Signature Algorithm: sha256WithRSAEncryption
14:84:a7:c3:2c:8c:c3:a9:2e:e9:bb:3a:64:52:04:c5:d3:a4:
1c:02:9f:c8:48:51:2c:9b:50:78:a9:05:bd:d8:50:1b:ca:d0:
db:7b:e9:34:d8:06:79:f6:d2:1d:0d:6f:c4:bb:3c:71:55:26:
97:f7:96:54:73:ee:ff:00:bb:68:1a:ec:0c:10:4e:61:f6:0d:
5b:b6:76:af:aa:29:17:17:43:87:4f:3a:f1:81:aa:18:c3:d5:
eb:f9:e6:ee:99:e1:3b:5e:f9:10:c9:92:c0:4c:28:58:f1:05:
e7:f4:54:e4:2a:a8:4f:f5:29:74:f5:05:ef:c3:0b:a8:de:b4:
db:1f:c1:d5:92:95:c8:fa:62:aa:5b:a0:a1:b4:70:d2:c5:1c:
3c:f1:9b:25:22:0f:57:53:56:2c:78:91:44:15:68:6f:1a:df:
9a:ef:d6:4b:f2:e4:8c:df:ec:14:ac:fc:2c:7a:70:b8:b1:cd:
2f:7c:0d:74:b7:2a:c8:b1:65:eb:c3:e6:75:db:cc:8d:d1:ba:
dd:8c:b7:38:76:87:43:7b:43:42:f0:16:25:e4:13:57:5b:14:
9c:db:8c:55:c6:c7:05:67:0a:fa:ec:e9:89:5d:f2:ea:50:85:
b8:7f:ea:15:ac:4c:a5:79:ca:f8:fc:10:d7:0a:c3:27:1f:90:
ba:86:98:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUM5vn72OFzMUla6l8Puo1oV8WQCcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjEwODAyMDhaFw0yNjEwMjAwODA3MDhaMDMxMTAvBgNV
BAMTKEU2NDUxOTFGNEMzNUM1MjlEOUU4NTE0MUM4NTM3ODVGODAyMThCRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDv+4AdjNKOZJVIc/I9acbaeI0V
g+GI700eq6RoyLkWkYgqI+LtaFwoNXsY0/vY7btrUkh1iXABrba6w92772u6grFu
IOppIPXjm9nYUgYVVdK5Pn89YiD6dySC2bbYG20Qtm5LE9+fI9LMd7aSk6TS38GH
b90XaErXTX/+5owJq5ZznT1A0GRBR0S6RTZHKLwgaNNvMVmDzNQ06FzyZsXL7VEN
fP1yhD+8wbkFOznBj/3Wr7g2s1bao72qs3JY3wrrQk45S8tYuBrBOp8JCgz3JHY3
V+orfBrPvmiYV41Ulir/uSY/vMmYuppc986TLnY6UWena0OPRl9oV1nmQzvxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU5kUZH0w1xSnZ6FFByFN4X4Ahi+4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjA5NjMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxSM
MA0GCSqGSIb3DQEBCwUAA4IBAQAUhKfDLIzDqS7puzpkUgTF06QcAp/ISFEsm1B4
qQW92FAbytDbe+k02AZ59tIdDW/EuzxxVSaX95ZUc+7/ALtoGuwMEE5h9g1btnav
qikXF0OHTzrxgaoYw9Xr+ebumeE7XvkQyZLATChY8QXn9FTkKqhP9Sl09QXvwwuo
3rTbH8HVkpXI+mKqW6ChtHDSxRw88ZslIg9XU1YseJFEFWhvGt+a79ZL8uSM3+wU
rPwsenC4sc0vfA10tyrIsWXrw+Z128yN0brdjLc4dodDe0NC8BYl5BNXWxSc24xV
xscFZwr67OmJXfLqUIW4f+oVrEylecr4/BDXCsMnH5C6hpj6
-----END CERTIFICATE-----
Generated at Wed Oct 22 03:04:37 2025 by rpki-client