Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
File: AS834.roa (raw, json)
Hash identifier: NNNuryrOgXafHmoIS73TatKJ8Y5n3+0tuTISAll3wNA=
Subject key identifier: D4:AE:4C:04:B8:F1:AA:F8:0A:C7:BE:18:8E:0F:5C:77:E4:CA:EB:7A
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 7CA935C62EA5307F76A7CEC9C1FE205498B17B1A
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
Signing time: Sat 18 Apr 2026 14:01:10 +0000
ROA not before: Sat 18 Apr 2026 13:56:10 +0000
ROA not after: Sat 17 Apr 2027 14:01:10 +0000
asID: 834
IP address blocks: 143.20.9.0/24 maxlen: 24
143.20.45.0/24 maxlen: 24
143.20.53.0/24 maxlen: 24
143.20.65.0/24 maxlen: 24
143.20.106.0/24 maxlen: 24
143.20.108.0/22 maxlen: 24
143.20.116.0/24 maxlen: 24
143.20.128.0/24 maxlen: 24
143.20.131.0/24 maxlen: 24
143.20.132.0/24 maxlen: 24
143.20.136.0/24 maxlen: 24
143.20.139.0/24 maxlen: 24
143.20.140.0/24 maxlen: 24
143.20.147.0/24 maxlen: 24
143.20.151.0/24 maxlen: 24
143.20.152.0/24 maxlen: 24
143.20.157.0/24 maxlen: 24
143.20.162.0/24 maxlen: 24
143.20.167.0/24 maxlen: 24
143.20.168.0/24 maxlen: 24
143.20.173.0/24 maxlen: 24
143.20.176.0/24 maxlen: 24
143.20.178.0/23 maxlen: 24
143.20.182.0/24 maxlen: 24
143.20.194.0/24 maxlen: 24
143.20.196.0/24 maxlen: 24
143.20.198.0/24 maxlen: 24
143.20.200.0/22 maxlen: 24
143.20.206.0/23 maxlen: 24
143.20.213.0/24 maxlen: 24
143.20.214.0/24 maxlen: 24
143.20.216.0/23 maxlen: 24
143.20.218.0/24 maxlen: 24
143.20.220.0/22 maxlen: 24
143.20.224.0/22 maxlen: 24
143.20.228.0/23 maxlen: 24
143.20.231.0/24 maxlen: 24
143.20.232.0/22 maxlen: 24
143.20.236.0/23 maxlen: 24
143.20.239.0/24 maxlen: 24
143.20.240.0/22 maxlen: 24
143.20.244.0/23 maxlen: 24
143.20.247.0/24 maxlen: 24
143.20.248.0/22 maxlen: 24
143.20.252.0/24 maxlen: 24
143.20.254.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Apr 2026 12:10:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7c:a9:35:c6:2e:a5:30:7f:76:a7:ce:c9:c1:fe:20:54:98:b1:7b:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Apr 18 13:56:10 2026 GMT
Not After : Apr 17 14:01:10 2027 GMT
Subject: CN=D4AE4C04B8F1AAF80AC7BE188E0F5C77E4CAEB7A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:fe:59:c7:60:9c:47:6a:59:31:25:e0:68:6a:
4e:6c:7c:42:79:46:02:0e:d2:5c:47:07:97:3c:30:
9b:37:19:d9:84:bb:28:df:d0:10:23:84:29:70:d0:
2c:11:33:19:0b:69:aa:9d:82:07:dc:f8:aa:55:ce:
dd:ad:6b:ad:5a:3b:e3:ce:a1:d2:70:10:50:d6:b4:
96:66:5b:79:95:8e:9d:d1:08:8f:b3:69:48:b0:27:
1a:79:e5:d0:3b:6a:c5:38:d8:4b:98:f5:f8:50:aa:
a5:23:89:bd:19:e2:10:27:1c:a7:24:45:31:ce:cc:
e3:a6:16:0b:4b:5a:f5:ff:e8:e7:5b:03:9a:63:22:
82:f3:a7:71:fb:c3:e7:01:fd:8b:6e:08:95:e5:16:
d1:dc:26:48:89:e1:18:49:88:58:ba:ec:4b:4b:53:
26:4a:3b:1a:28:1a:40:6a:7f:2c:f9:cf:a8:2f:05:
92:50:48:2d:c0:06:17:70:b6:31:b8:40:b2:33:9b:
99:98:17:bc:4b:32:bd:44:c6:48:a7:e2:4e:09:c8:
1e:fc:be:33:d8:d1:eb:cf:9a:38:e9:46:be:5a:fd:
bc:83:b9:a9:7a:9a:ec:b5:59:77:cf:b3:9c:18:02:
5a:62:70:d3:8e:5f:aa:08:c5:89:f5:9e:4a:58:a3:
b5:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:AE:4C:04:B8:F1:AA:F8:0A:C7:BE:18:8E:0F:5C:77:E4:CA:EB:7A
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.9.0/24
143.20.45.0/24
143.20.53.0/24
143.20.65.0/24
143.20.106.0/24
143.20.108.0/22
143.20.116.0/24
143.20.128.0/24
143.20.131.0-143.20.132.255
143.20.136.0/24
143.20.139.0-143.20.140.255
143.20.147.0/24
143.20.151.0-143.20.152.255
143.20.157.0/24
143.20.162.0/24
143.20.167.0-143.20.168.255
143.20.173.0/24
143.20.176.0/24
143.20.178.0/23
143.20.182.0/24
143.20.194.0/24
143.20.196.0/24
143.20.198.0/24
143.20.200.0/22
143.20.206.0/23
143.20.213.0-143.20.214.255
143.20.216.0-143.20.218.255
143.20.220.0-143.20.229.255
143.20.231.0-143.20.237.255
143.20.239.0-143.20.245.255
143.20.247.0-143.20.252.255
143.20.254.0/23
Signature Algorithm: sha256WithRSAEncryption
a3:ea:1c:82:83:28:dd:15:b6:71:a8:8f:8f:9a:d9:b6:f3:14:
87:e4:b6:c1:77:bd:a7:67:0d:aa:9a:20:bf:e3:e1:3b:c7:bc:
fb:7d:e8:ec:cf:f0:03:b3:1f:96:99:c8:99:07:3c:84:38:91:
88:a6:7a:9b:8c:1e:3e:cb:38:8c:49:05:dd:bf:ec:79:3f:81:
26:7c:d7:35:c3:60:12:aa:ac:c8:a7:60:b1:ad:97:aa:52:1e:
83:1b:7e:3b:c1:27:7a:ff:6a:36:e0:70:32:bb:29:15:7d:45:
b8:ac:60:62:17:23:2e:a2:4c:aa:71:f3:b7:6f:c0:ba:df:cb:
ae:7d:6c:70:b8:46:f0:95:b2:6f:54:27:f0:18:6e:db:12:da:
fc:8a:d6:3b:fb:9b:e0:ba:ca:43:f5:95:02:8f:51:ac:cd:27:
a8:0c:57:ba:8a:7d:74:7d:7e:19:9b:ce:51:c5:d4:3b:a7:e9:
4a:08:63:a6:51:63:b1:bb:a2:ee:72:96:3a:ff:14:db:6b:60:
bb:fd:01:d8:68:d9:e0:95:a0:81:ad:8c:35:a8:d8:c3:1f:ed:
15:0d:ed:4c:88:c2:25:9e:6d:40:4f:ab:6c:ab:d7:aa:1d:35:
53:63:72:ff:ca:b8:fd:0a:56:dd:1b:7a:ae:1a:61:00:ec:d0:
72:f8:7d:3c
-----BEGIN CERTIFICATE-----
MIIGETCCBPmgAwIBAgIUfKk1xi6lMH92p87Jwf4gVJixexowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA0MTgxMzU2MTBaFw0yNzA0MTcxNDAxMTBaMDMxMTAvBgNV
BAMTKEQ0QUU0QzA0QjhGMUFBRjgwQUM3QkUxODhFMEY1Qzc3RTRDQUVCN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI/lnHYJxHalkxJeBoak5sfEJ5
RgIO0lxHB5c8MJs3GdmEuyjf0BAjhClw0CwRMxkLaaqdggfc+KpVzt2ta61aO+PO
odJwEFDWtJZmW3mVjp3RCI+zaUiwJxp55dA7asU42EuY9fhQqqUjib0Z4hAnHKck
RTHOzOOmFgtLWvX/6OdbA5pjIoLzp3H7w+cB/YtuCJXlFtHcJkiJ4RhJiFi67EtL
UyZKOxooGkBqfyz5z6gvBZJQSC3ABhdwtjG4QLIzm5mYF7xLMr1Exkin4k4JyB78
vjPY0evPmjjpRr5a/byDual6muy1WXfPs5wYAlpicNOOX6oIxYn1nkpYo7XrAgMB
AAGjggMbMIIDFzAdBgNVHQ4EFgQU1K5MBLjxqvgKx74Yjg9cd+TK63owHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMQYIKwYBBQUHAQcBAf8EggEgMIIBHDCCARgEAgABMIIB
EAMEAI8UCQMEAI8ULQMEAI8UNQMEAI8UQQMEAI8UagMEAo8UbAMEAI8UdAMEAI8U
gDAMAwQAjxSDAwQAjxSEAwQAjxSIMAwDBACPFIsDBACPFIwDBACPFJMwDAMEAI8U
lwMEAI8UmAMEAI8UnQMEAI8UojAMAwQAjxSnAwQAjxSoAwQAjxStAwQAjxSwAwQB
jxSyAwQAjxS2AwQAjxTCAwQAjxTEAwQAjxTGAwQCjxTIAwQBjxTOMAwDBACPFNUD
BACPFNYwDAMEA48U2AMEAI8U2jAMAwQCjxTcAwQBjxTkMAwDBACPFOcDBAGPFOww
DAMEAI8U7wMEAY8U9DAMAwQAjxT3AwQAjxT8AwQBjxT+MA0GCSqGSIb3DQEBCwUA
A4IBAQCj6hyCgyjdFbZxqI+Pmtm28xSH5LbBd72nZw2qmiC/4+E7x7z7fejsz/AD
sx+WmciZBzyEOJGIpnqbjB4+yziMSQXdv+x5P4EmfNc1w2ASqqzIp2CxrZeqUh6D
G347wSd6/2o24HAyuykVfUW4rGBiFyMuokyqcfO3b8C638uufWxwuEbwlbJvVCfw
GG7bEtr8itY7+5vguspD9ZUCj1GszSeoDFe6in10fX4Zm85RxdQ7p+lKCGOmUWOx
u6LucpY6/xTba2C7/QHYaNnglaCBrYw1qNjDH+0VDe1MiMIlnm1AT6tsq9eqHTVT
Y3L/yrj9ClbdG3quGmEA7NBy+H08
-----END CERTIFICATE-----
Generated at Mon Apr 20 04:47:23 2026 by rpki-client