Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
File: AS834.roa (raw, json)
Hash identifier: B2xGT12itd+un9tGq6k6NmC1gkCRXqUEcoaLjru7bf8=
Subject key identifier: 5C:FD:19:B7:B7:1E:C5:FF:87:5B:3E:51:4C:0E:E3:F5:68:7E:F5:47
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 404EA3A5748C40B7B82109D89176653CCFA689B8
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
Signing time: Fri 06 Jun 2025 10:00:08 +0000
ROA not before: Fri 06 Jun 2025 09:55:08 +0000
ROA not after: Fri 05 Jun 2026 10:00:08 +0000
asID: 834
IP address blocks: 143.20.1.0/24 maxlen: 24
143.20.5.0/24 maxlen: 24
143.20.6.0/23 maxlen: 24
143.20.8.0/21 maxlen: 24
143.20.16.0/22 maxlen: 24
143.20.21.0/24 maxlen: 24
143.20.22.0/23 maxlen: 24
143.20.24.0/21 maxlen: 24
143.20.32.0/21 maxlen: 24
143.20.40.0/23 maxlen: 24
143.20.42.0/24 maxlen: 24
143.20.44.0/22 maxlen: 24
143.20.48.0/23 maxlen: 24
143.20.51.0/24 maxlen: 24
143.20.52.0/22 maxlen: 24
143.20.56.0/21 maxlen: 24
143.20.64.0/22 maxlen: 24
143.20.69.0/24 maxlen: 24
143.20.70.0/23 maxlen: 24
143.20.72.0/22 maxlen: 24
143.20.77.0/24 maxlen: 24
143.20.78.0/23 maxlen: 24
143.20.80.0/23 maxlen: 24
143.20.82.0/24 maxlen: 24
143.20.99.0/24 maxlen: 24
143.20.102.0/23 maxlen: 24
143.20.106.0/23 maxlen: 24
143.20.108.0/22 maxlen: 24
143.20.112.0/24 maxlen: 24
143.20.128.0/21 maxlen: 24
143.20.136.0/22 maxlen: 24
143.20.140.0/23 maxlen: 24
143.20.142.0/24 maxlen: 24
143.20.144.0/20 maxlen: 24
143.20.160.0/20 maxlen: 24
143.20.176.0/23 maxlen: 24
143.20.179.0/24 maxlen: 24
143.20.180.0/22 maxlen: 24
143.20.184.0/21 maxlen: 24
143.20.192.0/21 maxlen: 24
143.20.200.0/22 maxlen: 24
143.20.204.0/23 maxlen: 24
143.20.207.0/24 maxlen: 24
143.20.208.0/20 maxlen: 24
143.20.224.0/21 maxlen: 24
143.20.232.0/22 maxlen: 24
143.20.236.0/24 maxlen: 24
143.20.238.0/24 maxlen: 24
143.20.247.0/24 maxlen: 24
143.20.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 07 Jun 2025 12:26:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:4e:a3:a5:74:8c:40:b7:b8:21:09:d8:91:76:65:3c:cf:a6:89:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Jun 6 09:55:08 2025 GMT
Not After : Jun 5 10:00:08 2026 GMT
Subject: CN=5CFD19B7B71EC5FF875B3E514C0EE3F5687EF547
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:d8:d3:11:96:66:b2:73:dd:7d:b2:e0:90:03:
ca:6c:17:3b:c0:2a:c3:ee:d2:30:90:90:09:d1:3f:
fc:c2:1f:97:76:b3:24:e8:86:67:a6:56:03:d8:d8:
6b:cb:0f:35:b8:e0:f1:67:3d:f6:50:ad:f4:ad:6c:
ac:44:84:f8:8c:3c:63:31:58:f3:80:30:96:0c:f4:
2e:2d:0a:6d:43:c5:15:f0:a8:a5:3d:35:b0:46:e7:
55:90:c4:14:91:5a:ae:44:ae:e6:32:ca:c6:d6:e2:
76:60:82:ce:1d:22:a3:a1:69:d9:64:e4:4b:68:e0:
ca:ad:37:0a:2c:ee:f6:12:8b:40:71:5d:fe:71:1b:
85:79:cd:bd:86:fc:94:90:3d:51:42:3b:bd:c6:70:
4a:60:6b:39:90:88:86:e9:a6:6c:4b:4b:91:f5:74:
0c:1c:60:62:1d:ce:70:f5:81:fa:6f:61:bc:0c:2c:
7e:a5:02:51:97:2f:a6:77:31:ab:72:09:c6:a3:5e:
b5:08:a9:be:11:10:dd:85:49:65:3b:f1:6e:ee:89:
54:50:1d:75:c4:56:cc:ca:a0:1e:ec:bc:49:b5:9f:
34:a3:86:04:f7:aa:df:f0:4e:25:71:fc:48:7a:b9:
6b:36:07:43:cf:d2:b2:25:37:23:9c:f1:df:29:72:
e7:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:FD:19:B7:B7:1E:C5:FF:87:5B:3E:51:4C:0E:E3:F5:68:7E:F5:47
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.1.0/24
143.20.5.0-143.20.19.255
143.20.21.0-143.20.42.255
143.20.44.0-143.20.49.255
143.20.51.0-143.20.67.255
143.20.69.0-143.20.75.255
143.20.77.0-143.20.82.255
143.20.99.0/24
143.20.102.0/23
143.20.106.0-143.20.112.255
143.20.128.0-143.20.142.255
143.20.144.0-143.20.177.255
143.20.179.0-143.20.205.255
143.20.207.0-143.20.236.255
143.20.238.0/24
143.20.247.0/24
143.20.255.0/24
Signature Algorithm: sha256WithRSAEncryption
32:03:d1:03:c5:ba:f8:49:af:80:61:ef:0a:c1:4d:27:e8:2f:
19:89:d6:1a:3a:37:cd:64:dd:c1:f2:b7:c2:fd:18:2a:b6:8f:
4f:5e:07:d1:3d:f5:22:ba:e0:d0:57:df:e5:71:78:73:c0:51:
56:aa:37:11:a0:ca:ce:be:3c:55:50:6c:d8:74:d0:db:41:22:
9f:90:00:e0:82:e1:ee:12:6f:65:85:85:91:5f:7b:21:6b:46:
54:f1:7c:9e:d0:74:92:f0:3a:bc:a0:db:14:4a:68:79:0d:21:
9d:2c:08:6f:21:50:ea:87:45:1b:41:72:79:1e:7e:7d:f2:0e:
62:9d:f1:c9:13:4a:69:77:f5:18:fc:b3:dc:74:81:47:f4:f6:
a3:f8:8a:e6:af:ce:9c:32:cd:7a:a2:bf:68:24:0c:89:c7:7e:
3c:0b:f4:2a:f7:ca:63:31:16:7d:a0:3b:8c:b1:51:61:ac:5a:
4d:36:8b:1e:13:c9:2d:9a:38:f7:0b:38:90:b0:d1:44:0e:3c:
6f:7b:c6:fa:7e:08:89:ba:e3:28:d0:53:db:35:5e:b4:f5:13:
97:f7:9b:b0:d0:55:20:fc:23:18:78:f9:55:56:20:6c:78:24:
dd:a6:b6:b4:b5:1b:50:4c:ca:7d:cc:2b:08:25:47:58:36:05:
db:d5:ad:e7
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgIUQE6jpXSMQLe4IQnYkXZlPM+mibgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDYwOTU1MDhaFw0yNjA2MDUxMDAwMDhaMDMxMTAvBgNV
BAMTKDVDRkQxOUI3QjcxRUM1RkY4NzVCM0U1MTRDMEVFM0Y1Njg3RUY1NDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCS2NMRlmayc919suCQA8psFzvA
KsPu0jCQkAnRP/zCH5d2syTohmemVgPY2GvLDzW44PFnPfZQrfStbKxEhPiMPGMx
WPOAMJYM9C4tCm1DxRXwqKU9NbBG51WQxBSRWq5EruYyysbW4nZggs4dIqOhadlk
5Eto4MqtNwos7vYSi0BxXf5xG4V5zb2G/JSQPVFCO73GcEpgazmQiIbppmxLS5H1
dAwcYGIdznD1gfpvYbwMLH6lAlGXL6Z3MatyCcajXrUIqb4REN2FSWU78W7uiVRQ
HXXEVszKoB7svEm1nzSjhgT3qt/wTiVx/Eh6uWs2B0PP0rIlNyOc8d8pcufNAgMB
AAGjggLEMIICwDAdBgNVHQ4EFgQUXP0Zt7cexf+HWz5RTA7j9Wh+9UcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHbBggrBgEFBQcBBwEB/wSByzCByDCBxQQCAAEwgb4DBACP
FAEwDAMEAI8UBQMEAo8UEDAMAwQAjxQVAwQAjxQqMAwDBAKPFCwDBAGPFDAwDAME
AI8UMwMEAo8UQDAMAwQAjxRFAwQCjxRIMAwDBACPFE0DBACPFFIDBACPFGMDBAGP
FGYwDAMEAY8UagMEAI8UcDAMAwQHjxSAAwQAjxSOMAwDBASPFJADBAGPFLAwDAME
AI8UswMEAY8UzDAMAwQAjxTPAwQAjxTsAwQAjxTuAwQAjxT3AwQAjxT/MA0GCSqG
SIb3DQEBCwUAA4IBAQAyA9EDxbr4Sa+AYe8KwU0n6C8ZidYaOjfNZN3B8rfC/Rgq
to9PXgfRPfUiuuDQV9/lcXhzwFFWqjcRoMrOvjxVUGzYdNDbQSKfkADgguHuEm9l
hYWRX3sha0ZU8Xye0HSS8Dq8oNsUSmh5DSGdLAhvIVDqh0UbQXJ5Hn598g5infHJ
E0ppd/UY/LPcdIFH9Paj+Irmr86cMs16or9oJAyJx348C/Qq98pjMRZ9oDuMsVFh
rFpNNoseE8ktmjj3CziQsNFEDjxve8b6fgiJuuMo0FPbNV609ROX95uw0FUg/CMY
ePlVViBseCTdpra0tRtQTMp9zCsIJUdYNgXb1a3n
-----END CERTIFICATE-----
Generated at Fri Jun 6 23:21:19 2025 by rpki-client