Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS214432.roa
File: AS214432.roa (raw, json)
Hash identifier: kQESvOSCu+N2q0COzEc+TAGec+2IVMyD8U41rTN7RDc=
Subject key identifier: B1:D4:19:0C:38:50:75:07:85:95:C4:3D:43:A7:81:DA:D2:88:CC:E3
Certificate issuer: /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial: 8456D1124B47D80127CBC82534508D261C3778
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS214432.roa
Signing time: Fri 06 Mar 2026 06:07:37 +0000
ROA not before: Fri 06 Mar 2026 06:02:37 +0000
ROA not after: Fri 05 Mar 2027 06:07:37 +0000
asID: 214432
IP address blocks: 147.125.129.0/24 maxlen: 24
147.125.132.0/24 maxlen: 24
147.125.133.0/24 maxlen: 24
147.125.134.0/24 maxlen: 24
147.125.140.0/24 maxlen: 24
147.125.141.0/24 maxlen: 24
147.125.142.0/24 maxlen: 24
147.125.143.0/24 maxlen: 24
147.125.144.0/24 maxlen: 24
147.125.145.0/24 maxlen: 24
147.125.146.0/24 maxlen: 24
147.125.147.0/24 maxlen: 24
147.125.247.0/24 maxlen: 24
147.125.248.0/24 maxlen: 24
147.125.249.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 12 Mar 2026 20:30:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
84:56:d1:12:4b:47:d8:01:27:cb:c8:25:34:50:8d:26:1c:37:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Validity
Not Before: Mar 6 06:02:37 2026 GMT
Not After : Mar 5 06:07:37 2027 GMT
Subject: CN=B1D4190C385075078595C43D43A781DAD288CCE3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:7f:f1:6a:59:ec:82:b6:14:9d:df:ea:5f:3c:
60:b3:d5:2a:fe:af:04:2d:35:ff:d0:2b:b5:b9:9b:
b5:36:1d:b9:ba:62:c4:8a:c2:85:46:a7:64:1e:e7:
c3:8c:13:d4:ae:73:ff:c1:d0:3a:1e:9c:0f:ff:ac:
e5:91:6c:e4:ed:1f:e6:8a:21:66:7a:d4:df:aa:d7:
8e:4c:c5:f3:76:64:93:19:3f:c0:bd:b9:f9:9e:fa:
55:6e:12:b8:f0:a2:2c:0f:a9:17:24:6c:37:ed:69:
8f:de:71:c6:2a:39:ce:3d:c1:f3:00:aa:f4:23:d5:
c2:e0:79:24:c5:8d:30:38:c3:d2:41:0d:e6:e1:2f:
4c:9f:c9:d3:7c:ac:48:1b:6b:b2:b1:b1:33:eb:4e:
38:4e:bd:4a:04:42:20:b1:a8:a5:1e:98:f1:85:71:
9f:5f:11:f1:6e:cc:00:14:02:59:33:ab:5d:47:b1:
30:aa:39:a6:58:f7:9a:73:88:77:9f:64:d4:58:17:
e6:73:80:df:cd:3d:a6:b7:35:89:11:22:c2:03:de:
10:fa:98:53:d3:7f:b8:32:5e:01:62:7f:33:37:df:
b0:f7:df:93:0f:0d:e2:dc:05:cc:b8:27:85:c2:6c:
08:17:2f:12:99:70:04:b6:4a:36:4b:8c:67:f5:07:
95:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:D4:19:0C:38:50:75:07:85:95:C4:3D:43:A7:81:DA:D2:88:CC:E3
X509v3 Authority Key Identifier:
keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS214432.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.125.129.0/24
147.125.132.0-147.125.134.255
147.125.140.0-147.125.147.255
147.125.247.0-147.125.249.255
Signature Algorithm: sha256WithRSAEncryption
8f:2a:ca:13:f5:a1:4f:e0:cc:8b:1e:d1:5b:14:af:2a:61:c9:
2e:89:94:b0:91:6e:2b:45:58:52:78:53:30:f0:4d:b7:ea:07:
8e:23:1d:f6:1f:f3:50:49:58:57:07:93:9c:86:58:32:32:67:
54:00:d4:02:99:35:24:71:40:5d:2b:41:13:ae:ac:dc:7b:48:
3a:05:2a:56:07:56:c0:08:e7:2f:12:2d:21:d7:c2:02:15:59:
dd:8b:fc:b4:a4:be:d4:6a:d7:a4:06:77:d8:1c:d0:10:b7:2d:
4b:4a:e0:75:52:05:64:4c:b8:b6:af:01:0e:3e:20:b2:76:e9:
0a:7e:5e:0c:2e:f8:03:e0:ed:1e:46:56:ba:32:f8:62:e1:3f:
fe:6e:91:b7:93:e8:98:87:46:93:20:44:2f:7e:f0:76:1e:a2:
48:a7:b3:85:af:73:53:d7:74:16:e0:06:0d:09:45:7b:c1:7c:
5e:f6:ac:a1:b5:87:93:97:87:ab:7a:ea:fc:05:e4:0c:75:4f:
d3:ce:07:6b:f0:85:4f:85:ac:87:83:88:dd:9a:38:df:ce:db:
93:bc:ac:67:24:3e:f7:48:2a:fe:6c:ca:b8:b5:f2:eb:90:53:
71:40:28:f7:de:53:80:39:d4:9a:20:92:89:2b:59:39:82:8c:
07:b6:0f:f7
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUAIRW0RJLR9gBJ8vIJTRQjSYcN3gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAzMDYwNjAyMzdaFw0yNzAzMDUwNjA3MzdaMDMxMTAvBgNV
BAMTKEIxRDQxOTBDMzg1MDc1MDc4NTk1QzQzRDQzQTc4MURBRDI4OENDRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvf/FqWeyCthSd3+pfPGCz1Sr+
rwQtNf/QK7W5m7U2Hbm6YsSKwoVGp2Qe58OME9Suc//B0DoenA//rOWRbOTtH+aK
IWZ61N+q145MxfN2ZJMZP8C9ufme+lVuErjwoiwPqRckbDftaY/eccYqOc49wfMA
qvQj1cLgeSTFjTA4w9JBDebhL0yfydN8rEgba7KxsTPrTjhOvUoEQiCxqKUemPGF
cZ9fEfFuzAAUAlkzq11HsTCqOaZY95pziHefZNRYF+ZzgN/NPaa3NYkRIsID3hD6
mFPTf7gyXgFifzM337D335MPDeLcBcy4J4XCbAgXLxKZcAS2SjZLjGf1B5W1AgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUsdQZDDhQdQeFlcQ9Q6eB2tKIzOMwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTMjE0NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAk32B
MAwDBAKTfYQDBACTfYYwDAMEApN9jAMEApN9kDAMAwQAk333AwQBk334MA0GCSqG
SIb3DQEBCwUAA4IBAQCPKsoT9aFP4MyLHtFbFK8qYckuiZSwkW4rRVhSeFMw8E23
6geOIx32H/NQSVhXB5OchlgyMmdUANQCmTUkcUBdK0ETrqzce0g6BSpWB1bACOcv
Ei0h18ICFVndi/y0pL7UatekBnfYHNAQty1LSuB1UgVkTLi2rwEOPiCydukKfl4M
LvgD4O0eRla6Mvhi4T/+bpG3k+iYh0aTIEQvfvB2HqJIp7OFr3NT13QW4AYNCUV7
wXxe9qyhtYeTl4ereur8BeQMdU/Tzgdr8IVPhayHg4jdmjjfztuTvKxnJD73SCr+
bMq4tfLrkFNxQCj33lOAOdSaIJKJK1k5gowHtg/3
-----END CERTIFICATE-----
Generated at Thu Mar 12 07:58:37 2026 by rpki-client