Route Origin Authorization
$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS40663.roa
File: AS40663.roa (raw, json)
Hash identifier: fP+Qgt0QTrgq+Qrer/rh6jdxgLJKafdYeiGy4P09BM8=
Subject key identifier: 35:57:97:7A:BE:A9:0B:D5:6A:0E:52:8E:36:D1:43:68:D9:D9:40:4A
Certificate issuer: /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial: 212DF6BBA0D17A454D6F4593D7E3D5D23097109E
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access: rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS40663.roa
Signing time: Tue 04 Nov 2025 18:12:06 +0000
ROA not before: Tue 04 Nov 2025 18:07:06 +0000
ROA not after: Tue 03 Nov 2026 18:12:06 +0000
asID: 40663
IP address blocks: 168.222.241.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 23:53:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:2d:f6:bb:a0:d1:7a:45:4d:6f:45:93:d7:e3:d5:d2:30:97:10:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Validity
Not Before: Nov 4 18:07:06 2025 GMT
Not After : Nov 3 18:12:06 2026 GMT
Subject: CN=3557977ABEA90BD56A0E528E36D14368D9D9404A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:36:07:c6:2c:60:d3:65:75:e3:88:ee:25:12:
9b:57:93:14:60:be:77:4e:9b:5c:ce:4f:f0:d2:90:
8f:e7:f6:37:3a:2f:d4:6a:b0:05:cf:e5:e3:4f:a8:
21:de:26:eb:0d:63:b2:6a:15:39:4e:7f:8c:20:45:
d4:4e:7e:ce:3c:86:66:cd:46:be:3f:49:0e:a1:62:
2f:40:ae:ba:c8:dc:07:5b:cc:64:0b:e1:23:25:7d:
6d:76:98:bc:0b:73:0a:68:99:4f:1b:15:f4:09:a5:
eb:6f:30:54:fb:1a:41:ad:bc:14:54:4e:3a:d1:08:
61:f6:6b:60:9b:a6:ad:a4:3a:76:ce:dc:d8:8a:d1:
51:71:f7:b4:de:39:42:4e:c4:56:d2:30:09:b7:d6:
88:6e:19:5c:4a:08:a9:98:07:0c:7d:67:0c:0c:f7:
46:2a:ef:66:b2:e8:24:5c:5f:41:17:e5:fe:91:1e:
e9:3b:4b:6c:e9:c7:c1:86:0d:78:e9:2b:09:72:d2:
30:f0:d7:df:6c:f6:da:2b:34:a4:f9:14:0e:56:90:
13:4b:b0:da:ad:fa:6c:6b:a4:2a:db:48:da:ef:fd:
1f:7c:24:94:d8:f0:1e:a2:d2:55:fe:e1:1e:10:e2:
0b:5f:2c:5c:e8:01:67:73:51:89:65:bc:9e:24:43:
35:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:57:97:7A:BE:A9:0B:D5:6A:0E:52:8E:36:D1:43:68:D9:D9:40:4A
X509v3 Authority Key Identifier:
keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS40663.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
168.222.241.0/24
Signature Algorithm: sha256WithRSAEncryption
c5:81:b9:fc:32:fd:cd:6f:11:6f:61:f0:db:72:d8:7e:67:2f:
7d:83:83:c0:d1:79:61:20:d1:b9:51:1e:35:eb:c0:59:89:1e:
94:c7:94:2a:66:5d:54:82:07:9e:c5:2c:d9:c4:a8:40:a7:5c:
b0:80:f2:5a:46:f4:b0:d3:39:da:0c:9a:b9:9a:9a:fa:bf:07:
ba:61:9e:e2:6e:12:88:36:42:95:1e:4e:ec:4e:bb:04:3a:88:
e8:a9:1c:66:5e:40:18:23:36:36:ad:86:6e:1e:95:75:f3:b8:
be:96:61:bb:8f:a1:99:54:75:15:ab:b9:d8:4f:17:b0:d3:7f:
24:8b:5f:82:11:b9:e7:b9:27:56:70:42:68:3f:9e:94:34:d2:
50:7e:83:e1:1f:23:0b:92:10:fe:77:90:5b:26:76:43:90:a5:
de:e5:6b:cc:4d:31:99:e7:bd:b6:7e:a9:f2:59:d2:75:0c:95:
53:ac:31:36:26:1b:30:07:aa:5b:a4:05:26:9a:51:80:a8:d1:
a5:fa:ab:ce:a2:e3:ff:d6:95:f1:ca:1f:5d:ac:88:0f:e0:25:
f7:02:bf:03:0e:da:2e:d5:70:c0:41:60:21:5a:66:0d:6f:a1:
87:a5:02:c5:0f:f7:5d:49:82:40:e5:9c:04:59:76:4d:66:59:
9d:b1:3e:92
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUIS32u6DRekVNb0WT1+PV0jCXEJ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTExMDQxODA3MDZaFw0yNjExMDMxODEyMDZaMDMxMTAvBgNV
BAMTKDM1NTc5NzdBQkVBOTBCRDU2QTBFNTI4RTM2RDE0MzY4RDlEOTQwNEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeNgfGLGDTZXXjiO4lEptXkxRg
vndOm1zOT/DSkI/n9jc6L9RqsAXP5eNPqCHeJusNY7JqFTlOf4wgRdROfs48hmbN
Rr4/SQ6hYi9ArrrI3AdbzGQL4SMlfW12mLwLcwpomU8bFfQJpetvMFT7GkGtvBRU
TjrRCGH2a2Cbpq2kOnbO3NiK0VFx97TeOUJOxFbSMAm31ohuGVxKCKmYBwx9ZwwM
90Yq72ay6CRcX0EX5f6RHuk7S2zpx8GGDXjpKwly0jDw199s9torNKT5FA5WkBNL
sNqt+mxrpCrbSNrv/R98JJTY8B6i0lX+4R4Q4gtfLFzoAWdzUYllvJ4kQzXDAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUNVeXer6pC9VqDlKONtFDaNnZQEowHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NDA2NjMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBACo3vEwDQYJKoZIhvcNAQELBQADggEBAMWBufwy/c1v
EW9h8Nty2H5nL32Dg8DReWEg0blRHjXrwFmJHpTHlCpmXVSCB57FLNnEqECnXLCA
8lpG9LDTOdoMmrmamvq/B7phnuJuEog2QpUeTuxOuwQ6iOipHGZeQBgjNjathm4e
lXXzuL6WYbuPoZlUdRWrudhPF7DTfySLX4IRuee5J1ZwQmg/npQ00lB+g+EfIwuS
EP53kFsmdkOQpd7la8xNMZnnvbZ+qfJZ0nUMlVOsMTYmGzAHqlukBSaaUYCo0aX6
q86i4//WlfHKH12siA/gJfcCvwMO2i7VcMBBYCFaZg1voYelAsUP911JgkDlnARZ
dk1mWZ2xPpI=
-----END CERTIFICATE-----
Generated at Wed Nov 5 08:42:55 2025 by rpki-client