Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
File: AS20115.roa (raw, json)
Hash identifier: STor9IN42D2Dcb11C2CCZHSTUemjxH/HVGgvfevHouY=
Subject key identifier: 23:21:23:13:6B:E6:E7:ED:BB:B3:2A:53:B8:2A:FA:B5:8B:27:2F:4F
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 7743DE9DC44C333128216DFEBC289D0B50AC30B3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
Signing time: Wed 11 Feb 2026 22:00:16 +0000
ROA not before: Wed 11 Feb 2026 21:55:16 +0000
ROA not after: Wed 10 Feb 2027 22:00:16 +0000
asID: 20115
IP address blocks: 143.14.232.0/21 maxlen: 24
162.141.2.0/23 maxlen: 24
162.141.6.0/23 maxlen: 24
162.141.22.0/23 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.76.0/23 maxlen: 24
162.141.134.0/23 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.156.0/23 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
162.141.192.0/21 maxlen: 24
162.141.200.0/21 maxlen: 24
162.141.216.0/21 maxlen: 24
162.141.224.0/21 maxlen: 24
162.141.232.0/21 maxlen: 24
162.141.240.0/21 maxlen: 24
162.141.248.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.44.0/23 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.60.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.145.0/24 maxlen: 24
167.148.224.0/21 maxlen: 24
167.148.232.0/21 maxlen: 24
167.148.240.0/21 maxlen: 24
167.148.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
77:43:de:9d:c4:4c:33:31:28:21:6d:fe:bc:28:9d:0b:50:ac:30:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Feb 11 21:55:16 2026 GMT
Not After : Feb 10 22:00:16 2027 GMT
Subject: CN=232123136BE6E7EDBBB32A53B82AFAB58B272F4F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:64:37:a9:a9:c4:2e:2f:49:70:42:ef:02:8a:
ea:09:1b:5e:9d:4e:48:6d:ef:01:6c:2b:a7:7a:d1:
48:8f:c9:b0:9e:8f:ee:3b:74:6f:f1:70:0e:4f:a2:
31:32:56:cd:d8:a7:6f:88:04:90:5f:ed:c1:72:a1:
0c:44:ae:c8:86:ee:42:4d:84:b2:30:7a:19:19:1c:
76:ca:b1:09:ad:d6:24:11:d6:82:38:3b:1f:7b:91:
13:ce:5e:9a:cd:aa:c1:e5:2d:1e:56:75:29:71:c6:
53:70:5a:c8:9d:27:58:77:dc:44:b3:79:db:77:46:
ca:f6:a6:06:a6:de:25:a7:6c:83:a6:1e:7f:38:0c:
32:3a:32:2c:36:5b:a7:c3:12:60:7d:37:4d:e7:3b:
c9:f1:74:a9:9b:25:e2:57:29:39:76:4b:49:be:77:
c5:e5:5e:78:89:43:b7:30:80:4f:49:98:d7:87:2f:
b6:e2:a2:a1:93:0c:3e:7d:a9:be:c8:24:88:d5:20:
11:9c:49:2b:a6:63:ab:91:c3:98:0e:c8:ef:7c:68:
63:84:ee:50:34:d7:73:ab:a1:e1:1a:d4:29:de:55:
b0:2c:52:eb:d1:33:ed:de:81:9b:6d:63:b1:ba:a5:
8b:2b:f5:29:ac:a9:95:2e:97:c1:88:63:40:b6:37:
a1:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:21:23:13:6B:E6:E7:ED:BB:B3:2A:53:B8:2A:FA:B5:8B:27:2F:4F
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.232.0/21
162.141.2.0/23
162.141.6.0/23
162.141.22.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0-162.141.77.255
162.141.134.0/23
162.141.144.0/21
162.141.156.0/23
162.141.168.0/21
162.141.184.0-162.141.207.255
162.141.216.0-162.141.255.255
167.148.16.0/21
167.148.44.0/23
167.148.48.0-167.148.67.255
167.148.76.0/22
167.148.88.0/21
167.148.108.0/22
167.148.145.0/24
167.148.224.0/19
Signature Algorithm: sha256WithRSAEncryption
98:64:45:b9:4c:00:e5:40:57:b7:71:3f:62:51:9b:c8:1b:55:
12:16:f3:a7:9f:ba:74:7b:5a:ed:4b:99:bd:01:09:9c:a9:b5:
8e:4c:7f:3f:f3:e1:33:99:ad:d0:79:d7:90:6e:e8:a4:82:07:
44:8d:f3:6f:0d:82:93:19:fb:5f:e1:83:73:82:9a:a2:a7:3c:
6b:8f:0b:92:f3:a1:30:7b:ae:9b:d8:11:ea:15:d0:ab:e8:54:
fc:0a:24:1f:a3:88:d9:85:ca:15:fb:08:77:2b:68:d8:96:17:
77:61:5b:14:b5:14:57:d0:54:33:eb:0a:6a:6e:1c:53:74:f7:
d4:e7:63:4d:88:fe:8d:e2:c7:ae:d0:d3:c9:2e:5b:75:4e:8c:
33:1e:de:66:02:4c:29:e0:42:2c:bc:ac:50:32:88:c4:86:55:
28:b7:f9:f1:61:ae:77:20:04:bb:f4:68:ff:bb:74:3e:20:80:
9c:c3:02:05:60:47:26:6d:28:13:d7:41:68:9f:80:d4:24:db:
05:56:bf:24:58:b2:e4:d3:44:d4:e5:d7:66:6d:71:ee:35:aa:
dd:63:75:45:48:37:45:b7:61:7a:0f:4c:73:8e:d9:c8:86:4e:
a4:54:98:c6:43:6e:dd:5a:1e:c6:cc:53:9f:76:d4:a4:4e:fd:
76:d5:3d:19
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgIUd0PencRMMzEoIW3+vCidC1CsMLMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMTEyMTU1MTZaFw0yNzAyMTAyMjAwMTZaMDMxMTAvBgNV
BAMTKDIzMjEyMzEzNkJFNkU3RURCQkIzMkE1M0I4MkFGQUI1OEIyNzJGNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2ZDepqcQuL0lwQu8CiuoJG16d
Tkht7wFsK6d60UiPybCej+47dG/xcA5PojEyVs3Yp2+IBJBf7cFyoQxErsiG7kJN
hLIwehkZHHbKsQmt1iQR1oI4Ox97kRPOXprNqsHlLR5WdSlxxlNwWsidJ1h33ESz
edt3Rsr2pgam3iWnbIOmHn84DDI6Miw2W6fDEmB9N03nO8nxdKmbJeJXKTl2S0m+
d8XlXniJQ7cwgE9JmNeHL7bioqGTDD59qb7IJIjVIBGcSSumY6uRw5gOyO98aGOE
7lA013OroeEa1CneVbAsUuvRM+3egZttY7G6pYsr9SmsqZUul8GIY0C2N6EXAgMB
AAGjggKtMIICqTAdBgNVHQ4EFgQUIyEjE2vm5+27sypTuCr6tYsnL08wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAxMTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgcIGCCsGAQUFBwEHAQH/BIGyMIGvMIGsBAIAATCBpQME
A48O6AMEAaKNAgMEAaKNBjAMAwQBoo0WAwQCoo0gAwQCoo0oAwQDoo04MAwDBAOi
jUgDBAGijUwDBAGijYYDBAOijZADBAGijZwDBAOijagwDAMEA6KNuAMEBKKNwDAL
AwQDoo3YAwMBoowDBAOnlBADBAGnlCwwDAMEBKeUMAMEAqeUQAMEAqeUTAMEA6eU
WAMEAqeUbAMEAKeUkQMEBaeU4DANBgkqhkiG9w0BAQsFAAOCAQEAmGRFuUwA5UBX
t3E/YlGbyBtVEhbzp5+6dHta7UuZvQEJnKm1jkx/P/PhM5mt0HnXkG7opIIHRI3z
bw2Ckxn7X+GDc4Kaoqc8a48LkvOhMHuum9gR6hXQq+hU/AokH6OI2YXKFfsIdyto
2JYXd2FbFLUUV9BUM+sKam4cU3T31OdjTYj+jeLHrtDTyS5bdU6MMx7eZgJMKeBC
LLysUDKIxIZVKLf58WGudyAEu/Ro/7t0PiCAnMMCBWBHJm0oE9dBaJ+A1CTbBVa/
JFiy5NNE1OXXZm1x7jWq3WN1RUg3Rbdheg9Mc47ZyIZOpFSYxkNu3VoexsxTn3bU
pE79dtU9GQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:32:29 2026 by rpki-client