Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
File: AS20115.roa (raw, json)
Hash identifier: h+FIH4Lp8ZDwIt6R9P54ce75uzZ4xXu/w4kMJcXiJOE=
Subject key identifier: 78:7D:74:A5:5C:8F:C9:A5:E6:75:96:D5:2D:80:09:DB:BF:FC:18:69
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 60E7C428B6FF2AA92A9FC5C386378FBA0EC66036
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
Signing time: Sun 26 Oct 2025 00:10:14 +0000
ROA not before: Sun 26 Oct 2025 00:05:14 +0000
ROA not after: Sun 25 Oct 2026 00:10:14 +0000
asID: 20115
IP address blocks: 143.14.232.0/21 maxlen: 24
162.141.2.0/23 maxlen: 24
162.141.6.0/23 maxlen: 24
162.141.22.0/23 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.76.0/23 maxlen: 24
162.141.134.0/23 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.156.0/23 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
162.141.192.0/21 maxlen: 24
162.141.200.0/21 maxlen: 24
162.141.208.0/21 maxlen: 24
162.141.216.0/21 maxlen: 24
162.141.224.0/21 maxlen: 24
162.141.232.0/21 maxlen: 24
162.141.240.0/21 maxlen: 24
162.141.248.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.24.0/22 maxlen: 24
167.148.44.0/23 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.60.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.145.0/24 maxlen: 24
167.148.224.0/21 maxlen: 24
167.148.232.0/21 maxlen: 24
167.148.240.0/21 maxlen: 24
167.148.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:e7:c4:28:b6:ff:2a:a9:2a:9f:c5:c3:86:37:8f:ba:0e:c6:60:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 26 00:05:14 2025 GMT
Not After : Oct 25 00:10:14 2026 GMT
Subject: CN=787D74A55C8FC9A5E67596D52D8009DBBFFC1869
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:43:2c:54:84:65:d2:f1:cc:93:89:eb:b6:68:
76:f0:58:e3:fc:03:62:d7:3e:69:47:cf:da:8a:c9:
2d:cd:64:d3:d7:48:25:90:80:a9:ad:b0:3d:15:b0:
99:dd:67:a0:ae:54:23:dd:b0:08:58:a6:bc:92:f2:
d3:e7:5b:91:3c:d8:f5:96:f5:2f:15:0f:73:f7:4d:
70:ec:1b:48:76:49:51:2c:5c:9a:1e:4b:fd:9f:e5:
59:93:74:32:81:61:87:dc:f1:7b:50:03:ca:82:9c:
77:21:ed:37:79:e9:dd:ad:7b:8f:3f:4a:d7:bf:c1:
45:70:36:04:61:b0:42:24:43:50:23:f7:91:e5:50:
33:f6:3b:dd:70:84:04:57:d8:15:bf:5b:4b:2b:db:
0c:e1:2a:10:c3:40:80:74:f0:9d:07:c9:57:d1:67:
cf:57:05:05:95:4f:26:30:f2:32:2d:9f:24:37:99:
0b:7f:0b:8a:3d:d8:62:06:1a:d0:21:be:25:1a:0a:
48:a2:7f:9e:5f:3a:51:d6:54:05:fb:39:99:c1:6b:
60:c6:e1:39:c2:7b:18:94:6c:95:6d:e4:71:30:01:
72:37:1e:10:9e:dd:d5:5e:bd:27:b9:48:69:9d:b7:
8b:a7:64:a3:da:84:00:0d:00:de:d0:3b:c4:83:1d:
03:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:7D:74:A5:5C:8F:C9:A5:E6:75:96:D5:2D:80:09:DB:BF:FC:18:69
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20115.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.232.0/21
162.141.2.0/23
162.141.6.0/23
162.141.22.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0-162.141.77.255
162.141.134.0/23
162.141.144.0/21
162.141.156.0/23
162.141.168.0/21
162.141.184.0-162.141.255.255
167.148.16.0-167.148.27.255
167.148.44.0/23
167.148.48.0-167.148.67.255
167.148.76.0/22
167.148.88.0/21
167.148.108.0/22
167.148.145.0/24
167.148.224.0/19
Signature Algorithm: sha256WithRSAEncryption
71:d3:2d:47:9b:92:6f:ca:2a:cd:c3:73:01:69:48:f2:46:ba:
60:22:8c:05:32:fb:73:d5:09:f2:81:2e:7e:60:69:d7:47:c2:
ea:4b:66:1b:b0:b5:a6:c4:03:44:ad:42:b7:d6:7f:46:ee:8c:
f1:f1:c3:f6:57:d0:e2:9d:92:64:86:f3:4f:37:ee:fc:f0:4c:
13:70:55:0b:88:9c:69:8a:71:a5:01:d4:0e:17:eb:fe:3d:09:
6d:53:0b:b7:0a:2f:4c:c1:6f:9a:7d:57:c2:5c:ce:38:cd:5e:
0c:f9:b9:1d:22:29:a1:be:59:3c:ed:53:55:7a:6c:c6:56:04:
9f:d3:3d:a1:ad:a9:50:ad:fd:05:87:2b:08:7f:7d:32:6a:7d:
bf:e3:2f:f5:f3:65:05:a8:a8:9c:25:0d:ac:c1:94:98:31:fe:
34:b0:3c:a0:68:00:cf:ff:3c:f5:7d:7e:c8:37:a2:33:39:34:
ad:c3:db:d5:60:21:fb:9a:34:8f:90:50:42:8c:02:7e:bb:84:
fc:a3:77:45:f9:cc:31:0c:ee:e5:9e:18:b9:a0:9b:1f:6e:b1:
be:2f:be:fe:ff:4d:aa:a9:19:e4:1f:d8:30:4d:56:df:cb:30:
b9:83:1a:ba:5e:2d:8b:df:b7:19:89:92:6e:23:52:43:b6:e6:
c3:c0:ef:f7
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIUYOfEKLb/Kqkqn8XDhjePug7GYDYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjYwMDA1MTRaFw0yNjEwMjUwMDEwMTRaMDMxMTAvBgNV
BAMTKDc4N0Q3NEE1NUM4RkM5QTVFNjc1OTZENTJEODAwOURCQkZGQzE4NjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHQyxUhGXS8cyTieu2aHbwWOP8
A2LXPmlHz9qKyS3NZNPXSCWQgKmtsD0VsJndZ6CuVCPdsAhYpryS8tPnW5E82PWW
9S8VD3P3TXDsG0h2SVEsXJoeS/2f5VmTdDKBYYfc8XtQA8qCnHch7Td56d2te48/
Ste/wUVwNgRhsEIkQ1Aj95HlUDP2O91whARX2BW/W0sr2wzhKhDDQIB08J0HyVfR
Z89XBQWVTyYw8jItnyQ3mQt/C4o92GIGGtAhviUaCkiif55fOlHWVAX7OZnBa2DG
4TnCexiUbJVt5HEwAXI3HhCe3dVevSe5SGmdt4unZKPahAANAN7QO8SDHQPnAgMB
AAGjggKnMIICozAdBgNVHQ4EFgQUeH10pVyPyaXmdZbVLYAJ27/8GGkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAxMTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgbwGCCsGAQUFBwEHAQH/BIGsMIGpMIGmBAIAATCBnwME
A48O6AMEAaKNAgMEAaKNBjAMAwQBoo0WAwQCoo0gAwQCoo0oAwQDoo04MAwDBAOi
jUgDBAGijUwDBAGijYYDBAOijZADBAGijZwDBAOijagwCwMEA6KNuAMDAaKMMAwD
BASnlBADBAKnlBgDBAGnlCwwDAMEBKeUMAMEAqeUQAMEAqeUTAMEA6eUWAMEAqeU
bAMEAKeUkQMEBaeU4DANBgkqhkiG9w0BAQsFAAOCAQEAcdMtR5uSb8oqzcNzAWlI
8ka6YCKMBTL7c9UJ8oEufmBp10fC6ktmG7C1psQDRK1Ct9Z/Ru6M8fHD9lfQ4p2S
ZIbzTzfu/PBME3BVC4icaYpxpQHUDhfr/j0JbVMLtwovTMFvmn1XwlzOOM1eDPm5
HSIpob5ZPO1TVXpsxlYEn9M9oa2pUK39BYcrCH99Mmp9v+Mv9fNlBaionCUNrMGU
mDH+NLA8oGgAz/889X1+yDeiMzk0rcPb1WAh+5o0j5BQQowCfruE/KN3RfnMMQzu
5Z4YuaCbH26xvi++/v9NqqkZ5B/YME1W38swuYMaul4ti9+3GYmSbiNSQ7bmw8Dv
9w==
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:38:39 2025 by rpki-client