Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
File: AS20326.roa (raw, json)
Hash identifier: DdO+g4k2l6wg6W6KT7teaUFzzXaOnmSl5Rw2XQF+U3s=
Subject key identifier: C8:54:96:34:FC:73:D6:00:19:10:BB:BD:CF:2B:27:F0:72:14:3D:72
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 2D9AACDF0BF918859ECF18C8CBAAB1972000359D
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
Signing time: Fri 06 Feb 2026 06:23:46 +0000
ROA not before: Fri 06 Feb 2026 06:18:46 +0000
ROA not after: Fri 05 Feb 2027 06:23:46 +0000
asID: 20326
IP address blocks: 96.62.200.0/21 maxlen: 24
155.117.158.0/23 maxlen: 24
155.117.178.0/23 maxlen: 24
167.148.80.0/21 maxlen: 24
167.148.198.0/24 maxlen: 24
167.148.204.0/24 maxlen: 24
167.148.207.0/24 maxlen: 24
167.148.210.0/24 maxlen: 24
168.222.32.0/20 maxlen: 20
168.222.80.0/20 maxlen: 20
168.222.116.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 06:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:9a:ac:df:0b:f9:18:85:9e:cf:18:c8:cb:aa:b1:97:20:00:35:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Feb 6 06:18:46 2026 GMT
Not After : Feb 5 06:23:46 2027 GMT
Subject: CN=C8549634FC73D6001910BBBDCF2B27F072143D72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:0d:d6:d8:70:10:04:21:46:78:f4:ae:bd:75:
89:5b:f8:0b:97:61:39:f7:a7:00:14:b3:92:6a:7f:
6a:59:24:8a:cc:18:76:d2:aa:49:18:00:2c:f8:76:
0a:e2:81:15:4b:37:30:8b:a4:55:dc:3d:eb:8c:18:
68:0f:e6:e0:9e:be:46:ee:46:66:ef:59:cd:d0:26:
b5:3b:af:32:03:a7:86:2b:ca:df:7b:c0:b4:01:de:
c6:5b:e2:fa:99:a7:9a:d2:28:d3:58:dd:3d:7e:a3:
8f:7d:6f:6d:1c:5b:7d:d7:5d:d9:59:38:0e:43:5f:
ec:58:a5:83:89:ed:06:32:ea:05:75:c4:cc:c2:38:
52:38:8e:7e:aa:2e:f4:69:32:0e:e6:e7:64:8b:8f:
03:b3:3f:cb:03:ec:29:ef:3f:b7:d6:ce:da:a8:24:
e6:fb:28:88:52:75:d4:70:ab:f1:e7:3e:91:93:70:
e2:98:e2:23:6e:df:9f:d0:82:e3:e4:17:8f:ea:2d:
01:0b:13:ce:fa:cc:cd:ac:05:77:72:fd:11:dd:17:
e2:ea:8c:3e:5c:80:b8:05:91:2a:c7:72:8c:60:76:
b7:f0:16:f5:2a:de:81:1a:f7:67:ff:1e:ac:2b:7b:
07:9f:f9:b3:5e:15:03:d3:fd:16:4a:2b:1f:ad:5f:
ae:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:54:96:34:FC:73:D6:00:19:10:BB:BD:CF:2B:27:F0:72:14:3D:72
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.200.0/21
155.117.158.0/23
155.117.178.0/23
167.148.80.0/21
167.148.198.0/24
167.148.204.0/24
167.148.207.0/24
167.148.210.0/24
168.222.32.0/20
168.222.80.0/20
168.222.116.0/22
Signature Algorithm: sha256WithRSAEncryption
a7:0d:bc:94:0c:e0:97:ac:17:ac:c1:e6:68:37:09:ee:39:92:
3a:ed:10:1c:51:6c:7a:eb:a5:47:9a:5e:52:b1:79:77:1b:fa:
9c:f6:bc:93:19:cb:d8:32:f0:ff:3b:c1:54:24:5f:18:4b:6e:
01:9a:a4:99:23:18:ce:c5:30:07:33:d7:02:99:bf:b8:32:d6:
1f:ad:a4:a2:70:ea:88:7c:74:f4:f7:73:0c:d2:34:02:17:5c:
7b:78:88:ce:e9:c4:95:c7:43:f8:a2:d5:6b:d5:4a:47:7b:69:
aa:ee:54:f3:1f:fb:3d:2e:fc:6d:c0:c9:89:99:76:bc:88:5e:
3c:a6:69:93:e2:b2:95:46:cb:14:d4:29:a6:66:59:a9:44:2f:
87:3b:00:55:ec:36:46:4e:a0:59:60:eb:06:68:f7:d1:f2:58:
ef:27:b6:7c:86:cc:ab:0c:6f:e5:1a:8a:b6:9a:54:60:0e:13:
82:81:f8:d3:04:49:0d:67:cb:a0:e7:c0:69:d3:f6:5c:1c:75:
c3:4c:b1:98:1b:9d:7b:c6:88:ab:bb:7f:ea:cc:8c:f8:92:91:
fa:91:bf:d4:cd:a1:56:43:a4:22:11:e5:11:66:ce:5b:17:f4:
ef:58:30:22:af:1d:9d:fa:df:cd:38:37:09:7b:9c:33:fb:76:
6a:6e:ed:22
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIULZqs3wv5GIWezxjIy6qxlyAANZ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMDYwNjE4NDZaFw0yNzAyMDUwNjIzNDZaMDMxMTAvBgNV
BAMTKEM4NTQ5NjM0RkM3M0Q2MDAxOTEwQkJCRENGMkIyN0YwNzIxNDNENzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIDdbYcBAEIUZ49K69dYlb+AuX
YTn3pwAUs5Jqf2pZJIrMGHbSqkkYACz4dgrigRVLNzCLpFXcPeuMGGgP5uCevkbu
RmbvWc3QJrU7rzIDp4Yryt97wLQB3sZb4vqZp5rSKNNY3T1+o499b20cW33XXdlZ
OA5DX+xYpYOJ7QYy6gV1xMzCOFI4jn6qLvRpMg7m52SLjwOzP8sD7CnvP7fWztqo
JOb7KIhSddRwq/HnPpGTcOKY4iNu35/QguPkF4/qLQELE876zM2sBXdy/RHdF+Lq
jD5cgLgFkSrHcoxgdrfwFvUq3oEa92f/Hqwrewef+bNeFQPT/RZKKx+tX64TAgMB
AAGjggJFMIICQTAdBgNVHQ4EFgQUyFSWNPxz1gAZELu9zysn8HIUPXIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwWwYIKwYBBQUHAQcBAf8ETDBKMEgEAgABMEIDBANgPsgD
BAGbdZ4DBAGbdbIDBAOnlFADBACnlMYDBACnlMwDBACnlM8DBACnlNIDBASo3iAD
BASo3lADBAKo3nQwDQYJKoZIhvcNAQELBQADggEBAKcNvJQM4JesF6zB5mg3Ce45
kjrtEBxRbHrrpUeaXlKxeXcb+pz2vJMZy9gy8P87wVQkXxhLbgGapJkjGM7FMAcz
1wKZv7gy1h+tpKJw6oh8dPT3cwzSNAIXXHt4iM7pxJXHQ/ii1WvVSkd7aaruVPMf
+z0u/G3AyYmZdryIXjymaZPispVGyxTUKaZmWalEL4c7AFXsNkZOoFlg6wZo99Hy
WO8ntnyGzKsMb+UairaaVGAOE4KB+NMESQ1ny6DnwGnT9lwcdcNMsZgbnXvGiKu7
f+rMjPiSkfqRv9TNoVZDpCIR5RFmzlsX9O9YMCKvHZ363804Nwl7nDP7dmpu7SI=
-----END CERTIFICATE-----
Generated at Sun Mar 1 14:43:34 2026 by rpki-client