Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205886.roa
File: AS205886.roa (raw, json)
Hash identifier: DaAWb7y3Wx+no8V5hTYNkIaQ8OUWXT8OSRBZNSKR484=
Subject key identifier: CB:17:4B:C8:9F:00:22:A9:0E:5A:6B:79:09:2E:93:30:A3:67:08:15
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 51AD6983337D402DC2819DFF1989632E60617E22
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205886.roa
Signing time: Wed 05 Nov 2025 07:06:58 +0000
ROA not before: Wed 05 Nov 2025 07:01:58 +0000
ROA not after: Wed 04 Nov 2026 07:06:58 +0000
asID: 205886
IP address blocks: 96.62.71.0/24 maxlen: 24
96.62.73.0/24 maxlen: 24
96.62.74.0/24 maxlen: 24
140.150.152.0/24 maxlen: 24
140.150.154.0/24 maxlen: 24
143.14.16.0/24 maxlen: 24
143.14.80.0/24 maxlen: 24
143.14.147.0/24 maxlen: 24
143.14.157.0/24 maxlen: 24
143.14.249.0/24 maxlen: 24
147.79.60.0/24 maxlen: 24
155.117.76.0/24 maxlen: 24
155.117.112.0/24 maxlen: 24
155.117.166.0/24 maxlen: 24
155.117.171.0/24 maxlen: 24
155.117.214.0/24 maxlen: 24
155.117.220.0/24 maxlen: 24
162.141.5.0/24 maxlen: 24
162.141.8.0/24 maxlen: 24
162.141.66.0/24 maxlen: 24
162.141.83.0/24 maxlen: 24
162.141.136.0/24 maxlen: 24
162.141.137.0/24 maxlen: 24
167.148.75.0/24 maxlen: 24
167.148.105.0/24 maxlen: 24
167.148.161.0/24 maxlen: 24
167.148.184.0/24 maxlen: 24
167.148.194.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:ad:69:83:33:7d:40:2d:c2:81:9d:ff:19:89:63:2e:60:61:7e:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Nov 5 07:01:58 2025 GMT
Not After : Nov 4 07:06:58 2026 GMT
Subject: CN=CB174BC89F0022A90E5A6B79092E9330A3670815
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:3f:0e:1b:34:fa:25:52:c5:7a:e5:8c:8a:c6:
35:b4:2b:4f:ec:13:66:43:67:ef:50:0f:a8:3c:47:
6c:39:52:1b:da:ae:f5:63:07:f5:44:17:1b:03:4b:
f5:d2:4a:c0:04:2d:da:da:da:5e:6a:a3:fb:c6:75:
2c:bf:bf:7f:87:a7:d0:63:69:6c:57:5b:a0:48:ba:
61:ac:df:c6:0d:63:08:24:e9:21:86:59:fc:ce:cb:
78:1c:10:7e:a8:97:2b:64:f4:21:49:e1:46:3c:8b:
c3:af:6d:2b:00:ae:8b:c3:0b:06:87:43:36:89:cf:
ea:4a:9a:a3:79:d2:fa:dc:fe:8b:c9:a3:f9:a8:ca:
6f:fa:06:0d:bd:5e:8b:a1:55:dd:99:38:b0:58:5f:
39:1b:01:a5:0b:15:b3:e1:16:6d:55:cd:21:ec:1d:
b2:11:76:f5:24:d1:86:bb:40:66:5f:57:2c:d5:f3:
6a:34:7a:70:9a:ab:3d:a3:b8:96:44:7b:9e:8c:03:
8a:85:29:01:6e:0b:98:cd:48:86:a6:43:f6:26:bb:
61:ce:bf:5c:78:49:8e:c2:4c:9e:3d:d4:14:b1:90:
2b:a3:c9:6a:38:bd:97:1a:57:d5:22:57:7c:13:46:
17:34:51:60:25:a9:ef:c7:20:0a:91:a3:47:da:67:
ad:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:17:4B:C8:9F:00:22:A9:0E:5A:6B:79:09:2E:93:30:A3:67:08:15
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205886.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.71.0/24
96.62.73.0-96.62.74.255
140.150.152.0/24
140.150.154.0/24
143.14.16.0/24
143.14.80.0/24
143.14.147.0/24
143.14.157.0/24
143.14.249.0/24
147.79.60.0/24
155.117.76.0/24
155.117.112.0/24
155.117.166.0/24
155.117.171.0/24
155.117.214.0/24
155.117.220.0/24
162.141.5.0/24
162.141.8.0/24
162.141.66.0/24
162.141.83.0/24
162.141.136.0/23
167.148.75.0/24
167.148.105.0/24
167.148.161.0/24
167.148.184.0/24
167.148.194.0/24
Signature Algorithm: sha256WithRSAEncryption
70:fe:51:1d:eb:c0:cf:20:ef:d7:32:8b:b6:65:b7:68:09:7a:
aa:6e:d5:d1:bb:01:8a:67:5a:3d:41:20:6c:dd:80:fc:b3:84:
de:0c:bc:ec:d8:84:19:54:1f:3f:cd:9c:ae:97:98:88:cc:92:
3e:f6:09:19:b5:1b:49:55:3b:02:c3:b5:6c:14:c0:65:61:c2:
3e:e8:55:73:19:18:91:ee:a8:86:bb:fe:0c:9d:5c:e7:c2:d4:
57:d6:e2:4e:ff:65:01:03:d0:9d:f7:73:d4:c1:b0:98:1b:30:
53:64:4b:64:f7:73:2f:72:35:45:b6:c6:0c:60:0d:38:0a:c1:
64:67:ee:27:5b:43:8e:74:65:8e:24:c1:56:58:0d:d8:5b:38:
5f:6a:03:05:3b:8c:28:2b:b1:a6:e4:6f:d4:9b:8f:11:e0:20:
b1:7a:9a:4b:48:ef:0d:1d:98:26:60:e3:13:78:80:9f:ea:ed:
7f:f4:4e:26:f4:23:7f:69:1a:d4:5e:5c:de:4e:61:b5:cd:9c:
14:0d:a9:c9:e8:19:ab:77:93:7a:19:bb:7d:88:58:49:82:0d:
f1:7e:14:47:98:97:fc:47:6e:41:f7:8f:d4:7a:23:39:75:d5:
66:f7:5e:84:f7:10:3b:14:61:18:78:0b:10:c6:1e:91:f3:8b:
ff:c5:a8:a4
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgIUUa1pgzN9QC3CgZ3/GYljLmBhfiIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTExMDUwNzAxNThaFw0yNjExMDQwNzA2NThaMDMxMTAvBgNV
BAMTKENCMTc0QkM4OUYwMDIyQTkwRTVBNkI3OTA5MkU5MzMwQTM2NzA4MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDePw4bNPolUsV65YyKxjW0K0/s
E2ZDZ+9QD6g8R2w5UhvarvVjB/VEFxsDS/XSSsAELdra2l5qo/vGdSy/v3+Hp9Bj
aWxXW6BIumGs38YNYwgk6SGGWfzOy3gcEH6olytk9CFJ4UY8i8OvbSsArovDCwaH
QzaJz+pKmqN50vrc/ovJo/moym/6Bg29XouhVd2ZOLBYXzkbAaULFbPhFm1VzSHs
HbIRdvUk0Ya7QGZfVyzV82o0enCaqz2juJZEe56MA4qFKQFuC5jNSIamQ/Ymu2HO
v1x4SY7CTJ491BSxkCujyWo4vZcaV9UiV3wTRhc0UWAlqe/HIAqRo0faZ63RAgMB
AAGjggKtMIICqTAdBgNVHQ4EFgQUyxdLyJ8AIqkOWmt5CS6TMKNnCBUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA1ODg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQD
BABgPkcwDAMEAGA+SQMEAGA+SgMEAIyWmAMEAIyWmgMEAI8OEAMEAI8OUAMEAI8O
kwMEAI8OnQMEAI8O+QMEAJNPPAMEAJt1TAMEAJt1cAMEAJt1pgMEAJt1qwMEAJt1
1gMEAJt13AMEAKKNBQMEAKKNCAMEAKKNQgMEAKKNUwMEAaKNiAMEAKeUSwMEAKeU
aQMEAKeUoQMEAKeUuAMEAKeUwjANBgkqhkiG9w0BAQsFAAOCAQEAcP5RHevAzyDv
1zKLtmW3aAl6qm7V0bsBimdaPUEgbN2A/LOE3gy87NiEGVQfP82crpeYiMySPvYJ
GbUbSVU7AsO1bBTAZWHCPuhVcxkYke6ohrv+DJ1c58LUV9biTv9lAQPQnfdz1MGw
mBswU2RLZPdzL3I1RbbGDGANOArBZGfuJ1tDjnRljiTBVlgN2Fs4X2oDBTuMKCux
puRv1JuPEeAgsXqaS0jvDR2YJmDjE3iAn+rtf/ROJvQjf2ka1F5c3k5htc2cFA2p
yegZq3eTehm7fYhYSYIN8X4UR5iX/EduQfeP1HojOXXVZvdehPcQOxRhGHgLEMYe
kfOL/8WopA==
-----END CERTIFICATE-----
Generated at Wed Nov 5 10:54:30 2025 by rpki-client