Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
File: AS214025.roa (raw, json)
Hash identifier: 21m+tR8vtFU+g2gyJWlD3owc5DJQoc+WoCNefxX7bS0=
Subject key identifier: 12:D4:BD:EC:F4:49:1A:F2:8B:33:0F:50:A6:A9:67:A7:AB:F4:CE:2D
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 7C2EA8683C765A8FD03D6DAC46197F04B9E529E6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
Signing time: Mon 13 Apr 2026 16:04:11 +0000
ROA not before: Mon 13 Apr 2026 15:59:11 +0000
ROA not after: Mon 12 Apr 2027 16:04:11 +0000
asID: 214025
IP address blocks: 140.150.239.0/24 maxlen: 24
140.233.173.0/24 maxlen: 24
140.233.177.0/24 maxlen: 24
140.233.187.0/24 maxlen: 24
143.14.18.0/24 maxlen: 24
143.14.22.0/24 maxlen: 24
143.14.83.0/24 maxlen: 24
143.14.92.0/24 maxlen: 24
143.14.121.0/24 maxlen: 24
143.14.122.0/24 maxlen: 24
143.14.129.0/24 maxlen: 24
143.14.131.0/24 maxlen: 24
143.14.183.0/24 maxlen: 24
143.14.185.0/24 maxlen: 24
143.14.187.0/24 maxlen: 24
143.14.193.0/24 maxlen: 24
143.14.194.0/24 maxlen: 24
143.14.217.0/24 maxlen: 24
143.14.245.0/24 maxlen: 24
146.103.52.0/24 maxlen: 24
146.103.59.0/24 maxlen: 24
147.79.2.0/24 maxlen: 24
147.79.30.0/24 maxlen: 24
148.135.175.0/24 maxlen: 24
148.135.198.0/24 maxlen: 24
150.241.209.0/24 maxlen: 24
150.241.234.0/24 maxlen: 24
150.241.253.0/24 maxlen: 24
155.117.8.0/24 maxlen: 24
155.117.9.0/24 maxlen: 24
155.117.10.0/24 maxlen: 24
155.117.11.0/24 maxlen: 24
155.117.120.0/24 maxlen: 24
155.117.157.0/24 maxlen: 24
155.117.171.0/24 maxlen: 24
155.117.178.0/24 maxlen: 24
155.117.197.0/24 maxlen: 24
155.117.218.0/24 maxlen: 24
155.117.242.0/24 maxlen: 24
162.141.13.0/24 maxlen: 24
162.141.67.0/24 maxlen: 24
162.141.69.0/24 maxlen: 24
162.141.82.0/24 maxlen: 24
162.141.120.0/24 maxlen: 24
162.141.123.0/24 maxlen: 24
162.141.136.0/24 maxlen: 24
162.141.138.0/24 maxlen: 24
162.141.160.0/24 maxlen: 24
167.148.46.0/24 maxlen: 24
168.222.34.0/24 maxlen: 24
168.222.38.0/24 maxlen: 24
168.222.40.0/24 maxlen: 24
168.222.44.0/24 maxlen: 24
168.222.46.0/24 maxlen: 24
168.222.80.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7c:2e:a8:68:3c:76:5a:8f:d0:3d:6d:ac:46:19:7f:04:b9:e5:29:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Apr 13 15:59:11 2026 GMT
Not After : Apr 12 16:04:11 2027 GMT
Subject: CN=12D4BDECF4491AF28B330F50A6A967A7ABF4CE2D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:d0:15:f9:21:70:c1:7e:37:fe:d7:5b:bf:d7:
93:7d:2b:be:84:1e:22:0e:96:0c:e9:c2:f7:f8:c4:
ad:09:6e:28:6d:1c:32:9e:74:eb:c7:2b:04:a8:5b:
79:f8:d4:40:51:8e:9f:b2:45:99:c6:38:24:ef:53:
46:36:1c:bd:61:e3:48:58:23:17:4e:19:12:5b:56:
27:1c:57:0f:62:e7:2d:dd:e8:c2:c1:9d:e3:76:78:
55:e0:54:0e:34:9b:14:f1:66:86:d8:83:be:04:36:
3d:bc:5e:3e:bb:62:a8:6c:f4:6e:00:ac:3c:65:77:
ed:10:ba:7f:8b:c0:f6:8e:68:66:85:3d:d2:3d:3e:
30:5a:7b:63:b3:83:f4:ab:f3:bd:92:d7:03:52:76:
d3:4a:db:d7:78:1b:d2:ef:d1:b1:dd:7c:4c:0d:be:
20:8c:bb:1a:6d:a3:db:b9:9b:17:b8:e4:e5:62:55:
f6:f6:d3:54:18:f2:0a:fb:1f:34:47:2a:d3:52:07:
bc:4a:6f:bc:1d:12:d2:f6:04:c3:50:fb:93:c5:46:
b0:75:d3:1e:47:f5:22:a4:b7:ae:8c:1a:36:4f:1f:
fc:7a:b1:41:7b:1f:88:c7:68:af:af:bd:44:4e:86:
73:f0:10:72:fd:5b:75:46:f2:41:25:32:fb:57:fb:
2d:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:D4:BD:EC:F4:49:1A:F2:8B:33:0F:50:A6:A9:67:A7:AB:F4:CE:2D
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS214025.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.150.239.0/24
140.233.173.0/24
140.233.177.0/24
140.233.187.0/24
143.14.18.0/24
143.14.22.0/24
143.14.83.0/24
143.14.92.0/24
143.14.121.0-143.14.122.255
143.14.129.0/24
143.14.131.0/24
143.14.183.0/24
143.14.185.0/24
143.14.187.0/24
143.14.193.0-143.14.194.255
143.14.217.0/24
143.14.245.0/24
146.103.52.0/24
146.103.59.0/24
147.79.2.0/24
147.79.30.0/24
148.135.175.0/24
148.135.198.0/24
150.241.209.0/24
150.241.234.0/24
150.241.253.0/24
155.117.8.0/22
155.117.120.0/24
155.117.157.0/24
155.117.171.0/24
155.117.178.0/24
155.117.197.0/24
155.117.218.0/24
155.117.242.0/24
162.141.13.0/24
162.141.67.0/24
162.141.69.0/24
162.141.82.0/24
162.141.120.0/24
162.141.123.0/24
162.141.136.0/24
162.141.138.0/24
162.141.160.0/24
167.148.46.0/24
168.222.34.0/24
168.222.38.0/24
168.222.40.0/24
168.222.44.0/24
168.222.46.0/24
168.222.80.0/24
Signature Algorithm: sha256WithRSAEncryption
67:41:7c:e7:92:bd:5e:80:46:bc:6f:50:d0:b6:63:7e:93:62:
d0:5d:2a:b0:72:01:f5:db:e2:49:d5:78:9a:9e:b5:c6:a5:a7:
e0:cf:27:3b:c1:9b:dc:64:8b:34:67:37:56:35:77:26:59:49:
65:8f:a4:ea:3f:48:cc:67:b2:3c:1e:08:2d:3d:a9:38:e5:14:
00:39:53:d5:77:fc:67:12:94:65:d3:a3:58:79:60:82:ce:9e:
7d:3f:45:b2:8b:e1:96:37:58:d5:a5:97:c7:fa:cb:ee:1d:2b:
78:7f:09:31:80:94:69:c5:cf:23:1d:92:6a:db:d4:6e:7b:f0:
e6:5f:1a:4e:74:e9:91:eb:00:f1:b3:5e:34:e4:58:4c:e8:77:
09:1f:d6:d9:2a:99:43:6c:74:e3:06:de:2f:e1:06:d4:64:fe:
e3:02:e8:12:44:e3:b8:6f:fa:cf:7b:ac:40:d3:bc:bf:f7:b2:
c2:bc:d1:82:06:12:2a:84:78:27:68:84:72:e5:91:39:00:d5:
41:6a:f8:29:cd:c9:4a:10:10:32:34:e5:e3:85:f0:e4:35:7a:
28:cd:c2:14:3c:a2:62:09:23:37:85:d5:21:c6:4b:04:0d:e1:
7c:fa:35:4f:74:b4:a2:d4:44:e8:9e:e9:4f:88:bf:71:48:af:
f2:42:df:db
-----BEGIN CERTIFICATE-----
MIIGQDCCBSigAwIBAgIUfC6oaDx2Wo/QPW2sRhl/BLnlKeYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MTMxNTU5MTFaFw0yNzA0MTIxNjA0MTFaMDMxMTAvBgNV
BAMTKDEyRDRCREVDRjQ0OTFBRjI4QjMzMEY1MEE2QTk2N0E3QUJGNENFMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf0BX5IXDBfjf+11u/15N9K76E
HiIOlgzpwvf4xK0JbihtHDKedOvHKwSoW3n41EBRjp+yRZnGOCTvU0Y2HL1h40hY
IxdOGRJbViccVw9i5y3d6MLBneN2eFXgVA40mxTxZobYg74ENj28Xj67Yqhs9G4A
rDxld+0Qun+LwPaOaGaFPdI9PjBae2Ozg/Sr872S1wNSdtNK29d4G9Lv0bHdfEwN
viCMuxpto9u5mxe45OViVfb201QY8gr7HzRHKtNSB7xKb7wdEtL2BMNQ+5PFRrB1
0x5H9SKkt66MGjZPH/x6sUF7H4jHaK+vvUROhnPwEHL9W3VG8kElMvtX+y07AgMB
AAGjggNKMIIDRjAdBgNVHQ4EFgQUEtS97PRJGvKLMw9Qpqlnp6v0zi0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMIIBXQYIKwYBBQUHAQcBAf8EggFMMIIBSDCCAUQEAgAB
MIIBPAMEAIyW7wMEAIzprQMEAIzpsQMEAIzpuwMEAI8OEgMEAI8OFgMEAI8OUwME
AI8OXDAMAwQAjw55AwQAjw56AwQAjw6BAwQAjw6DAwQAjw63AwQAjw65AwQAjw67
MAwDBACPDsEDBACPDsIDBACPDtkDBACPDvUDBACSZzQDBACSZzsDBACTTwIDBACT
Tx4DBACUh68DBACUh8YDBACW8dEDBACW8eoDBACW8f0DBAKbdQgDBACbdXgDBACb
dZ0DBACbdasDBACbdbIDBACbdcUDBACbddoDBACbdfIDBACijQ0DBACijUMDBACi
jUUDBACijVIDBACijXgDBACijXsDBACijYgDBACijYoDBACijaADBACnlC4DBACo
3iIDBACo3iYDBACo3igDBACo3iwDBACo3i4DBACo3lAwDQYJKoZIhvcNAQELBQAD
ggEBAGdBfOeSvV6ARrxvUNC2Y36TYtBdKrByAfXb4knVeJqetcalp+DPJzvBm9xk
izRnN1Y1dyZZSWWPpOo/SMxnsjweCC09qTjlFAA5U9V3/GcSlGXTo1h5YILOnn0/
RbKL4ZY3WNWll8f6y+4dK3h/CTGAlGnFzyMdkmrb1G578OZfGk506ZHrAPGzXjTk
WEzodwkf1tkqmUNsdOMG3i/hBtRk/uMC6BJE47hv+s97rEDTvL/3ssK80YIGEiqE
eCdohHLlkTkA1UFq+CnNyUoQEDI05eOF8OQ1eijNwhQ8omIJIzeF1SHGSwQN4Xz6
NU90tKLUROie6U+Iv3FIr/JC39s=
-----END CERTIFICATE-----
Generated at Fri Apr 17 05:52:22 2026 by rpki-client