Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa
File: AS25198.roa (raw, json)
Hash identifier: 2qqFxXZ+KHuJnIyVmGLdsqvlWuOYqfMeWFUJfeNNSjY=
Subject key identifier: CE:D7:30:F5:0B:63:52:14:1B:4A:BE:B0:3D:10:42:BD:57:D1:36:12
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 3F3EA644A4D2294ADFA7EFF49B8D706C3DAA9A6E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa
Signing time: Wed 29 Oct 2025 06:05:17 +0000
ROA not before: Wed 29 Oct 2025 06:00:17 +0000
ROA not after: Wed 28 Oct 2026 06:05:17 +0000
asID: 25198
IP address blocks: 140.150.155.0/24 maxlen: 24
140.150.156.0/24 maxlen: 24
143.14.71.0/24 maxlen: 24
143.14.174.0/24 maxlen: 24
148.135.175.0/24 maxlen: 24
162.141.48.0/24 maxlen: 24
162.141.136.0/24 maxlen: 24
162.141.152.0/24 maxlen: 24
167.148.105.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:3e:a6:44:a4:d2:29:4a:df:a7:ef:f4:9b:8d:70:6c:3d:aa:9a:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 29 06:00:17 2025 GMT
Not After : Oct 28 06:05:17 2026 GMT
Subject: CN=CED730F50B6352141B4ABEB03D1042BD57D13612
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:ac:94:86:b9:8d:c0:a5:28:30:09:91:eb:a1:
99:8e:4f:6c:01:65:9b:e2:04:bd:36:be:a4:f1:ec:
12:ed:1d:bd:2a:67:08:bb:80:3b:a1:9b:66:23:2d:
61:bf:e5:fc:be:0a:d8:96:77:94:d3:bc:21:0c:1d:
b2:1b:83:b6:ef:c5:01:a9:45:90:3c:1c:22:f3:51:
78:f1:62:f3:ab:dd:5f:44:1b:8e:e5:b9:8d:c1:9b:
50:4a:ac:aa:5f:f0:65:2a:5c:99:dd:d6:f1:d6:20:
13:f1:e1:1b:fd:cb:97:16:76:35:ad:71:2b:ec:87:
dc:a3:8a:25:0c:e4:b6:40:7c:09:f8:72:46:56:b2:
b1:1e:05:18:b1:ad:22:2f:4f:fe:d6:4c:8f:4e:02:
6f:61:05:a0:97:ba:7a:62:0c:5c:d5:25:b0:ed:e8:
49:b2:2a:8b:80:49:e6:97:c2:b0:51:4f:60:01:12:
9c:da:bc:3f:08:e9:5c:bc:50:a8:5e:6a:ab:a4:13:
b4:ee:2e:b0:20:76:e2:96:8e:6d:c9:61:e5:43:ee:
0b:90:50:7e:d5:6b:6f:a2:88:a3:d1:67:88:f8:46:
ca:9e:8d:3b:6c:0d:a1:55:77:b2:df:cb:0f:2a:d4:
5c:94:24:30:94:28:70:ce:14:65:f7:1c:bd:54:22:
8d:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:D7:30:F5:0B:63:52:14:1B:4A:BE:B0:3D:10:42:BD:57:D1:36:12
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25198.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.150.155.0-140.150.156.255
143.14.71.0/24
143.14.174.0/24
148.135.175.0/24
162.141.48.0/24
162.141.136.0/24
162.141.152.0/24
167.148.105.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:9c:06:7e:14:ec:86:4b:79:4d:23:98:9f:a4:3c:d6:0a:71:
d7:a2:6d:77:c0:ed:44:ac:69:dd:af:0b:ed:1b:23:70:e4:e5:
51:03:b5:a5:84:ea:08:11:f8:68:84:4f:67:c1:59:db:56:20:
ec:21:72:0a:8a:22:34:ed:68:d0:10:b0:1d:fb:8b:8e:26:5c:
df:43:7d:0c:f5:d3:88:a1:a1:25:ae:61:88:53:d5:2d:a2:e1:
54:77:b0:40:9b:c6:76:d7:35:2d:e2:0a:c8:fb:a2:03:b9:a4:
f8:93:c1:a3:63:83:15:00:a8:17:b3:08:ba:3c:cd:b2:9f:9d:
76:0a:bd:55:44:94:19:a6:7d:51:c0:33:ee:d7:6f:9e:cb:b5:
2f:f1:d7:12:a3:90:1c:87:d7:cb:ef:dd:c1:31:47:01:b2:53:
cb:36:0b:14:a0:6c:1a:b9:bc:75:5e:06:de:c4:7a:2b:7c:4e:
05:64:88:7b:d4:06:3c:01:03:04:c1:b6:42:42:7b:c5:61:af:
0a:a8:bd:6e:b0:f4:ed:2c:6e:2d:0a:ee:4b:1a:f8:06:a7:4c:
2b:2a:f6:48:79:3c:42:57:80:af:1a:21:27:8b:58:70:d8:ed:
ab:70:4d:03:09:16:54:3b:cc:06:e9:f8:98:6c:ca:55:b2:ae:
fb:7c:b2:46
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPz6mRKTSKUrfp+/0m41wbD2qmm4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjkwNjAwMTdaFw0yNjEwMjgwNjA1MTdaMDMxMTAvBgNV
BAMTKENFRDczMEY1MEI2MzUyMTQxQjRBQkVCMDNEMTA0MkJENTdEMTM2MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7rJSGuY3ApSgwCZHroZmOT2wB
ZZviBL02vqTx7BLtHb0qZwi7gDuhm2YjLWG/5fy+CtiWd5TTvCEMHbIbg7bvxQGp
RZA8HCLzUXjxYvOr3V9EG47luY3Bm1BKrKpf8GUqXJnd1vHWIBPx4Rv9y5cWdjWt
cSvsh9yjiiUM5LZAfAn4ckZWsrEeBRixrSIvT/7WTI9OAm9hBaCXunpiDFzVJbDt
6EmyKouASeaXwrBRT2ABEpzavD8I6Vy8UKheaqukE7TuLrAgduKWjm3JYeVD7guQ
UH7Va2+iiKPRZ4j4RsqejTtsDaFVd7Lfyw8q1FyUJDCUKHDOFGX3HL1UIo1hAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUztcw9QtjUhQbSr6wPRBCvVfRNhIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwUQYIKwYBBQUHAQcBAf8EQjBAMD4EAgABMDgwDAMEAIyW
mwMEAIyWnAMEAI8ORwMEAI8OrgMEAJSHrwMEAKKNMAMEAKKNiAMEAKKNmAMEAKeU
aTANBgkqhkiG9w0BAQsFAAOCAQEAa5wGfhTshkt5TSOYn6Q81gpx16Jtd8DtRKxp
3a8L7RsjcOTlUQO1pYTqCBH4aIRPZ8FZ21Yg7CFyCooiNO1o0BCwHfuLjiZc30N9
DPXTiKGhJa5hiFPVLaLhVHewQJvGdtc1LeIKyPuiA7mk+JPBo2ODFQCoF7MIujzN
sp+ddgq9VUSUGaZ9UcAz7tdvnsu1L/HXEqOQHIfXy+/dwTFHAbJTyzYLFKBsGrm8
dV4G3sR6K3xOBWSIe9QGPAEDBMG2QkJ7xWGvCqi9brD07SxuLQruSxr4BqdMKyr2
SHk8QleArxohJ4tYcNjtq3BNAwkWVDvMBun4mGzKVbKu+3yyRg==
-----END CERTIFICATE-----
Generated at Tue Nov 4 22:54:45 2025 by rpki-client