Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS3320.roa
File: AS3320.roa (raw, json)
Hash identifier: yP3DjX8o2xleIld/hTTgS8SZ2B7gJMjMr/mo6wzakao=
Subject key identifier: 40:67:A3:22:79:64:3F:9F:DA:1A:DD:C3:66:D5:E3:57:8E:F4:7B:14
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 6D65E6D9D48EBA44D89284B367C044D0BBD18F32
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS3320.roa
Signing time: Mon 13 Apr 2026 04:12:41 +0000
ROA not before: Mon 13 Apr 2026 04:07:41 +0000
ROA not after: Mon 12 Apr 2027 04:12:41 +0000
asID: 3320
IP address blocks: 140.233.192.0/18 maxlen: 24
140.233.192.0/24 maxlen: 24
143.14.10.0/24 maxlen: 24
143.14.128.0/24 maxlen: 24
143.14.130.0/24 maxlen: 24
143.14.140.0/24 maxlen: 24
143.14.164.0/24 maxlen: 24
143.14.169.0/24 maxlen: 24
143.14.223.0/24 maxlen: 24
143.14.225.0/24 maxlen: 24
143.14.246.0/24 maxlen: 24
147.79.48.0/24 maxlen: 24
147.79.49.0/24 maxlen: 24
147.79.50.0/24 maxlen: 24
147.79.51.0/24 maxlen: 24
150.241.192.0/24 maxlen: 24
150.241.193.0/24 maxlen: 24
150.241.194.0/24 maxlen: 24
150.241.195.0/24 maxlen: 24
155.117.17.0/24 maxlen: 24
155.117.113.0/24 maxlen: 24
155.117.124.0/24 maxlen: 24
155.117.125.0/24 maxlen: 24
155.117.126.0/24 maxlen: 24
155.117.167.0/24 maxlen: 24
155.117.168.0/24 maxlen: 24
155.117.200.0/24 maxlen: 24
155.117.215.0/24 maxlen: 24
155.117.221.0/24 maxlen: 24
155.117.223.0/24 maxlen: 24
162.141.158.0/24 maxlen: 24
167.148.119.0/24 maxlen: 24
168.222.1.0/24 maxlen: 24
168.222.33.0/24 maxlen: 24
168.222.64.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:65:e6:d9:d4:8e:ba:44:d8:92:84:b3:67:c0:44:d0:bb:d1:8f:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Apr 13 04:07:41 2026 GMT
Not After : Apr 12 04:12:41 2027 GMT
Subject: CN=4067A32279643F9FDA1ADDC366D5E3578EF47B14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:bd:c8:f1:ce:08:e9:be:9e:f6:4f:5f:bc:c5:
70:03:1e:5d:2a:af:fd:15:a5:40:bf:1e:57:e1:d8:
4d:50:2f:06:54:3a:00:70:a8:a9:24:ca:ff:f9:b8:
f3:85:32:8d:e9:24:e4:15:58:28:8b:80:9b:3d:d7:
fb:8f:17:9e:f7:35:d7:57:b4:06:8c:32:f7:77:cf:
6b:62:4d:67:20:27:3f:41:32:99:88:8b:a1:b9:43:
27:ee:ba:ef:15:91:30:ad:72:15:58:ad:51:1c:46:
4c:8f:4a:a5:db:2d:3c:4d:39:cc:bf:d7:15:3d:9a:
e7:f6:f3:14:f2:ab:b9:bc:13:29:ae:b5:b3:36:4f:
4a:fa:62:d8:22:90:6e:eb:40:b5:f7:d1:6f:52:27:
43:b2:bf:1f:11:af:70:10:9e:c3:28:f1:91:d1:58:
d8:8d:0a:57:18:be:26:23:07:8c:8a:3c:be:3c:29:
50:9d:d1:83:2f:74:b0:ce:f0:b9:b6:cd:08:c5:58:
37:93:39:da:60:17:aa:b9:a5:6d:fb:53:64:2a:bc:
38:13:1e:26:c8:50:84:87:d3:03:f7:4a:33:f3:66:
7d:93:88:c3:00:ee:78:2d:8b:a0:c6:84:4c:d6:25:
df:e9:12:86:e0:4d:dc:d3:86:47:a3:0a:80:c1:0c:
b2:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:67:A3:22:79:64:3F:9F:DA:1A:DD:C3:66:D5:E3:57:8E:F4:7B:14
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS3320.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.233.192.0/18
143.14.10.0/24
143.14.128.0/24
143.14.130.0/24
143.14.140.0/24
143.14.164.0/24
143.14.169.0/24
143.14.223.0/24
143.14.225.0/24
143.14.246.0/24
147.79.48.0/22
150.241.192.0/22
155.117.17.0/24
155.117.113.0/24
155.117.124.0-155.117.126.255
155.117.167.0-155.117.168.255
155.117.200.0/24
155.117.215.0/24
155.117.221.0/24
155.117.223.0/24
162.141.158.0/24
167.148.119.0/24
168.222.1.0/24
168.222.33.0/24
168.222.64.0/24
Signature Algorithm: sha256WithRSAEncryption
9a:4e:04:4a:20:38:11:03:9d:db:e1:18:9c:1a:fe:dc:75:6a:
f7:8a:24:02:4a:61:6f:c5:12:f0:cf:1e:c5:36:40:e9:b1:4d:
ed:f5:4c:fe:58:4e:ab:a0:f1:ae:b7:c0:57:45:f2:6e:da:cb:
c5:8f:c7:15:12:60:54:c8:7d:80:cd:e9:36:21:9d:42:c1:16:
0f:45:6a:0e:86:3d:db:43:44:4f:74:7c:35:74:1d:d1:7d:62:
0e:3a:90:f6:c1:af:2d:76:8c:f0:e6:02:f1:25:28:58:88:b6:
36:e1:3c:ad:64:41:39:cf:d8:0d:a6:8c:08:b6:2a:d6:9d:da:
1e:27:fa:db:ab:ba:7d:ef:39:60:83:6b:95:1c:7b:19:93:2b:
25:ef:6a:7b:30:e3:9a:88:9b:77:9c:a2:1e:f8:b5:25:fd:26:
17:2f:d5:df:92:fe:b6:da:d1:b9:fe:09:3d:93:68:9d:6e:07:
aa:a0:69:6b:9f:90:9f:70:64:a5:14:91:d7:0b:40:32:26:31:
65:b0:f0:cc:8e:82:ab:d3:c6:9a:32:53:2c:77:70:e5:59:7b:
11:68:34:48:c2:ac:0f:4b:64:40:2b:45:f8:90:83:cf:4e:6d:
de:a4:8f:46:c6:9d:21:7a:f7:7d:81:fb:3a:7f:72:cc:eb:20:
cc:0d:42:91
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgIUbWXm2dSOukTYkoSzZ8BE0LvRjzIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MTMwNDA3NDFaFw0yNzA0MTIwNDEyNDFaMDMxMTAvBgNV
BAMTKDQwNjdBMzIyNzk2NDNGOUZEQTFBRERDMzY2RDVFMzU3OEVGNDdCMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8vcjxzgjpvp72T1+8xXADHl0q
r/0VpUC/Hlfh2E1QLwZUOgBwqKkkyv/5uPOFMo3pJOQVWCiLgJs91/uPF573NddX
tAaMMvd3z2tiTWcgJz9BMpmIi6G5Qyfuuu8VkTCtchVYrVEcRkyPSqXbLTxNOcy/
1xU9muf28xTyq7m8EymutbM2T0r6YtgikG7rQLX30W9SJ0Oyvx8Rr3AQnsMo8ZHR
WNiNClcYviYjB4yKPL48KVCd0YMvdLDO8Lm2zQjFWDeTOdpgF6q5pW37U2QqvDgT
HibIUISH0wP3SjPzZn2TiMMA7ngti6DGhEzWJd/pEobgTdzThkejCoDBDLL9AgMB
AAGjggKtMIICqTAdBgNVHQ4EFgQUQGejInlkP5/aGt3DZtXjV470exQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzMyMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBwwYIKwYBBQUHAQcBAf8EgbMwgbAwga0EAgABMIGmAwQG
jOnAAwQAjw4KAwQAjw6AAwQAjw6CAwQAjw6MAwQAjw6kAwQAjw6pAwQAjw7fAwQA
jw7hAwQAjw72AwQCk08wAwQClvHAAwQAm3URAwQAm3VxMAwDBAKbdXwDBACbdX4w
DAMEAJt1pwMEAJt1qAMEAJt1yAMEAJt11wMEAJt13QMEAJt13wMEAKKNngMEAKeU
dwMEAKjeAQMEAKjeIQMEAKjeQDANBgkqhkiG9w0BAQsFAAOCAQEAmk4ESiA4EQOd
2+EYnBr+3HVq94okAkphb8US8M8exTZA6bFN7fVM/lhOq6DxrrfAV0XybtrLxY/H
FRJgVMh9gM3pNiGdQsEWD0VqDoY920NET3R8NXQd0X1iDjqQ9sGvLXaM8OYC8SUo
WIi2NuE8rWRBOc/YDaaMCLYq1p3aHif626u6fe85YINrlRx7GZMrJe9qezDjmoib
d5yiHvi1Jf0mFy/V35L+ttrRuf4JPZNonW4HqqBpa5+Qn3BkpRSR1wtAMiYxZbDw
zI6Cq9PGmjJTLHdw5Vl7EWg0SMKsD0tkQCtF+JCDz05t3qSPRsadIXr3fYH7On9y
zOsgzA1CkQ==
-----END CERTIFICATE-----
Generated at Fri Apr 17 07:14:18 2026 by rpki-client