Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa
File: AS395374.roa (raw, json)
Hash identifier: NGQ51dbpb9ekEXWMb2UkCHFyMAAYqbDnaxtk/JilcNg=
Subject key identifier: A3:9F:B0:B6:81:68:6A:E4:4B:D1:8E:8D:4E:24:D5:95:C7:4E:1B:E1
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 363B011F9CED4DA1404A619900DBCBA5407300B7
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa
Signing time: Tue 28 Oct 2025 09:38:22 +0000
ROA not before: Tue 28 Oct 2025 09:33:22 +0000
ROA not after: Tue 27 Oct 2026 09:38:22 +0000
asID: 395374
IP address blocks: 143.14.192.0/24 maxlen: 24
143.14.255.0/24 maxlen: 24
162.141.119.0/24 maxlen: 24
162.141.120.0/24 maxlen: 24
167.148.149.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
36:3b:01:1f:9c:ed:4d:a1:40:4a:61:99:00:db:cb:a5:40:73:00:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 28 09:33:22 2025 GMT
Not After : Oct 27 09:38:22 2026 GMT
Subject: CN=A39FB0B681686AE44BD18E8D4E24D595C74E1BE1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:69:93:83:d8:90:aa:f3:43:6a:9b:5e:9c:2d:
76:ce:26:e7:c8:64:f3:9f:ed:4b:cc:0f:4a:1e:b5:
ae:58:f0:96:2e:11:e0:28:7d:0b:91:09:56:e2:71:
80:22:2d:bc:0f:eb:f6:f9:cc:63:2b:22:69:01:51:
d9:c0:4e:85:f8:51:98:af:14:2b:69:d8:60:42:47:
c7:c5:f2:48:02:38:ca:26:4a:69:08:b5:75:1c:97:
6b:cc:e5:b8:10:36:1b:81:ae:75:5f:bb:d5:17:f8:
72:d3:d6:a8:0e:97:0b:f7:d7:54:fe:b6:cf:0d:69:
79:50:0b:79:e7:21:5a:1b:da:e5:12:ba:92:47:6b:
9b:c9:09:30:27:68:0e:89:ba:d4:0a:32:49:7d:71:
11:3e:20:57:51:2d:f1:ca:ac:ca:93:ff:87:1d:70:
93:6c:5d:c1:7c:c4:eb:ac:bc:06:0a:94:11:99:39:
ea:d0:81:df:80:ee:36:d9:50:fd:e5:c6:71:bf:67:
37:41:62:7f:c5:e0:a8:28:69:ef:7f:1a:3e:5f:9e:
b7:3a:5b:da:5d:d2:55:0c:c2:0d:42:eb:2e:2b:50:
50:45:4f:8c:32:80:ee:dd:23:d6:0b:20:6e:7b:a8:
b1:81:51:0a:03:f8:95:8a:51:68:6e:72:5e:dd:4d:
07:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:9F:B0:B6:81:68:6A:E4:4B:D1:8E:8D:4E:24:D5:95:C7:4E:1B:E1
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.192.0/24
143.14.255.0/24
162.141.119.0-162.141.120.255
167.148.149.0/24
Signature Algorithm: sha256WithRSAEncryption
11:5e:00:2e:0b:00:f8:f2:6a:23:ea:3b:49:1d:d6:04:8b:45:
d8:f0:be:bd:8a:2b:c2:e0:43:f8:27:1d:c1:36:4e:ff:a3:7c:
fa:89:20:3c:55:aa:4f:84:1b:a8:cd:d7:f5:ef:51:f4:74:dc:
cc:e1:64:a1:a3:d8:39:52:0a:1d:c4:de:0a:8e:3c:01:91:43:
a7:ca:59:91:b1:56:bf:ce:6a:56:f2:8a:de:14:73:85:8d:bf:
b9:5c:c3:b1:bf:77:27:a9:ff:70:4a:fe:b5:a6:7c:dd:0f:eb:
08:62:c5:a2:b2:bb:d1:9c:b3:f9:2f:28:ee:b0:be:33:d0:e0:
97:8b:fc:a8:80:13:92:9d:64:3a:dd:96:d7:75:43:5f:e4:67:
c4:fc:6d:68:b8:da:4c:ea:97:c9:93:5b:57:4c:6c:8f:8f:d0:
5d:22:71:4c:c8:5b:cd:32:67:07:13:62:1d:a8:4b:91:65:16:
79:1c:72:02:4a:44:63:58:90:6f:31:32:42:5f:1d:b4:59:e6:
45:5b:da:10:84:fd:09:de:e9:da:68:a1:3d:03:b5:0b:85:80:
dc:4d:e5:a1:57:d4:af:45:e7:62:11:cb:47:72:9e:7f:88:e5:
31:88:53:49:a0:5b:89:b4:eb:30:66:1c:a9:15:ee:ac:e2:e1:
79:e0:9b:fc
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIUNjsBH5ztTaFASmGZANvLpUBzALcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjgwOTMzMjJaFw0yNjEwMjcwOTM4MjJaMDMxMTAvBgNV
BAMTKEEzOUZCMEI2ODE2ODZBRTQ0QkQxOEU4RDRFMjRENTk1Qzc0RTFCRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeaZOD2JCq80Nqm16cLXbOJufI
ZPOf7UvMD0oeta5Y8JYuEeAofQuRCVbicYAiLbwP6/b5zGMrImkBUdnAToX4UZiv
FCtp2GBCR8fF8kgCOMomSmkItXUcl2vM5bgQNhuBrnVfu9UX+HLT1qgOlwv311T+
ts8NaXlQC3nnIVob2uUSupJHa5vJCTAnaA6JutQKMkl9cRE+IFdRLfHKrMqT/4cd
cJNsXcF8xOusvAYKlBGZOerQgd+A7jbZUP3lxnG/ZzdBYn/F4Kgoae9/Gj5fnrc6
W9pd0lUMwg1C6y4rUFBFT4wygO7dI9YLIG57qLGBUQoD+JWKUWhucl7dTQcJAgMB
AAGjggIkMIICIDAdBgNVHQ4EFgQUo5+wtoFoauRL0Y6NTiTVlcdOG+EwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAjw7A
AwQAjw7/MAwDBACijXcDBACijXgDBACnlJUwDQYJKoZIhvcNAQELBQADggEBABFe
AC4LAPjyaiPqO0kd1gSLRdjwvr2KK8LgQ/gnHcE2Tv+jfPqJIDxVqk+EG6jN1/Xv
UfR03MzhZKGj2DlSCh3E3gqOPAGRQ6fKWZGxVr/Oalbyit4Uc4WNv7lcw7G/dyep
/3BK/rWmfN0P6whixaKyu9Gcs/kvKO6wvjPQ4JeL/KiAE5KdZDrdltd1Q1/kZ8T8
bWi42kzql8mTW1dMbI+P0F0icUzIW80yZwcTYh2oS5FlFnkccgJKRGNYkG8xMkJf
HbRZ5kVb2hCE/Qne6dpooT0DtQuFgNxN5aFX1K9F52IRy0dynn+I5TGIU0mgW4m0
6zBmHKkV7qzi4Xngm/w=
-----END CERTIFICATE-----
Generated at Tue Nov 4 20:56:28 2025 by rpki-client