Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa
File: AS40676.roa (raw, json)
Hash identifier: ZjqUtx14OTKAVpwVhx+5gOvPcBOZ9j/bMI7eglURHwY=
Subject key identifier: 8B:0A:4C:BB:9C:DD:D0:C4:C1:69:A9:2E:D7:96:9F:0B:E3:3A:AF:8E
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 0491FA9AEB43C780ED09F7252805507061C34E14
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa
Signing time: Sun 01 Mar 2026 12:20:54 +0000
ROA not before: Sun 01 Mar 2026 12:15:54 +0000
ROA not after: Sun 28 Feb 2027 12:20:54 +0000
asID: 40676
IP address blocks: 145.223.52.0/24 maxlen: 24
145.223.56.0/24 maxlen: 24
146.103.44.0/24 maxlen: 24
146.103.55.0/24 maxlen: 24
150.241.199.0/24 maxlen: 24
168.222.18.0/24 maxlen: 24
168.222.19.0/24 maxlen: 24
168.222.30.0/24 maxlen: 24
168.222.31.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 12:54:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:91:fa:9a:eb:43:c7:80:ed:09:f7:25:28:05:50:70:61:c3:4e:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Mar 1 12:15:54 2026 GMT
Not After : Feb 28 12:20:54 2027 GMT
Subject: CN=8B0A4CBB9CDDD0C4C169A92ED7969F0BE33AAF8E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:98:90:57:c4:4f:02:21:ad:36:b0:34:4b:0c:
83:08:6a:65:e1:86:4c:03:b4:4b:f8:28:53:4f:46:
2a:d1:3e:bc:98:ef:a6:44:8a:df:9f:61:30:5d:72:
d7:29:8c:19:71:8d:56:8a:31:57:41:f6:fe:8f:08:
b8:93:a1:a4:bd:35:f0:a8:72:d2:36:9a:8f:60:2a:
a4:04:34:b2:e8:d7:98:42:ab:b5:01:6c:08:aa:8a:
98:69:45:8b:5d:a3:a4:3b:ae:40:b3:32:80:cf:a7:
bc:f7:c9:80:e7:02:a0:e1:b8:a8:bb:9f:ca:8f:a6:
99:1b:51:86:e3:0e:40:da:8c:fc:3d:1b:56:ce:db:
b8:91:6d:a1:2e:99:ca:8d:ca:b4:7b:9d:85:fc:2c:
8e:8a:86:4f:9c:60:0d:56:e7:31:57:47:47:be:53:
20:a1:d0:62:4b:6b:dd:56:5b:8b:90:30:aa:58:a0:
fb:65:9f:48:ad:40:c6:3a:27:a3:f5:fe:f5:ff:a6:
f8:e8:57:e5:5a:4c:f5:a2:91:33:8a:75:7c:bd:58:
aa:7d:40:82:8c:4b:cc:d2:d9:43:5c:dd:3a:72:68:
18:34:3e:7c:50:da:19:60:70:22:9a:8a:ea:3f:c1:
4e:94:23:8d:2c:c2:1b:98:4a:ed:12:b6:42:40:81:
e5:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:0A:4C:BB:9C:DD:D0:C4:C1:69:A9:2E:D7:96:9F:0B:E3:3A:AF:8E
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS40676.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.223.52.0/24
145.223.56.0/24
146.103.44.0/24
146.103.55.0/24
150.241.199.0/24
168.222.18.0/23
168.222.30.0/23
Signature Algorithm: sha256WithRSAEncryption
3c:f1:d8:21:5f:e0:e6:67:52:bb:97:13:8a:a4:b0:c2:e1:23:
da:6c:0a:6e:97:2f:0d:04:b7:e1:01:fc:e1:2a:6e:07:59:a8:
a0:80:80:20:dc:67:59:95:b9:e8:c6:fc:14:ce:b7:00:b8:92:
c4:2f:96:b1:a7:c6:e8:34:5c:b6:f9:c6:cc:d8:10:55:60:b9:
30:b3:c6:06:c9:5c:9a:d9:42:34:73:ff:b0:58:b7:9c:21:72:
12:23:eb:4f:a2:94:94:78:2b:84:1d:ca:5b:1c:03:20:d2:00:
c3:dc:24:48:54:b1:c0:00:6f:bd:06:37:44:37:84:2b:a7:cf:
4d:1f:db:ce:03:9c:c9:1b:2a:96:85:53:fe:fa:04:47:a4:df:
97:f4:13:ae:db:6f:86:85:ef:7d:1e:98:6c:15:54:69:90:2a:
23:14:ff:97:66:2c:c8:6c:85:91:0f:4e:16:98:55:0d:aa:f3:
f2:45:96:a3:19:0e:e3:50:07:e0:74:a9:de:29:86:14:9a:ee:
38:a0:4e:15:26:86:8a:98:d5:73:88:7c:3b:25:64:67:78:e6:
5a:23:9c:5b:63:95:30:d6:9f:3c:16:9f:8d:37:f3:22:40:7c:
62:34:c6:b6:37:d2:6c:7e:e4:31:05:43:0e:08:0d:2a:94:2d:
ca:c1:2d:d3
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIUBJH6mutDx4DtCfclKAVQcGHDThQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMDExMjE1NTRaFw0yNzAyMjgxMjIwNTRaMDMxMTAvBgNV
BAMTKDhCMEE0Q0JCOUNEREQwQzRDMTY5QTkyRUQ3OTY5RjBCRTMzQUFGOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqmJBXxE8CIa02sDRLDIMIamXh
hkwDtEv4KFNPRirRPryY76ZEit+fYTBdctcpjBlxjVaKMVdB9v6PCLiToaS9NfCo
ctI2mo9gKqQENLLo15hCq7UBbAiqiphpRYtdo6Q7rkCzMoDPp7z3yYDnAqDhuKi7
n8qPppkbUYbjDkDajPw9G1bO27iRbaEumcqNyrR7nYX8LI6Khk+cYA1W5zFXR0e+
UyCh0GJLa91WW4uQMKpYoPtln0itQMY6J6P1/vX/pvjoV+VaTPWikTOKdXy9WKp9
QIKMS8zS2UNc3TpyaBg0PnxQ2hlgcCKaiuo/wU6UI40swhuYSu0StkJAgeU9AgMB
AAGjggItMIICKTAdBgNVHQ4EFgQUiwpMu5zd0MTBaaku15afC+M6r44wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDA2NzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQwYIKwYBBQUHAQcBAf8ENDAyMDAEAgABMCoDBACR3zQD
BACR3zgDBACSZywDBACSZzcDBACW8ccDBAGo3hIDBAGo3h4wDQYJKoZIhvcNAQEL
BQADggEBADzx2CFf4OZnUruXE4qksMLhI9psCm6XLw0Et+EB/OEqbgdZqKCAgCDc
Z1mVuejG/BTOtwC4ksQvlrGnxug0XLb5xszYEFVguTCzxgbJXJrZQjRz/7BYt5wh
chIj60+ilJR4K4QdylscAyDSAMPcJEhUscAAb70GN0Q3hCunz00f284DnMkbKpaF
U/76BEek35f0E67bb4aF730emGwVVGmQKiMU/5dmLMhshZEPThaYVQ2q8/JFlqMZ
DuNQB+B0qd4phhSa7jigThUmhoqY1XOIfDslZGd45lojnFtjlTDWnzwWn4038yJA
fGI0xrY30mx+5DEFQw4IDSqULcrBLdM=
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:39:36 2026 by rpki-client