Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
File: AS7843.roa (raw, json)
Hash identifier: +3SjEiCJeJQfnuONeA8UksJ4aYKSVCt6MT+gSQXaRkQ=
Subject key identifier: A1:68:47:EB:DC:0D:9A:DE:24:2E:FA:A7:21:CF:58:AE:91:8A:B2:98
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 43A3B08DEC0312FFF2F6C9F5D96BB0C92E416128
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
Signing time: Wed 11 Feb 2026 22:00:17 +0000
ROA not before: Wed 11 Feb 2026 21:55:17 +0000
ROA not after: Wed 10 Feb 2027 22:00:17 +0000
asID: 7843
IP address blocks: 143.14.232.0/21 maxlen: 24
162.141.2.0/23 maxlen: 24
162.141.6.0/23 maxlen: 24
162.141.22.0/23 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.76.0/23 maxlen: 24
162.141.134.0/23 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.156.0/23 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
162.141.192.0/21 maxlen: 24
162.141.200.0/21 maxlen: 24
162.141.216.0/21 maxlen: 24
162.141.224.0/21 maxlen: 24
162.141.232.0/21 maxlen: 24
162.141.240.0/21 maxlen: 24
162.141.248.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.44.0/23 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.60.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.145.0/24 maxlen: 24
167.148.224.0/21 maxlen: 24
167.148.232.0/21 maxlen: 24
167.148.240.0/21 maxlen: 24
167.148.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 12:54:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:a3:b0:8d:ec:03:12:ff:f2:f6:c9:f5:d9:6b:b0:c9:2e:41:61:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Feb 11 21:55:17 2026 GMT
Not After : Feb 10 22:00:17 2027 GMT
Subject: CN=A16847EBDC0D9ADE242EFAA721CF58AE918AB298
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:69:09:a4:63:13:e8:71:b0:77:81:22:a8:8f:
19:3c:95:c6:98:6c:b3:0f:c4:9b:e8:cc:2f:1c:b2:
9e:8a:13:eb:f0:48:87:5c:97:e4:27:38:34:d5:45:
b8:a4:bd:7e:c6:8f:09:07:4f:1d:7d:8b:19:d1:ce:
e6:34:ea:4f:7e:8a:3e:93:52:74:66:18:ac:77:8f:
67:b8:bd:f7:a0:66:45:bf:67:c6:a0:f9:b9:0f:62:
ae:7c:c9:f3:06:21:7b:89:9a:60:33:a3:c3:5b:3e:
b8:e7:77:e3:c0:aa:6e:f3:42:69:65:e0:ac:89:e5:
57:cd:8f:9a:fd:39:ba:21:a3:d3:b7:81:2d:2c:6a:
df:8c:aa:3e:2b:b7:1f:12:c2:39:fb:0b:71:b5:21:
c2:c3:f9:4f:6f:cf:13:90:81:50:b9:83:82:45:fd:
c1:c4:7e:de:d0:c1:b2:6d:c6:de:fc:fb:4a:46:30:
4b:b2:18:9e:59:a1:30:c1:39:da:66:49:4c:c9:3f:
c5:15:53:ce:96:e4:30:71:a7:a7:f3:a2:0b:7f:5d:
b8:10:1e:d9:80:cf:ea:62:46:ce:50:7d:15:71:aa:
8b:85:5d:f3:ba:0b:63:0b:21:d6:94:e9:a5:41:03:
12:4b:e4:90:53:1a:b1:3c:79:19:73:2d:b5:13:a9:
35:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:68:47:EB:DC:0D:9A:DE:24:2E:FA:A7:21:CF:58:AE:91:8A:B2:98
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.232.0/21
162.141.2.0/23
162.141.6.0/23
162.141.22.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0-162.141.77.255
162.141.134.0/23
162.141.144.0/21
162.141.156.0/23
162.141.168.0/21
162.141.184.0-162.141.207.255
162.141.216.0-162.141.255.255
167.148.16.0/21
167.148.44.0/23
167.148.48.0-167.148.67.255
167.148.76.0/22
167.148.88.0/21
167.148.108.0/22
167.148.145.0/24
167.148.224.0/19
Signature Algorithm: sha256WithRSAEncryption
87:0e:b7:fd:ad:f2:84:85:d8:e8:6b:d9:f4:d4:23:2f:37:b2:
58:fe:b4:95:e8:1f:6b:ab:fe:68:77:e6:82:5c:0a:60:bb:f9:
07:e2:b6:3b:de:21:3d:fc:1f:6b:7d:85:ff:ee:03:af:12:f9:
d4:fe:17:be:1d:e9:1f:56:ce:d5:d6:9e:b2:b5:9b:a1:10:33:
f5:d0:71:8d:47:20:42:e8:85:60:df:43:e9:b0:7e:90:77:31:
1f:4a:a7:1c:66:08:ff:a9:5f:91:50:ce:e2:72:fa:bc:d8:96:
d1:6b:91:0d:83:d6:94:23:84:c5:15:e5:93:c5:04:e1:54:6e:
46:2e:c3:e7:e8:68:a1:c1:77:0b:5b:86:9e:15:7e:23:a4:8c:
39:70:bc:e7:53:4e:6e:53:ff:89:a5:07:ac:0e:24:32:98:36:
23:cd:c8:57:c4:2d:5f:72:38:dc:5b:1e:fb:ef:0f:de:ea:87:
60:aa:f7:14:83:b2:18:9a:34:c3:0c:ff:71:6c:18:d7:e1:e8:
fe:ca:86:32:bb:80:7f:56:b0:1d:b3:25:2b:b0:1d:6c:38:86:
6c:ce:44:39:45:19:be:46:15:e0:6d:2c:d1:60:fc:b3:ba:c7:
0e:e6:6a:73:bd:7d:73:e0:3e:7d:c3:06:94:7e:0b:b2:08:c6:
5c:0f:8b:a2
-----BEGIN CERTIFICATE-----
MIIFojCCBIqgAwIBAgIUQ6OwjewDEv/y9sn12WuwyS5BYSgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMTEyMTU1MTdaFw0yNzAyMTAyMjAwMTdaMDMxMTAvBgNV
BAMTKEExNjg0N0VCREMwRDlBREUyNDJFRkFBNzIxQ0Y1OEFFOTE4QUIyOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnaQmkYxPocbB3gSKojxk8lcaY
bLMPxJvozC8csp6KE+vwSIdcl+QnODTVRbikvX7GjwkHTx19ixnRzuY06k9+ij6T
UnRmGKx3j2e4vfegZkW/Z8ag+bkPYq58yfMGIXuJmmAzo8NbPrjnd+PAqm7zQmll
4KyJ5VfNj5r9Oboho9O3gS0sat+Mqj4rtx8Swjn7C3G1IcLD+U9vzxOQgVC5g4JF
/cHEft7QwbJtxt78+0pGMEuyGJ5ZoTDBOdpmSUzJP8UVU86W5DBxp6fzogt/XbgQ
HtmAz+piRs5QfRVxqouFXfO6C2MLIdaU6aVBAxJL5JBTGrE8eRlzLbUTqTWjAgMB
AAGjggKsMIICqDAdBgNVHQ4EFgQUoWhH69wNmt4kLvqnIc9YrpGKspgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNzg0My5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBwgYIKwYBBQUHAQcBAf8EgbIwga8wgawEAgABMIGlAwQD
jw7oAwQBoo0CAwQBoo0GMAwDBAGijRYDBAKijSADBAKijSgDBAOijTgwDAMEA6KN
SAMEAaKNTAMEAaKNhgMEA6KNkAMEAaKNnAMEA6KNqDAMAwQDoo24AwQEoo3AMAsD
BAOijdgDAwGijAMEA6eUEAMEAaeULDAMAwQEp5QwAwQCp5RAAwQCp5RMAwQDp5RY
AwQCp5RsAwQAp5SRAwQFp5TgMA0GCSqGSIb3DQEBCwUAA4IBAQCHDrf9rfKEhdjo
a9n01CMvN7JY/rSV6B9rq/5od+aCXApgu/kH4rY73iE9/B9rfYX/7gOvEvnU/he+
HekfVs7V1p6ytZuhEDP10HGNRyBC6IVg30PpsH6QdzEfSqccZgj/qV+RUM7icvq8
2JbRa5ENg9aUI4TFFeWTxQThVG5GLsPn6GihwXcLW4aeFX4jpIw5cLznU05uU/+J
pQesDiQymDYjzchXxC1fcjjcWx777w/e6odgqvcUg7IYmjTDDP9xbBjX4ej+yoYy
u4B/VrAdsyUrsB1sOIZszkQ5RRm+RhXgbSzRYPyzuscO5mpzvX1z4D59wwaUfguy
CMZcD4ui
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:36:20 2026 by rpki-client