Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
File: AS7843.roa (raw, json)
Hash identifier: 0Nm5pNFVtVFE14vVfQKEWMNXdBkGZlytKA607XP3g2Y=
Subject key identifier: 68:CF:8A:B9:AD:3F:58:5E:1F:AC:22:59:CE:61:D5:60:62:51:41:4D
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 698B605C8E4A1CB7A4280940B8681A84CC591C2B
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
Signing time: Sun 26 Oct 2025 00:10:14 +0000
ROA not before: Sun 26 Oct 2025 00:05:14 +0000
ROA not after: Sun 25 Oct 2026 00:10:14 +0000
asID: 7843
IP address blocks: 143.14.232.0/21 maxlen: 24
162.141.2.0/23 maxlen: 24
162.141.6.0/23 maxlen: 24
162.141.22.0/23 maxlen: 24
162.141.24.0/22 maxlen: 24
162.141.28.0/22 maxlen: 24
162.141.32.0/22 maxlen: 24
162.141.40.0/22 maxlen: 24
162.141.56.0/22 maxlen: 24
162.141.60.0/22 maxlen: 24
162.141.72.0/22 maxlen: 24
162.141.76.0/23 maxlen: 24
162.141.134.0/23 maxlen: 24
162.141.144.0/21 maxlen: 24
162.141.156.0/23 maxlen: 24
162.141.168.0/21 maxlen: 24
162.141.184.0/21 maxlen: 24
162.141.192.0/21 maxlen: 24
162.141.200.0/21 maxlen: 24
162.141.208.0/21 maxlen: 24
162.141.216.0/21 maxlen: 24
162.141.224.0/21 maxlen: 24
162.141.232.0/21 maxlen: 24
162.141.240.0/21 maxlen: 24
162.141.248.0/21 maxlen: 24
167.148.16.0/21 maxlen: 24
167.148.24.0/22 maxlen: 24
167.148.44.0/23 maxlen: 24
167.148.48.0/21 maxlen: 24
167.148.56.0/22 maxlen: 24
167.148.60.0/22 maxlen: 24
167.148.64.0/22 maxlen: 24
167.148.76.0/22 maxlen: 24
167.148.88.0/21 maxlen: 24
167.148.108.0/22 maxlen: 24
167.148.145.0/24 maxlen: 24
167.148.224.0/21 maxlen: 24
167.148.232.0/21 maxlen: 24
167.148.240.0/21 maxlen: 24
167.148.248.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:8b:60:5c:8e:4a:1c:b7:a4:28:09:40:b8:68:1a:84:cc:59:1c:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 26 00:05:14 2025 GMT
Not After : Oct 25 00:10:14 2026 GMT
Subject: CN=68CF8AB9AD3F585E1FAC2259CE61D5606251414D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:cb:3e:e4:01:ae:90:68:39:b4:e4:8b:8c:26:
26:0a:d0:e9:a7:bb:e8:ad:ad:26:6b:2a:47:54:a0:
9c:25:78:1b:b4:82:aa:2b:0b:98:3d:0f:48:d5:58:
9a:ef:94:bf:7e:8f:b4:a5:09:a6:61:87:46:6f:d9:
c3:49:e0:98:c7:5f:d6:46:50:81:22:d8:24:83:00:
c3:12:07:e4:9d:28:dc:a2:1d:5c:6b:1a:a4:19:43:
06:e2:d4:b9:9f:1d:05:24:44:3e:c9:d3:9b:9e:bf:
c6:8e:4f:1b:b8:79:ac:aa:4f:cc:1c:06:4c:dd:8a:
4c:e5:89:7e:cd:bc:46:16:48:22:60:bc:69:50:90:
d0:77:9e:dd:2f:e4:8b:2b:14:c1:69:5e:36:f9:d1:
73:11:52:1b:be:bd:c0:6d:be:d9:29:48:69:a5:ff:
c0:8a:d3:c4:0a:59:bb:b7:32:13:5f:ef:ce:de:db:
1f:52:6c:96:13:fd:be:6d:6e:75:75:64:a1:4a:00:
66:9f:16:0a:18:83:d1:b6:c8:b0:38:7e:3f:8f:47:
50:d8:3f:5e:6c:cc:40:00:78:1c:17:5f:28:c0:f3:
05:23:cc:9b:39:58:46:7d:47:c1:29:b0:d1:6b:2c:
a6:58:1f:1b:a1:3a:d2:a5:b1:0e:f2:bb:03:34:2d:
53:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:CF:8A:B9:AD:3F:58:5E:1F:AC:22:59:CE:61:D5:60:62:51:41:4D
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7843.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.14.232.0/21
162.141.2.0/23
162.141.6.0/23
162.141.22.0-162.141.35.255
162.141.40.0/22
162.141.56.0/21
162.141.72.0-162.141.77.255
162.141.134.0/23
162.141.144.0/21
162.141.156.0/23
162.141.168.0/21
162.141.184.0-162.141.255.255
167.148.16.0-167.148.27.255
167.148.44.0/23
167.148.48.0-167.148.67.255
167.148.76.0/22
167.148.88.0/21
167.148.108.0/22
167.148.145.0/24
167.148.224.0/19
Signature Algorithm: sha256WithRSAEncryption
7c:37:7f:48:96:00:04:71:01:c2:f2:2a:96:1c:44:0d:3a:ae:
52:01:93:fb:6b:ef:d6:c1:ff:48:49:9c:ec:b4:97:17:c2:80:
32:31:dd:82:39:c6:94:96:7d:c5:78:26:7e:14:c3:bf:82:46:
d0:b2:39:49:dc:5e:f6:32:e0:df:a4:5f:56:1b:b0:d2:3a:9e:
d0:09:23:d8:3c:c2:84:22:0e:ba:6d:ee:51:6b:88:2f:b4:34:
78:89:cd:48:5c:3c:75:1b:76:8b:d2:d0:ce:7b:84:1b:05:ad:
c0:72:b3:ff:42:69:6b:e8:48:be:fe:6d:69:83:58:ea:ed:2e:
a1:31:f7:23:a6:3b:bb:48:70:18:99:e9:bf:e8:f0:47:d2:0e:
57:75:b6:6b:02:23:8c:bc:54:50:1a:ed:9a:4c:a0:11:56:ef:
b9:5c:c1:e7:d8:3a:db:d7:d8:4b:d5:97:43:06:a7:f5:10:fc:
a9:3a:7f:8f:86:25:9c:08:5f:fb:42:0b:06:8f:a0:08:e8:00:
36:ad:13:ba:f6:f0:04:f7:10:85:16:11:47:a0:75:85:66:35:
7c:9e:e4:93:13:54:dd:d9:a1:f3:4f:b1:f9:b9:97:84:3e:d1:
db:9f:06:bf:51:7d:89:45:35:90:f4:e2:f4:2e:ae:b1:f7:31:
71:92:87:5f
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUaYtgXI5KHLekKAlAuGgahMxZHCswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjYwMDA1MTRaFw0yNjEwMjUwMDEwMTRaMDMxMTAvBgNV
BAMTKDY4Q0Y4QUI5QUQzRjU4NUUxRkFDMjI1OUNFNjFENTYwNjI1MTQxNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9yz7kAa6QaDm05IuMJiYK0Omn
u+itrSZrKkdUoJwleBu0gqorC5g9D0jVWJrvlL9+j7SlCaZhh0Zv2cNJ4JjHX9ZG
UIEi2CSDAMMSB+SdKNyiHVxrGqQZQwbi1LmfHQUkRD7J05uev8aOTxu4eayqT8wc
BkzdikzliX7NvEYWSCJgvGlQkNB3nt0v5IsrFMFpXjb50XMRUhu+vcBtvtkpSGml
/8CK08QKWbu3MhNf787e2x9SbJYT/b5tbnV1ZKFKAGafFgoYg9G2yLA4fj+PR1DY
P15szEAAeBwXXyjA8wUjzJs5WEZ9R8EpsNFrLKZYHxuhOtKlsQ7yuwM0LVOBAgMB
AAGjggKmMIICojAdBgNVHQ4EFgQUaM+Kua0/WF4frCJZzmHVYGJRQU0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNzg0My5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBvAYIKwYBBQUHAQcBAf8EgawwgakwgaYEAgABMIGfAwQD
jw7oAwQBoo0CAwQBoo0GMAwDBAGijRYDBAKijSADBAKijSgDBAOijTgwDAMEA6KN
SAMEAaKNTAMEAaKNhgMEA6KNkAMEAaKNnAMEA6KNqDALAwQDoo24AwMBoowwDAME
BKeUEAMEAqeUGAMEAaeULDAMAwQEp5QwAwQCp5RAAwQCp5RMAwQDp5RYAwQCp5Rs
AwQAp5SRAwQFp5TgMA0GCSqGSIb3DQEBCwUAA4IBAQB8N39IlgAEcQHC8iqWHEQN
Oq5SAZP7a+/Wwf9ISZzstJcXwoAyMd2COcaUln3FeCZ+FMO/gkbQsjlJ3F72MuDf
pF9WG7DSOp7QCSPYPMKEIg66be5Ra4gvtDR4ic1IXDx1G3aL0tDOe4QbBa3AcrP/
Qmlr6Ei+/m1pg1jq7S6hMfcjpju7SHAYmem/6PBH0g5XdbZrAiOMvFRQGu2aTKAR
Vu+5XMHn2Drb19hL1ZdDBqf1EPypOn+PhiWcCF/7QgsGj6AI6AA2rRO69vAE9xCF
FhFHoHWFZjV8nuSTE1Td2aHzT7H5uZeEPtHbnwa/UX2JRTWQ9OL0Lq6x9zFxkodf
-----END CERTIFICATE-----
Generated at Tue Nov 4 20:57:16 2025 by rpki-client