Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS834.roa
File: AS834.roa (raw, json)
Hash identifier: HRBLxpbxpF6OTTaambY835h8demDNSFFtQHUeqPqOIM=
Subject key identifier: BD:BD:3C:BD:43:38:0C:7A:A6:DC:0E:AC:F2:22:81:9C:3A:61:D7:46
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 22F85E588A2A257F513F7DD4430E62E36D89D9AD
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS834.roa
Signing time: Fri 12 Jun 2026 15:56:28 +0000
ROA not before: Fri 12 Jun 2026 15:51:28 +0000
ROA not after: Fri 11 Jun 2027 15:56:28 +0000
asID: 834
IP address blocks: 96.62.96.0/23 maxlen: 24
143.14.68.0/24 maxlen: 24
143.14.140.0/24 maxlen: 24
143.14.185.0/24 maxlen: 24
143.14.186.0/23 maxlen: 24
143.14.193.0/24 maxlen: 24
143.14.198.0/23 maxlen: 24
143.14.218.0/24 maxlen: 24
143.14.229.0/24 maxlen: 24
143.14.248.0/24 maxlen: 24
148.135.172.0/24 maxlen: 24
148.135.196.0/23 maxlen: 24
148.135.204.0/23 maxlen: 24
148.135.208.0/22 maxlen: 24
150.241.200.0/23 maxlen: 24
155.117.145.0/24 maxlen: 24
155.117.167.0/24 maxlen: 24
155.117.168.0/23 maxlen: 24
155.117.182.0/24 maxlen: 24
155.117.200.0/23 maxlen: 24
155.117.202.0/24 maxlen: 24
155.117.212.0/23 maxlen: 24
155.117.228.0/24 maxlen: 24
155.117.242.0/24 maxlen: 24
162.141.82.0/23 maxlen: 24
162.141.153.0/24 maxlen: 24
162.141.179.0/24 maxlen: 24
162.141.183.0/24 maxlen: 24
167.148.87.0/24 maxlen: 24
168.222.78.0/24 maxlen: 24
168.222.105.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 13 Jun 2026 19:43:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:f8:5e:58:8a:2a:25:7f:51:3f:7d:d4:43:0e:62:e3:6d:89:d9:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Jun 12 15:51:28 2026 GMT
Not After : Jun 11 15:56:28 2027 GMT
Subject: CN=BDBD3CBD43380C7AA6DC0EACF222819C3A61D746
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:7e:b4:45:9c:a7:48:a1:37:0b:a3:ed:87:c5:
48:20:20:b2:57:0a:fc:8e:55:91:9e:c4:74:e5:49:
df:79:11:e9:fb:0c:a7:e1:ab:bb:34:78:7d:82:e1:
62:83:ae:fe:97:16:82:09:a0:bd:a7:65:37:74:5c:
6c:9a:dd:8d:15:7b:24:e4:5e:11:32:6b:bb:95:78:
0f:7a:d4:5e:2e:ae:ec:3b:0a:fe:23:d7:75:3e:40:
26:16:a6:09:8d:1f:61:b7:8f:a2:db:c9:23:a1:2a:
9c:be:63:c0:15:23:6f:9b:12:cd:81:98:1f:4e:d1:
f0:bd:f1:12:98:88:17:47:38:ff:de:d3:29:2e:8a:
d8:98:48:01:bd:e0:f9:33:33:70:e6:25:5b:99:ce:
ea:8e:fa:71:75:6d:07:f4:1d:74:c8:9e:3b:a8:88:
29:26:54:da:89:af:a6:be:05:15:f3:07:87:d1:df:
be:1c:fd:1a:ac:3e:a3:ae:b9:e0:fa:b8:1f:4e:40:
f7:93:11:ab:a7:a5:bd:39:64:80:de:eb:c9:2c:88:
60:36:3a:f6:71:57:25:9d:a0:db:f0:04:ca:f7:5f:
6a:bd:66:35:73:66:bf:98:c5:e4:8b:00:66:33:fc:
d9:fb:a9:a5:8a:5f:50:74:da:54:62:d8:cf:3e:6a:
c3:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:BD:3C:BD:43:38:0C:7A:A6:DC:0E:AC:F2:22:81:9C:3A:61:D7:46
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS834.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
96.62.96.0/23
143.14.68.0/24
143.14.140.0/24
143.14.185.0-143.14.187.255
143.14.193.0/24
143.14.198.0/23
143.14.218.0/24
143.14.229.0/24
143.14.248.0/24
148.135.172.0/24
148.135.196.0/23
148.135.204.0/23
148.135.208.0/22
150.241.200.0/23
155.117.145.0/24
155.117.167.0-155.117.169.255
155.117.182.0/24
155.117.200.0-155.117.202.255
155.117.212.0/23
155.117.228.0/24
155.117.242.0/24
162.141.82.0/23
162.141.153.0/24
162.141.179.0/24
162.141.183.0/24
167.148.87.0/24
168.222.78.0/24
168.222.105.0/24
Signature Algorithm: sha256WithRSAEncryption
25:69:06:7b:aa:1c:5d:7a:40:1a:1d:d2:84:c7:20:a5:7e:64:
88:50:22:a3:08:11:8e:cb:19:72:9a:d5:15:4f:b3:db:19:43:
7c:1d:18:55:02:6a:a2:3e:2f:bf:e3:00:ed:f9:c6:4b:03:6d:
4e:fd:97:98:29:45:c8:47:86:98:58:e4:a4:2a:a6:84:52:c8:
d0:aa:be:5c:fa:5f:51:1a:19:d0:bf:3e:64:46:87:10:bd:e6:
b8:05:07:9b:22:15:16:a6:02:60:fd:2a:bb:8b:15:74:b7:71:
15:f6:1a:38:16:57:23:7a:d1:68:59:6d:d0:f3:a2:d0:10:b1:
ec:aa:0f:92:56:01:5e:e5:21:2b:5f:14:5d:c0:f5:3d:6c:9d:
1b:10:52:47:fb:ea:f5:ac:b9:14:f7:ba:42:72:c3:d0:81:ea:
83:f0:f7:5f:ae:da:6a:9d:80:94:3d:60:de:94:54:19:27:0e:
84:c7:b0:9b:4b:3d:a3:9f:61:f4:a5:ff:fd:37:b1:ee:a0:72:
77:07:eb:7b:6a:d9:c4:b4:30:fc:89:6e:f5:65:ad:55:b9:94:
c6:7b:b7:54:34:4b:68:ec:f0:e1:34:19:32:e4:27:99:bc:4c:
a7:10:a2:5e:5c:21:37:25:79:1c:3b:13:98:bf:5c:89:d1:98:
c4:f6:9a:62
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUIvheWIoqJX9RP33UQw5i422J2a0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MTIxNTUxMjhaFw0yNzA2MTExNTU2MjhaMDMxMTAvBgNV
BAMTKEJEQkQzQ0JENDMzODBDN0FBNkRDMEVBQ0YyMjI4MTlDM0E2MUQ3NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtfrRFnKdIoTcLo+2HxUggILJX
CvyOVZGexHTlSd95Een7DKfhq7s0eH2C4WKDrv6XFoIJoL2nZTd0XGya3Y0VeyTk
XhEya7uVeA961F4uruw7Cv4j13U+QCYWpgmNH2G3j6LbySOhKpy+Y8AVI2+bEs2B
mB9O0fC98RKYiBdHOP/e0ykuitiYSAG94PkzM3DmJVuZzuqO+nF1bQf0HXTInjuo
iCkmVNqJr6a+BRXzB4fR374c/RqsPqOuueD6uB9OQPeTEaunpb05ZIDe68ksiGA2
OvZxVyWdoNvwBMr3X2q9ZjVzZr+YxeSLAGYz/Nn7qaWKX1B02lRi2M8+asN/AgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUvb08vUM4DHqm3A6s8iKBnDph10YwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHdBggrBgEFBQcBBwEB/wSBzTCByjCBxwQCAAEwgcADBAFg
PmADBACPDkQDBACPDowwDAMEAI8OuQMEAo8OuAMEAI8OwQMEAY8OxgMEAI8O2gME
AI8O5QMEAI8O+AMEAJSHrAMEAZSHxAMEAZSHzAMEApSH0AMEAZbxyAMEAJt1kTAM
AwQAm3WnAwQBm3WoAwQAm3W2MAwDBAObdcgDBACbdcoDBAGbddQDBACbdeQDBACb
dfIDBAGijVIDBACijZkDBACijbMDBACijbcDBACnlFcDBACo3k4DBACo3mkwDQYJ
KoZIhvcNAQELBQADggEBACVpBnuqHF16QBod0oTHIKV+ZIhQIqMIEY7LGXKa1RVP
s9sZQ3wdGFUCaqI+L7/jAO35xksDbU79l5gpRchHhphY5KQqpoRSyNCqvlz6X1Ea
GdC/PmRGhxC95rgFB5siFRamAmD9KruLFXS3cRX2GjgWVyN60WhZbdDzotAQseyq
D5JWAV7lIStfFF3A9T1snRsQUkf76vWsuRT3ukJyw9CB6oPw91+u2mqdgJQ9YN6U
VBknDoTHsJtLPaOfYfSl//03se6gcncH63tq2cS0MPyJbvVlrVW5lMZ7t1Q0S2js
8OE0GTLkJ5m8TKcQol5cITcleRw7E5i/XInRmMT2mmI=
-----END CERTIFICATE-----
Generated at Sat Jun 13 06:43:56 2026 by rpki-client