Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS945.roa
File: AS945.roa (raw, json)
Hash identifier: yyjHXfjzrsQMnMHZAnaZjWkTA2GHSAH8CjkvYr3IZg8=
Subject key identifier: 3E:ED:DE:A3:60:CA:31:84:F2:B1:60:AE:DB:F2:F4:08:05:1B:CC:52
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 016C9AD86487420161129AD2D1256BAB794F5042
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS945.roa
Signing time: Tue 21 Oct 2025 19:55:09 +0000
ROA not before: Tue 21 Oct 2025 19:50:09 +0000
ROA not after: Tue 20 Oct 2026 19:55:09 +0000
asID: 945
IP address blocks: 148.135.216.0/23 maxlen: 24
148.135.218.0/23 maxlen: 24
148.135.224.0/23 maxlen: 24
148.135.226.0/23 maxlen: 24
148.135.232.0/23 maxlen: 24
148.135.234.0/23 maxlen: 24
148.135.240.0/23 maxlen: 24
148.135.242.0/23 maxlen: 24
148.135.248.0/23 maxlen: 24
148.135.250.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:6c:9a:d8:64:87:42:01:61:12:9a:d2:d1:25:6b:ab:79:4f:50:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Oct 21 19:50:09 2025 GMT
Not After : Oct 20 19:55:09 2026 GMT
Subject: CN=3EEDDEA360CA3184F2B160AEDBF2F408051BCC52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:23:fd:f2:59:a5:c8:6b:dc:e9:f4:4d:73:58:
1c:45:7d:97:10:bb:4b:43:5d:13:8e:05:58:c2:2d:
62:1d:61:a3:57:02:a9:de:12:3c:49:dd:9b:4f:83:
a4:33:57:ee:ec:15:b1:26:10:81:52:72:dc:02:f5:
c3:11:39:22:a3:57:cb:ca:f1:12:b1:a2:dc:a3:56:
7a:77:f9:7c:38:a4:8d:2d:96:24:db:63:40:02:5a:
79:40:15:18:1d:74:11:eb:4b:e2:68:23:ad:3e:11:
14:2d:13:5b:e7:3a:57:a1:ac:6e:0c:2a:3c:dd:f8:
9d:c4:b7:8d:51:25:05:4d:b3:0e:f6:76:e8:ae:6d:
89:5d:b4:05:e8:05:04:d6:3d:0a:ac:dc:c7:ff:8b:
cc:f4:50:35:a4:c0:1b:e9:42:52:d1:09:ea:e8:7c:
e6:ea:f9:88:3d:1a:91:db:23:d8:4a:bf:e1:74:f1:
ff:0a:17:74:c9:61:a4:2b:c3:0f:f7:50:58:f2:42:
8c:c9:92:6a:93:b8:15:57:20:34:b3:92:61:62:56:
93:89:43:56:64:53:ef:94:9b:38:8e:eb:02:ab:72:
92:e3:5e:71:af:06:79:38:71:e0:b5:d1:ec:f7:b8:
d3:ee:a0:22:d1:66:c5:2b:be:f8:26:db:2d:39:4c:
b6:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:ED:DE:A3:60:CA:31:84:F2:B1:60:AE:DB:F2:F4:08:05:1B:CC:52
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS945.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
148.135.216.0/22
148.135.224.0/22
148.135.232.0/22
148.135.240.0/22
148.135.248.0/22
Signature Algorithm: sha256WithRSAEncryption
29:6f:2e:ed:a6:75:f2:52:a1:2a:bb:45:4e:9a:f0:a3:a4:8a:
4f:8f:68:53:cc:64:7c:c2:f3:39:2d:26:bd:69:b2:4c:21:54:
1f:93:36:03:5e:17:96:ac:5e:e8:b8:31:4c:34:c1:be:f3:91:
7c:da:05:12:85:0e:50:ec:4a:d5:c6:0e:65:f4:f4:44:18:d1:
e3:47:08:b6:cb:0b:5b:ff:21:26:77:58:be:b5:2b:e7:00:6d:
91:3f:73:7a:1c:2f:41:23:f4:40:90:c8:cf:f4:9d:fc:88:b9:
74:93:d0:09:9d:37:7f:59:31:3b:35:98:1f:bb:1c:34:8f:58:
d9:87:fe:75:1c:2a:9d:33:4c:71:a3:1d:32:b8:01:5b:ca:1e:
1b:7b:33:1d:f2:39:e1:55:f8:a7:12:b4:a2:6f:5d:39:0c:b7:
87:54:6e:95:48:3f:29:cc:4d:3d:ca:89:a4:49:7a:7d:8b:86:
4a:17:ae:0e:97:0a:98:b1:96:2b:c1:fb:00:64:22:5b:15:a9:
bc:da:4f:0a:fc:d1:b3:71:63:cc:32:9b:bc:47:48:9c:c7:68:
16:11:a4:dd:b3:cd:49:47:ff:93:b1:07:76:d4:79:50:d0:db:
1e:ed:6c:d7:b9:39:b0:6e:0f:44:02:b4:53:1e:c6:32:34:36:
df:af:ed:21
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIUAWya2GSHQgFhEprS0SVrq3lPUEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjExOTUwMDlaFw0yNjEwMjAxOTU1MDlaMDMxMTAvBgNV
BAMTKDNFRURERUEzNjBDQTMxODRGMkIxNjBBRURCRjJGNDA4MDUxQkNDNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrI/3yWaXIa9zp9E1zWBxFfZcQ
u0tDXROOBVjCLWIdYaNXAqneEjxJ3ZtPg6QzV+7sFbEmEIFSctwC9cMROSKjV8vK
8RKxotyjVnp3+Xw4pI0tliTbY0ACWnlAFRgddBHrS+JoI60+ERQtE1vnOlehrG4M
Kjzd+J3Et41RJQVNsw72duiubYldtAXoBQTWPQqs3Mf/i8z0UDWkwBvpQlLRCero
fObq+Yg9GpHbI9hKv+F08f8KF3TJYaQrww/3UFjyQozJkmqTuBVXIDSzkmFiVpOJ
Q1ZkU++UmziO6wKrcpLjXnGvBnk4ceC10ez3uNPuoCLRZsUrvvgm2y05TLbnAgMB
AAGjggIfMIICGzAdBgNVHQ4EFgQUPu3eo2DKMYTysWCu2/L0CAUbzFIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTQ1LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQClIfYAwQC
lIfgAwQClIfoAwQClIfwAwQClIf4MA0GCSqGSIb3DQEBCwUAA4IBAQApby7tpnXy
UqEqu0VOmvCjpIpPj2hTzGR8wvM5LSa9abJMIVQfkzYDXheWrF7ouDFMNMG+85F8
2gUShQ5Q7ErVxg5l9PREGNHjRwi2ywtb/yEmd1i+tSvnAG2RP3N6HC9BI/RAkMjP
9J38iLl0k9AJnTd/WTE7NZgfuxw0j1jZh/51HCqdM0xxox0yuAFbyh4bezMd8jnh
VfinErSib105DLeHVG6VSD8pzE09yomkSXp9i4ZKF64OlwqYsZYrwfsAZCJbFam8
2k8K/NGzcWPMMpu8R0icx2gWEaTds81JR/+TsQd21HlQ0Nse7WzXuTmwbg9EArRT
HsYyNDbfr+0h
-----END CERTIFICATE-----
Generated at Tue Nov 4 20:55:24 2025 by rpki-client