Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: EsQMSwaTyKnHzRNYyy3Ol8GmxJPx+AcTDSkCdTd6QsU=
Subject key identifier: 85:6A:35:D3:08:CA:38:71:19:91:9D:4B:36:2F:31:32:11:E9:89:9D
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 52CCC1FAE419A605528C3153ACED6C819290495E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
Signing time: Tue 29 Jul 2025 18:26:43 +0000
ROA not before: Tue 29 Jul 2025 18:21:43 +0000
ROA not after: Tue 28 Jul 2026 18:26:43 +0000
asID: 20473
IP address blocks: 45.87.187.0/24 maxlen: 24
181.215.41.0/24 maxlen: 24
181.215.70.0/24 maxlen: 24
191.101.223.0/24 maxlen: 24
213.109.169.0/24 maxlen: 24
2a0b:500::/32 maxlen: 48
2a0b:501::/32 maxlen: 48
2a0b:502::/32 maxlen: 48
2a0b:503::/32 maxlen: 48
2a0b:504::/32 maxlen: 48
2a0b:505::/32 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 03:00:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:cc:c1:fa:e4:19:a6:05:52:8c:31:53:ac:ed:6c:81:92:90:49:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Jul 29 18:21:43 2025 GMT
Not After : Jul 28 18:26:43 2026 GMT
Subject: CN=856A35D308CA387119919D4B362F313211E9899D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:22:49:49:33:1d:19:0b:0a:98:8a:c9:93:0f:
f4:9b:9a:44:07:03:6a:68:72:83:16:66:bb:75:06:
fb:1a:e7:3b:9e:25:97:56:81:5a:0e:e7:cd:68:7f:
78:dc:61:3a:6e:92:5f:cb:59:fa:6c:75:96:b1:04:
1c:23:5c:24:8e:56:22:61:66:ef:f4:b1:e5:3f:cf:
9d:ee:3f:34:c7:32:f5:ef:21:66:5b:3b:b2:80:e6:
ad:61:43:8a:ef:dc:45:f0:61:80:6d:9b:f4:d6:24:
4a:0a:24:fc:40:15:0a:3f:97:60:82:31:66:63:3c:
39:4e:56:9d:4c:8e:e2:e3:53:22:5c:39:93:53:8d:
51:14:93:09:8c:01:af:ba:a1:00:ae:62:14:8c:92:
af:f7:30:b9:11:a6:51:9f:db:d4:25:9e:cd:71:9c:
53:43:ac:cf:5b:c3:50:bf:dc:df:2d:bd:51:b4:fd:
f0:81:05:00:a1:07:4f:85:1c:9f:1f:ba:fe:08:e8:
2f:85:83:64:fc:31:67:bd:4c:ac:42:d7:d7:19:bd:
74:60:ad:bd:43:a6:92:e0:a3:25:fb:fc:7b:8e:b0:
53:38:65:2f:b8:aa:b4:12:3d:b8:7d:26:19:a9:f7:
9f:98:9a:0d:c5:b9:c3:bc:5e:cc:92:d2:7b:a1:2c:
e9:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:6A:35:D3:08:CA:38:71:19:91:9D:4B:36:2F:31:32:11:E9:89:9D
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.187.0/24
181.215.41.0/24
181.215.70.0/24
191.101.223.0/24
213.109.169.0/24
IPv6:
2a0b:500::-2a0b:505:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
6a:d6:56:a4:88:4d:41:d7:ee:4d:8c:17:e2:e8:66:b3:dc:73:
b7:5b:73:01:87:4b:c7:6b:68:e5:85:37:79:60:85:ec:be:9b:
db:8e:f7:55:3f:08:52:cc:ae:38:e9:af:fb:45:2d:23:c2:fb:
2a:f7:cf:62:58:bf:46:5d:89:f6:f1:95:cc:06:32:d4:81:d3:
b2:2e:ae:bc:8e:e1:b7:4f:21:80:67:64:99:21:9e:48:db:da:
e2:d8:6d:02:95:4a:ce:9a:34:68:5e:32:23:a7:c8:0c:36:91:
0a:ab:58:e3:21:bb:d3:9f:3a:86:e1:54:fb:c1:0a:60:95:d1:
4e:bf:62:2d:a0:68:10:1c:72:ab:25:3c:86:05:6a:15:16:b8:
51:b7:93:37:cb:56:8b:4f:c3:81:8a:89:95:24:20:04:b4:f0:
45:67:58:81:8a:cd:43:ea:05:e1:30:fd:7b:6e:6c:1b:53:93:
cf:68:cd:f7:fe:cb:ef:5a:2f:40:b5:91:96:da:00:96:2d:03:
58:14:05:c3:94:03:63:3e:0f:bf:84:7a:2d:a3:09:02:bf:80:
b3:f4:0e:a8:1b:8b:7c:d8:1e:06:9f:41:6e:24:80:af:cb:32:
56:51:10:22:df:db:b0:0c:bd:59:c2:eb:b8:4b:ef:4c:ca:84:
39:8e:0f:e9
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIUUszB+uQZpgVSjDFTrO1sgZKQSV4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MjkxODIxNDNaFw0yNjA3MjgxODI2NDNaMDMxMTAvBgNV
BAMTKDg1NkEzNUQzMDhDQTM4NzExOTkxOUQ0QjM2MkYzMTMyMTFFOTg5OUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRIklJMx0ZCwqYismTD/SbmkQH
A2pocoMWZrt1Bvsa5zueJZdWgVoO581of3jcYTpukl/LWfpsdZaxBBwjXCSOViJh
Zu/0seU/z53uPzTHMvXvIWZbO7KA5q1hQ4rv3EXwYYBtm/TWJEoKJPxAFQo/l2CC
MWZjPDlOVp1MjuLjUyJcOZNTjVEUkwmMAa+6oQCuYhSMkq/3MLkRplGf29Qlns1x
nFNDrM9bw1C/3N8tvVG0/fCBBQChB0+FHJ8fuv4I6C+Fg2T8MWe9TKxC19cZvXRg
rb1DppLgoyX7/HuOsFM4ZS+4qrQSPbh9Jhmp95+Ymg3FucO8XsyS0nuhLOkJAgMB
AAGjggI4MIICNDAdBgNVHQ4EFgQUhWo10wjKOHEZkZ1LNi8xMhHpiZ0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTgYIKwYBBQUHAQcBAf8EPzA9MCQEAgABMB4DBAAtV7sD
BAC11ykDBAC110YDBAC/Zd8DBADVbakwFQQCAAIwDzANAwQAKgsFAwUBKgsFBDAN
BgkqhkiG9w0BAQsFAAOCAQEAatZWpIhNQdfuTYwX4uhms9xzt1tzAYdLx2to5YU3
eWCF7L6b2473VT8IUsyuOOmv+0UtI8L7KvfPYli/Rl2J9vGVzAYy1IHTsi6uvI7h
t08hgGdkmSGeSNva4thtApVKzpo0aF4yI6fIDDaRCqtY4yG70586huFU+8EKYJXR
Tr9iLaBoEBxyqyU8hgVqFRa4UbeTN8tWi0/DgYqJlSQgBLTwRWdYgYrNQ+oF4TD9
e25sG1OTz2jN9/7L71ovQLWRltoAli0DWBQFw5QDYz4Pv4R6LaMJAr+As/QOqBuL
fNgeBp9BbiSAr8syVlEQIt/bsAy9WcLruEvvTMqEOY4P6Q==
-----END CERTIFICATE-----
Generated at Mon Aug 4 07:42:09 2025 by rpki-client