Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: oKSIQKBf6ydqZA0iq++Xug2v6h28AlGQLaNb3C2Fnv8=
Subject key identifier: AA:6E:1B:8F:EB:BF:68:FC:61:DB:3C:62:03:D3:F5:BE:4C:13:4C:AA
Certificate issuer: /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial: 696BEDC77B0DE1FE11A107DC2FE3F486882861CB
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
Signing time: Sat 12 Apr 2025 16:53:42 +0000
ROA not before: Sat 12 Apr 2025 16:48:42 +0000
ROA not after: Sat 11 Apr 2026 16:53:42 +0000
asID: 20473
IP address blocks: 181.215.41.0/24 maxlen: 24
181.215.70.0/24 maxlen: 24
185.151.58.0/24 maxlen: 24
191.101.223.0/24 maxlen: 24
213.109.169.0/24 maxlen: 24
2a0b:500::/32 maxlen: 48
2a0b:501::/32 maxlen: 48
2a0b:502::/32 maxlen: 48
2a0b:503::/32 maxlen: 48
2a0b:504::/32 maxlen: 48
2a0b:505::/32 maxlen: 48
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 10:58:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:6b:ed:c7:7b:0d:e1:fe:11:a1:07:dc:2f:e3:f4:86:88:28:61:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Validity
Not Before: Apr 12 16:48:42 2025 GMT
Not After : Apr 11 16:53:42 2026 GMT
Subject: CN=AA6E1B8FEBBF68FC61DB3C6203D3F5BE4C134CAA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:29:83:08:40:65:72:76:6e:f5:b5:69:46:c0:
6a:58:ce:41:25:81:57:94:9c:b5:a8:74:99:22:79:
67:01:c0:19:93:d3:d4:3b:78:06:f3:6b:61:89:24:
6d:38:e9:07:74:95:5c:a7:1c:5e:79:46:67:14:8b:
16:9d:8d:63:6d:50:c0:c6:6d:0c:b2:40:37:f9:96:
aa:2f:f8:b4:f7:ab:08:fc:7a:eb:b5:ec:1a:b1:5e:
98:95:d3:a2:57:5c:15:de:24:06:a1:fe:9d:83:a2:
f2:60:c0:1f:86:3a:f8:43:0c:68:03:1f:3d:5f:3e:
c0:bc:48:8f:1a:18:a6:f8:d5:3f:89:2d:83:47:9e:
30:cd:05:d4:8e:8e:14:e8:dd:4e:5a:e1:63:ff:44:
53:94:f5:5f:41:0c:1d:95:83:22:69:f7:05:34:f1:
50:84:e7:f0:46:7b:3a:03:8c:b8:1f:39:87:d4:4e:
bd:b5:f9:dc:db:b7:2a:ba:5c:e7:6b:bc:f7:ca:e7:
d6:77:86:6d:34:84:27:ef:5f:b2:f8:5d:88:38:2f:
63:46:0d:75:1b:a8:02:ca:fb:c2:47:98:3a:25:86:
2b:57:31:d0:17:d1:86:99:2f:68:6b:a6:7f:88:f0:
54:1c:9f:a7:83:dc:73:65:64:89:fc:8b:68:94:02:
a6:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:6E:1B:8F:EB:BF:68:FC:61:DB:3C:62:03:D3:F5:BE:4C:13:4C:AA
X509v3 Authority Key Identifier:
keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
181.215.41.0/24
181.215.70.0/24
185.151.58.0/24
191.101.223.0/24
213.109.169.0/24
IPv6:
2a0b:500::-2a0b:505:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
02:dc:72:07:96:83:f9:cd:31:34:00:48:2c:15:67:de:0a:8e:
1b:36:38:16:db:55:6d:50:7b:5c:ef:9a:8c:c4:d6:e3:b5:c7:
9d:95:99:2e:02:97:d7:e4:dd:f9:5b:79:4c:d9:e4:69:0a:1e:
2a:1f:e5:54:8e:e0:06:c6:d9:04:cf:27:54:64:9f:ab:91:1b:
67:e8:f0:06:4b:86:1a:98:e4:5c:93:76:87:16:2b:58:8a:94:
15:2b:cb:34:a1:06:94:e7:b1:04:9d:c9:3b:7f:12:3a:69:da:
55:e1:12:7d:4e:82:6a:25:b1:f0:7b:7c:9e:c1:59:41:d0:09:
64:90:b7:14:00:07:2f:18:61:ae:16:34:7e:2c:f8:7c:29:0d:
ba:be:a8:99:12:84:5a:7f:51:df:44:62:a2:82:61:ba:07:4b:
bf:1a:02:7e:b7:ae:b0:20:09:74:ff:df:5f:03:76:76:60:f7:
55:85:a0:e0:92:c7:b7:99:ad:0c:d1:c6:d4:2f:84:32:78:4b:
a5:a8:77:89:36:bf:cb:56:2b:1d:f8:4a:4b:b6:59:ac:7d:5c:
9b:de:83:c6:03:17:ef:2e:37:90:c0:03:fe:6d:2a:70:00:d5:
5a:0e:52:5a:42:ea:02:29:ae:d4:35:79:53:5b:4f:b1:97:ef:
64:9b:40:bc
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIUaWvtx3sN4f4RoQfcL+P0hogoYcswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA0MTIxNjQ4NDJaFw0yNjA0MTExNjUzNDJaMDMxMTAvBgNV
BAMTKEFBNkUxQjhGRUJCRjY4RkM2MURCM0M2MjAzRDNGNUJFNEMxMzRDQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6KYMIQGVydm71tWlGwGpYzkEl
gVeUnLWodJkieWcBwBmT09Q7eAbza2GJJG046Qd0lVynHF55RmcUixadjWNtUMDG
bQyyQDf5lqov+LT3qwj8euu17BqxXpiV06JXXBXeJAah/p2DovJgwB+GOvhDDGgD
Hz1fPsC8SI8aGKb41T+JLYNHnjDNBdSOjhTo3U5a4WP/RFOU9V9BDB2VgyJp9wU0
8VCE5/BGezoDjLgfOYfUTr21+dzbtyq6XOdrvPfK59Z3hm00hCfvX7L4XYg4L2NG
DXUbqALK+8JHmDolhitXMdAX0YaZL2hrpn+I8FQcn6eD3HNlZIn8i2iUAqbFAgMB
AAGjggI4MIICNDAdBgNVHQ4EFgQUqm4bj+u/aPxh2zxiA9P1vkwTTKowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTgYIKwYBBQUHAQcBAf8EPzA9MCQEAgABMB4DBAC11ykD
BAC110YDBAC5lzoDBAC/Zd8DBADVbakwFQQCAAIwDzANAwQAKgsFAwUBKgsFBDAN
BgkqhkiG9w0BAQsFAAOCAQEAAtxyB5aD+c0xNABILBVn3gqOGzY4FttVbVB7XO+a
jMTW47XHnZWZLgKX1+Td+Vt5TNnkaQoeKh/lVI7gBsbZBM8nVGSfq5EbZ+jwBkuG
GpjkXJN2hxYrWIqUFSvLNKEGlOexBJ3JO38SOmnaVeESfU6CaiWx8Ht8nsFZQdAJ
ZJC3FAAHLxhhrhY0fiz4fCkNur6omRKEWn9R30RiooJhugdLvxoCfreusCAJdP/f
XwN2dmD3VYWg4JLHt5mtDNHG1C+EMnhLpah3iTa/y1YrHfhKS7ZZrH1cm96DxgMX
7y43kMAD/m0qcADVWg5SWkLqAimu1DV5U1tPsZfvZJtAvA==
-----END CERTIFICATE-----
Generated at Sat Apr 26 18:33:20 2025 by rpki-client