Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20326.roa
File: AS20326.roa (raw, json)
Hash identifier: d/LaM34wcc0+xmZ2fe58BgNBJDet59ivd1qw7an6jTM=
Subject key identifier: A0:B1:3C:A7:E1:FC:00:41:E8:35:3D:A3:77:A2:ED:51:86:EF:6A:CB
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 11F9DC7AD1651A22930618FD282F04F778537B28
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20326.roa
Signing time: Mon 06 Apr 2026 20:57:04 +0000
ROA not before: Mon 06 Apr 2026 20:52:04 +0000
ROA not after: Mon 05 Apr 2027 20:57:04 +0000
asID: 20326
IP address blocks: 82.21.43.0/24 maxlen: 24
82.22.32.0/24 maxlen: 24
82.22.124.0/23 maxlen: 23
82.22.160.0/24 maxlen: 24
82.25.13.0/24 maxlen: 24
82.26.96.0/22 maxlen: 24
82.39.135.0/24 maxlen: 24
82.39.136.0/24 maxlen: 24
82.39.165.0/24 maxlen: 24
82.40.61.0/24 maxlen: 24
82.47.232.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:f9:dc:7a:d1:65:1a:22:93:06:18:fd:28:2f:04:f7:78:53:7b:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Apr 6 20:52:04 2026 GMT
Not After : Apr 5 20:57:04 2027 GMT
Subject: CN=A0B13CA7E1FC0041E8353DA377A2ED5186EF6ACB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:ba:a6:11:d9:0d:82:68:07:49:b3:b1:d4:4b:
a6:20:cc:cc:2b:0b:2a:a6:bb:7e:bb:9b:b1:b7:82:
b6:81:65:80:9d:b4:83:7f:f7:67:35:15:44:54:e4:
ff:fa:5d:01:60:2b:65:c7:71:36:86:39:2b:ed:fe:
d9:00:80:45:82:90:ab:22:85:c8:d7:7b:76:0f:26:
ee:f0:96:eb:99:35:6c:5a:59:3e:43:a1:cf:f7:21:
0a:ad:ca:5e:2b:91:81:a5:95:3a:7a:d5:19:15:1e:
53:f9:42:93:12:c4:f5:02:1a:d1:98:7c:fe:d1:36:
e5:1d:9d:dc:02:18:05:b2:e6:ae:f0:10:bc:7a:71:
e2:f2:7f:af:ed:b1:ec:96:71:7e:cf:8e:fa:b1:a0:
47:fb:ee:82:0b:04:30:4f:bc:0f:d0:b0:7b:55:76:
55:d8:b3:b8:b2:9e:9e:5b:2d:55:c5:2e:41:59:9e:
3c:2e:02:6a:e1:4f:f2:e6:f2:a9:bc:37:24:4a:25:
bd:82:6b:15:e4:46:f8:86:24:ca:d2:7d:4e:f1:4a:
86:29:ab:58:8c:ac:e2:11:f6:07:e8:c7:1a:17:c3:
9c:34:3f:d4:2c:2d:bb:45:bf:55:b7:06:a0:3b:c8:
0d:27:27:36:1f:48:33:a8:e9:2a:fa:85:e1:d7:9f:
5e:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:B1:3C:A7:E1:FC:00:41:E8:35:3D:A3:77:A2:ED:51:86:EF:6A:CB
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20326.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.43.0/24
82.22.32.0/24
82.22.124.0/23
82.22.160.0/24
82.25.13.0/24
82.26.96.0/22
82.39.135.0-82.39.136.255
82.39.165.0/24
82.40.61.0/24
82.47.232.0/21
Signature Algorithm: sha256WithRSAEncryption
64:cc:3e:33:93:a7:b8:a5:2c:64:87:3a:c8:1d:ad:cf:82:07:
95:2a:e2:bd:55:23:8b:fb:1c:9f:a7:4e:31:10:99:91:1a:e7:
e3:7f:cc:a9:6f:2e:d6:bb:ca:8a:65:26:76:44:b0:41:ff:ea:
7a:1f:37:ee:5c:da:99:5c:75:6e:31:0d:30:42:92:87:be:54:
30:4a:a5:b6:7f:c1:39:ea:19:c2:8e:c6:5e:8d:35:fd:90:86:
3f:d3:12:fa:54:43:06:d2:9c:39:d8:3f:88:7c:94:9e:19:0d:
a3:34:7c:47:17:45:40:9a:0d:ad:8e:47:84:9f:be:8e:06:66:
14:ac:0e:c4:d5:da:34:c1:4a:fe:96:f0:b3:25:bd:8b:cf:5d:
08:40:10:ef:a0:66:39:3e:1f:9d:1d:f6:21:ee:f2:7b:4f:c3:
77:ad:2d:48:e4:bd:6b:04:5b:42:60:33:17:a8:03:77:9e:65:
97:75:0d:51:75:a7:d6:67:75:64:aa:c5:85:8f:c3:f7:6b:c3:
a5:06:14:73:9e:31:7f:af:ce:b6:ef:98:03:99:de:03:cf:e5:
ca:b1:2b:bd:82:bf:d7:ca:0f:bc:7a:c8:79:ea:ec:e7:19:a4:
c2:da:80:53:b8:6d:6d:db:3a:6c:99:01:7b:64:61:3f:75:d6:
8b:cb:cd:35
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIUEfncetFlGiKTBhj9KC8E93hTeygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDYyMDUyMDRaFw0yNzA0MDUyMDU3MDRaMDMxMTAvBgNV
BAMTKEEwQjEzQ0E3RTFGQzAwNDFFODM1M0RBMzc3QTJFRDUxODZFRjZBQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwuqYR2Q2CaAdJs7HUS6YgzMwr
Cyqmu367m7G3graBZYCdtIN/92c1FURU5P/6XQFgK2XHcTaGOSvt/tkAgEWCkKsi
hcjXe3YPJu7wluuZNWxaWT5Doc/3IQqtyl4rkYGllTp61RkVHlP5QpMSxPUCGtGY
fP7RNuUdndwCGAWy5q7wELx6ceLyf6/tseyWcX7PjvqxoEf77oILBDBPvA/QsHtV
dlXYs7iynp5bLVXFLkFZnjwuAmrhT/Lm8qm8NyRKJb2CaxXkRviGJMrSfU7xSoYp
q1iMrOIR9gfoxxoXw5w0P9QsLbtFv1W3BqA7yA0nJzYfSDOo6Sr6heHXn17hAgMB
AAGjggJHMIICQzAdBgNVHQ4EFgQUoLE8p+H8AEHoNT2jd6LtUYbvasswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwXQYIKwYBBQUHAQcBAf8ETjBMMEoEAgABMEQDBABSFSsD
BABSFiADBAFSFnwDBABSFqADBABSGQ0DBAJSGmAwDAMEAFInhwMEAFIniAMEAFIn
pQMEAFIoPQMEA1Iv6DANBgkqhkiG9w0BAQsFAAOCAQEAZMw+M5OnuKUsZIc6yB2t
z4IHlSrivVUji/scn6dOMRCZkRrn43/MqW8u1rvKimUmdkSwQf/qeh837lzamVx1
bjENMEKSh75UMEqltn/BOeoZwo7GXo01/ZCGP9MS+lRDBtKcOdg/iHyUnhkNozR8
RxdFQJoNrY5HhJ++jgZmFKwOxNXaNMFK/pbwsyW9i89dCEAQ76BmOT4fnR32Ie7y
e0/Dd60tSOS9awRbQmAzF6gDd55ll3UNUXWn1md1ZKrFhY/D92vDpQYUc54xf6/O
tu+YA5neA8/lyrErvYK/18oPvHrIeers5xmkwtqAU7htbds6bJkBe2RhP3XWi8vN
NQ==
-----END CERTIFICATE-----
Generated at Fri Apr 17 08:06:56 2026 by rpki-client