Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa
File: AS25198.roa (raw, json)
Hash identifier: spH7y5VGzY03br+9vCNPOTrUnszHpemydLrt96KVLMU=
Subject key identifier: FA:3E:3D:D6:C8:E5:6F:EA:B3:7B:70:96:CE:A7:C5:60:0F:CD:6C:DB
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 2EC6EFA4AEC631A868EBB0C03F59F2439E4C1529
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa
Signing time: Sun 02 Nov 2025 09:14:41 +0000
ROA not before: Sun 02 Nov 2025 09:09:41 +0000
ROA not after: Sun 01 Nov 2026 09:14:41 +0000
asID: 25198
IP address blocks: 82.21.75.0/24 maxlen: 24
82.22.126.0/24 maxlen: 24
82.22.205.0/24 maxlen: 24
82.24.81.0/24 maxlen: 24
82.24.144.0/24 maxlen: 24
82.25.11.0/24 maxlen: 24
82.25.60.0/24 maxlen: 24
82.26.113.0/24 maxlen: 24
82.26.152.0/24 maxlen: 24
82.26.202.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:c6:ef:a4:ae:c6:31:a8:68:eb:b0:c0:3f:59:f2:43:9e:4c:15:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Nov 2 09:09:41 2025 GMT
Not After : Nov 1 09:14:41 2026 GMT
Subject: CN=FA3E3DD6C8E56FEAB37B7096CEA7C5600FCD6CDB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:43:56:15:c3:1a:87:0f:d2:ad:04:65:b9:c4:
f5:2d:da:de:ea:68:cb:7b:cf:76:31:3d:72:eb:98:
52:58:0f:40:12:e4:2a:60:aa:be:21:e1:28:04:f6:
3c:55:7b:74:44:6e:80:6e:72:ca:67:15:ba:01:71:
90:cd:21:e4:70:8e:05:51:7b:02:83:09:fd:7b:88:
3f:2f:6b:29:94:36:59:7f:44:cc:69:b2:1a:4f:9f:
e5:a8:74:f7:b2:9f:a0:66:ae:47:10:1b:59:30:cb:
25:c1:7c:a7:e2:23:ab:68:4e:a7:4d:2e:d2:0e:fc:
0a:d2:4c:37:e2:ae:79:81:47:36:04:ea:7c:79:6d:
45:a4:58:4e:23:48:59:21:fa:7b:7c:b0:a3:12:9e:
1f:99:2c:29:66:a0:9b:11:52:4c:ce:f2:1b:1b:f6:
c3:08:90:87:e7:9d:43:8b:f3:ac:7e:d4:58:05:c4:
1d:e5:89:4e:29:16:c8:0f:28:0a:86:16:b3:b7:82:
33:0d:80:a7:f3:3b:92:52:7c:31:61:fb:15:64:ea:
eb:08:1a:e6:56:5e:d6:4e:37:44:af:09:b7:71:f5:
55:b5:b8:2b:83:40:e9:19:67:cb:fa:f7:68:0f:2c:
51:f1:1e:6e:ef:e6:f9:a9:0a:ee:32:52:63:68:1d:
0f:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:3E:3D:D6:C8:E5:6F:EA:B3:7B:70:96:CE:A7:C5:60:0F:CD:6C:DB
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS25198.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.75.0/24
82.22.126.0/24
82.22.205.0/24
82.24.81.0/24
82.24.144.0/24
82.25.11.0/24
82.25.60.0/24
82.26.113.0/24
82.26.152.0/24
82.26.202.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:fc:db:75:31:e8:0b:e6:22:ae:1f:5d:a9:a8:3f:6e:7b:cb:
15:96:24:51:1a:cd:c3:eb:11:56:91:66:fa:92:5c:e3:0d:25:
7c:6b:3f:83:b6:f4:59:9c:ac:d8:eb:53:30:f2:85:89:36:a2:
39:25:ce:93:42:12:c3:18:75:3f:9c:8b:bc:af:c3:5a:e3:7f:
c3:11:20:82:ce:a2:43:89:55:bf:4e:35:0c:73:9c:21:be:bd:
8c:33:2e:4e:d1:5a:cd:92:a9:ef:03:82:80:3a:49:47:0b:0e:
73:5b:66:00:8c:dd:c9:0b:25:20:24:3f:fc:79:03:f7:7f:0e:
47:ba:47:5d:03:84:20:f7:37:47:56:30:5a:b6:3d:b4:c7:7c:
2b:cb:e7:84:d2:e4:fd:b0:76:ac:07:34:0c:65:6a:e2:c3:ed:
7d:9c:00:46:12:a8:0c:20:fa:03:c0:55:c9:8f:5f:76:af:5a:
55:b6:ba:5c:0f:ea:cd:9a:fb:21:63:27:06:b3:a7:17:c3:9a:
7f:6c:49:17:df:f4:fa:66:34:b1:29:a3:be:e5:f3:0d:e7:d3:
af:d2:d0:5e:cc:4c:60:22:e1:f7:ad:99:89:c1:09:cc:1f:4b:
65:68:cd:24:25:91:fb:d1:b2:51:60:c8:be:59:65:e0:17:48:
e7:ed:15:a3
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIULsbvpK7GMaho67DAP1nyQ55MFSkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMDIwOTA5NDFaFw0yNjExMDEwOTE0NDFaMDMxMTAvBgNV
BAMTKEZBM0UzREQ2QzhFNTZGRUFCMzdCNzA5NkNFQTdDNTYwMEZDRDZDREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMQ1YVwxqHD9KtBGW5xPUt2t7q
aMt7z3YxPXLrmFJYD0AS5Cpgqr4h4SgE9jxVe3REboBucspnFboBcZDNIeRwjgVR
ewKDCf17iD8vaymUNll/RMxpshpPn+WodPeyn6BmrkcQG1kwyyXBfKfiI6toTqdN
LtIO/ArSTDfirnmBRzYE6nx5bUWkWE4jSFkh+nt8sKMSnh+ZLClmoJsRUkzO8hsb
9sMIkIfnnUOL86x+1FgFxB3liU4pFsgPKAqGFrO3gjMNgKfzO5JSfDFh+xVk6usI
GuZWXtZON0SvCbdx9VW1uCuDQOkZZ8v692gPLFHxHm7v5vmpCu4yUmNoHQ8fAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU+j491sjlb+qze3CWzqfFYA/NbNswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVQYIKwYBBQUHAQcBAf8ERjBEMEIEAgABMDwDBABSFUsD
BABSFn4DBABSFs0DBABSGFEDBABSGJADBABSGQsDBABSGTwDBABSGnEDBABSGpgD
BABSGsowDQYJKoZIhvcNAQELBQADggEBAE7823Ux6AvmIq4fXamoP257yxWWJFEa
zcPrEVaRZvqSXOMNJXxrP4O29FmcrNjrUzDyhYk2ojklzpNCEsMYdT+ci7yvw1rj
f8MRIILOokOJVb9ONQxznCG+vYwzLk7RWs2Sqe8DgoA6SUcLDnNbZgCM3ckLJSAk
P/x5A/d/Dke6R10DhCD3N0dWMFq2PbTHfCvL54TS5P2wdqwHNAxlauLD7X2cAEYS
qAwg+gPAVcmPX3avWlW2ulwP6s2a+yFjJwazpxfDmn9sSRff9PpmNLEpo77l8w3n
06/S0F7MTGAi4fetmYnBCcwfS2VozSQlkfvRslFgyL5ZZeAXSOftFaM=
-----END CERTIFICATE-----
Generated at Wed Nov 5 06:26:24 2025 by rpki-client