Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214025.roa
File: AS214025.roa (raw, json)
Hash identifier: N0vsCb53CWspuJKwN+YtUJCkvuqSQj4f2XZbTdGASgs=
Subject key identifier: 74:42:79:7A:C7:A1:02:72:B5:D8:C0:C1:C9:81:83:F5:2A:75:76:9C
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 7382E4B4F3DF8515A16382097C6D86FEC824371B
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214025.roa
Signing time: Sat 04 Apr 2026 19:03:41 +0000
ROA not before: Sat 04 Apr 2026 18:58:41 +0000
ROA not after: Sat 03 Apr 2027 19:03:41 +0000
asID: 214025
IP address blocks: 143.20.11.0/24 maxlen: 24
143.20.18.0/24 maxlen: 24
143.20.21.0/24 maxlen: 24
143.20.22.0/24 maxlen: 24
143.20.24.0/24 maxlen: 24
143.20.25.0/24 maxlen: 24
143.20.32.0/24 maxlen: 24
143.20.36.0/24 maxlen: 24
143.20.48.0/24 maxlen: 24
143.20.56.0/24 maxlen: 24
143.20.63.0/24 maxlen: 24
143.20.65.0/24 maxlen: 24
143.20.72.0/24 maxlen: 24
143.20.73.0/24 maxlen: 24
143.20.74.0/24 maxlen: 24
143.20.77.0/24 maxlen: 24
143.20.118.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 18:38:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
73:82:e4:b4:f3:df:85:15:a1:63:82:09:7c:6d:86:fe:c8:24:37:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Apr 4 18:58:41 2026 GMT
Not After : Apr 3 19:03:41 2027 GMT
Subject: CN=7442797AC7A10272B5D8C0C1C98183F52A75769C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:70:77:a2:47:e4:80:14:ae:57:ad:ea:66:d6:
e1:b0:28:8b:e0:7c:af:1d:0b:74:c0:a4:17:e9:6e:
94:7e:83:98:12:15:f8:b7:f1:5e:cc:38:47:93:f0:
b5:d0:92:95:db:b7:7c:f4:48:35:77:84:30:51:5f:
4d:d3:0a:c2:1f:34:f5:0a:55:ac:45:2a:0e:2d:c6:
5a:b9:88:2b:19:bc:e7:bb:75:b9:29:f5:88:d9:96:
49:70:ed:14:3c:12:8f:ce:08:75:f2:13:7a:7e:36:
6b:28:37:7c:e2:5a:37:79:d1:f4:46:9f:ea:ca:bc:
66:25:e2:03:1d:cd:20:7d:ac:a5:80:a6:18:7a:ff:
c5:01:80:30:19:7f:b7:d0:89:88:8e:15:3c:65:66:
ad:53:62:91:30:fa:a4:2c:22:9a:b8:65:33:62:5c:
d6:83:75:0b:e2:d0:e7:04:47:d3:cd:f9:7a:3e:91:
7b:5e:f0:1c:88:e0:bd:e9:10:4c:0a:8b:57:03:24:
2f:a8:92:68:f9:c5:e2:25:81:f6:a6:13:1a:f2:38:
03:da:e1:75:cd:30:71:6c:7c:c9:96:5b:bd:38:c2:
f2:ce:6f:06:8d:52:b6:be:3d:25:3e:31:c5:e4:9f:
51:1b:88:2b:21:aa:ea:d5:35:dc:68:28:e1:75:20:
cb:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:42:79:7A:C7:A1:02:72:B5:D8:C0:C1:C9:81:83:F5:2A:75:76:9C
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS214025.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.11.0/24
143.20.18.0/24
143.20.21.0-143.20.22.255
143.20.24.0/23
143.20.32.0/24
143.20.36.0/24
143.20.48.0/24
143.20.56.0/24
143.20.63.0/24
143.20.65.0/24
143.20.72.0-143.20.74.255
143.20.77.0/24
143.20.118.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:26:7a:ef:a8:fb:f9:19:f8:2c:67:d3:d5:13:0d:ec:91:11:
c0:83:da:2f:83:4c:83:0c:ab:87:84:25:6c:5d:2c:2f:11:f9:
70:0f:16:48:f2:1c:0f:23:bf:14:94:e2:41:a5:ce:73:5f:8a:
ae:86:42:05:50:0c:5e:e8:d7:28:6a:2b:6c:48:3c:fb:12:e1:
14:f6:c4:af:2a:5c:ce:56:e6:c6:ee:29:7f:e0:07:9f:25:1d:
1a:c9:80:08:a9:51:9d:af:87:eb:c5:26:84:8a:86:02:ef:f7:
91:a8:c2:27:6c:8f:05:34:4d:18:2e:f5:47:21:e0:ea:49:a0:
d3:0b:b4:e5:7c:c9:a4:4d:a1:dc:4d:fd:d9:86:d8:21:54:6e:
0f:a2:dc:75:55:61:67:ce:17:78:85:c1:57:da:cd:36:d7:6e:
9f:36:75:42:bf:26:89:78:3e:78:38:71:3d:90:38:f5:6b:c3:
e4:c8:ac:95:89:e6:05:fc:75:84:76:1f:27:bc:b8:2d:53:ea:
85:2f:ce:e2:64:87:b1:06:e7:24:31:55:ed:41:f7:37:9a:d3:
be:1f:1a:86:6c:48:9d:90:8d:09:b4:44:e3:59:92:3e:ce:f8:
3e:ea:c9:e2:f5:e7:62:c3:4f:24:f5:d8:34:6c:70:73:af:ee:
9c:3b:9a:16
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgIUc4LktPPfhRWhY4IJfG2G/sgkNxswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA0MDQxODU4NDFaFw0yNzA0MDMxOTAzNDFaMDMxMTAvBgNV
BAMTKDc0NDI3OTdBQzdBMTAyNzJCNUQ4QzBDMUM5ODE4M0Y1MkE3NTc2OUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmcHeiR+SAFK5Xrepm1uGwKIvg
fK8dC3TApBfpbpR+g5gSFfi38V7MOEeT8LXQkpXbt3z0SDV3hDBRX03TCsIfNPUK
VaxFKg4txlq5iCsZvOe7dbkp9YjZlklw7RQ8Eo/OCHXyE3p+NmsoN3ziWjd50fRG
n+rKvGYl4gMdzSB9rKWAphh6/8UBgDAZf7fQiYiOFTxlZq1TYpEw+qQsIpq4ZTNi
XNaDdQvi0OcER9PN+Xo+kXte8ByI4L3pEEwKi1cDJC+okmj5xeIlgfamExryOAPa
4XXNMHFsfMmWW704wvLObwaNUra+PSU+McXkn1EbiCshqurVNdxoKOF1IMujAgMB
AAGjggJiMIICXjAdBgNVHQ4EFgQUdEJ5esehAnK12MDByYGD9Sp1dpwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQAjxQL
AwQAjxQSMAwDBACPFBUDBACPFBYDBAGPFBgDBACPFCADBACPFCQDBACPFDADBACP
FDgDBACPFD8DBACPFEEwDAMEA48USAMEAI8USgMEAI8UTQMEAI8UdjANBgkqhkiG
9w0BAQsFAAOCAQEAjyZ676j7+Rn4LGfT1RMN7JERwIPaL4NMgwyrh4QlbF0sLxH5
cA8WSPIcDyO/FJTiQaXOc1+KroZCBVAMXujXKGorbEg8+xLhFPbErypczlbmxu4p
f+AHnyUdGsmACKlRna+H68UmhIqGAu/3kajCJ2yPBTRNGC71RyHg6kmg0wu05XzJ
pE2h3E392YbYIVRuD6LcdVVhZ84XeIXBV9rNNtdunzZ1Qr8miXg+eDhxPZA49WvD
5MislYnmBfx1hHYfJ7y4LVPqhS/O4mSHsQbnJDFV7UH3N5rTvh8ahmxInZCNCbRE
41mSPs74PurJ4vXnYsNPJPXYNGxwc6/unDuaFg==
-----END CERTIFICATE-----
Generated at Fri Apr 17 05:49:44 2026 by rpki-client