Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS25198.roa
File: AS25198.roa (raw, json)
Hash identifier: oqNpLcX1OtAK2T0olWMI7oqomRMvzZL+LBcHrSRSLIg=
Subject key identifier: D9:23:C9:3D:60:66:50:0A:8A:56:8E:28:AE:56:E7:AE:94:32:1D:CB
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 1ED3C3B7219A345CF226302150558CE9B016496F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS25198.roa
Signing time: Sun 02 Nov 2025 09:14:39 +0000
ROA not before: Sun 02 Nov 2025 09:09:39 +0000
ROA not after: Sun 01 Nov 2026 09:14:39 +0000
asID: 25198
IP address blocks: 143.20.28.0/24 maxlen: 24
143.20.52.0/24 maxlen: 24
143.20.65.0/24 maxlen: 24
143.20.152.0/24 maxlen: 24
143.20.222.0/24 maxlen: 24
143.20.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:d3:c3:b7:21:9a:34:5c:f2:26:30:21:50:55:8c:e9:b0:16:49:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Nov 2 09:09:39 2025 GMT
Not After : Nov 1 09:14:39 2026 GMT
Subject: CN=D923C93D6066500A8A568E28AE56E7AE94321DCB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:12:21:7b:0c:0e:61:c7:d0:a1:6a:81:7c:8a:
49:32:5c:2f:9d:bd:df:7c:af:e7:f0:b8:d4:e1:28:
88:46:21:74:3a:6a:1a:ae:c1:61:0f:f4:9f:38:18:
2b:4a:a5:76:cc:91:94:c4:31:13:e4:e0:0e:76:76:
4e:0f:4d:ff:07:c1:82:f3:a9:17:f9:aa:2b:a6:ef:
f3:2b:50:11:83:35:08:a1:c7:19:1b:8e:71:33:09:
71:65:b8:7c:8c:5e:d7:1f:74:58:e8:92:57:14:36:
46:24:01:1c:43:58:bb:63:6b:32:7b:0e:42:f7:49:
a8:7f:01:4f:8b:b2:f4:9d:e2:ab:37:7b:de:e9:ce:
53:10:19:bf:ea:60:ce:09:a7:60:83:d4:f7:82:8c:
39:49:1a:a7:2d:79:cf:a9:c6:c5:37:2d:62:31:17:
7c:f2:36:4e:ce:42:57:2c:4a:7d:2a:23:5c:9f:30:
81:c7:6c:e7:cb:e0:26:65:76:84:99:0b:c5:26:5d:
be:12:bd:95:c3:7f:6d:a4:f2:77:37:05:ca:ad:d2:
50:21:2f:b6:ce:32:ff:84:2b:c6:9b:d3:04:1d:d5:
7f:5c:ba:31:73:e0:36:92:d0:4f:52:d6:47:21:da:
3f:1f:a6:f8:24:f9:00:0c:4e:99:5f:f4:2d:3e:a1:
25:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:23:C9:3D:60:66:50:0A:8A:56:8E:28:AE:56:E7:AE:94:32:1D:CB
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS25198.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.28.0/24
143.20.52.0/24
143.20.65.0/24
143.20.152.0/24
143.20.222.0/24
143.20.231.0/24
Signature Algorithm: sha256WithRSAEncryption
95:6b:2e:72:13:08:47:1d:d0:a9:e8:86:31:a5:43:3a:57:be:
61:fe:aa:4d:1b:88:6f:69:40:43:2a:39:ee:1a:fb:d6:98:f1:
f9:14:ba:a9:88:58:55:f4:3d:7a:19:b8:c1:3c:a9:86:83:ca:
cf:67:6a:0e:79:43:f5:1b:17:08:0f:3b:12:c3:27:4d:a4:47:
04:6a:c3:9b:0f:b3:ad:64:49:e6:18:d9:12:9f:0f:30:b5:6e:
65:3a:83:04:43:61:62:43:e1:95:a4:64:9d:01:4e:0c:5b:7e:
08:c5:2e:5f:5a:05:93:96:87:8d:3d:9f:26:2d:78:e5:52:34:
af:6e:6e:3b:38:7f:cd:e2:bc:6e:42:0e:81:26:2a:95:b0:bb:
5b:84:71:75:ee:23:34:25:38:bb:e7:be:1e:ad:64:23:67:ba:
39:4a:a4:25:0f:df:96:67:b6:87:ad:f6:23:be:fb:66:99:ae:
79:cb:a7:dd:53:2c:e0:9b:8e:6b:bb:0b:cb:c8:6b:5b:ae:4c:
31:f0:28:4c:ac:83:05:a3:c0:de:37:7f:1b:a7:6e:fc:1e:d7:
bb:cf:25:b9:2e:be:77:89:a0:fa:3b:5f:cf:cd:eb:18:70:1d:
14:99:1a:56:90:58:ac:6c:a8:39:67:57:32:0e:22:89:62:bd:
1f:4b:b4:6d
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIUHtPDtyGaNFzyJjAhUFWM6bAWSW8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTExMDIwOTA5MzlaFw0yNjExMDEwOTE0MzlaMDMxMTAvBgNV
BAMTKEQ5MjNDOTNENjA2NjUwMEE4QTU2OEUyOEFFNTZFN0FFOTQzMjFEQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgEiF7DA5hx9ChaoF8ikkyXC+d
vd98r+fwuNThKIhGIXQ6ahquwWEP9J84GCtKpXbMkZTEMRPk4A52dk4PTf8HwYLz
qRf5qium7/MrUBGDNQihxxkbjnEzCXFluHyMXtcfdFjoklcUNkYkARxDWLtjazJ7
DkL3Sah/AU+LsvSd4qs3e97pzlMQGb/qYM4Jp2CD1PeCjDlJGqctec+pxsU3LWIx
F3zyNk7OQlcsSn0qI1yfMIHHbOfL4CZldoSZC8UmXb4SvZXDf22k8nc3Bcqt0lAh
L7bOMv+EK8ab0wQd1X9cujFz4DaS0E9S1kch2j8fpvgk+QAMTplf9C0+oSWzAgMB
AAGjggInMIICIzAdBgNVHQ4EFgQU2SPJPWBmUAqKVo4orlbnrpQyHcswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPQYIKwYBBQUHAQcBAf8ELjAsMCoEAgABMCQDBACPFBwD
BACPFDQDBACPFEEDBACPFJgDBACPFN4DBACPFOcwDQYJKoZIhvcNAQELBQADggEB
AJVrLnITCEcd0KnohjGlQzpXvmH+qk0biG9pQEMqOe4a+9aY8fkUuqmIWFX0PXoZ
uME8qYaDys9nag55Q/UbFwgPOxLDJ02kRwRqw5sPs61kSeYY2RKfDzC1bmU6gwRD
YWJD4ZWkZJ0BTgxbfgjFLl9aBZOWh409nyYteOVSNK9ubjs4f83ivG5CDoEmKpWw
u1uEcXXuIzQlOLvnvh6tZCNnujlKpCUP35Zntoet9iO++2aZrnnLp91TLOCbjmu7
C8vIa1uuTDHwKEysgwWjwN43fxunbvwe17vPJbkuvneJoPo7X8/N6xhwHRSZGlaQ
WKxsqDlnVzIOIolivR9LtG0=
-----END CERTIFICATE-----
Generated at Wed Nov 5 18:30:16 2025 by rpki-client