Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400909.roa
File: AS400909.roa (raw, json)
Hash identifier: og17eMnCKf6TumKokY8bcX+dgNAbcZ+puPAF/ie1WKA=
Subject key identifier: 5B:DB:D8:09:DB:43:45:2C:1E:21:D5:E6:8F:70:FA:DB:E6:06:AE:87
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 10A394349323D60FEF1A806199B19F31E54B5984
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400909.roa
Signing time: Fri 24 Oct 2025 09:33:28 +0000
ROA not before: Fri 24 Oct 2025 09:28:28 +0000
ROA not after: Fri 23 Oct 2026 09:33:28 +0000
asID: 400909
IP address blocks: 143.20.52.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:a3:94:34:93:23:d6:0f:ef:1a:80:61:99:b1:9f:31:e5:4b:59:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Oct 24 09:28:28 2025 GMT
Not After : Oct 23 09:33:28 2026 GMT
Subject: CN=5BDBD809DB43452C1E21D5E68F70FADBE606AE87
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:a7:43:04:66:05:11:b6:6e:59:34:65:56:bd:
ba:bc:d1:cf:ab:50:03:4e:93:fa:44:54:f3:2d:27:
1d:98:12:28:48:1b:98:eb:cc:f6:11:c3:34:4e:27:
e8:30:e9:3a:f5:cc:88:56:2d:99:00:c0:c2:db:90:
9b:5c:0f:32:e6:1f:50:e7:63:7e:ba:a7:a3:6c:c1:
5e:2c:e5:96:4c:f0:d4:3b:e2:38:7a:a8:a6:1a:a6:
ef:a8:75:80:24:ab:18:d7:af:1b:80:99:57:9c:aa:
cb:d7:99:06:00:11:97:c0:3f:28:b1:4a:4f:f3:35:
5c:42:78:8e:38:fc:2d:77:c9:f3:ef:ca:2d:b8:13:
cc:42:6a:7d:3c:f0:06:4b:60:23:e6:3c:92:fb:a0:
97:b1:e2:fb:89:0f:0a:17:c1:7f:a6:a9:41:39:41:
78:ba:c8:04:f1:e0:2d:e2:aa:09:16:db:24:a1:44:
df:3a:06:97:5c:bf:d8:14:e0:1f:b7:68:90:65:16:
b2:6a:80:7f:99:91:73:06:17:3d:dc:f0:8f:10:78:
25:54:35:bf:c2:52:18:c0:3b:a4:a0:af:e8:8c:ed:
b4:45:a5:76:19:ed:b4:42:79:46:7f:63:4b:23:f8:
c3:65:b9:8a:02:f3:09:fd:98:23:c2:90:d6:c8:d7:
77:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:DB:D8:09:DB:43:45:2C:1E:21:D5:E6:8F:70:FA:DB:E6:06:AE:87
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS400909.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.52.0/24
Signature Algorithm: sha256WithRSAEncryption
5c:e5:9c:77:bc:20:85:d3:2a:fc:9f:10:15:6b:c9:b5:2f:61:
a7:2a:e5:91:41:84:55:a0:eb:b5:be:f8:f9:b3:42:dc:49:9f:
f9:b7:16:6e:1c:f0:07:f8:0c:4d:a9:1f:01:31:18:af:62:cb:
e7:21:56:11:e1:72:e8:c8:4d:f9:d4:b9:11:3d:80:b6:3c:71:
de:82:e7:ba:65:37:8c:cc:d5:c2:a7:b8:b1:69:17:d6:30:96:
80:75:7f:b7:19:e8:22:42:23:b1:00:34:66:f3:83:84:e1:51:
52:67:e7:61:42:57:9c:4e:06:a7:49:57:32:b6:fb:66:6a:d3:
84:c2:3b:ad:30:23:a3:b4:73:4a:c5:3e:eb:6f:c5:7a:69:f0:
ea:0b:40:2e:07:53:31:2f:4d:0a:f6:51:da:31:a9:80:5d:a1:
da:61:bd:2b:ba:16:81:1a:27:1c:91:39:26:f7:82:5e:65:72:
73:f8:1d:19:3f:e6:dd:80:1c:ce:f5:7c:5a:b1:3c:d6:16:dc:
89:b9:1c:16:61:e0:fd:58:d1:b8:43:de:7d:2c:53:8e:75:af:
5d:6d:ab:ef:1e:25:03:2e:05:08:91:16:35:bb:1b:1c:20:37:
bd:d7:61:42:2d:a6:aa:e6:52:df:94:ce:bc:39:1e:06:36:8e:
a6:58:24:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEKOUNJMj1g/vGoBhmbGfMeVLWYQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjQwOTI4MjhaFw0yNjEwMjMwOTMzMjhaMDMxMTAvBgNV
BAMTKDVCREJEODA5REI0MzQ1MkMxRTIxRDVFNjhGNzBGQURCRTYwNkFFODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsp0MEZgURtm5ZNGVWvbq80c+r
UANOk/pEVPMtJx2YEihIG5jrzPYRwzROJ+gw6Tr1zIhWLZkAwMLbkJtcDzLmH1Dn
Y366p6NswV4s5ZZM8NQ74jh6qKYapu+odYAkqxjXrxuAmVecqsvXmQYAEZfAPyix
Sk/zNVxCeI44/C13yfPvyi24E8xCan088AZLYCPmPJL7oJex4vuJDwoXwX+mqUE5
QXi6yATx4C3iqgkW2yShRN86Bpdcv9gU4B+3aJBlFrJqgH+ZkXMGFz3c8I8QeCVU
Nb/CUhjAO6Sgr+iM7bRFpXYZ7bRCeUZ/Y0sj+MNluYoC8wn9mCPCkNbI13eFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUW9vYCdtDRSweIdXmj3D62+YGrocwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAwOTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQ0
MA0GCSqGSIb3DQEBCwUAA4IBAQBc5Zx3vCCF0yr8nxAVa8m1L2GnKuWRQYRVoOu1
vvj5s0LcSZ/5txZuHPAH+AxNqR8BMRivYsvnIVYR4XLoyE351LkRPYC2PHHegue6
ZTeMzNXCp7ixaRfWMJaAdX+3GegiQiOxADRm84OE4VFSZ+dhQlecTganSVcytvtm
atOEwjutMCOjtHNKxT7rb8V6afDqC0AuB1MxL00K9lHaMamAXaHaYb0ruhaBGicc
kTkm94JeZXJz+B0ZP+bdgBzO9XxasTzWFtyJuRwWYeD9WNG4Q959LFOOda9dbavv
HiUDLgUIkRY1uxscIDe912FCLaaq5lLflM68OR4GNo6mWCRy
-----END CERTIFICATE-----
Generated at Tue Nov 4 21:00:43 2025 by rpki-client