Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
File: AS834.roa (raw, json)
Hash identifier: gA7OeFIlORckWqjDdVZzlIh7iWOb6XQrCiSSNKmKinc=
Subject key identifier: ED:13:96:49:A1:9B:10:07:3F:32:BD:0E:19:EA:16:23:5B:E1:F3:56
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 2531EB99921D393FA9D99790B1FE54AE91719B64
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
Signing time: Sun 01 Mar 2026 10:03:03 +0000
ROA not before: Sun 01 Mar 2026 09:58:03 +0000
ROA not after: Sun 28 Feb 2027 10:03:03 +0000
asID: 834
IP address blocks: 143.20.1.0/24 maxlen: 24
143.20.9.0/24 maxlen: 24
143.20.11.0/24 maxlen: 24
143.20.13.0/24 maxlen: 24
143.20.16.0/23 maxlen: 24
143.20.18.0/24 maxlen: 24
143.20.21.0/24 maxlen: 24
143.20.22.0/24 maxlen: 24
143.20.25.0/24 maxlen: 24
143.20.26.0/24 maxlen: 24
143.20.28.0/24 maxlen: 24
143.20.32.0/24 maxlen: 24
143.20.34.0/23 maxlen: 24
143.20.43.0/24 maxlen: 24
143.20.45.0/24 maxlen: 24
143.20.47.0/24 maxlen: 24
143.20.48.0/24 maxlen: 24
143.20.53.0/24 maxlen: 24
143.20.56.0/23 maxlen: 24
143.20.59.0/24 maxlen: 24
143.20.63.0/24 maxlen: 24
143.20.65.0/24 maxlen: 24
143.20.72.0/23 maxlen: 24
143.20.77.0/24 maxlen: 24
143.20.80.0/24 maxlen: 24
143.20.103.0/24 maxlen: 24
143.20.105.0/24 maxlen: 24
143.20.106.0/24 maxlen: 24
143.20.116.0/24 maxlen: 24
143.20.120.0/23 maxlen: 24
143.20.128.0/24 maxlen: 24
143.20.131.0/24 maxlen: 24
143.20.132.0/24 maxlen: 24
143.20.151.0/24 maxlen: 24
143.20.152.0/24 maxlen: 24
143.20.157.0/24 maxlen: 24
143.20.162.0/24 maxlen: 24
143.20.168.0/24 maxlen: 24
143.20.173.0/24 maxlen: 24
143.20.178.0/23 maxlen: 24
143.20.182.0/24 maxlen: 24
143.20.196.0/24 maxlen: 24
143.20.198.0/24 maxlen: 24
143.20.200.0/22 maxlen: 24
143.20.206.0/24 maxlen: 24
143.20.212.0/24 maxlen: 24
143.20.214.0/24 maxlen: 24
143.20.216.0/23 maxlen: 24
143.20.218.0/24 maxlen: 24
143.20.220.0/22 maxlen: 24
143.20.224.0/22 maxlen: 24
143.20.231.0/24 maxlen: 24
143.20.232.0/22 maxlen: 24
143.20.237.0/24 maxlen: 24
143.20.239.0/24 maxlen: 24
143.20.244.0/23 maxlen: 24
143.20.247.0/24 maxlen: 24
143.20.248.0/23 maxlen: 24
143.20.252.0/24 maxlen: 24
143.20.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 12:36:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:31:eb:99:92:1d:39:3f:a9:d9:97:90:b1:fe:54:ae:91:71:9b:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Mar 1 09:58:03 2026 GMT
Not After : Feb 28 10:03:03 2027 GMT
Subject: CN=ED139649A19B10073F32BD0E19EA16235BE1F356
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:e9:fe:53:fb:e9:0e:08:17:de:a8:06:e9:70:
71:22:be:6a:3f:5e:4e:48:bf:77:59:75:89:b1:f1:
56:c0:5b:10:c8:45:5d:0f:50:4c:58:22:35:78:b4:
95:47:e0:fa:f0:52:8d:63:ab:ce:20:b1:bd:7e:97:
d3:1e:7f:c7:e4:de:ae:b4:88:7d:8f:7e:1d:a0:b1:
bb:87:75:d3:63:65:27:13:69:b7:75:e1:2b:dc:d5:
67:bf:d9:90:0b:66:5c:7f:ff:17:31:63:49:7b:fe:
e8:d8:8d:0b:30:ba:4a:3a:c0:7a:6e:bf:ff:65:c5:
0d:fe:1b:5e:1b:87:3e:ef:72:3a:08:e0:4a:80:26:
43:e5:fb:60:c7:e7:0a:0f:e9:b5:67:aa:91:e9:5d:
20:9e:f5:58:b5:28:40:e9:fd:a9:6c:2f:a0:8c:c9:
8c:cc:62:d6:f9:86:14:c2:7c:61:a8:c4:fc:f7:f5:
75:6c:ae:ba:b7:ef:86:2c:c2:ef:5d:03:38:a8:4a:
e2:41:3e:2d:04:95:df:e7:6c:e2:01:31:0f:10:9d:
d4:7e:49:67:61:7c:fc:9d:f8:a4:c3:34:10:75:b1:
10:fd:a2:2a:58:ad:20:f0:dd:51:70:b0:69:d1:1d:
39:af:f8:cf:66:64:45:e2:ba:d4:69:2b:f8:8d:48:
a6:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:13:96:49:A1:9B:10:07:3F:32:BD:0E:19:EA:16:23:5B:E1:F3:56
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.1.0/24
143.20.9.0/24
143.20.11.0/24
143.20.13.0/24
143.20.16.0-143.20.18.255
143.20.21.0-143.20.22.255
143.20.25.0-143.20.26.255
143.20.28.0/24
143.20.32.0/24
143.20.34.0/23
143.20.43.0/24
143.20.45.0/24
143.20.47.0-143.20.48.255
143.20.53.0/24
143.20.56.0/23
143.20.59.0/24
143.20.63.0/24
143.20.65.0/24
143.20.72.0/23
143.20.77.0/24
143.20.80.0/24
143.20.103.0/24
143.20.105.0-143.20.106.255
143.20.116.0/24
143.20.120.0/23
143.20.128.0/24
143.20.131.0-143.20.132.255
143.20.151.0-143.20.152.255
143.20.157.0/24
143.20.162.0/24
143.20.168.0/24
143.20.173.0/24
143.20.178.0/23
143.20.182.0/24
143.20.196.0/24
143.20.198.0/24
143.20.200.0/22
143.20.206.0/24
143.20.212.0/24
143.20.214.0/24
143.20.216.0-143.20.218.255
143.20.220.0-143.20.227.255
143.20.231.0-143.20.235.255
143.20.237.0/24
143.20.239.0/24
143.20.244.0/23
143.20.247.0-143.20.249.255
143.20.252.0/24
143.20.254.0/24
Signature Algorithm: sha256WithRSAEncryption
ab:43:72:a4:b1:06:20:fc:36:37:dc:9a:0d:33:bf:1a:42:62:
3f:e5:55:7f:62:c4:4e:5c:fb:b0:53:6d:7a:71:87:91:87:51:
05:d3:0f:f3:66:02:20:27:a1:e7:d0:be:f4:dc:d5:90:2f:b1:
39:c8:1a:da:7e:d3:e3:98:e0:23:fc:41:8a:07:30:02:e1:0e:
cb:e9:16:e6:7c:84:63:04:88:0c:eb:d9:cb:bf:7e:2d:a6:0c:
22:9a:f3:aa:de:f5:a9:d9:91:28:62:ea:59:ce:80:64:ce:77:
59:fe:86:b7:fe:e5:e2:ab:5f:43:9d:8e:9e:18:1a:75:44:9e:
27:99:f4:7d:66:0b:5d:dd:75:4f:0a:7d:e2:3b:7c:0b:3f:f5:
46:6c:ff:b8:ad:86:21:1d:05:bd:32:0d:94:18:e1:c0:92:27:
fc:c6:cf:37:b7:ac:6c:51:29:9f:12:3f:54:6d:3a:b3:a4:89:
6d:2b:19:99:29:4c:28:ad:74:46:fa:c3:ca:52:53:4c:85:24:
dd:9f:2e:b1:66:99:db:b2:65:41:71:18:b7:78:a0:fa:8d:91:
a4:79:31:03:5c:a3:62:84:7a:6c:50:2a:da:11:6c:51:1e:49:
16:bb:a0:95:01:e1:b8:9a:e8:9a:76:ea:9c:fe:16:aa:aa:c9:
68:8d:02:4d
-----BEGIN CERTIFICATE-----
MIIGfzCCBWegAwIBAgIUJTHrmZIdOT+p2ZeQsf5UrpFxm2QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAzMDEwOTU4MDNaFw0yNzAyMjgxMDAzMDNaMDMxMTAvBgNV
BAMTKEVEMTM5NjQ5QTE5QjEwMDczRjMyQkQwRTE5RUExNjIzNUJFMUYzNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq6f5T++kOCBfeqAbpcHEivmo/
Xk5Iv3dZdYmx8VbAWxDIRV0PUExYIjV4tJVH4PrwUo1jq84gsb1+l9Mef8fk3q60
iH2Pfh2gsbuHddNjZScTabd14Svc1We/2ZALZlx//xcxY0l7/ujYjQswuko6wHpu
v/9lxQ3+G14bhz7vcjoI4EqAJkPl+2DH5woP6bVnqpHpXSCe9Vi1KEDp/alsL6CM
yYzMYtb5hhTCfGGoxPz39XVsrrq374Yswu9dAzioSuJBPi0Eld/nbOIBMQ8QndR+
SWdhfPyd+KTDNBB1sRD9oipYrSDw3VFwsGnRHTmv+M9mZEXiutRpK/iNSKanAgMB
AAGjggOJMIIDhTAdBgNVHQ4EFgQU7ROWSaGbEAc/Mr0OGeoWI1vh81YwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBnwYIKwYBBQUHAQcBAf8EggGOMIIBijCCAYYEAgABMIIB
fgMEAI8UAQMEAI8UCQMEAI8UCwMEAI8UDTAMAwQEjxQQAwQAjxQSMAwDBACPFBUD
BACPFBYwDAMEAI8UGQMEAI8UGgMEAI8UHAMEAI8UIAMEAY8UIgMEAI8UKwMEAI8U
LTAMAwQAjxQvAwQAjxQwAwQAjxQ1AwQBjxQ4AwQAjxQ7AwQAjxQ/AwQAjxRBAwQB
jxRIAwQAjxRNAwQAjxRQAwQAjxRnMAwDBACPFGkDBACPFGoDBACPFHQDBAGPFHgD
BACPFIAwDAMEAI8UgwMEAI8UhDAMAwQAjxSXAwQAjxSYAwQAjxSdAwQAjxSiAwQA
jxSoAwQAjxStAwQBjxSyAwQAjxS2AwQAjxTEAwQAjxTGAwQCjxTIAwQAjxTOAwQA
jxTUAwQAjxTWMAwDBAOPFNgDBACPFNowDAMEAo8U3AMEAo8U4DAMAwQAjxTnAwQC
jxToAwQAjxTtAwQAjxTvAwQBjxT0MAwDBACPFPcDBAGPFPgDBACPFPwDBACPFP4w
DQYJKoZIhvcNAQELBQADggEBAKtDcqSxBiD8Njfcmg0zvxpCYj/lVX9ixE5c+7BT
bXpxh5GHUQXTD/NmAiAnoefQvvTc1ZAvsTnIGtp+0+OY4CP8QYoHMALhDsvpFuZ8
hGMEiAzr2cu/fi2mDCKa86re9anZkShi6lnOgGTOd1n+hrf+5eKrX0Odjp4YGnVE
nieZ9H1mC13ddU8KfeI7fAs/9UZs/7ithiEdBb0yDZQY4cCSJ/zGzze3rGxRKZ8S
P1RtOrOkiW0rGZkpTCitdEb6w8pSU0yFJN2fLrFmmduyZUFxGLd4oPqNkaR5MQNc
o2KEemxQKtoRbFEeSRa7oJUB4bia6Jp26pz+FqqqyWiNAk0=
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:46:21 2026 by rpki-client