Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
File: AS834.roa (raw, json)
Hash identifier: 9Hx6uPgvtQunZ1qMny6DEk9PAzYYqASQu8xs6AQWfiw=
Subject key identifier: 9E:2E:C5:AE:86:D7:94:61:AF:9F:3E:49:81:41:44:76:3E:98:68:F7
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 6D52C04231613CEC2F34F01E6790763DEE4599BB
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
Signing time: Thu 16 Apr 2026 18:07:35 +0000
ROA not before: Thu 16 Apr 2026 18:02:35 +0000
ROA not after: Thu 15 Apr 2027 18:07:35 +0000
asID: 834
IP address blocks: 143.20.45.0/24 maxlen: 24
143.20.53.0/24 maxlen: 24
143.20.65.0/24 maxlen: 24
143.20.106.0/24 maxlen: 24
143.20.108.0/22 maxlen: 24
143.20.116.0/24 maxlen: 24
143.20.128.0/24 maxlen: 24
143.20.131.0/24 maxlen: 24
143.20.132.0/24 maxlen: 24
143.20.136.0/24 maxlen: 24
143.20.139.0/24 maxlen: 24
143.20.140.0/24 maxlen: 24
143.20.147.0/24 maxlen: 24
143.20.151.0/24 maxlen: 24
143.20.152.0/24 maxlen: 24
143.20.157.0/24 maxlen: 24
143.20.162.0/24 maxlen: 24
143.20.167.0/24 maxlen: 24
143.20.168.0/24 maxlen: 24
143.20.173.0/24 maxlen: 24
143.20.176.0/24 maxlen: 24
143.20.178.0/23 maxlen: 24
143.20.182.0/24 maxlen: 24
143.20.194.0/24 maxlen: 24
143.20.196.0/24 maxlen: 24
143.20.198.0/24 maxlen: 24
143.20.200.0/22 maxlen: 24
143.20.206.0/23 maxlen: 24
143.20.213.0/24 maxlen: 24
143.20.214.0/24 maxlen: 24
143.20.216.0/23 maxlen: 24
143.20.218.0/24 maxlen: 24
143.20.220.0/22 maxlen: 24
143.20.224.0/22 maxlen: 24
143.20.228.0/23 maxlen: 24
143.20.231.0/24 maxlen: 24
143.20.232.0/22 maxlen: 24
143.20.236.0/23 maxlen: 24
143.20.239.0/24 maxlen: 24
143.20.244.0/23 maxlen: 24
143.20.247.0/24 maxlen: 24
143.20.248.0/22 maxlen: 24
143.20.252.0/24 maxlen: 24
143.20.254.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 18:38:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:52:c0:42:31:61:3c:ec:2f:34:f0:1e:67:90:76:3d:ee:45:99:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Apr 16 18:02:35 2026 GMT
Not After : Apr 15 18:07:35 2027 GMT
Subject: CN=9E2EC5AE86D79461AF9F3E49814144763E9868F7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:11:38:3d:fa:61:62:bb:21:19:3f:a2:13:93:
1e:c3:50:7d:f4:c2:c1:03:f8:b5:f6:3d:83:9f:75:
60:39:a3:41:8f:a2:6e:16:69:88:fb:12:d1:d2:81:
52:03:bb:74:82:fc:79:7a:97:cc:b4:db:d9:d8:35:
4a:b5:59:83:e3:e8:5e:ba:ae:db:f4:0d:c8:7b:68:
19:47:0f:b1:c5:d1:9f:67:9a:5b:a9:ae:65:58:02:
2e:e6:c6:63:b8:e4:2b:87:c8:2d:df:cc:1e:21:0d:
f1:01:1c:64:1f:6f:7e:22:01:ee:65:f8:18:e0:1c:
02:2d:f6:0c:46:24:3c:0f:e7:b3:fc:5f:04:87:f4:
de:8c:68:18:18:8d:44:2e:43:98:a7:da:c1:ea:a0:
36:39:54:25:75:a4:70:80:f6:17:ab:a1:f3:a0:47:
39:16:cb:d9:99:ed:15:58:61:a7:65:aa:b3:95:06:
03:2d:ed:de:7f:64:5d:66:18:e3:e9:a9:ae:fd:e1:
3f:e8:0b:91:ff:f7:4a:45:d8:ee:c5:18:74:8c:b5:
52:87:fb:b3:ec:77:b3:97:34:55:ef:62:46:ac:64:
4f:94:2a:9a:1d:9f:36:65:48:9c:2f:1e:81:83:a1:
82:3f:36:ca:ab:e9:00:b5:e7:7a:47:63:f7:4b:9a:
52:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:2E:C5:AE:86:D7:94:61:AF:9F:3E:49:81:41:44:76:3E:98:68:F7
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS834.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.45.0/24
143.20.53.0/24
143.20.65.0/24
143.20.106.0/24
143.20.108.0/22
143.20.116.0/24
143.20.128.0/24
143.20.131.0-143.20.132.255
143.20.136.0/24
143.20.139.0-143.20.140.255
143.20.147.0/24
143.20.151.0-143.20.152.255
143.20.157.0/24
143.20.162.0/24
143.20.167.0-143.20.168.255
143.20.173.0/24
143.20.176.0/24
143.20.178.0/23
143.20.182.0/24
143.20.194.0/24
143.20.196.0/24
143.20.198.0/24
143.20.200.0/22
143.20.206.0/23
143.20.213.0-143.20.214.255
143.20.216.0-143.20.218.255
143.20.220.0-143.20.229.255
143.20.231.0-143.20.237.255
143.20.239.0/24
143.20.244.0/23
143.20.247.0-143.20.252.255
143.20.254.0/23
Signature Algorithm: sha256WithRSAEncryption
23:2c:3d:cb:58:6e:e1:a2:cc:9b:30:ec:96:f9:e0:72:c1:ab:
2b:1a:3e:c7:17:d3:c3:71:13:60:31:85:d0:ee:27:3c:74:b4:
c2:f8:6c:3a:52:0a:8c:a9:b2:59:97:b2:63:2d:bb:e0:89:a9:
5c:02:23:15:42:22:d7:03:77:89:da:e1:06:2a:f8:59:5a:a6:
ad:01:d7:3a:d5:15:74:19:4b:40:37:7e:57:3d:6c:21:74:68:
d8:3d:e1:5b:a5:c2:bc:ff:9b:57:1d:5e:9f:64:f9:05:03:05:
06:7f:7a:68:51:69:c1:40:23:3b:cf:d8:34:60:6b:c0:7b:02:
51:61:55:0b:46:f9:0c:74:3a:0c:78:13:5b:84:79:87:37:5d:
7e:d8:db:46:91:64:3a:fd:b0:b0:cc:00:79:c1:c6:d0:15:6a:
81:e6:b7:e7:17:0f:a4:ef:e7:9e:7c:c5:94:80:c7:d7:ab:c0:
79:6b:47:30:f8:1e:ca:cb:f7:0e:cc:47:dd:64:ae:50:eb:c9:
bb:5f:37:66:db:4b:e3:94:dc:7d:e9:31:ed:ad:44:ff:3e:e4:
ef:aa:87:28:3f:7d:50:d3:76:dd:62:a6:16:c1:a0:1d:f0:11:
b1:cf:7b:1a:35:16:24:d3:9e:94:85:e4:95:b5:2d:0f:b1:1c:
be:2d:8d:a8
-----BEGIN CERTIFICATE-----
MIIGCTCCBPGgAwIBAgIUbVLAQjFhPOwvNPAeZ5B2Pe5FmbswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA0MTYxODAyMzVaFw0yNzA0MTUxODA3MzVaMDMxMTAvBgNV
BAMTKDlFMkVDNUFFODZENzk0NjFBRjlGM0U0OTgxNDE0NDc2M0U5ODY4RjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUETg9+mFiuyEZP6ITkx7DUH30
wsED+LX2PYOfdWA5o0GPom4WaYj7EtHSgVIDu3SC/Hl6l8y029nYNUq1WYPj6F66
rtv0Dch7aBlHD7HF0Z9nmluprmVYAi7mxmO45CuHyC3fzB4hDfEBHGQfb34iAe5l
+BjgHAIt9gxGJDwP57P8XwSH9N6MaBgYjUQuQ5in2sHqoDY5VCV1pHCA9herofOg
RzkWy9mZ7RVYYadlqrOVBgMt7d5/ZF1mGOPpqa794T/oC5H/90pF2O7FGHSMtVKH
+7Psd7OXNFXvYkasZE+UKpodnzZlSJwvHoGDoYI/Nsqr6QC153pHY/dLmlInAgMB
AAGjggMTMIIDDzAdBgNVHQ4EFgQUni7FrobXlGGvnz5JgUFEdj6YaPcwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKQYIKwYBBQUHAQcBAf8EggEYMIIBFDCCARAEAgABMIIB
CAMEAI8ULQMEAI8UNQMEAI8UQQMEAI8UagMEAo8UbAMEAI8UdAMEAI8UgDAMAwQA
jxSDAwQAjxSEAwQAjxSIMAwDBACPFIsDBACPFIwDBACPFJMwDAMEAI8UlwMEAI8U
mAMEAI8UnQMEAI8UojAMAwQAjxSnAwQAjxSoAwQAjxStAwQAjxSwAwQBjxSyAwQA
jxS2AwQAjxTCAwQAjxTEAwQAjxTGAwQCjxTIAwQBjxTOMAwDBACPFNUDBACPFNYw
DAMEA48U2AMEAI8U2jAMAwQCjxTcAwQBjxTkMAwDBACPFOcDBAGPFOwDBACPFO8D
BAGPFPQwDAMEAI8U9wMEAI8U/AMEAY8U/jANBgkqhkiG9w0BAQsFAAOCAQEAIyw9
y1hu4aLMmzDslvngcsGrKxo+xxfTw3ETYDGF0O4nPHS0wvhsOlIKjKmyWZeyYy27
4ImpXAIjFUIi1wN3idrhBir4WVqmrQHXOtUVdBlLQDd+Vz1sIXRo2D3hW6XCvP+b
Vx1en2T5BQMFBn96aFFpwUAjO8/YNGBrwHsCUWFVC0b5DHQ6DHgTW4R5hzddftjb
RpFkOv2wsMwAecHG0BVqgea35xcPpO/nnnzFlIDH16vAeWtHMPgeysv3DsxH3WSu
UOvJu183ZttL45Tcfekx7a1E/z7k76qHKD99UNN23WKmFsGgHfARsc97GjUWJNOe
lIXklbUtD7Ecvi2NqA==
-----END CERTIFICATE-----
Generated at Fri Apr 17 05:46:17 2026 by rpki-client