Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: yprEBJ9WRwXTs1VqgwwTSBF+YpZVl2gSprMs/S2mt1c=
Subject key identifier: DA:E8:8F:56:94:3B:5D:AD:FC:2A:BD:E4:BD:AD:8B:07:95:87:FB:8D
Certificate issuer: /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial: 472AE9D87357D7B9564E5B03BC96EFAD46A9CA43
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20473.roa
Signing time: Sun 26 Oct 2025 15:40:59 +0000
ROA not before: Sun 26 Oct 2025 15:35:59 +0000
ROA not after: Sun 25 Oct 2026 15:40:59 +0000
asID: 20473
IP address blocks: 91.124.80.0/24 maxlen: 24
91.124.126.0/24 maxlen: 24
92.112.147.0/24 maxlen: 24
95.135.110.0/24 maxlen: 24
95.135.117.0/24 maxlen: 24
95.135.124.0/24 maxlen: 24
95.135.249.0/24 maxlen: 24
178.92.48.0/24 maxlen: 24
178.92.73.0/24 maxlen: 24
178.92.81.0/24 maxlen: 24
178.92.83.0/24 maxlen: 24
178.92.84.0/24 maxlen: 24
178.92.87.0/24 maxlen: 24
178.92.90.0/24 maxlen: 24
178.92.94.0/24 maxlen: 24
178.92.95.0/24 maxlen: 24
178.92.119.0/24 maxlen: 24
178.92.125.0/24 maxlen: 24
178.95.166.0/24 maxlen: 24
178.95.197.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 03:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:2a:e9:d8:73:57:d7:b9:56:4e:5b:03:bc:96:ef:ad:46:a9:ca:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Validity
Not Before: Oct 26 15:35:59 2025 GMT
Not After : Oct 25 15:40:59 2026 GMT
Subject: CN=DAE88F56943B5DADFC2ABDE4BDAD8B079587FB8D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:df:9b:e8:d0:7d:99:ed:7f:e9:e1:bb:4c:c0:
f2:dc:ab:bd:60:7c:9a:97:3c:f3:1b:11:44:51:3a:
b6:18:86:24:fc:af:ec:4c:1f:28:aa:bb:9e:a5:f6:
df:1a:55:11:9a:14:29:31:51:19:22:67:c7:84:a8:
bc:e3:f5:0f:2b:7a:cf:46:45:d9:f2:20:3f:12:b9:
a4:6d:8a:6d:16:81:7b:f9:4d:09:12:da:83:ed:ff:
1e:d8:c1:2b:9c:63:2b:b3:c4:70:f5:27:c0:c8:4e:
9c:f1:2d:ed:c2:e6:c3:8e:9e:60:75:0f:f9:ab:c1:
93:61:3c:e4:6e:a5:dc:24:d3:54:f3:41:57:4c:03:
de:41:62:c6:a8:2b:09:23:9a:b4:e7:5c:a5:e5:78:
48:01:46:3b:39:a3:a1:08:3b:50:a9:7f:f1:f6:45:
7f:d4:b9:fe:55:6d:fc:ab:e3:7d:ac:90:42:98:1b:
02:7e:c9:c1:34:ae:ed:83:2a:ca:c2:ac:26:a1:69:
44:f5:6e:72:11:b2:56:e5:76:32:08:26:ab:29:45:
36:20:3b:f2:73:25:24:63:0b:1c:d8:a1:77:38:ec:
be:e3:13:6c:55:39:9c:53:d4:60:89:0e:52:e8:9b:
86:50:07:d5:ba:6b:ac:c1:ab:8c:e2:5f:1a:e0:45:
29:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:E8:8F:56:94:3B:5D:AD:FC:2A:BD:E4:BD:AD:8B:07:95:87:FB:8D
X509v3 Authority Key Identifier:
keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.124.80.0/24
91.124.126.0/24
92.112.147.0/24
95.135.110.0/24
95.135.117.0/24
95.135.124.0/24
95.135.249.0/24
178.92.48.0/24
178.92.73.0/24
178.92.81.0/24
178.92.83.0-178.92.84.255
178.92.87.0/24
178.92.90.0/24
178.92.94.0/23
178.92.119.0/24
178.92.125.0/24
178.95.166.0/24
178.95.197.0/24
Signature Algorithm: sha256WithRSAEncryption
84:58:d8:c4:aa:57:b1:d2:98:d1:f2:b0:03:7a:d8:ba:19:55:
0d:d5:bc:5c:06:71:05:36:39:5d:44:ea:43:75:7c:a0:67:85:
4f:e4:a6:0a:7a:15:75:08:15:0f:0b:c2:5d:cf:83:ed:92:cb:
d2:1c:66:bf:f4:2a:84:90:a1:97:69:9c:ff:13:90:85:e7:1c:
60:47:af:b6:06:81:b3:5f:05:e8:52:01:60:71:83:f7:af:5c:
b2:01:32:4d:b6:02:bf:e8:8c:28:8a:e4:88:cc:42:ca:44:d3:
fd:95:e0:d2:a4:21:23:c6:fe:40:a1:22:61:4f:93:e7:1c:f9:
93:84:0b:fe:0b:43:07:b1:6f:a1:ca:a5:5c:7f:58:5c:db:6d:
05:f3:6b:eb:82:91:02:f9:2a:c4:0b:3e:2f:1e:ad:5e:84:bc:
0b:9d:d8:5e:73:67:50:af:ea:13:96:3e:c0:87:fe:8a:23:ac:
99:42:c0:76:a9:be:be:80:35:ff:19:a2:26:f0:31:25:59:6a:
e3:87:06:b5:e7:01:fb:8f:34:33:52:25:53:06:77:6d:c7:27:
5f:d7:6d:c4:ae:64:b2:d2:0e:af:99:06:3f:f4:3c:44:6f:02:
d1:c9:a7:92:19:34:06:a8:c8:bd:9c:4d:40:81:27:e9:70:3c:
47:92:1b:23
-----BEGIN CERTIFICATE-----
MIIFbjCCBFagAwIBAgIURyrp2HNX17lWTlsDvJbvrUapykMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTEwMjYxNTM1NTlaFw0yNjEwMjUxNTQwNTlaMDMxMTAvBgNV
BAMTKERBRTg4RjU2OTQzQjVEQURGQzJBQkRFNEJEQUQ4QjA3OTU4N0ZCOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN35vo0H2Z7X/p4btMwPLcq71g
fJqXPPMbEURROrYYhiT8r+xMHyiqu56l9t8aVRGaFCkxURkiZ8eEqLzj9Q8res9G
RdnyID8SuaRtim0WgXv5TQkS2oPt/x7YwSucYyuzxHD1J8DITpzxLe3C5sOOnmB1
D/mrwZNhPORupdwk01TzQVdMA95BYsaoKwkjmrTnXKXleEgBRjs5o6EIO1Cpf/H2
RX/Uuf5Vbfyr432skEKYGwJ+ycE0ru2DKsrCrCahaUT1bnIRslbldjIIJqspRTYg
O/JzJSRjCxzYoXc47L7jE2xVOZxT1GCJDlLom4ZQB9W6a6zBq4ziXxrgRSktAgMB
AAGjggJ4MIICdDAdBgNVHQ4EFgQU2uiPVpQ7Xa38Kr3kva2LB5WH+40wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgY0GCCsGAQUFBwEHAQH/BH4wfDB6BAIAATB0AwQAW3xQ
AwQAW3x+AwQAXHCTAwQAX4duAwQAX4d1AwQAX4d8AwQAX4f5AwQAslwwAwQAslxJ
AwQAslxRMAwDBACyXFMDBACyXFQDBACyXFcDBACyXFoDBAGyXF4DBACyXHcDBACy
XH0DBACyX6YDBACyX8UwDQYJKoZIhvcNAQELBQADggEBAIRY2MSqV7HSmNHysAN6
2LoZVQ3VvFwGcQU2OV1E6kN1fKBnhU/kpgp6FXUIFQ8Lwl3Pg+2Sy9IcZr/0KoSQ
oZdpnP8TkIXnHGBHr7YGgbNfBehSAWBxg/evXLIBMk22Ar/ojCiK5IjMQspE0/2V
4NKkISPG/kChImFPk+cc+ZOEC/4LQwexb6HKpVx/WFzbbQXza+uCkQL5KsQLPi8e
rV6EvAud2F5zZ1Cv6hOWPsCH/oojrJlCwHapvr6ANf8ZoibwMSVZauOHBrXnAfuP
NDNSJVMGd23HJ1/XbcSuZLLSDq+ZBj/0PERvAtHJp5IZNAaoyL2cTUCBJ+lwPEeS
GyM=
-----END CERTIFICATE-----
Generated at Wed Nov 5 09:36:34 2025 by rpki-client