Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: FtS2Kqyg5ps8p2jsYM7otQHDFFcLrBMfZOFc+J46LFU=
Subject key identifier: 35:71:20:33:FD:A1:D0:43:F9:36:0E:86:D7:6A:88:CB:2F:DE:62:71
Certificate issuer: /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial: 777C4EE22EF51498D3765F1B5F683D1D82033CEF
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20473.roa
Signing time: Tue 10 Jun 2025 08:11:38 +0000
ROA not before: Tue 10 Jun 2025 08:06:38 +0000
ROA not after: Tue 09 Jun 2026 08:11:38 +0000
asID: 20473
IP address blocks: 91.124.80.0/24 maxlen: 24
91.124.126.0/24 maxlen: 24
91.124.177.0/24 maxlen: 24
92.112.58.0/24 maxlen: 24
92.112.147.0/24 maxlen: 24
95.135.110.0/24 maxlen: 24
95.135.117.0/24 maxlen: 24
95.135.124.0/24 maxlen: 24
95.135.249.0/24 maxlen: 24
95.135.252.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 01:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
77:7c:4e:e2:2e:f5:14:98:d3:76:5f:1b:5f:68:3d:1d:82:03:3c:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Validity
Not Before: Jun 10 08:06:38 2025 GMT
Not After : Jun 9 08:11:38 2026 GMT
Subject: CN=35712033FDA1D043F9360E86D76A88CB2FDE6271
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:18:96:d8:47:37:47:ee:67:b2:cd:36:be:8e:
07:8f:7f:19:db:58:2b:28:38:c2:de:c4:bf:b2:6a:
60:56:5b:8d:7e:2a:46:a8:a6:dc:60:90:5b:b7:33:
e8:ca:e8:80:68:67:55:64:89:bb:84:e8:f1:d1:a1:
5a:27:bf:bd:4c:17:91:c7:62:46:93:ff:d2:3f:59:
a0:90:35:23:23:1f:73:2c:57:e4:17:6d:11:cb:2f:
25:30:e5:47:c8:60:ad:8e:9a:0c:7f:69:b5:96:08:
1b:50:82:e8:a4:e1:57:f0:8b:d4:fe:59:67:08:e3:
c4:a7:98:37:67:5a:c4:cc:d3:4f:62:c4:b1:77:73:
c9:31:94:92:51:23:a9:d0:64:b8:2d:18:f0:a1:7a:
66:db:32:b1:7d:b7:98:7e:63:59:73:c5:fa:8f:0b:
ca:2f:a2:d5:6c:6c:92:a9:95:ff:42:7a:c2:ee:2c:
0e:5a:27:ff:3d:5e:fb:ea:5c:52:e4:17:a4:32:05:
df:7f:29:5b:9a:7c:31:c2:5f:d5:09:a3:5a:01:93:
b5:b2:4a:0d:f3:bc:c7:ea:cd:29:3e:49:bb:57:04:
98:2b:f8:22:b8:7d:fe:9c:54:10:00:19:42:16:12:
b0:ae:8c:57:3d:ff:9a:cf:b9:0f:33:08:a2:99:c6:
f0:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:71:20:33:FD:A1:D0:43:F9:36:0E:86:D7:6A:88:CB:2F:DE:62:71
X509v3 Authority Key Identifier:
keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.124.80.0/24
91.124.126.0/24
91.124.177.0/24
92.112.58.0/24
92.112.147.0/24
95.135.110.0/24
95.135.117.0/24
95.135.124.0/24
95.135.249.0/24
95.135.252.0/24
Signature Algorithm: sha256WithRSAEncryption
12:78:49:f9:87:a5:4c:92:b7:3b:c5:1e:e1:c5:74:83:fd:f9:
b7:53:06:39:95:54:a3:38:e3:54:40:0e:71:54:87:14:ed:82:
67:17:6b:b1:ad:14:56:97:bc:08:8e:b9:8c:4e:da:bd:12:96:
62:c0:6b:0e:5d:38:b9:ee:a5:5c:5d:65:20:d1:92:36:10:b2:
83:c8:f7:20:66:2d:ae:e8:a5:4f:34:37:2e:70:89:a1:a3:3e:
f8:5d:5d:7c:55:91:23:c8:b6:61:be:b4:17:24:b8:2a:8d:c1:
70:05:7a:c2:8a:c3:70:7b:41:de:74:8b:25:1d:fd:bc:c6:0f:
18:d2:6a:5f:f9:1d:3e:bf:f2:d6:06:2b:54:e6:4b:08:b6:a8:
21:f9:cd:de:cf:58:cc:6a:e1:6c:3e:e7:62:5b:2f:e6:39:ef:
75:be:db:7d:27:d1:8f:3a:37:c1:fb:43:51:b2:38:38:70:b3:
cd:26:7b:ad:44:7a:c8:88:30:84:53:e4:4c:4d:f4:93:36:51:
2d:46:70:ad:d8:4a:5e:43:4d:02:8b:d5:dc:9d:47:f6:18:32:
e0:ec:d1:d6:5f:e5:27:31:c1:e6:f9:80:e0:ba:ee:c3:0e:80:
1d:66:22:38:74:e7:39:6b:4a:a1:6f:61:af:b5:0c:12:d0:5c:
68:42:a9:c2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUd3xO4i71FJjTdl8bX2g9HYIDPO8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MTAwODA2MzhaFw0yNjA2MDkwODExMzhaMDMxMTAvBgNV
BAMTKDM1NzEyMDMzRkRBMUQwNDNGOTM2MEU4NkQ3NkE4OENCMkZERTYyNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDGJbYRzdH7meyzTa+jgePfxnb
WCsoOMLexL+yamBWW41+KkaoptxgkFu3M+jK6IBoZ1VkibuE6PHRoVonv71MF5HH
YkaT/9I/WaCQNSMjH3MsV+QXbRHLLyUw5UfIYK2Omgx/abWWCBtQguik4Vfwi9T+
WWcI48SnmDdnWsTM009ixLF3c8kxlJJRI6nQZLgtGPChembbMrF9t5h+Y1lzxfqP
C8ovotVsbJKplf9CesLuLA5aJ/89XvvqXFLkF6QyBd9/KVuafDHCX9UJo1oBk7Wy
Sg3zvMfqzSk+SbtXBJgr+CK4ff6cVBAAGUIWErCujFc9/5rPuQ8zCKKZxvCTAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUNXEgM/2h0EP5Ng6G12qIyy/eYnEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVQYIKwYBBQUHAQcBAf8ERjBEMEIEAgABMDwDBABbfFAD
BABbfH4DBABbfLEDBABccDoDBABccJMDBABfh24DBABfh3UDBABfh3wDBABfh/kD
BABfh/wwDQYJKoZIhvcNAQELBQADggEBABJ4SfmHpUyStzvFHuHFdIP9+bdTBjmV
VKM441RADnFUhxTtgmcXa7GtFFaXvAiOuYxO2r0SlmLAaw5dOLnupVxdZSDRkjYQ
soPI9yBmLa7opU80Ny5wiaGjPvhdXXxVkSPItmG+tBckuCqNwXAFesKKw3B7Qd50
iyUd/bzGDxjSal/5HT6/8tYGK1TmSwi2qCH5zd7PWMxq4Ww+52JbL+Y573W+230n
0Y86N8H7Q1GyODhws80me61EesiIMIRT5ExN9JM2US1GcK3YSl5DTQKL1dydR/YY
MuDs0dZf5Scxweb5gOC67sMOgB1mIjh05zlrSqFvYa+1DBLQXGhCqcI=
-----END CERTIFICATE-----
Generated at Sat Jun 14 11:01:21 2025 by rpki-client