Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
File: AS39521.roa (raw, json)
Hash identifier: mQaB6EqNdzBbrFXpoHgmUqPnnvPg0ZZfgUjovnTjMTc=
Subject key identifier: 26:FE:7F:81:C3:8F:4C:1F:E9:C5:F5:78:2A:C3:34:F8:26:40:5C:13
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 45C15E1615610CEB623A98B382C9358A8B9B8873
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
Signing time: Mon 27 Oct 2025 00:04:36 +0000
ROA not before: Sun 26 Oct 2025 23:59:36 +0000
ROA not after: Mon 26 Oct 2026 00:04:36 +0000
asID: 39521
IP address blocks: 143.20.6.0/24 maxlen: 24
143.20.7.0/24 maxlen: 24
143.20.32.0/24 maxlen: 24
143.20.42.0/24 maxlen: 24
143.20.48.0/24 maxlen: 24
143.20.53.0/24 maxlen: 24
143.20.54.0/24 maxlen: 24
143.20.56.0/24 maxlen: 24
143.20.57.0/24 maxlen: 24
143.20.59.0/24 maxlen: 24
143.20.60.0/24 maxlen: 24
143.20.61.0/24 maxlen: 24
143.20.62.0/24 maxlen: 24
143.20.63.0/24 maxlen: 24
143.20.104.0/24 maxlen: 24
143.20.124.0/24 maxlen: 24
143.20.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:c1:5e:16:15:61:0c:eb:62:3a:98:b3:82:c9:35:8a:8b:9b:88:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Oct 26 23:59:36 2025 GMT
Not After : Oct 26 00:04:36 2026 GMT
Subject: CN=26FE7F81C38F4C1FE9C5F5782AC334F826405C13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:25:12:14:15:d3:d9:9e:7c:68:08:eb:1d:af:
e7:e6:71:48:68:86:8c:e9:ac:a5:1b:cf:c0:4e:82:
c3:90:1b:93:59:04:50:1b:ed:26:63:3f:b4:79:b1:
cf:4e:0b:ee:be:d0:0e:fb:bc:5a:1e:6a:e6:d3:21:
84:b6:c5:9f:8c:01:0a:37:2b:67:cc:b4:dc:d5:78:
9c:42:ed:ee:c0:4f:3d:40:b3:64:73:3e:eb:9c:dc:
45:38:9f:38:a6:fa:19:a0:09:56:e7:4b:1e:ee:8b:
9b:9b:56:03:07:3b:b3:a2:eb:70:57:33:eb:10:56:
59:5a:20:6f:81:9b:0f:6d:40:84:36:7c:bf:bd:c5:
85:c0:7f:27:fc:1c:7a:66:bf:d4:8d:1c:3d:d1:56:
a7:da:4e:59:88:a1:f8:d3:ba:e8:fb:fa:34:11:8d:
40:97:b5:ff:30:7f:91:81:d9:19:12:7d:d4:54:48:
04:a5:f5:1f:d4:5d:40:37:a4:33:91:3b:e8:56:b8:
e9:15:b1:32:ff:14:c8:34:0b:99:e5:7f:3c:03:c1:
67:10:81:ee:ed:a5:9f:86:41:75:50:5e:23:e7:9c:
3b:d8:c0:b4:47:0e:d3:40:61:4b:8e:ae:d9:a4:a0:
20:bf:ee:27:0f:7f:4a:22:26:72:ba:7a:10:b8:64:
96:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:FE:7F:81:C3:8F:4C:1F:E9:C5:F5:78:2A:C3:34:F8:26:40:5C:13
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.6.0/23
143.20.32.0/24
143.20.42.0/24
143.20.48.0/24
143.20.53.0-143.20.54.255
143.20.56.0/23
143.20.59.0-143.20.63.255
143.20.104.0/24
143.20.124.0/23
Signature Algorithm: sha256WithRSAEncryption
77:0a:94:47:44:c8:9c:af:13:53:4a:b7:4b:17:ee:8a:fb:39:
2b:6f:f6:f2:71:7c:29:fc:f9:3c:8f:60:9e:9e:4f:f6:ab:76:
b3:c9:88:45:d5:ea:7a:93:63:c0:bd:dd:4b:82:1d:44:73:42:
19:d4:65:d3:3e:e0:8e:cd:66:cf:c2:b7:39:3f:d6:75:55:69:
11:98:44:2e:d4:7e:56:db:74:c2:d9:96:38:84:5a:af:af:84:
58:92:0b:92:b7:fc:8f:c2:b3:80:67:78:17:6e:c3:5e:78:57:
1e:1f:b3:aa:33:9a:a4:27:39:29:92:53:68:36:91:d4:2d:db:
52:17:6f:4f:c1:4e:c9:73:a2:17:55:fd:97:81:d4:c3:e1:bb:
54:9e:96:4e:a3:39:26:c6:6b:3d:8e:f7:a9:6d:e4:00:a2:44:
43:58:d2:c4:0e:81:98:c1:d9:cb:44:b5:06:4d:28:ca:c2:36:
93:3b:59:76:b1:f9:ea:cb:33:f8:7b:38:8e:b3:60:93:8a:51:
c7:0b:46:7b:15:23:48:61:ca:73:37:ad:1d:13:7f:e6:0c:28:
3c:49:c7:9d:c1:b1:9c:ca:47:c2:a3:1e:ac:de:fb:c9:fc:35:
38:5b:52:0d:fc:9d:00:b0:f8:32:8e:7e:ee:29:d1:b8:ed:ed:
bd:3f:be:0e
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgIURcFeFhVhDOtiOpizgsk1ioubiHMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjYyMzU5MzZaFw0yNjEwMjYwMDA0MzZaMDMxMTAvBgNV
BAMTKDI2RkU3RjgxQzM4RjRDMUZFOUM1RjU3ODJBQzMzNEY4MjY0MDVDMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcJRIUFdPZnnxoCOsdr+fmcUho
hozprKUbz8BOgsOQG5NZBFAb7SZjP7R5sc9OC+6+0A77vFoeaubTIYS2xZ+MAQo3
K2fMtNzVeJxC7e7ATz1As2RzPuuc3EU4nzim+hmgCVbnSx7ui5ubVgMHO7Oi63BX
M+sQVllaIG+Bmw9tQIQ2fL+9xYXAfyf8HHpmv9SNHD3RVqfaTlmIofjTuuj7+jQR
jUCXtf8wf5GB2RkSfdRUSASl9R/UXUA3pDORO+hWuOkVsTL/FMg0C5nlfzwDwWcQ
ge7tpZ+GQXVQXiPnnDvYwLRHDtNAYUuOrtmkoCC/7icPf0oiJnK6ehC4ZJYjAgMB
AAGjggJJMIICRTAdBgNVHQ4EFgQUJv5/gcOPTB/pxfV4KsM0+CZAXBMwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk1MjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwXwYIKwYBBQUHAQcBAf8EUDBOMEwEAgABMEYDBAGPFAYD
BACPFCADBACPFCoDBACPFDAwDAMEAI8UNQMEAI8UNgMEAY8UODAMAwQAjxQ7AwQG
jxQAAwQAjxRoAwQBjxR8MA0GCSqGSIb3DQEBCwUAA4IBAQB3CpRHRMicrxNTSrdL
F+6K+zkrb/bycXwp/Pk8j2Cenk/2q3azyYhF1ep6k2PAvd1Lgh1Ec0IZ1GXTPuCO
zWbPwrc5P9Z1VWkRmEQu1H5W23TC2ZY4hFqvr4RYkguSt/yPwrOAZ3gXbsNeeFce
H7OqM5qkJzkpklNoNpHULdtSF29PwU7Jc6IXVf2XgdTD4btUnpZOozkmxms9jvep
beQAokRDWNLEDoGYwdnLRLUGTSjKwjaTO1l2sfnqyzP4eziOs2CTilHHC0Z7FSNI
YcpzN60dE3/mDCg8ScedwbGcykfCox6s3vvJ/DU4W1IN/J0AsPgyjn7uKdG47e29
P74O
-----END CERTIFICATE-----
Generated at Wed Nov 5 02:36:14 2025 by rpki-client