Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
File: AS39521.roa (raw, json)
Hash identifier: mnIflMATOx7mU4oL2MvfRF8TZ1mgYnyC25kBCxBwWds=
Subject key identifier: 5C:C3:32:95:BA:FF:25:8A:92:EE:5A:84:11:EE:1C:62:D5:3D:3A:66
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 641C08C955BC3B8B77E0BC330137AAAC5251636B
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
Signing time: Wed 11 Jun 2025 13:23:24 +0000
ROA not before: Wed 11 Jun 2025 13:18:24 +0000
ROA not after: Wed 10 Jun 2026 13:23:24 +0000
asID: 39521
IP address blocks: 143.20.6.0/24 maxlen: 24
143.20.7.0/24 maxlen: 24
143.20.104.0/24 maxlen: 24
143.20.105.0/24 maxlen: 24
143.20.124.0/24 maxlen: 24
143.20.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 16 Jun 2025 13:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:1c:08:c9:55:bc:3b:8b:77:e0:bc:33:01:37:aa:ac:52:51:63:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Jun 11 13:18:24 2025 GMT
Not After : Jun 10 13:23:24 2026 GMT
Subject: CN=5CC33295BAFF258A92EE5A8411EE1C62D53D3A66
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:b3:24:df:d0:00:e8:96:cb:af:ed:6a:a3:86:
7f:65:61:66:19:e1:d4:c0:4f:c1:44:12:04:00:d7:
c2:76:52:64:86:aa:63:2c:e8:5d:fd:f0:ea:b6:06:
0c:4a:05:24:3d:7a:8d:13:f7:d1:04:da:96:0b:e7:
7f:2a:25:76:ce:73:fe:04:12:9d:f8:6c:bb:69:98:
34:e5:cb:31:5d:d4:8a:40:d7:e4:94:9d:d3:5e:aa:
d9:91:05:4b:9b:5f:e8:98:43:ba:a9:43:60:81:5f:
5f:f8:35:ab:b9:c3:3b:0a:38:41:15:38:a1:ac:25:
9d:44:7c:36:90:82:75:d6:48:90:cc:e2:5b:d8:9b:
91:97:d5:e0:57:e8:32:ec:aa:0e:30:9c:e1:fd:80:
33:08:e3:b6:b3:c7:73:b3:d0:11:70:d1:21:33:d4:
e9:48:3a:4d:6f:c3:c6:5f:1b:20:f0:1d:1b:d5:83:
c3:13:55:b0:d0:29:b3:97:33:59:7f:e1:5d:c5:c5:
6f:e4:21:72:a4:bb:67:d7:f4:b5:ba:d2:e2:2b:12:
03:ad:ea:36:9a:2d:f8:b0:e8:d5:2c:48:15:27:58:
5b:19:62:83:4f:5b:e0:38:de:4e:0e:6c:84:64:2f:
49:76:ee:7f:2a:a1:f7:ab:fe:1f:ff:aa:cd:79:75:
92:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:C3:32:95:BA:FF:25:8A:92:EE:5A:84:11:EE:1C:62:D5:3D:3A:66
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.6.0/23
143.20.104.0/23
143.20.124.0/23
Signature Algorithm: sha256WithRSAEncryption
db:85:ea:62:a2:bb:d8:5c:7f:ee:ec:1b:5d:1d:6f:42:0a:50:
d8:9f:68:fb:e6:fe:63:db:ea:df:a6:05:18:37:89:09:98:c9:
09:f3:bc:8c:b9:d1:a0:e1:ee:dd:5b:34:f1:1c:af:25:44:25:
56:15:a4:f6:36:a7:a8:f5:53:2c:e0:f8:1f:53:a7:45:43:10:
ea:89:27:05:db:f3:c3:93:62:d0:43:b2:63:15:22:2d:b7:a9:
90:f0:8f:b6:87:ea:dd:f1:9d:a0:50:0a:86:c7:66:38:8a:09:
95:ef:24:b2:48:e1:6d:5b:6e:5b:81:03:75:e5:18:1e:c3:9d:
95:62:25:dd:d7:90:eb:3f:64:0a:1f:5a:44:aa:7e:67:53:bb:
d4:43:d7:02:7c:b1:e5:97:1f:c5:a8:d7:59:0f:c8:dc:59:1d:
71:a9:fd:00:92:11:e1:44:0d:30:d0:e0:f4:a5:69:1d:a3:25:
aa:43:3c:6a:d5:e9:f5:28:7a:7f:78:b5:a3:52:c0:c9:37:b9:
14:ac:1e:ce:8d:59:9b:0e:9e:ce:e2:e0:30:e5:e0:ea:ae:53:
3f:b2:5e:fc:32:e9:6b:c1:61:15:5e:e1:69:a0:86:09:67:b3:
a9:22:b9:bf:de:83:00:ed:3d:f8:7d:0a:30:e7:c6:99:4e:50:
3d:60:60:6f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUZBwIyVW8O4t34LwzATeqrFJRY2swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTExMzE4MjRaFw0yNjA2MTAxMzIzMjRaMDMxMTAvBgNV
BAMTKDVDQzMzMjk1QkFGRjI1OEE5MkVFNUE4NDExRUUxQzYyRDUzRDNBNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwsyTf0ADolsuv7Wqjhn9lYWYZ
4dTAT8FEEgQA18J2UmSGqmMs6F398Oq2BgxKBSQ9eo0T99EE2pYL538qJXbOc/4E
Ep34bLtpmDTlyzFd1IpA1+SUndNeqtmRBUubX+iYQ7qpQ2CBX1/4Nau5wzsKOEEV
OKGsJZ1EfDaQgnXWSJDM4lvYm5GX1eBX6DLsqg4wnOH9gDMI47azx3Oz0BFw0SEz
1OlIOk1vw8ZfGyDwHRvVg8MTVbDQKbOXM1l/4V3FxW/kIXKku2fX9LW60uIrEgOt
6jaaLfiw6NUsSBUnWFsZYoNPW+A43k4ObIRkL0l27n8qofer/h//qs15dZIFAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUXMMylbr/JYqS7lqEEe4cYtU9OmYwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk1MjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAGPFAYD
BAGPFGgDBAGPFHwwDQYJKoZIhvcNAQELBQADggEBANuF6mKiu9hcf+7sG10db0IK
UNifaPvm/mPb6t+mBRg3iQmYyQnzvIy50aDh7t1bNPEcryVEJVYVpPY2p6j1Uyzg
+B9Tp0VDEOqJJwXb88OTYtBDsmMVIi23qZDwj7aH6t3xnaBQCobHZjiKCZXvJLJI
4W1bbluBA3XlGB7DnZViJd3XkOs/ZAofWkSqfmdTu9RD1wJ8seWXH8Wo11kPyNxZ
HXGp/QCSEeFEDTDQ4PSlaR2jJapDPGrV6fUoen94taNSwMk3uRSsHs6NWZsOns7i
4DDl4OquUz+yXvwy6WvBYRVe4Wmghglns6kiub/egwDtPfh9CjDnxplOUD1gYG8=
-----END CERTIFICATE-----
Generated at Sun Jun 15 19:26:15 2025 by rpki-client