Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
File: AS39521.roa (raw, json)
Hash identifier: mN1oLnm5L5RJxLIo1FShg5R8fE5w+i57FYr8iWu3fis=
Subject key identifier: 8B:29:F8:66:5E:15:27:E4:5E:48:23:AC:6E:E3:59:B1:11:F8:E9:18
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 0649D79FD4C5A7267BEB58BB5D1F5D64DEACA0C4
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
Signing time: Tue 24 Feb 2026 15:52:31 +0000
ROA not before: Tue 24 Feb 2026 15:47:31 +0000
ROA not after: Tue 23 Feb 2027 15:52:31 +0000
asID: 39521
IP address blocks: 143.20.6.0/24 maxlen: 24
143.20.54.0/24 maxlen: 24
143.20.61.0/24 maxlen: 24
143.20.62.0/24 maxlen: 24
143.20.104.0/24 maxlen: 24
143.20.124.0/24 maxlen: 24
143.20.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 09:38:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:49:d7:9f:d4:c5:a7:26:7b:eb:58:bb:5d:1f:5d:64:de:ac:a0:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Feb 24 15:47:31 2026 GMT
Not After : Feb 23 15:52:31 2027 GMT
Subject: CN=8B29F8665E1527E45E4823AC6EE359B111F8E918
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:81:ed:20:1c:c3:89:a4:7b:aa:61:84:2c:a6:
e8:54:09:74:17:61:d5:3c:ca:2d:b3:98:fc:c4:07:
99:f1:d5:87:cc:25:a3:3b:f3:f4:27:67:83:20:e0:
32:92:8f:72:83:bd:37:e7:37:72:66:72:40:a5:d6:
3c:04:55:b6:d9:92:7f:69:73:69:0b:5c:74:83:14:
e6:f8:88:83:60:b1:05:ef:7c:fd:fd:a1:dd:08:5b:
d4:54:9e:6e:64:60:9a:8a:ce:b9:bf:a2:8c:d6:71:
e2:da:71:09:10:dd:c6:f7:0b:7e:87:c5:0f:e7:56:
b6:dc:b7:97:05:2f:5c:41:da:03:00:3c:c3:18:16:
6b:bb:7e:c1:a7:3a:32:06:bc:6f:51:0d:50:ae:9f:
03:3f:24:18:a7:1d:2c:28:79:bd:13:9c:47:c7:1a:
cb:c6:94:0a:21:14:e9:dd:af:6c:4b:13:66:7a:ca:
1c:ae:8c:02:d0:c4:9a:92:4c:eb:e2:ee:ad:1c:2d:
ee:2f:c5:dc:71:5d:fe:34:43:0c:b3:50:fd:23:1f:
26:98:a0:5d:7d:f6:aa:e4:b3:63:08:0c:92:4e:df:
b9:73:46:d1:62:d8:3a:28:cd:31:50:ca:b7:0e:5a:
26:31:15:5b:ad:1c:a3:ae:64:95:14:07:2c:07:d8:
9f:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:29:F8:66:5E:15:27:E4:5E:48:23:AC:6E:E3:59:B1:11:F8:E9:18
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.6.0/24
143.20.54.0/24
143.20.61.0-143.20.62.255
143.20.104.0/24
143.20.124.0/23
Signature Algorithm: sha256WithRSAEncryption
7a:47:39:91:24:91:88:09:67:4d:2b:db:22:f8:5d:e8:03:a3:
fd:4d:1c:f4:eb:19:84:fc:c8:7b:44:22:80:42:2a:8b:fc:c4:
c2:4f:0c:a8:af:cc:d8:e5:3b:09:11:f9:65:e9:a5:5b:81:74:
11:29:ae:92:e2:b1:d5:a8:f4:b5:d1:ec:93:8e:e4:44:c0:ee:
bc:f7:3b:9b:e9:64:49:22:19:93:36:c9:48:53:50:57:47:98:
d2:b4:5a:74:d4:7d:cd:21:df:57:41:fd:d2:21:d5:35:1d:80:
b2:1b:30:40:f3:3e:62:8d:91:8a:29:06:05:07:db:5b:85:9b:
38:c9:75:75:80:36:77:50:79:ad:d7:20:5a:44:9d:47:0c:cf:
e1:2e:dd:f8:56:80:60:3c:ef:3a:42:49:87:c0:62:34:d4:16:
f4:99:2f:e1:60:81:d8:9f:f8:8a:59:4c:0d:d3:d2:0f:4e:6b:
b0:32:ac:df:5b:96:58:02:af:61:a8:5c:bc:4b:41:a4:ba:63:
4a:a5:17:e9:b5:ad:32:c9:60:f4:59:cc:54:23:34:45:8a:9a:
c3:7c:d0:59:ed:35:87:1f:37:46:81:0e:05:60:6a:44:ff:63:
74:8c:f6:1f:7b:82:a3:48:8d:a5:5d:aa:54:26:8e:69:af:b6:
a3:16:02:4b
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIUBknXn9TFpyZ761i7XR9dZN6soMQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAyMjQxNTQ3MzFaFw0yNzAyMjMxNTUyMzFaMDMxMTAvBgNV
BAMTKDhCMjlGODY2NUUxNTI3RTQ1RTQ4MjNBQzZFRTM1OUIxMTFGOEU5MTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdge0gHMOJpHuqYYQspuhUCXQX
YdU8yi2zmPzEB5nx1YfMJaM78/QnZ4Mg4DKSj3KDvTfnN3JmckCl1jwEVbbZkn9p
c2kLXHSDFOb4iINgsQXvfP39od0IW9RUnm5kYJqKzrm/oozWceLacQkQ3cb3C36H
xQ/nVrbct5cFL1xB2gMAPMMYFmu7fsGnOjIGvG9RDVCunwM/JBinHSwoeb0TnEfH
GsvGlAohFOndr2xLE2Z6yhyujALQxJqSTOvi7q0cLe4vxdxxXf40QwyzUP0jHyaY
oF199qrks2MIDJJO37lzRtFi2DoozTFQyrcOWiYxFVutHKOuZJUUBywH2J9bAgMB
AAGjggIpMIICJTAdBgNVHQ4EFgQUiyn4Zl4VJ+ReSCOsbuNZsRH46RgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk1MjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPwYIKwYBBQUHAQcBAf8EMDAuMCwEAgABMCYDBACPFAYD
BACPFDYwDAMEAI8UPQMEAI8UPgMEAI8UaAMEAY8UfDANBgkqhkiG9w0BAQsFAAOC
AQEAekc5kSSRiAlnTSvbIvhd6AOj/U0c9OsZhPzIe0QigEIqi/zEwk8MqK/M2OU7
CRH5ZemlW4F0ESmukuKx1aj0tdHsk47kRMDuvPc7m+lkSSIZkzbJSFNQV0eY0rRa
dNR9zSHfV0H90iHVNR2AshswQPM+Yo2RiikGBQfbW4WbOMl1dYA2d1B5rdcgWkSd
RwzP4S7d+FaAYDzvOkJJh8BiNNQW9Jkv4WCB2J/4illMDdPSD05rsDKs31uWWAKv
YahcvEtBpLpjSqUX6bWtMslg9FnMVCM0RYqaw3zQWe01hx83RoEOBWBqRP9jdIz2
H3uCo0iNpV2qVCaOaa+2oxYCSw==
-----END CERTIFICATE-----
Generated at Sun Mar 1 20:10:46 2026 by rpki-client