Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS42689.roa
File: AS42689.roa (raw, json)
Hash identifier: kwlmfcXyVOBI1+ZcCrXoz2SHftfQVRDllPtBRfMglyY=
Subject key identifier: 6B:89:22:CF:BD:EB:6F:7A:D7:E2:A0:A6:45:20:0D:D9:8A:CB:64:6D
Certificate issuer: /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial: 5A225425B7034EA1FF2E6E8C26654000D74454B8
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS42689.roa
Signing time: Fri 10 Apr 2026 05:43:07 +0000
ROA not before: Fri 10 Apr 2026 05:38:07 +0000
ROA not after: Fri 09 Apr 2027 05:43:07 +0000
asID: 42689
IP address blocks: 51.146.154.0/24 maxlen: 24
51.146.157.0/24 maxlen: 24
51.146.159.0/24 maxlen: 24
51.146.208.0/23 maxlen: 24
51.146.210.0/24 maxlen: 24
51.146.250.0/23 maxlen: 24
51.194.34.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 19 Apr 2026 17:59:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:22:54:25:b7:03:4e:a1:ff:2e:6e:8c:26:65:40:00:d7:44:54:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Validity
Not Before: Apr 10 05:38:07 2026 GMT
Not After : Apr 9 05:43:07 2027 GMT
Subject: CN=6B8922CFBDEB6F7AD7E2A0A645200DD98ACB646D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:38:72:c6:fb:64:23:69:5b:ce:63:00:5b:b1:
99:41:e6:e8:43:d6:82:6c:2a:85:8a:3a:8b:4c:c9:
b9:f6:08:ef:0b:49:03:6d:55:a2:15:b8:15:a3:8c:
83:34:14:70:c3:1a:45:5c:b0:4f:2b:b6:0c:12:a6:
23:77:ac:69:5e:cf:b5:58:61:86:1c:cc:7c:3f:3a:
0a:94:51:05:a9:93:c8:99:25:8a:7b:0b:2b:e0:c4:
14:ae:06:11:a3:77:ac:2e:3b:a9:56:e0:b5:3c:08:
ef:45:07:6d:f0:c9:f9:9a:2f:61:36:47:26:04:b7:
b6:ff:34:00:4a:76:85:9b:44:a5:7d:e6:e8:e1:fd:
c9:8d:dc:c7:dc:4a:1b:fd:2c:0a:92:96:af:59:cc:
13:05:62:24:3b:2b:95:14:30:15:b0:cc:0e:94:bf:
46:61:3a:bd:2f:dc:98:b5:ff:4b:11:11:bf:6c:5f:
04:c0:b2:e1:24:5d:bc:ca:bc:d4:ff:c4:7d:08:13:
99:8f:b7:5d:bc:a1:e9:24:49:b8:23:9b:60:79:2b:
bb:79:5d:08:6b:3f:89:e6:2f:cc:84:9d:07:c9:2d:
c9:1e:f9:5b:2b:a1:2e:e4:24:5b:44:a4:ee:d8:01:
37:77:d9:86:47:21:c8:ac:92:6c:b3:a2:29:5a:4d:
9c:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:89:22:CF:BD:EB:6F:7A:D7:E2:A0:A6:45:20:0D:D9:8A:CB:64:6D
X509v3 Authority Key Identifier:
keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS42689.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.146.154.0/24
51.146.157.0/24
51.146.159.0/24
51.146.208.0-51.146.210.255
51.146.250.0/23
51.194.34.0/23
Signature Algorithm: sha256WithRSAEncryption
96:d1:33:f0:ec:16:b6:74:29:63:6b:1d:d2:e0:b7:e3:e0:c2:
80:1c:58:c3:99:35:c3:4f:18:51:cc:6b:22:ad:2c:c2:06:9f:
be:5a:fd:8e:1c:15:ba:0e:8c:2d:ca:a8:53:5c:c5:ec:6b:17:
af:32:50:53:7e:2c:3b:b2:2c:40:7e:5b:63:d9:78:bf:92:dd:
37:6e:48:2e:f5:68:97:33:98:96:9f:87:5e:92:6f:e6:da:fb:
8e:e8:07:06:bf:e6:66:68:d2:b0:c9:c5:b5:94:59:05:91:fb:
1e:ab:13:b9:f0:55:42:01:74:7b:ff:f1:13:cc:b8:d6:6b:7e:
2a:fd:30:05:c9:94:11:c3:c1:03:e5:4e:d4:bb:99:2c:ca:a1:
4b:7c:36:61:aa:80:00:76:e7:b9:ce:26:52:df:29:fb:9c:7e:
18:0a:c8:12:9b:8a:bd:d4:e5:f5:4b:04:07:9e:eb:cd:5c:b1:
d6:2b:2d:b2:1c:27:fc:7c:69:d8:f7:c6:e1:71:83:c7:f6:87:
bb:69:86:e6:7b:fd:56:b7:6f:5e:cf:22:3c:99:1d:e0:cf:7d:
35:a6:0e:19:09:41:c8:76:74:dd:6f:61:16:d2:9d:5a:71:00:
86:5c:97:b3:97:4d:5f:29:4c:66:88:0e:a7:c4:52:c1:c2:f9:
15:21:09:42
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIUWiJUJbcDTqH/Lm6MJmVAANdEVLgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA0MTAwNTM4MDdaFw0yNzA0MDkwNTQzMDdaMDMxMTAvBgNV
BAMTKDZCODkyMkNGQkRFQjZGN0FEN0UyQTBBNjQ1MjAwREQ5OEFDQjY0NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTOHLG+2QjaVvOYwBbsZlB5uhD
1oJsKoWKOotMybn2CO8LSQNtVaIVuBWjjIM0FHDDGkVcsE8rtgwSpiN3rGlez7VY
YYYczHw/OgqUUQWpk8iZJYp7CyvgxBSuBhGjd6wuO6lW4LU8CO9FB23wyfmaL2E2
RyYEt7b/NABKdoWbRKV95ujh/cmN3MfcShv9LAqSlq9ZzBMFYiQ7K5UUMBWwzA6U
v0ZhOr0v3Ji1/0sREb9sXwTAsuEkXbzKvNT/xH0IE5mPt128oekkSbgjm2B5K7t5
XQhrP4nmL8yEnQfJLcke+VsroS7kJFtEpO7YATd32YZHIciskmyzoilaTZwHAgMB
AAGjggIvMIICKzAdBgNVHQ4EFgQUa4kiz73rb3rX4qCmRSAN2YrLZG0wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTNDI2ODkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwRQYIKwYBBQUHAQcBAf8ENjA0MDIEAgABMCwDBAAzkpoD
BAAzkp0DBAAzkp8wDAMEBDOS0AMEADOS0gMEATOS+gMEATPCIjANBgkqhkiG9w0B
AQsFAAOCAQEAltEz8OwWtnQpY2sd0uC34+DCgBxYw5k1w08YUcxrIq0swgafvlr9
jhwVug6MLcqoU1zF7GsXrzJQU34sO7IsQH5bY9l4v5LdN25ILvVolzOYlp+HXpJv
5tr7jugHBr/mZmjSsMnFtZRZBZH7HqsTufBVQgF0e//xE8y41mt+Kv0wBcmUEcPB
A+VO1LuZLMqhS3w2YaqAAHbnuc4mUt8p+5x+GArIEpuKvdTl9UsEB57rzVyx1ist
shwn/Hxp2PfG4XGDx/aHu2mG5nv9VrdvXs8iPJkd4M99NaYOGQlByHZ03W9hFtKd
WnEAhlyXs5dNXylMZogOp8RSwcL5FSEJQg==
-----END CERTIFICATE-----
Generated at Sun Apr 19 03:17:26 2026 by rpki-client