Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS42689.roa
File: AS42689.roa (raw, json)
Hash identifier: rIZVFdX1vSngimOx3QQ2nmfupDM8QCaUPLCaPbocdbg=
Subject key identifier: 69:21:1F:09:DA:39:F0:B8:59:60:1D:BD:55:E0:95:DA:65:BA:AD:8D
Certificate issuer: /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial: 67B69771F06220CFD7601737A5A6B18306050623
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS42689.roa
Signing time: Wed 20 May 2026 10:15:23 +0000
ROA not before: Wed 20 May 2026 10:10:23 +0000
ROA not after: Wed 19 May 2027 10:15:23 +0000
asID: 42689
IP address blocks: 51.146.154.0/24 maxlen: 24
51.146.157.0/24 maxlen: 24
51.146.159.0/24 maxlen: 24
51.146.208.0/23 maxlen: 24
51.146.210.0/24 maxlen: 24
51.146.250.0/23 maxlen: 24
51.194.34.0/23 maxlen: 24
51.194.48.0/22 maxlen: 24
51.194.60.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 04 Jun 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:b6:97:71:f0:62:20:cf:d7:60:17:37:a5:a6:b1:83:06:05:06:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Validity
Not Before: May 20 10:10:23 2026 GMT
Not After : May 19 10:15:23 2027 GMT
Subject: CN=69211F09DA39F0B859601DBD55E095DA65BAAD8D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:1d:1c:8c:61:b9:bd:28:41:06:4f:65:0b:b0:
06:1d:ab:40:46:65:84:56:c9:1a:5e:2f:39:b0:3a:
a0:d6:fc:b4:d3:ac:16:71:71:bc:9c:9c:e0:5e:f8:
49:2e:f7:e4:7f:1b:dc:50:78:8d:12:a2:3a:d4:75:
af:3f:8a:e7:4f:e0:c1:10:16:7d:6c:26:28:f2:39:
ff:fb:83:54:87:34:cb:b7:78:9d:ff:7a:53:b7:76:
07:00:28:72:88:3a:ac:b4:f2:22:a7:42:9c:20:c0:
76:f9:f1:7b:2f:a1:3b:53:89:69:d8:23:96:19:32:
05:fe:29:65:cc:c5:64:4a:8a:e9:a5:f6:35:8f:00:
59:56:95:80:19:97:7f:4b:35:a5:93:fd:42:67:16:
1e:f0:0d:12:59:dc:ee:d4:a4:56:50:57:3c:54:5c:
f9:5b:2e:72:76:8c:2a:a4:5b:04:f5:84:55:ec:29:
11:b7:c7:1f:61:79:66:3f:81:0c:52:28:16:70:a1:
f3:1e:77:13:61:b5:5a:47:d5:b2:9c:21:c7:47:51:
9c:0c:3e:ff:93:8a:10:a2:e1:72:a4:8a:7f:2f:b0:
82:3f:61:86:16:7e:3d:8c:31:b9:0d:c5:af:c0:ce:
a1:98:be:4e:72:91:be:21:bb:3d:4f:3a:8c:ae:1d:
e1:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:21:1F:09:DA:39:F0:B8:59:60:1D:BD:55:E0:95:DA:65:BA:AD:8D
X509v3 Authority Key Identifier:
keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS42689.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.146.154.0/24
51.146.157.0/24
51.146.159.0/24
51.146.208.0-51.146.210.255
51.146.250.0/23
51.194.34.0/23
51.194.48.0/22
51.194.60.0/22
Signature Algorithm: sha256WithRSAEncryption
9d:d4:f2:a0:d3:3f:42:54:08:ee:2a:90:a8:d1:4a:8c:2e:c2:
97:77:bf:74:33:1a:ba:2b:64:ac:ed:e7:89:cb:b5:fe:7d:9e:
c0:56:f9:40:68:f4:a3:63:da:97:1d:8f:9b:e7:a5:a9:eb:de:
57:59:72:ab:ec:59:33:0d:de:14:22:82:18:77:cb:8e:4d:82:
fd:2f:3e:8b:9d:a2:ba:f1:71:9d:2c:7c:ab:f7:85:0a:b7:a9:
e8:3a:d4:6f:de:19:42:f5:80:ad:d7:3f:cf:74:2a:49:84:ff:
47:26:e6:7e:83:d7:90:21:b1:23:78:d5:9d:fb:fb:f7:a7:97:
4a:bc:b8:23:78:d0:be:f0:84:62:c9:7d:ae:34:23:91:2c:a4:
60:89:64:8f:df:2c:cd:49:fc:ae:b4:cd:c4:9d:d3:02:18:bd:
84:93:d2:40:08:77:61:a4:62:c3:49:cb:4a:4b:28:a8:2b:ef:
d9:b8:ca:4b:93:f1:d8:c3:40:85:f7:64:71:ce:8d:6c:de:90:
24:ad:8a:db:cf:81:c2:73:d1:59:26:48:22:23:d5:60:0e:00:
44:eb:10:4b:4c:6b:dc:64:82:47:ae:8d:4b:60:43:ab:55:0c:
07:0b:9e:b5:e1:84:7a:5e:c2:6b:88:37:53:50:25:c5:8b:17:
29:3f:76:25
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZ7aXcfBiIM/XYBc3paaxgwYFBiMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA1MjAxMDEwMjNaFw0yNzA1MTkxMDE1MjNaMDMxMTAvBgNV
BAMTKDY5MjExRjA5REEzOUYwQjg1OTYwMURCRDU1RTA5NURBNjVCQUFEOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYHRyMYbm9KEEGT2ULsAYdq0BG
ZYRWyRpeLzmwOqDW/LTTrBZxcbycnOBe+Eku9+R/G9xQeI0SojrUda8/iudP4MEQ
Fn1sJijyOf/7g1SHNMu3eJ3/elO3dgcAKHKIOqy08iKnQpwgwHb58XsvoTtTiWnY
I5YZMgX+KWXMxWRKiuml9jWPAFlWlYAZl39LNaWT/UJnFh7wDRJZ3O7UpFZQVzxU
XPlbLnJ2jCqkWwT1hFXsKRG3xx9heWY/gQxSKBZwofMedxNhtVpH1bKcIcdHUZwM
Pv+TihCi4XKkin8vsII/YYYWfj2MMbkNxa/AzqGYvk5ykb4huz1POoyuHeEJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUaSEfCdo58LhZYB29VeCV2mW6rY0wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTNDI2ODkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwUQYIKwYBBQUHAQcBAf8EQjBAMD4EAgABMDgDBAAzkpoD
BAAzkp0DBAAzkp8wDAMEBDOS0AMEADOS0gMEATOS+gMEATPCIgMEAjPCMAMEAjPC
PDANBgkqhkiG9w0BAQsFAAOCAQEAndTyoNM/QlQI7iqQqNFKjC7Cl3e/dDMauitk
rO3nicu1/n2ewFb5QGj0o2Palx2Pm+elqeveV1lyq+xZMw3eFCKCGHfLjk2C/S8+
i52iuvFxnSx8q/eFCrep6DrUb94ZQvWArdc/z3QqSYT/RybmfoPXkCGxI3jVnfv7
96eXSry4I3jQvvCEYsl9rjQjkSykYIlkj98szUn8rrTNxJ3TAhi9hJPSQAh3YaRi
w0nLSksoqCvv2bjKS5Px2MNAhfdkcc6NbN6QJK2K28+BwnPRWSZIIiPVYA4AROsQ
S0xr3GSCR66NS2BDq1UMBwueteGEel7Ca4g3U1AlxYsXKT92JQ==
-----END CERTIFICATE-----
Generated at Wed Jun 3 08:31:23 2026 by rpki-client