Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
File: AS39521.roa (raw, json)
Hash identifier: RFPFtjFVnnfnPIq6wkoo9M3UdInHoSpU1SlD7mjMVgE=
Subject key identifier: E9:AD:D1:A9:3A:70:B2:4A:D1:2F:A3:AD:A7:9F:1A:BF:D5:B0:BF:D7
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 1A862905B18B9F58238D9887C61BF19EC0271F1F
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
Signing time: Tue 21 Oct 2025 14:35:55 +0000
ROA not before: Tue 21 Oct 2025 14:30:55 +0000
ROA not after: Tue 20 Oct 2026 14:35:55 +0000
asID: 39521
IP address blocks: 143.20.6.0/24 maxlen: 24
143.20.7.0/24 maxlen: 24
143.20.32.0/24 maxlen: 24
143.20.42.0/24 maxlen: 24
143.20.48.0/24 maxlen: 24
143.20.53.0/24 maxlen: 24
143.20.54.0/24 maxlen: 24
143.20.55.0/24 maxlen: 24
143.20.56.0/24 maxlen: 24
143.20.57.0/24 maxlen: 24
143.20.59.0/24 maxlen: 24
143.20.60.0/24 maxlen: 24
143.20.61.0/24 maxlen: 24
143.20.62.0/24 maxlen: 24
143.20.63.0/24 maxlen: 24
143.20.104.0/24 maxlen: 24
143.20.124.0/24 maxlen: 24
143.20.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 22 Oct 2025 19:12:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:86:29:05:b1:8b:9f:58:23:8d:98:87:c6:1b:f1:9e:c0:27:1f:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Oct 21 14:30:55 2025 GMT
Not After : Oct 20 14:35:55 2026 GMT
Subject: CN=E9ADD1A93A70B24AD12FA3ADA79F1ABFD5B0BFD7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:85:38:72:c4:38:c8:6f:1d:8e:c0:29:56:46:
37:6a:33:dd:9a:7d:ce:3b:bc:77:25:5f:ee:32:58:
67:4e:bd:9e:a6:cd:5a:69:bb:f0:71:b7:1e:16:70:
f1:4f:01:ae:11:19:4f:5d:3b:d0:90:97:90:76:74:
9b:5a:ac:34:4b:14:92:26:d7:59:75:54:63:5d:10:
b8:38:74:29:42:ca:0a:58:45:65:a9:dd:de:e6:b3:
ca:a5:bf:3c:cb:db:ef:9b:2b:66:64:e7:4d:95:77:
85:f6:8a:7d:c9:e5:4b:fd:73:52:ad:53:20:2d:5e:
34:33:e2:ba:85:94:22:e8:bb:3c:31:67:fd:3f:7e:
11:9d:8c:e8:fa:f4:33:a0:09:ac:c6:f7:a2:64:2d:
52:c0:06:46:f1:c8:2d:00:6e:7c:8e:bd:01:91:72:
a9:fa:b0:9f:3e:65:58:7f:52:85:d1:6b:a7:e4:03:
92:69:52:30:7f:09:96:52:0d:32:03:f0:ec:6c:77:
1c:87:d0:76:7f:8b:a3:2d:53:5d:ec:24:25:31:6d:
18:ac:1e:d0:24:f2:ad:26:66:61:8b:13:0d:19:5d:
a9:64:0f:a1:92:50:9b:f5:93:d6:32:87:2f:5c:f1:
b6:fa:e4:10:0f:22:98:a2:01:04:3f:e9:40:4d:42:
2c:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:AD:D1:A9:3A:70:B2:4A:D1:2F:A3:AD:A7:9F:1A:BF:D5:B0:BF:D7
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.6.0/23
143.20.32.0/24
143.20.42.0/24
143.20.48.0/24
143.20.53.0-143.20.57.255
143.20.59.0-143.20.63.255
143.20.104.0/24
143.20.124.0/23
Signature Algorithm: sha256WithRSAEncryption
2c:0d:95:7b:d5:cb:87:7f:42:f6:5e:db:72:9e:b0:93:f4:d4:
78:d5:d3:98:0f:e7:2f:0a:31:1e:0f:f5:e5:42:09:07:76:3b:
9c:4a:1a:08:bf:4b:32:ba:af:aa:1e:a4:fe:72:0b:77:53:d2:
5c:72:f7:44:fe:2c:87:c7:44:c0:af:90:34:c9:f9:0e:62:69:
ab:1e:e1:18:61:1f:4e:74:d6:fb:ab:fc:e5:2c:e0:aa:b4:66:
18:5e:6a:d2:9d:91:37:ea:66:e5:90:ff:7e:52:2a:2c:af:42:
6c:fd:e2:2b:2c:91:61:3e:81:22:e3:d5:3b:c7:92:dc:ae:f1:
cb:37:e9:53:1a:c4:4e:52:25:e1:06:fc:6b:4e:4f:8b:0a:41:
82:a1:7f:03:9a:e8:1a:71:d6:41:7e:70:84:c8:2f:cb:55:55:
18:d2:25:1f:90:0e:e0:16:b5:eb:08:9a:58:fb:fd:52:9c:5d:
8e:16:d2:82:42:e6:89:04:b9:49:19:a9:d6:1b:0b:ed:16:63:
29:4d:9a:e4:0b:35:37:af:1c:b5:e4:70:99:8a:d4:af:f2:b5:
d9:bb:75:8a:2c:2e:46:21:ee:d2:22:7a:93:63:e6:a3:33:63:
6d:c0:d0:e7:f4:f4:f7:8c:0f:3b:d5:ce:e2:e7:da:e6:a6:e2:
55:00:cd:08
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgIUGoYpBbGLn1gjjZiHxhvxnsAnHx8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMjExNDMwNTVaFw0yNjEwMjAxNDM1NTVaMDMxMTAvBgNV
BAMTKEU5QUREMUE5M0E3MEIyNEFEMTJGQTNBREE3OUYxQUJGRDVCMEJGRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYhThyxDjIbx2OwClWRjdqM92a
fc47vHclX+4yWGdOvZ6mzVppu/Bxtx4WcPFPAa4RGU9dO9CQl5B2dJtarDRLFJIm
11l1VGNdELg4dClCygpYRWWp3d7ms8qlvzzL2++bK2Zk502Vd4X2in3J5Uv9c1Kt
UyAtXjQz4rqFlCLouzwxZ/0/fhGdjOj69DOgCazG96JkLVLABkbxyC0AbnyOvQGR
cqn6sJ8+ZVh/UoXRa6fkA5JpUjB/CZZSDTID8OxsdxyH0HZ/i6MtU13sJCUxbRis
HtAk8q0mZmGLEw0ZXalkD6GSUJv1k9Yyhy9c8bb65BAPIpiiAQQ/6UBNQix9AgMB
AAGjggJDMIICPzAdBgNVHQ4EFgQU6a3RqTpwskrRL6Otp58av9Wwv9cwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk1MjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwWQYIKwYBBQUHAQcBAf8ESjBIMEYEAgABMEADBAGPFAYD
BACPFCADBACPFCoDBACPFDAwDAMEAI8UNQMEAY8UODAMAwQAjxQ7AwQGjxQAAwQA
jxRoAwQBjxR8MA0GCSqGSIb3DQEBCwUAA4IBAQAsDZV71cuHf0L2XttynrCT9NR4
1dOYD+cvCjEeD/XlQgkHdjucShoIv0syuq+qHqT+cgt3U9JccvdE/iyHx0TAr5A0
yfkOYmmrHuEYYR9OdNb7q/zlLOCqtGYYXmrSnZE36mblkP9+Uiosr0Js/eIrLJFh
PoEi49U7x5LcrvHLN+lTGsROUiXhBvxrTk+LCkGCoX8DmugacdZBfnCEyC/LVVUY
0iUfkA7gFrXrCJpY+/1SnF2OFtKCQuaJBLlJGanWGwvtFmMpTZrkCzU3rxy15HCZ
itSv8rXZu3WKLC5GIe7SInqTY+ajM2NtwNDn9PT3jA871c7i59rmpuJVAM0I
-----END CERTIFICATE-----
Generated at Wed Oct 22 03:04:39 2025 by rpki-client