Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS39521.roa
File: AS39521.roa (raw, json)
Hash identifier: 6aq4rTAR9a6H5fXZghQnUMqvsdIYhWKmG4an5RINB7I=
Subject key identifier: 23:C9:DF:66:CA:BE:03:BB:E6:3D:76:E3:E1:F9:B9:4D:00:AA:34:AC
Certificate issuer: /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial: 1BC3A195C77458D7BE013C66A04C4E135A1AD627
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS39521.roa
Signing time: Thu 28 Aug 2025 00:03:13 +0000
ROA not before: Wed 27 Aug 2025 23:58:13 +0000
ROA not after: Thu 27 Aug 2026 00:03:13 +0000
asID: 39521
IP address blocks: 82.21.58.0/24 maxlen: 24
82.21.72.0/24 maxlen: 24
82.21.84.0/24 maxlen: 24
82.21.112.0/24 maxlen: 24
82.21.116.0/24 maxlen: 24
82.21.126.0/24 maxlen: 24
82.21.165.0/24 maxlen: 24
82.22.143.0/24 maxlen: 24
82.22.145.0/24 maxlen: 24
82.22.146.0/24 maxlen: 24
82.22.157.0/24 maxlen: 24
82.22.160.0/24 maxlen: 24
82.22.162.0/24 maxlen: 24
82.22.167.0/24 maxlen: 24
82.22.186.0/24 maxlen: 24
82.22.193.0/24 maxlen: 24
82.23.173.0/24 maxlen: 24
82.23.188.0/24 maxlen: 24
82.23.191.0/24 maxlen: 24
82.25.145.0/24 maxlen: 24
82.25.175.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1b:c3:a1:95:c7:74:58:d7:be:01:3c:66:a0:4c:4e:13:5a:1a:d6:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Validity
Not Before: Aug 27 23:58:13 2025 GMT
Not After : Aug 27 00:03:13 2026 GMT
Subject: CN=23C9DF66CABE03BBE63D76E3E1F9B94D00AA34AC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:96:59:b5:25:aa:e1:1b:8c:e8:97:1d:90:b4:
f2:9b:08:a5:0a:4b:7b:0b:a0:65:de:bc:84:e1:4a:
41:4a:c2:22:6f:e0:b4:81:4a:22:2f:0a:27:70:90:
c1:7a:8e:54:c5:d3:eb:28:44:4d:c0:06:c3:5f:9d:
17:bb:e5:a6:69:bf:a1:6c:d6:45:5b:c2:b2:10:df:
c1:84:0a:2e:6f:86:b8:82:b8:69:64:c7:4a:a7:e3:
a1:54:ec:e8:b2:74:fb:5c:64:43:a3:6f:96:0a:21:
4a:32:e9:99:ab:3b:0c:ec:6e:c2:8c:74:72:db:10:
a5:36:de:17:30:7c:de:80:9a:d5:64:9c:ad:5c:bf:
2f:3e:8b:f6:78:4e:97:38:83:3a:33:ae:6b:30:a7:
da:74:f4:da:5e:55:e5:75:fd:d2:fc:be:5a:b4:00:
68:56:e5:28:7a:30:d8:6e:3c:52:86:58:63:da:80:
b8:a4:77:97:01:d3:b5:fe:fd:58:cd:88:59:fb:73:
33:3f:56:e8:24:4c:a8:f7:c1:6a:9b:18:b1:03:fa:
e6:ae:5e:66:fb:8a:e4:d1:f4:99:a2:ef:c9:1b:89:
88:21:cb:64:6a:de:52:c1:50:3c:60:6b:aa:fc:03:
90:68:d8:79:7c:96:d5:41:37:ab:53:9c:36:83:cf:
5a:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:C9:DF:66:CA:BE:03:BB:E6:3D:76:E3:E1:F9:B9:4D:00:AA:34:AC
X509v3 Authority Key Identifier:
keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS39521.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.21.58.0/24
82.21.72.0/24
82.21.84.0/24
82.21.112.0/24
82.21.116.0/24
82.21.126.0/24
82.21.165.0/24
82.22.143.0/24
82.22.145.0-82.22.146.255
82.22.157.0/24
82.22.160.0/24
82.22.162.0/24
82.22.167.0/24
82.22.186.0/24
82.22.193.0/24
82.23.173.0/24
82.23.188.0/24
82.23.191.0/24
82.25.145.0/24
82.25.175.0/24
Signature Algorithm: sha256WithRSAEncryption
66:53:c9:6c:69:7e:a8:bd:eb:a2:f2:2f:34:4f:6e:ae:79:13:
87:fa:40:ec:a3:ef:3d:fa:b2:a9:b9:75:d1:e2:11:7e:ac:92:
83:3b:82:3c:79:80:39:1b:36:9f:80:e8:d6:a8:28:3a:4a:b7:
49:b8:58:3e:22:4e:f7:a4:18:f8:d4:0f:33:fc:a8:6b:fb:a8:
81:a5:97:fd:f7:88:47:bb:c2:5e:31:ab:11:f2:93:2e:ef:b5:
7d:f5:27:25:f5:0a:56:6a:72:63:b2:ce:06:bf:11:a9:96:13:
33:52:16:b6:5f:36:db:1a:4f:fc:20:b4:59:a8:80:cb:14:8b:
64:a4:95:02:8d:d2:a2:8b:2b:80:17:d9:d6:82:a3:35:49:ab:
f3:15:39:be:df:53:4e:c5:02:20:24:bb:d9:1a:58:87:17:9a:
5e:51:ca:e9:0d:22:e9:30:3a:44:c9:16:f3:b7:c3:02:fe:3a:
ac:d3:32:51:60:d1:48:d2:6a:2e:9d:98:b5:91:8b:80:97:5b:
b5:7e:3c:15:39:c4:2b:cf:18:7d:e4:12:eb:60:de:6e:f5:94:
0c:1b:6f:74:2c:4a:bb:ae:72:65:23:60:f2:28:80:f4:ae:61:
2e:b8:6e:ed:71:34:9f:2b:bc:17:99:4c:d5:05:56:a9:ae:ea:
1f:a3:dc:39
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgIUG8Ohlcd0WNe+ATxmoExOE1oa1icwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MjcyMzU4MTNaFw0yNjA4MjcwMDAzMTNaMDMxMTAvBgNV
BAMTKDIzQzlERjY2Q0FCRTAzQkJFNjNENzZFM0UxRjlCOTREMDBBQTM0QUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEllm1JarhG4zolx2QtPKbCKUK
S3sLoGXevIThSkFKwiJv4LSBSiIvCidwkMF6jlTF0+soRE3ABsNfnRe75aZpv6Fs
1kVbwrIQ38GECi5vhriCuGlkx0qn46FU7OiydPtcZEOjb5YKIUoy6ZmrOwzsbsKM
dHLbEKU23hcwfN6AmtVknK1cvy8+i/Z4Tpc4gzozrmswp9p09NpeVeV1/dL8vlq0
AGhW5Sh6MNhuPFKGWGPagLikd5cB07X+/VjNiFn7czM/VugkTKj3wWqbGLED+uau
Xmb7iuTR9Jmi78kbiYghy2Rq3lLBUDxga6r8A5Bo2Hl8ltVBN6tTnDaDz1qVAgMB
AAGjggKIMIIChDAdBgNVHQ4EFgQUI8nfZsq+A7vmPXbj4fm5TQCqNKwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk1MjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgZ0GCCsGAQUFBwEHAQH/BIGNMIGKMIGHBAIAATCBgAME
AFIVOgMEAFIVSAMEAFIVVAMEAFIVcAMEAFIVdAMEAFIVfgMEAFIVpQMEAFIWjzAM
AwQAUhaRAwQAUhaSAwQAUhadAwQAUhagAwQAUhaiAwQAUhanAwQAUha6AwQAUhbB
AwQAUhetAwQAUhe8AwQAUhe/AwQAUhmRAwQAUhmvMA0GCSqGSIb3DQEBCwUAA4IB
AQBmU8lsaX6oveui8i80T26ueROH+kDso+89+rKpuXXR4hF+rJKDO4I8eYA5Gzaf
gOjWqCg6SrdJuFg+Ik73pBj41A8z/Khr+6iBpZf994hHu8JeMasR8pMu77V99Scl
9QpWanJjss4GvxGplhMzUha2XzbbGk/8ILRZqIDLFItkpJUCjdKiiyuAF9nWgqM1
SavzFTm+31NOxQIgJLvZGliHF5peUcrpDSLpMDpEyRbzt8MC/jqs0zJRYNFI0mou
nZi1kYuAl1u1fjwVOcQrzxh95BLrYN5u9ZQMG290LEq7rnJlI2DyKID0rmEuuG7t
cTSfK7wXmUzVBVapruofo9w5
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:42:48 2025 by rpki-client