Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
File: AS39521.roa (raw, json)
Hash identifier: 0ajDFded9PDJSDER0HMQrH6a3LRX9Pm42pqvFQXPUnE=
Subject key identifier: 73:06:FB:19:19:60:A5:CF:7F:4D:7A:E2:0A:67:02:C4:53:51:C1:D1
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 32DAB103FA4457B86BF0A97AB169E2975F49AE34
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
Signing time: Fri 27 Jun 2025 09:25:40 +0000
ROA not before: Fri 27 Jun 2025 09:20:40 +0000
ROA not after: Fri 26 Jun 2026 09:25:40 +0000
asID: 39521
IP address blocks: 143.20.6.0/24 maxlen: 24
143.20.7.0/24 maxlen: 24
143.20.13.0/24 maxlen: 24
143.20.14.0/24 maxlen: 24
143.20.15.0/24 maxlen: 24
143.20.22.0/24 maxlen: 24
143.20.28.0/24 maxlen: 24
143.20.29.0/24 maxlen: 24
143.20.31.0/24 maxlen: 24
143.20.32.0/24 maxlen: 24
143.20.33.0/24 maxlen: 24
143.20.37.0/24 maxlen: 24
143.20.38.0/24 maxlen: 24
143.20.41.0/24 maxlen: 24
143.20.42.0/24 maxlen: 24
143.20.44.0/24 maxlen: 24
143.20.46.0/24 maxlen: 24
143.20.48.0/24 maxlen: 24
143.20.52.0/24 maxlen: 24
143.20.53.0/24 maxlen: 24
143.20.54.0/24 maxlen: 24
143.20.55.0/24 maxlen: 24
143.20.56.0/24 maxlen: 24
143.20.57.0/24 maxlen: 24
143.20.59.0/24 maxlen: 24
143.20.60.0/24 maxlen: 24
143.20.61.0/24 maxlen: 24
143.20.62.0/24 maxlen: 24
143.20.63.0/24 maxlen: 24
143.20.104.0/24 maxlen: 24
143.20.105.0/24 maxlen: 24
143.20.124.0/24 maxlen: 24
143.20.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
32:da:b1:03:fa:44:57:b8:6b:f0:a9:7a:b1:69:e2:97:5f:49:ae:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Jun 27 09:20:40 2025 GMT
Not After : Jun 26 09:25:40 2026 GMT
Subject: CN=7306FB191960A5CF7F4D7AE20A6702C45351C1D1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:5e:d8:6e:1b:10:b7:6c:e6:b2:1c:ea:e6:07:
01:74:a2:11:85:02:65:31:60:8c:a8:7b:e6:77:8b:
43:31:1a:85:db:71:4d:7d:80:1b:8f:26:3a:8a:5b:
d6:48:73:e5:d0:d3:90:3a:3f:b9:f8:2b:da:a9:c3:
ce:0f:d8:b8:87:d3:18:30:a7:d2:6d:d5:89:b0:59:
95:ec:98:54:7f:f6:a5:f7:6c:19:98:17:14:3d:f0:
30:37:40:2f:59:41:a6:e8:47:82:6b:ea:9b:41:ba:
e1:67:55:07:4f:19:1b:26:92:40:b5:24:9f:18:81:
bd:de:c7:fc:7b:47:1d:bf:8d:03:e3:b9:8f:9e:3b:
b6:81:99:b1:0c:12:17:1f:c6:8b:a0:2e:f3:04:b4:
d0:03:42:50:83:2b:15:2f:fc:99:b5:c0:0b:9b:36:
47:10:7e:cf:97:fa:d8:9f:07:94:26:35:94:8a:9e:
67:12:83:5a:21:69:c4:56:2d:84:e9:b5:f6:ef:1e:
22:a2:28:b4:3a:8d:7b:e4:59:70:b9:31:55:3e:af:
85:60:30:14:ea:88:7e:5e:3d:f4:5a:c8:d3:66:e3:
9f:b1:a2:4c:2c:f0:5d:e6:44:24:7e:bf:ae:96:e8:
d8:09:81:b5:25:ae:94:dd:29:a6:73:94:08:15:50:
c3:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:06:FB:19:19:60:A5:CF:7F:4D:7A:E2:0A:67:02:C4:53:51:C1:D1
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.6.0/23
143.20.13.0-143.20.15.255
143.20.22.0/24
143.20.28.0/23
143.20.31.0-143.20.33.255
143.20.37.0-143.20.38.255
143.20.41.0-143.20.42.255
143.20.44.0/24
143.20.46.0/24
143.20.48.0/24
143.20.52.0-143.20.57.255
143.20.59.0-143.20.63.255
143.20.104.0/23
143.20.124.0/23
Signature Algorithm: sha256WithRSAEncryption
bc:e2:6c:58:27:b8:21:e5:22:d4:d3:50:37:a4:d1:af:fb:d6:
92:db:a5:46:a3:10:ee:6e:a4:73:50:59:19:b9:88:70:cd:5e:
ca:cb:96:a1:31:18:7d:3d:f2:aa:ac:d8:8f:29:07:cc:aa:e6:
d4:62:36:cc:35:23:39:8d:57:87:e5:ad:9f:72:f6:8b:a7:fc:
04:1b:ad:1b:5f:1f:a5:64:ab:c3:25:ec:8a:e7:21:7f:fb:b4:
bf:f5:82:40:a2:23:d2:06:ee:4a:da:82:48:18:ca:12:46:97:
88:04:89:9b:7a:c6:ef:db:39:76:5a:77:92:06:00:9e:e0:53:
93:c9:f9:e4:84:8b:8b:bf:98:9f:10:b0:fb:ef:db:ac:58:95:
ff:e9:f2:e9:5d:75:0b:0b:25:d5:54:7a:c1:c9:42:dc:ab:45:
b4:ad:fb:53:ff:cd:dc:83:25:96:8e:c4:11:92:e3:23:da:12:
4c:38:6e:02:65:8e:f0:47:40:a8:75:80:81:35:e1:46:da:3a:
b5:02:7e:09:f0:e4:dc:ca:c2:f2:9b:72:bd:10:f8:56:1c:78:
20:fc:c2:79:6e:e1:28:4a:ba:a6:a2:a1:25:fd:89:34:4b:4f:
50:07:d9:98:e0:e8:30:0b:46:f3:cb:24:1b:3e:cc:e6:4d:5e:
84:bd:a7:9e
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIUMtqxA/pEV7hr8Kl6sWnil19JrjQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjcwOTIwNDBaFw0yNjA2MjYwOTI1NDBaMDMxMTAvBgNV
BAMTKDczMDZGQjE5MTk2MEE1Q0Y3RjREN0FFMjBBNjcwMkM0NTM1MUMxRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVXthuGxC3bOayHOrmBwF0ohGF
AmUxYIyoe+Z3i0MxGoXbcU19gBuPJjqKW9ZIc+XQ05A6P7n4K9qpw84P2LiH0xgw
p9Jt1YmwWZXsmFR/9qX3bBmYFxQ98DA3QC9ZQaboR4Jr6ptBuuFnVQdPGRsmkkC1
JJ8Ygb3ex/x7Rx2/jQPjuY+eO7aBmbEMEhcfxougLvMEtNADQlCDKxUv/Jm1wAub
NkcQfs+X+tifB5QmNZSKnmcSg1ohacRWLYTptfbvHiKiKLQ6jXvkWXC5MVU+r4Vg
MBTqiH5ePfRayNNm45+xokws8F3mRCR+v66W6NgJgbUlrpTdKaZzlAgVUMN5AgMB
AAGjggKMMIICiDAdBgNVHQ4EFgQUcwb7GRlgpc9/TXriCmcCxFNRwdEwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk1MjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgaEGCCsGAQUFBwEHAQH/BIGRMIGOMIGLBAIAATCBhAME
AY8UBjAMAwQAjxQNAwQEjxQAAwQAjxQWAwQBjxQcMAwDBACPFB8DBAGPFCAwDAME
AI8UJQMEAI8UJjAMAwQAjxQpAwQAjxQqAwQAjxQsAwQAjxQuAwQAjxQwMAwDBAKP
FDQDBAGPFDgwDAMEAI8UOwMEBo8UAAMEAY8UaAMEAY8UfDANBgkqhkiG9w0BAQsF
AAOCAQEAvOJsWCe4IeUi1NNQN6TRr/vWktulRqMQ7m6kc1BZGbmIcM1eysuWoTEY
fT3yqqzYjykHzKrm1GI2zDUjOY1Xh+Wtn3L2i6f8BButG18fpWSrwyXsiuchf/u0
v/WCQKIj0gbuStqCSBjKEkaXiASJm3rG79s5dlp3kgYAnuBTk8n55ISLi7+YnxCw
++/brFiV/+ny6V11Cwsl1VR6wclC3KtFtK37U//N3IMllo7EEZLjI9oSTDhuAmWO
8EdAqHWAgTXhRto6tQJ+CfDk3MrC8ptyvRD4Vhx4IPzCeW7hKEq6pqKhJf2JNEtP
UAfZmODoMAtG88skGz7M5k1ehL2nng==
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:42:53 2025 by rpki-client