Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
File: AS39521.roa (raw, json)
Hash identifier: TiwCqvYUGbToK26rCeJ4WkxkWH77VyR/82ebLo76mE0=
Subject key identifier: 33:37:EE:59:30:C8:AA:D1:D1:06:C1:31:92:96:76:A0:9F:C8:33:B4
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 60574C7EC5C7B007E9D031363B7DB81E19D67831
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
Signing time: Thu 16 Oct 2025 00:07:02 +0000
ROA not before: Thu 16 Oct 2025 00:02:02 +0000
ROA not after: Thu 15 Oct 2026 00:07:02 +0000
asID: 39521
IP address blocks: 143.20.6.0/24 maxlen: 24
143.20.7.0/24 maxlen: 24
143.20.13.0/24 maxlen: 24
143.20.15.0/24 maxlen: 24
143.20.22.0/24 maxlen: 24
143.20.28.0/24 maxlen: 24
143.20.31.0/24 maxlen: 24
143.20.32.0/24 maxlen: 24
143.20.42.0/24 maxlen: 24
143.20.44.0/24 maxlen: 24
143.20.46.0/24 maxlen: 24
143.20.48.0/24 maxlen: 24
143.20.52.0/24 maxlen: 24
143.20.53.0/24 maxlen: 24
143.20.54.0/24 maxlen: 24
143.20.55.0/24 maxlen: 24
143.20.56.0/24 maxlen: 24
143.20.57.0/24 maxlen: 24
143.20.59.0/24 maxlen: 24
143.20.60.0/24 maxlen: 24
143.20.61.0/24 maxlen: 24
143.20.62.0/24 maxlen: 24
143.20.63.0/24 maxlen: 24
143.20.104.0/24 maxlen: 24
143.20.124.0/24 maxlen: 24
143.20.125.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 01:18:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:57:4c:7e:c5:c7:b0:07:e9:d0:31:36:3b:7d:b8:1e:19:d6:78:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Oct 16 00:02:02 2025 GMT
Not After : Oct 15 00:07:02 2026 GMT
Subject: CN=3337EE5930C8AAD1D106C131929676A09FC833B4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:7b:85:35:6c:e2:e6:11:34:aa:20:b0:9f:ab:
a0:a2:c8:c7:7f:b2:63:f2:ce:33:ee:8a:4b:bb:4e:
ea:6c:1c:05:d1:c3:fc:73:27:b9:b8:97:52:d6:1f:
26:08:e4:b2:a6:b0:a9:83:90:5f:b9:33:d2:5d:da:
c3:ed:86:45:04:c0:9e:b1:1b:de:92:94:a7:fc:c5:
49:79:fb:4d:82:5c:b7:6e:30:e2:c5:c9:ec:b6:80:
b1:cf:4d:9f:fe:06:f0:f5:87:91:5a:d3:2c:a8:78:
a4:a8:df:2c:5e:bc:23:7a:d8:12:11:ac:e4:60:ed:
97:b1:1c:09:f9:b7:8b:1b:54:3d:42:04:85:2d:7b:
26:e6:9e:b2:7d:fc:8b:58:73:7c:b0:24:96:33:50:
c8:ff:4f:ef:85:b6:3a:cd:9a:c8:30:89:57:a4:43:
aa:da:2e:56:78:30:a1:3c:d4:5a:1c:c1:34:ca:e2:
0c:b2:0d:41:ad:18:96:8e:32:4c:b8:a4:c6:67:68:
ea:6e:3a:90:32:4b:b1:59:f7:b3:75:27:71:13:69:
4b:90:51:58:11:06:aa:29:64:5d:1d:73:da:25:c6:
40:67:f7:f8:77:88:f3:de:54:04:5f:62:e7:09:c4:
9e:97:dc:df:23:c5:8d:60:5f:b4:9e:8c:52:2b:e2:
ed:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:37:EE:59:30:C8:AA:D1:D1:06:C1:31:92:96:76:A0:9F:C8:33:B4
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.6.0/23
143.20.13.0/24
143.20.15.0/24
143.20.22.0/24
143.20.28.0/24
143.20.31.0-143.20.32.255
143.20.42.0/24
143.20.44.0/24
143.20.46.0/24
143.20.48.0/24
143.20.52.0-143.20.57.255
143.20.59.0-143.20.63.255
143.20.104.0/24
143.20.124.0/23
Signature Algorithm: sha256WithRSAEncryption
9a:5b:ae:7d:0e:7c:dc:63:13:a7:9f:e1:b7:00:db:d5:95:57:
a7:b0:20:77:71:8b:b9:ab:de:7b:c2:2a:15:25:4f:71:cf:40:
57:c9:ac:7e:c4:04:38:a8:99:0b:e7:34:46:e5:c8:db:d1:78:
d3:38:3f:e0:99:a0:7b:aa:ef:9f:79:2a:09:5e:72:0f:00:85:
5d:e8:cf:10:52:13:e1:7d:42:08:77:52:98:e7:9e:56:6e:d6:
15:cc:88:ca:19:64:65:cb:62:c4:4c:9c:3b:5d:f5:3d:72:78:
8d:5d:c0:0e:62:93:3c:47:b5:db:cf:07:40:63:84:0a:dc:2f:
12:58:44:0f:71:0b:6c:81:55:51:07:92:d3:ba:14:32:98:d4:
56:97:f0:0a:9e:36:f8:70:e3:62:6d:09:b5:7d:42:15:8f:0b:
bc:97:fc:a7:57:49:7d:a7:8c:14:89:68:7f:af:48:13:e8:16:
55:35:45:2c:f1:f4:71:a9:7a:07:75:42:d0:46:9e:88:ab:7c:
a9:af:ab:50:17:92:d0:2e:9f:c2:e4:a1:a4:68:72:c8:ad:f5:
f2:2d:02:6c:7b:97:3a:c8:06:02:a0:db:df:17:69:bc:d9:b4:
de:a2:31:07:2d:2d:9f:9d:64:20:97:e9:07:1d:66:94:c3:9d:
99:1f:d1:ee
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgIUYFdMfsXHsAfp0DE2O324HhnWeDEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTEwMTYwMDAyMDJaFw0yNjEwMTUwMDA3MDJaMDMxMTAvBgNV
BAMTKDMzMzdFRTU5MzBDOEFBRDFEMTA2QzEzMTkyOTY3NkEwOUZDODMzQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCge4U1bOLmETSqILCfq6CiyMd/
smPyzjPuiku7TupsHAXRw/xzJ7m4l1LWHyYI5LKmsKmDkF+5M9Jd2sPthkUEwJ6x
G96SlKf8xUl5+02CXLduMOLFyey2gLHPTZ/+BvD1h5Fa0yyoeKSo3yxevCN62BIR
rORg7ZexHAn5t4sbVD1CBIUteybmnrJ9/ItYc3ywJJYzUMj/T++FtjrNmsgwiVek
Q6raLlZ4MKE81FocwTTK4gyyDUGtGJaOMky4pMZnaOpuOpAyS7FZ97N1J3ETaUuQ
UVgRBqopZF0dc9olxkBn9/h3iPPeVARfYucJxJ6X3N8jxY1gX7SejFIr4u2ZAgMB
AAGjggJwMIICbDAdBgNVHQ4EFgQUMzfuWTDIqtHRBsExkpZ2oJ/IM7QwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk1MjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgYUGCCsGAQUFBwEHAQH/BHYwdDByBAIAATBsAwQBjxQG
AwQAjxQNAwQAjxQPAwQAjxQWAwQAjxQcMAwDBACPFB8DBACPFCADBACPFCoDBACP
FCwDBACPFC4DBACPFDAwDAMEAo8UNAMEAY8UODAMAwQAjxQ7AwQGjxQAAwQAjxRo
AwQBjxR8MA0GCSqGSIb3DQEBCwUAA4IBAQCaW659DnzcYxOnn+G3ANvVlVensCB3
cYu5q957wioVJU9xz0BXyax+xAQ4qJkL5zRG5cjb0XjTOD/gmaB7qu+feSoJXnIP
AIVd6M8QUhPhfUIId1KY555WbtYVzIjKGWRly2LETJw7XfU9cniNXcAOYpM8R7Xb
zwdAY4QK3C8SWEQPcQtsgVVRB5LTuhQymNRWl/AKnjb4cONibQm1fUIVjwu8l/yn
V0l9p4wUiWh/r0gT6BZVNUUs8fRxqXoHdULQRp6Iq3ypr6tQF5LQLp/C5KGkaHLI
rfXyLQJse5c6yAYCoNvfF2m82bTeojEHLS2fnWQgl+kHHWaUw52ZH9Hu
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:02:53 2025 by rpki-client