Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS5650.roa
File: AS5650.roa (raw, json)
Hash identifier: qvSRZm3/udDMERRUTB0GcDTFzF+Db12AWsHjTMFyFQo=
Subject key identifier: 99:26:FD:BC:E0:F6:4A:74:81:89:3C:53:B4:1F:18:B0:BF:32:E7:1E
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 751F1F2D4DD52FDF08A3973E5229E69A01AF6931
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS5650.roa
Signing time: Thu 26 Jun 2025 14:01:36 +0000
ROA not before: Thu 26 Jun 2025 13:56:36 +0000
ROA not after: Thu 25 Jun 2026 14:01:36 +0000
asID: 5650
IP address blocks: 143.20.144.0/24 maxlen: 24
143.20.146.0/24 maxlen: 24
143.20.148.0/24 maxlen: 24
143.20.151.0/24 maxlen: 24
143.20.153.0/24 maxlen: 24
143.20.154.0/24 maxlen: 24
143.20.160.0/24 maxlen: 24
143.20.165.0/24 maxlen: 24
143.20.170.0/24 maxlen: 24
143.20.174.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 29 Jun 2025 19:00:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:1f:1f:2d:4d:d5:2f:df:08:a3:97:3e:52:29:e6:9a:01:af:69:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Jun 26 13:56:36 2025 GMT
Not After : Jun 25 14:01:36 2026 GMT
Subject: CN=9926FDBCE0F64A7481893C53B41F18B0BF32E71E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:76:a2:5f:74:ee:c0:38:27:52:e4:89:1a:19:
17:a6:76:eb:3c:a2:50:a1:c8:18:6d:2e:4e:b3:63:
15:0a:bd:f6:b2:d3:25:a2:80:10:6f:42:68:64:a8:
bc:ba:82:0c:43:47:34:c0:11:45:e8:a2:ac:d5:ab:
21:23:3c:07:81:2c:a6:43:0d:45:19:4e:56:e3:91:
6b:fa:ba:46:5c:d3:45:ac:f8:56:c4:ca:c8:4f:e5:
16:75:99:38:a5:10:9d:2f:6d:70:8b:69:15:ad:74:
4b:a8:eb:b2:75:3d:bf:0f:af:fa:13:66:05:b0:e4:
d1:35:21:f9:84:60:45:f1:07:7a:af:f8:46:b8:98:
e6:13:dc:c7:d2:c3:53:66:04:f9:f0:76:38:a0:50:
9d:71:31:70:da:06:8e:c4:02:ed:bc:27:33:f0:a1:
cf:86:c6:0b:62:18:a3:a1:2e:e8:d1:11:97:0e:bd:
b4:3f:52:22:75:93:71:25:b1:6d:9f:99:b9:95:05:
82:c7:f5:cf:d5:3f:8e:79:21:99:6f:cb:c6:4b:87:
00:c5:cb:58:da:90:4b:24:6a:3a:71:66:71:89:ec:
cf:0e:76:97:a8:f9:6f:29:20:de:e8:ac:e6:aa:34:
b6:9b:73:09:0a:5c:ae:11:0f:31:3b:d2:69:7a:f4:
f3:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:26:FD:BC:E0:F6:4A:74:81:89:3C:53:B4:1F:18:B0:BF:32:E7:1E
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS5650.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.144.0/24
143.20.146.0/24
143.20.148.0/24
143.20.151.0/24
143.20.153.0-143.20.154.255
143.20.160.0/24
143.20.165.0/24
143.20.170.0/24
143.20.174.0/24
Signature Algorithm: sha256WithRSAEncryption
ab:05:25:aa:38:ab:f9:9a:ea:b6:40:a6:bd:e9:7d:85:6f:25:
28:0e:f6:5b:ad:89:3a:32:82:d5:69:2d:e2:a5:48:1a:11:60:
c8:3f:69:02:3f:fe:af:ef:91:e0:46:60:62:97:c7:1e:9e:96:
65:3d:d7:de:d5:25:5a:58:78:c8:18:05:6b:93:cd:1a:67:e9:
27:24:65:9e:ab:d3:65:bb:3f:c9:b7:8d:5d:91:90:85:04:ac:
54:36:68:13:cd:4a:af:3a:e1:35:c5:54:82:bb:67:aa:c8:8c:
50:38:c8:ed:59:2c:fa:be:be:5f:96:7b:20:2e:b9:30:8a:01:
1c:5f:47:6e:c3:69:73:2a:5d:c2:7c:3a:9a:14:ef:64:42:1a:
13:da:fc:1f:3d:3b:6f:cc:ce:64:5f:77:88:89:26:44:98:4e:
d0:ad:da:60:bd:a9:b7:e4:3e:cb:a9:0d:08:03:6f:97:1b:36:
8e:74:52:40:43:f4:14:f6:34:37:40:3d:16:a4:d0:4c:64:0e:
2b:c1:93:0a:6d:e4:45:dd:1d:dc:ae:ec:1a:35:ff:d6:e3:42:
aa:d4:fb:6a:4a:9f:2f:d1:8f:e4:f9:80:cd:45:b8:18:70:6c:
b5:93:b7:8e:0f:f5:73:e6:fd:79:5f:86:42:42:79:a3:00:fe:
1f:3f:8d:fa
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgIUdR8fLU3VL98Io5c+UinmmgGvaTEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MjYxMzU2MzZaFw0yNjA2MjUxNDAxMzZaMDMxMTAvBgNV
BAMTKDk5MjZGREJDRTBGNjRBNzQ4MTg5M0M1M0I0MUYxOEIwQkYzMkU3MUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDndqJfdO7AOCdS5IkaGRemdus8
olChyBhtLk6zYxUKvfay0yWigBBvQmhkqLy6ggxDRzTAEUXooqzVqyEjPAeBLKZD
DUUZTlbjkWv6ukZc00Ws+FbEyshP5RZ1mTilEJ0vbXCLaRWtdEuo67J1Pb8Pr/oT
ZgWw5NE1IfmEYEXxB3qv+Ea4mOYT3MfSw1NmBPnwdjigUJ1xMXDaBo7EAu28JzPw
oc+GxgtiGKOhLujREZcOvbQ/UiJ1k3ElsW2fmbmVBYLH9c/VP455IZlvy8ZLhwDF
y1jakEskajpxZnGJ7M8Odpeo+W8pIN7orOaqNLabcwkKXK4RDzE70ml69PMbAgMB
AAGjggJAMIICPDAdBgNVHQ4EFgQUmSb9vOD2SnSBiTxTtB8YsL8y5x4wHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTY1MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBXBggrBgEFBQcBBwEB/wRIMEYwRAQCAAEwPgMEAI8UkAME
AI8UkgMEAI8UlAMEAI8UlzAMAwQAjxSZAwQAjxSaAwQAjxSgAwQAjxSlAwQAjxSq
AwQAjxSuMA0GCSqGSIb3DQEBCwUAA4IBAQCrBSWqOKv5muq2QKa96X2FbyUoDvZb
rYk6MoLVaS3ipUgaEWDIP2kCP/6v75HgRmBil8cenpZlPdfe1SVaWHjIGAVrk80a
Z+knJGWeq9Nluz/Jt41dkZCFBKxUNmgTzUqvOuE1xVSCu2eqyIxQOMjtWSz6vr5f
lnsgLrkwigEcX0duw2lzKl3CfDqaFO9kQhoT2vwfPTtvzM5kX3eIiSZEmE7Qrdpg
vam35D7LqQ0IA2+XGzaOdFJAQ/QU9jQ3QD0WpNBMZA4rwZMKbeRF3R3cruwaNf/W
40Kq1PtqSp8v0Y/k+YDNRbgYcGy1k7eOD/Vz5v15X4ZCQnmjAP4fP436
-----END CERTIFICATE-----
Generated at Sun Jun 29 02:47:13 2025 by rpki-client