Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS5650.roa
File: AS5650.roa (raw, json)
Hash identifier: epU1x/elOoEn4DNzQHap3NrkGg7tDHWIV/U5SRUleFA=
Subject key identifier: 40:A3:BA:6C:44:70:27:2C:54:28:6A:55:09:25:58:04:A2:3A:49:FB
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 528500FE008045363515B200FCD7CD03607E104C
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS5650.roa
Signing time: Fri 26 Sep 2025 00:05:02 +0000
ROA not before: Fri 26 Sep 2025 00:00:02 +0000
ROA not after: Fri 25 Sep 2026 00:05:02 +0000
asID: 5650
IP address blocks: 143.20.144.0/24 maxlen: 24
143.20.146.0/24 maxlen: 24
143.20.148.0/24 maxlen: 24
143.20.151.0/24 maxlen: 24
143.20.153.0/24 maxlen: 24
143.20.154.0/24 maxlen: 24
143.20.165.0/24 maxlen: 24
143.20.170.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 01:18:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:85:00:fe:00:80:45:36:35:15:b2:00:fc:d7:cd:03:60:7e:10:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Sep 26 00:00:02 2025 GMT
Not After : Sep 25 00:05:02 2026 GMT
Subject: CN=40A3BA6C4470272C54286A5509255804A23A49FB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:18:f5:78:4c:27:f5:1d:b0:4d:66:d5:9d:f8:
cc:6f:65:fa:a7:18:e3:f3:4d:7c:ba:57:33:50:8f:
ca:a1:8f:0a:bc:17:01:83:a9:3e:86:8d:3b:93:1f:
6c:76:06:1e:52:9e:58:c9:29:bd:11:a5:bc:55:bc:
94:af:0c:15:a9:c7:70:d6:05:ff:79:55:f2:38:54:
13:73:50:c9:36:a2:02:3d:28:f8:0c:5e:87:f5:83:
b3:cc:48:9a:e8:02:d6:c1:64:0c:5a:8c:2e:0b:21:
c2:83:94:ba:15:46:16:35:a0:98:c8:3c:ec:2c:cd:
96:d7:1a:c6:2b:fc:c9:7a:11:f2:a6:58:ca:29:13:
ce:01:ca:03:d6:c1:ec:62:d9:bb:7a:f3:f3:fa:2f:
ff:5d:df:60:fb:a8:b9:c7:13:2e:f1:1a:11:e7:6c:
ac:20:c7:a8:8c:06:1f:81:fa:a9:07:22:36:75:d0:
c3:2b:80:97:cb:26:19:9a:c4:1a:7b:52:49:17:b3:
ea:8f:9b:8a:96:31:76:55:3d:3f:90:59:6e:61:18:
af:38:e2:2c:fe:65:b7:07:b5:0a:09:c2:57:5e:09:
e0:e4:25:b5:33:72:65:42:1a:1d:6b:a0:63:cc:38:
0e:6a:2a:90:11:60:47:47:85:28:a2:f3:fb:53:88:
8e:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:A3:BA:6C:44:70:27:2C:54:28:6A:55:09:25:58:04:A2:3A:49:FB
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS5650.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.144.0/24
143.20.146.0/24
143.20.148.0/24
143.20.151.0/24
143.20.153.0-143.20.154.255
143.20.165.0/24
143.20.170.0/24
Signature Algorithm: sha256WithRSAEncryption
7b:33:14:c1:13:59:59:06:f4:99:ba:a2:51:6e:f5:2b:a5:1f:
4c:3a:9c:03:78:57:d9:94:d7:ff:09:54:60:b5:2f:94:47:9e:
81:04:6b:4a:dc:0b:fc:be:66:34:36:c9:87:b8:a9:38:84:83:
15:f2:5b:a5:da:82:7c:73:bf:0a:31:2e:27:5e:16:4e:84:a8:
43:49:51:91:c1:ff:9c:fa:4e:fc:83:04:96:fb:aa:9d:b8:e6:
82:70:32:1f:b8:60:0b:09:a7:a3:0c:65:98:2a:2b:97:b1:ed:
d7:91:57:f3:4d:b9:c9:eb:57:5c:cc:7c:24:47:cc:11:7a:64:
cf:54:2f:19:6b:a4:34:84:15:25:61:f7:bc:f4:a3:00:6c:2a:
b2:e9:34:12:e7:7c:30:ca:48:cd:7d:6f:51:d7:69:8e:d0:96:
f7:6a:be:5b:51:23:80:b5:5b:a0:11:c9:1f:f4:03:d6:1c:43:
32:1e:a6:d2:47:b2:a5:dd:4e:98:73:80:d4:8f:6c:9d:c9:77:
e3:d8:63:9d:46:71:37:ee:aa:50:5e:f6:fb:2b:ab:8e:57:a5:
33:fa:e4:6c:67:92:af:9f:47:78:37:71:c0:32:2c:f6:b0:8d:
56:bb:c2:69:64:49:95:3a:e7:c4:21:6f:a3:a7:ef:9f:8b:8d:
17:02:f2:43
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUUoUA/gCARTY1FbIA/NfNA2B+EEwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA5MjYwMDAwMDJaFw0yNjA5MjUwMDA1MDJaMDMxMTAvBgNV
BAMTKDQwQTNCQTZDNDQ3MDI3MkM1NDI4NkE1NTA5MjU1ODA0QTIzQTQ5RkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6GPV4TCf1HbBNZtWd+MxvZfqn
GOPzTXy6VzNQj8qhjwq8FwGDqT6GjTuTH2x2Bh5SnljJKb0RpbxVvJSvDBWpx3DW
Bf95VfI4VBNzUMk2ogI9KPgMXof1g7PMSJroAtbBZAxajC4LIcKDlLoVRhY1oJjI
POwszZbXGsYr/Ml6EfKmWMopE84BygPWwexi2bt68/P6L/9d32D7qLnHEy7xGhHn
bKwgx6iMBh+B+qkHIjZ10MMrgJfLJhmaxBp7UkkXs+qPm4qWMXZVPT+QWW5hGK84
4iz+ZbcHtQoJwldeCeDkJbUzcmVCGh1roGPMOA5qKpARYEdHhSii8/tTiI6DAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUQKO6bERwJyxUKGpVCSVYBKI6SfswHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNTY1MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBLBggrBgEFBQcBBwEB/wQ8MDowOAQCAAEwMgMEAI8UkAME
AI8UkgMEAI8UlAMEAI8UlzAMAwQAjxSZAwQAjxSaAwQAjxSlAwQAjxSqMA0GCSqG
SIb3DQEBCwUAA4IBAQB7MxTBE1lZBvSZuqJRbvUrpR9MOpwDeFfZlNf/CVRgtS+U
R56BBGtK3Av8vmY0NsmHuKk4hIMV8lul2oJ8c78KMS4nXhZOhKhDSVGRwf+c+k78
gwSW+6qduOaCcDIfuGALCaejDGWYKiuXse3XkVfzTbnJ61dczHwkR8wRemTPVC8Z
a6Q0hBUlYfe89KMAbCqy6TQS53wwykjNfW9R12mO0Jb3ar5bUSOAtVugEckf9APW
HEMyHqbSR7Kl3U6Yc4DUj2ydyXfj2GOdRnE37qpQXvb7K6uOV6Uz+uRsZ5Kvn0d4
N3HAMiz2sI1Wu8JpZEmVOufEIW+jp++fi40XAvJD
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:02:26 2025 by rpki-client