Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS5650.roa
File: AS5650.roa (raw, json)
Hash identifier: PTR+fgP2qvXZYtATxFfPwkTxn407sAXJJL4hgWZaxJM=
Subject key identifier: 89:D4:69:29:D3:22:0F:4E:DB:BA:41:11:95:AC:05:00:1D:B0:3A:78
Certificate issuer: /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial: 3DD8E04E5F448BFD57A02DD261FA48B0FE4E1D84
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS5650.roa
Signing time: Tue 24 Mar 2026 08:26:16 +0000
ROA not before: Tue 24 Mar 2026 08:21:16 +0000
ROA not after: Tue 23 Mar 2027 08:26:16 +0000
asID: 5650
IP address blocks: 147.125.152.0/22 maxlen: 22
147.125.216.0/21 maxlen: 21
147.125.224.0/22 maxlen: 22
147.125.232.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 19:48:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:d8:e0:4e:5f:44:8b:fd:57:a0:2d:d2:61:fa:48:b0:fe:4e:1d:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Validity
Not Before: Mar 24 08:21:16 2026 GMT
Not After : Mar 23 08:26:16 2027 GMT
Subject: CN=89D46929D3220F4EDBBA411195AC05001DB03A78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:33:2f:57:b9:c4:0b:a1:d7:0e:1b:37:61:1c:
28:d7:f0:28:8e:07:f9:8b:45:cc:f9:76:a0:f0:1d:
02:b1:2a:41:7b:5e:38:70:41:17:c2:c0:39:5f:49:
4d:6d:b1:c5:7d:bd:bb:d8:6b:56:ad:04:1d:49:c1:
5d:34:d1:e9:a2:d6:eb:2a:60:10:07:f5:68:c6:cd:
d4:dd:50:a3:3b:87:d2:96:b7:cf:2f:ca:7b:a6:fe:
78:18:ac:ec:3f:62:ab:fc:d9:f4:bf:1d:4c:c9:07:
bd:a8:38:81:52:89:fb:21:6c:2e:3a:c1:93:0d:b0:
d1:60:22:c3:80:9d:33:e3:75:f0:3d:ab:a7:23:a5:
51:c1:16:a3:a8:f4:9a:40:4c:0d:f2:1d:3e:dd:9c:
ea:a0:ae:60:bd:20:36:b9:47:5a:a8:14:02:4f:06:
4c:e2:9d:95:88:71:45:4b:d4:dd:7f:a2:8e:4e:0c:
ac:38:ac:2b:8d:01:ba:73:51:73:76:aa:51:36:70:
a2:25:e1:08:48:dc:95:82:99:d7:2e:d4:fd:e7:a3:
f6:99:ab:9e:2f:29:0a:c1:3e:0d:6b:34:c6:cb:21:
a3:e1:ee:08:c0:ac:8d:a6:0c:76:9b:4e:a6:e1:4f:
5a:90:d8:61:65:02:29:af:a3:f9:c0:37:88:64:94:
9b:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:D4:69:29:D3:22:0F:4E:DB:BA:41:11:95:AC:05:00:1D:B0:3A:78
X509v3 Authority Key Identifier:
keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS5650.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.125.152.0/22
147.125.216.0-147.125.227.255
147.125.232.0/21
Signature Algorithm: sha256WithRSAEncryption
76:28:95:08:ff:04:fb:1a:73:2f:1b:16:a1:5e:9c:cc:c2:de:
55:1e:21:0f:b4:3f:97:a9:45:9b:34:2b:fa:3d:58:ad:4e:c3:
64:39:82:05:96:aa:5e:bf:e6:13:31:e9:f9:9b:db:b6:60:41:
4e:08:0a:d9:ae:b6:14:21:d9:52:33:09:99:bd:60:8a:1c:29:
13:ea:a2:d8:16:d7:1b:c9:07:d1:e4:1e:75:66:2b:c2:a5:03:
be:3d:c5:60:5e:68:bf:c9:51:ac:ac:f0:54:23:76:bc:7e:0e:
c8:8a:73:12:bd:c9:e0:b5:9f:05:6f:74:5c:1e:c5:aa:fa:c1:
96:25:01:b2:6d:59:84:63:61:2a:3e:4e:f6:cf:9a:aa:26:83:
17:46:ac:ec:cb:11:03:d9:21:48:ee:76:67:56:91:09:ce:2f:
d4:56:6d:9b:68:b1:8e:26:ef:19:02:6a:b8:b7:fa:fe:49:ad:
56:03:1c:d4:19:11:b5:85:55:7a:3f:cb:fa:bd:a7:bc:8b:d4:
b2:3d:54:66:7e:cc:8b:52:6b:d7:27:a0:9f:2d:91:14:5d:d9:
9a:21:32:6e:17:65:71:38:0e:59:44:46:93:75:bd:19:c1:b9:
45:ed:8a:54:70:1f:12:84:2a:bd:ad:5f:84:d0:a5:39:3f:72:
c6:3a:7e:76
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIUPdjgTl9Ei/1XoC3SYfpIsP5OHYQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjAzMjQwODIxMTZaFw0yNzAzMjMwODI2MTZaMDMxMTAvBgNV
BAMTKDg5RDQ2OTI5RDMyMjBGNEVEQkJBNDExMTk1QUMwNTAwMURCMDNBNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClMy9XucQLodcOGzdhHCjX8CiO
B/mLRcz5dqDwHQKxKkF7XjhwQRfCwDlfSU1tscV9vbvYa1atBB1JwV000emi1usq
YBAH9WjGzdTdUKM7h9KWt88vynum/ngYrOw/Yqv82fS/HUzJB72oOIFSifshbC46
wZMNsNFgIsOAnTPjdfA9q6cjpVHBFqOo9JpATA3yHT7dnOqgrmC9IDa5R1qoFAJP
BkzinZWIcUVL1N1/oo5ODKw4rCuNAbpzUXN2qlE2cKIl4QhI3JWCmdcu1P3no/aZ
q54vKQrBPg1rNMbLIaPh7gjArI2mDHabTqbhT1qQ2GFlAimvo/nAN4hklJsBAgMB
AAGjggIcMIICGDAdBgNVHQ4EFgQUidRpKdMiD07bukERlawFAB2wOngwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTNTY1MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAzBggrBgEFBQcBBwEB/wQkMCIwIAQCAAEwGgMEApN9mDAM
AwQDk33YAwQCk33gAwQDk33oMA0GCSqGSIb3DQEBCwUAA4IBAQB2KJUI/wT7GnMv
GxahXpzMwt5VHiEPtD+XqUWbNCv6PVitTsNkOYIFlqpev+YTMen5m9u2YEFOCArZ
rrYUIdlSMwmZvWCKHCkT6qLYFtcbyQfR5B51ZivCpQO+PcVgXmi/yVGsrPBUI3a8
fg7IinMSvcngtZ8Fb3RcHsWq+sGWJQGybVmEY2EqPk72z5qqJoMXRqzsyxED2SFI
7nZnVpEJzi/UVm2baLGOJu8ZAmq4t/r+Sa1WAxzUGRG1hVV6P8v6vae8i9SyPVRm
fsyLUmvXJ6CfLZEUXdmaITJuF2VxOA5ZREaTdb0ZwblF7YpUcB8ShCq9rV+E0KU5
P3LGOn52
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:00:10 2026 by rpki-client