Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/01iaefmGTZcN2NzLU25qvp61hAo.roa
File: 01iaefmGTZcN2NzLU25qvp61hAo.roa (raw, json)
Hash identifier: GC/2bzNShMY6kn8K/pv+ykCuDRfQBXawcV71X6XkNog=
Subject key identifier: D3:58:9A:79:F9:86:4D:97:0D:D8:DC:CB:53:6E:6A:BE:9E:B5:84:0A
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0197D95CBC451071246FE189F5BB5B7CDAE6
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/01iaefmGTZcN2NzLU25qvp61hAo.roa
Signing time: Sat 05 Jul 2025 06:53:42 +0000
ROA not before: Sat 05 Jul 2025 06:53:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 174
IP address blocks: 151.240.205.0/24 maxlen: 24
151.241.119.0/24 maxlen: 24
151.241.122.0/24 maxlen: 24
151.241.123.0/24 maxlen: 24
151.241.125.0/24 maxlen: 24
151.243.176.0/21 maxlen: 24
151.243.192.0/21 maxlen: 24
151.243.225.0/24 maxlen: 24
151.243.227.0/24 maxlen: 24
151.243.235.0/24 maxlen: 24
151.243.241.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 22 Jul 2025 07:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:d9:5c:bc:45:10:71:24:6f:e1:89:f5:bb:5b:7c:da:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Jul 5 06:53:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d3589a79f9864d970dd8dccb536e6abe9eb5840a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:f6:50:51:e3:40:19:e0:75:ea:0f:4d:d5:d7:
10:ce:18:87:ed:e0:fa:93:aa:5b:98:8e:2f:d8:de:
85:11:6e:bd:37:99:ed:c8:db:a0:59:e9:e6:12:23:
21:d5:2d:4e:49:32:7b:be:24:af:9b:f9:8d:68:4c:
d5:64:ec:24:63:53:30:ec:8a:6b:c3:7f:f4:62:bc:
71:b9:0b:f2:8a:5a:51:66:83:b9:e2:cf:7b:1f:b7:
0a:40:cf:c0:ae:df:7c:eb:2b:b0:2c:82:ac:09:15:
c5:e2:56:3b:f9:08:a3:79:20:70:e5:41:fc:9d:0a:
23:a5:57:67:38:f1:f8:7b:15:00:d8:26:c2:96:75:
57:ca:91:56:f5:2c:6a:50:3f:61:f8:47:f6:39:bd:
33:82:ea:3a:a2:26:ec:ca:9b:9d:99:ad:75:d6:0c:
f9:b3:b0:a1:08:4f:26:ae:4f:2a:4b:ff:e7:47:aa:
8c:75:a2:e0:30:62:e2:29:54:aa:fa:ba:b4:80:df:
b6:41:2f:1e:df:eb:85:27:99:6a:b3:06:8d:b8:03:
14:47:a4:03:ee:56:da:38:67:fa:0b:90:a0:ec:49:
f8:e0:22:c3:76:2d:cb:53:03:3c:4e:09:51:ea:6e:
6c:e1:08:af:54:f7:16:1d:1e:03:65:4e:c5:2b:c7:
6b:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:58:9A:79:F9:86:4D:97:0D:D8:DC:CB:53:6E:6A:BE:9E:B5:84:0A
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/01iaefmGTZcN2NzLU25qvp61hAo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.205.0/24
151.241.119.0/24
151.241.122.0/23
151.241.125.0/24
151.243.176.0/21
151.243.192.0/21
151.243.225.0/24
151.243.227.0/24
151.243.235.0/24
151.243.241.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:bf:0a:31:a7:53:e0:c5:76:80:17:2e:89:7d:91:30:f3:d5:
ac:81:de:6f:58:6a:fd:f5:f3:a3:86:73:8b:2e:d6:1d:dd:9d:
be:d6:e4:74:7d:56:a8:7d:b2:90:5f:78:77:58:8b:23:fc:fb:
d6:ae:60:37:33:29:3b:39:01:00:ed:83:40:e5:02:f3:b4:79:
f6:fc:18:6d:1c:fa:f4:5a:ff:17:82:8c:6e:cf:67:61:3e:78:
c4:b3:c3:65:e6:0c:11:cc:31:67:57:bb:3e:54:f8:9a:d9:81:
c0:39:07:31:30:ee:88:56:d1:6f:a8:ab:77:db:35:e4:85:e1:
6a:06:8d:95:e5:3c:60:83:de:53:eb:50:d5:c7:9d:55:e5:03:
9f:52:46:b0:ac:53:b7:02:c9:34:3e:95:49:9b:7b:53:53:22:
5c:37:79:3d:18:12:2a:f4:7b:f3:e0:36:7f:82:82:8a:80:f1:
a4:86:8d:48:9e:8c:52:21:18:b1:35:34:a3:91:5b:85:13:35:
cd:df:64:5b:4a:5f:3a:cb:ac:e4:e3:a2:d4:9c:99:b5:b4:a8:
33:85:6a:19:a0:01:8d:07:aa:d5:f8:0a:04:1d:0e:eb:ed:d2:
64:01:30:b4:85:3d:69:d5:7a:75:b8:0d:57:fc:97:0c:32:d2:
aa:b0:9c:e3
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZfZXLxFEHEkb+GJ9btbfNrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzA1MDY1MzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzU4OWE3OWY5ODY0ZDk3MGRkOGRjY2I1MzZlNmFiZTllYjU4NDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/ZQUeNAGeB16g9N1dcQzhiH7eD6
k6pbmI4v2N6FEW69N5ntyNugWenmEiMh1S1OSTJ7viSvm/mNaEzVZOwkY1Mw7Ipr
w3/0YrxxuQvyilpRZoO54s97H7cKQM/Art986yuwLIKsCRXF4lY7+QijeSBw5UH8
nQojpVdnOPH4exUA2CbClnVXypFW9SxqUD9h+Ef2Ob0zguo6oibsypudma111gz5
s7ChCE8mrk8qS//nR6qMdaLgMGLiKVSq+rq0gN+2QS8e3+uFJ5lqswaNuAMUR6QD
7lbaOGf6C5Cg7En44CLDdi3LUwM8TglR6m5s4QivVPcWHR4DZU7FK8drbQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNNYmnn5hk2XDdjcy1Nuar6etYQKMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMDFpYWVmbUdUWmNOMk56TFUyNXF2cDYxaEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAl/DNAwQA
l/F3AwQBl/F6AwQAl/F9AwQDl/OwAwQDl/PAAwQAl/PhAwQAl/PjAwQAl/PrAwQA
l/PxMA0GCSqGSIb3DQEBCwUAA4IBAQAPvwoxp1PgxXaAFy6JfZEw89Wsgd5vWGr9
9fOjhnOLLtYd3Z2+1uR0fVaofbKQX3h3WIsj/PvWrmA3Myk7OQEA7YNA5QLztHn2
/BhtHPr0Wv8Xgoxuz2dhPnjEs8Nl5gwRzDFnV7s+VPia2YHAOQcxMO6IVtFvqKt3
2zXkheFqBo2V5Txgg95T61DVx51V5QOfUkawrFO3Ask0PpVJm3tTUyJcN3k9GBIq
9Hvz4DZ/goKKgPGkho1InoxSIRixNTSjkVuFEzXN32RbSl86y6zk46LUnJm1tKgz
hWoZoAGNB6rV+AoEHQ7r7dJkATC0hT1p1Xp1uA1X/JcMMtKqsJzj
-----END CERTIFICATE-----
Generated at Mon Jul 21 12:48:54 2025 by rpki-client