Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/njzDY6Ds-k_P2onI4ApKJfNbCwA.roa
File: njzDY6Ds-k_P2onI4ApKJfNbCwA.roa (raw, json)
Hash identifier: r+xKhQv2bEbsBalPSGA1dE2sWsaG7TGBYjr8G1EBe0w=
Subject key identifier: 9E:3C:C3:63:A0:EC:FA:4F:CF:DA:89:C8:E0:0A:4A:25:F3:5B:0B:00
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 01981319EE11799CF1F53C82E6BB4768447B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/njzDY6Ds-k_P2onI4ApKJfNbCwA.roa
Signing time: Wed 16 Jul 2025 11:58:43 +0000
ROA not before: Wed 16 Jul 2025 11:58:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214432
IP address blocks: 151.240.73.0/24 maxlen: 24
151.240.78.0/24 maxlen: 24
151.240.144.0/24 maxlen: 24
151.244.62.0/24 maxlen: 24
151.244.75.0/24 maxlen: 24
151.244.87.0/24 maxlen: 24
151.244.103.0/24 maxlen: 24
151.244.108.0/24 maxlen: 24
151.245.102.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 21 Jul 2025 13:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:13:19:ee:11:79:9c:f1:f5:3c:82:e6:bb:47:68:44:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Jul 16 11:58:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9e3cc363a0ecfa4fcfda89c8e00a4a25f35b0b00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:2e:5c:dd:17:1d:04:a2:2e:fd:0c:40:fc:0c:
be:71:e5:2a:a0:66:dc:8b:f5:30:ba:1f:8d:a5:ce:
b0:ee:14:a4:01:0b:25:e2:78:c2:a4:86:cf:22:b2:
63:1d:91:3e:18:8d:51:fe:0a:aa:96:c6:8e:9b:02:
5d:7a:e0:e1:d4:6d:10:8e:a4:5b:f9:a8:94:be:10:
91:c4:3a:4f:a3:91:82:70:22:b1:4e:cb:d1:93:09:
87:73:ca:46:26:3d:e7:28:3c:53:7b:fd:5e:8f:f4:
85:5e:b3:24:0e:0e:ce:1c:6a:52:48:5f:7f:f1:83:
40:b7:25:a3:0b:00:d0:69:20:fd:ba:1b:51:69:c0:
55:fe:81:99:ce:b7:99:68:d6:9d:a5:64:a4:f4:4b:
f8:fd:8f:81:6a:29:92:2f:9b:ac:08:73:0b:4b:65:
69:99:35:fc:8f:d1:26:fe:71:b3:a1:ad:b5:a8:96:
c5:ee:86:cf:7a:2f:fc:0c:48:8e:52:52:30:e7:b7:
57:5c:b3:11:ed:09:1b:2e:fd:32:09:fe:25:7e:23:
ed:36:ce:28:61:8f:ae:09:57:6d:55:81:8b:df:97:
c1:10:90:f4:12:31:79:55:c9:31:42:b2:03:47:1f:
68:19:02:a3:9d:ef:52:46:36:3f:b5:24:d0:7d:ea:
4e:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:3C:C3:63:A0:EC:FA:4F:CF:DA:89:C8:E0:0A:4A:25:F3:5B:0B:00
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/njzDY6Ds-k_P2onI4ApKJfNbCwA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.73.0/24
151.240.78.0/24
151.240.144.0/24
151.244.62.0/24
151.244.75.0/24
151.244.87.0/24
151.244.103.0/24
151.244.108.0/24
151.245.102.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:e4:43:03:e7:47:93:63:1b:d7:c1:82:c2:67:a3:1d:c9:34:
65:55:02:6f:4d:7c:b5:66:a6:15:19:14:9f:94:7b:bc:99:88:
13:46:a3:0a:44:b7:92:82:9d:4b:c2:d2:0a:29:64:eb:eb:69:
73:3d:52:79:57:44:b5:0a:a1:07:fb:56:0a:4c:d8:92:d2:e9:
42:91:b3:9c:34:e3:1d:17:82:81:e8:66:91:36:a6:a0:b0:03:
ac:47:0f:f2:47:bd:11:37:a1:e8:cc:2b:c2:e4:69:9b:77:0d:
2a:2a:4d:1d:54:5a:2d:48:79:7d:58:27:a2:3b:8b:6a:72:67:
a4:fb:02:93:da:3e:dd:af:de:a4:fa:ab:b4:77:ab:35:d1:86:
b0:75:ce:9b:6c:99:7c:16:69:9d:96:06:a0:81:65:26:aa:22:
ac:14:82:75:a0:17:26:f1:1a:23:35:d9:73:d3:a6:37:83:21:
18:dd:69:67:54:27:a0:37:55:6d:a9:c1:b4:72:06:aa:69:90:
95:23:8c:88:fe:08:88:89:64:3a:88:30:9e:3a:12:f3:e9:d7:
15:a3:e7:52:98:d2:a0:d2:e9:1c:00:77:9e:2d:ec:fc:8a:9c:
98:45:b7:77:af:6a:70:b6:29:00:88:cb:41:5b:c6:f5:2b:9e:
5f:2b:36:f2
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZgTGe4ReZzx9TyC5rtHaER7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNzE2MTE1ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTNjYzM2M2EwZWNmYTRmY2ZkYTg5YzhlMDBhNGEyNWYzNWIwYjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqC5c3RcdBKIu/QxA/Ay+ceUqoGbc
i/Uwuh+Npc6w7hSkAQsl4njCpIbPIrJjHZE+GI1R/gqqlsaOmwJdeuDh1G0QjqRb
+aiUvhCRxDpPo5GCcCKxTsvRkwmHc8pGJj3nKDxTe/1ej/SFXrMkDg7OHGpSSF9/
8YNAtyWjCwDQaSD9uhtRacBV/oGZzreZaNadpWSk9Ev4/Y+BaimSL5usCHMLS2Vp
mTX8j9Em/nGzoa21qJbF7obPei/8DEiOUlIw57dXXLMR7QkbLv0yCf4lfiPtNs4o
YY+uCVdtVYGL35fBEJD0EjF5VckxQrIDRx9oGQKjne9SRjY/tSTQfepOoQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJ48w2Og7PpPz9qJyOAKSiXzWwsAMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbmp6RFk2RHMta19QMm9uSTRBcEtKZk5iQ3dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAl/BJAwQA
l/BOAwQAl/CQAwQAl/Q+AwQAl/RLAwQAl/RXAwQAl/RnAwQAl/RsAwQAl/VmMA0G
CSqGSIb3DQEBCwUAA4IBAQAq5EMD50eTYxvXwYLCZ6MdyTRlVQJvTXy1ZqYVGRSf
lHu8mYgTRqMKRLeSgp1LwtIKKWTr62lzPVJ5V0S1CqEH+1YKTNiS0ulCkbOcNOMd
F4KB6GaRNqagsAOsRw/yR70RN6HozCvC5Gmbdw0qKk0dVFotSHl9WCeiO4tqcmek
+wKT2j7dr96k+qu0d6s10Yawdc6bbJl8FmmdlgaggWUmqiKsFIJ1oBcm8RojNdlz
06Y3gyEY3WlnVCegN1VtqcG0cgaqaZCVI4yI/giIiWQ6iDCeOhLz6dcVo+dSmNKg
0ukcAHeeLez8ipyYRbd3r2pwtikAiMtBW8b1K55fKzby
-----END CERTIFICATE-----
Generated at Sun Jul 20 18:26:16 2025 by rpki-client