Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zMcdUoUoCKfyj-obVKJXUHyiy34.roa
File: zMcdUoUoCKfyj-obVKJXUHyiy34.roa (raw, json)
Hash identifier: 9qr6FisegbSVZkjqEjfN2rDaxrD0kiUE98L7/TA0j+E=
Subject key identifier: CC:C7:1D:52:85:28:08:A7:F2:8F:EA:1B:54:A2:57:50:7C:A2:CB:7E
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019D5759A9F96543A9CA7BC98DB1D41E2F1B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zMcdUoUoCKfyj-obVKJXUHyiy34.roa
Signing time: Sat 04 Apr 2026 07:16:27 +0000
ROA not before: Sat 04 Apr 2026 07:16:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 14618
IP address blocks: 151.240.128.0/21 maxlen: 24
151.240.136.0/21 maxlen: 24
151.240.145.0/24 maxlen: 24
151.240.171.0/24 maxlen: 24
151.241.105.0/24 maxlen: 24
151.241.106.0/24 maxlen: 24
151.241.107.0/24 maxlen: 24
151.241.132.0/22 maxlen: 22
151.242.56.0/24 maxlen: 24
151.242.70.0/24 maxlen: 24
151.242.71.0/24 maxlen: 24
151.242.135.0/24 maxlen: 24
151.243.8.0/23 maxlen: 23
151.243.204.0/23 maxlen: 23
151.244.56.0/24 maxlen: 24
151.245.2.0/24 maxlen: 24
151.245.22.0/24 maxlen: 24
151.245.56.0/22 maxlen: 22
151.245.185.0/24 maxlen: 24
151.245.187.0/24 maxlen: 24
151.245.188.0/24 maxlen: 24
151.246.8.0/21 maxlen: 24
151.247.47.0/24 maxlen: 24
151.247.48.0/24 maxlen: 24
151.247.76.0/24 maxlen: 24
151.247.77.0/24 maxlen: 24
151.247.91.0/24 maxlen: 24
151.247.131.0/24 maxlen: 24
151.247.133.0/24 maxlen: 24
151.247.134.0/24 maxlen: 24
151.247.135.0/24 maxlen: 24
151.247.242.0/24 maxlen: 24
151.247.248.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 08 Apr 2026 04:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:57:59:a9:f9:65:43:a9:ca:7b:c9:8d:b1:d4:1e:2f:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Apr 4 07:16:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ccc71d52852808a7f28fea1b54a257507ca2cb7e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:6f:f1:4e:6b:b4:55:bc:e1:6b:71:96:c1:e7:
31:f0:31:53:c0:7f:7a:1f:7d:dd:cd:d1:45:3d:cc:
1f:1e:56:35:15:13:74:62:1f:9b:51:f8:dd:7d:70:
96:c9:1b:a4:48:78:31:da:6d:65:53:ec:97:ff:8d:
b1:be:7b:92:51:a6:37:dc:54:56:6e:bf:2c:b8:b1:
fb:2c:2d:bd:67:2a:2a:7e:8e:0b:50:21:25:4a:cc:
41:2f:1b:3d:6f:4e:71:51:6d:ed:ea:7f:fd:28:a0:
87:ad:9b:24:3f:68:68:f5:ec:f2:84:c0:c7:fd:eb:
17:49:6b:db:43:11:75:b0:d3:17:37:30:1f:b6:63:
5a:ed:4d:c1:0c:35:d8:89:bc:a7:9d:c7:ca:82:e6:
0f:87:20:32:b6:5f:d7:a8:39:06:f2:3e:6a:4f:42:
f9:f4:50:a6:77:cd:93:f9:3c:d4:6b:a4:ca:54:30:
02:7d:4a:5d:3b:8b:f2:f2:0d:9e:66:01:0f:1e:65:
b1:ac:b5:9b:a2:0b:4b:2a:63:84:b3:98:f3:68:72:
d2:d5:d2:31:5d:3d:6a:13:63:59:64:fe:6f:39:99:
ab:e9:f1:1e:17:7a:88:45:a7:a6:f9:be:87:1d:ae:
e1:41:27:11:93:9f:91:5a:6c:67:8f:c2:3b:33:c3:
af:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:C7:1D:52:85:28:08:A7:F2:8F:EA:1B:54:A2:57:50:7C:A2:CB:7E
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zMcdUoUoCKfyj-obVKJXUHyiy34.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.128.0/20
151.240.145.0/24
151.240.171.0/24
151.241.105.0-151.241.107.255
151.241.132.0/22
151.242.56.0/24
151.242.70.0/23
151.242.135.0/24
151.243.8.0/23
151.243.204.0/23
151.244.56.0/24
151.245.2.0/24
151.245.22.0/24
151.245.56.0/22
151.245.185.0/24
151.245.187.0-151.245.188.255
151.246.8.0/21
151.247.47.0-151.247.48.255
151.247.76.0/23
151.247.91.0/24
151.247.131.0/24
151.247.133.0-151.247.135.255
151.247.242.0/24
151.247.248.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:9d:50:5e:bd:aa:c6:02:97:b2:0c:09:07:67:ad:98:c6:74:
27:99:8b:34:0a:16:d3:d9:62:22:e8:83:68:53:2b:5f:23:38:
d3:05:6b:07:ab:e8:c4:de:82:4c:52:bd:a2:8f:fe:a9:0c:28:
09:11:b3:b7:ac:1f:66:77:99:5b:ab:1b:68:e7:d8:e8:c6:22:
59:67:1d:5f:cd:94:00:b4:b3:d3:9e:7d:a6:cc:88:25:8b:1a:
33:0f:62:fc:35:37:5b:a2:8b:c6:b4:e1:14:50:51:75:7e:0d:
18:9b:2d:cf:08:8d:b4:94:ba:87:b3:89:15:f9:e0:d9:8d:1d:
07:63:46:30:c8:dc:7f:57:d2:db:5e:54:f5:82:af:6f:a8:0b:
94:c0:5f:2e:3e:ef:05:f6:25:f0:1b:44:b6:0d:a7:72:47:16:
03:b5:5a:c0:af:5e:60:88:86:47:5a:56:41:3c:c3:12:2d:ca:
25:59:11:89:98:13:b7:2a:d2:3a:a0:cd:e5:52:b9:58:b5:d4:
6e:a1:08:80:70:32:7a:68:c8:11:b1:2a:27:86:f9:88:dc:f2:
8e:af:68:49:30:4f:a4:50:0d:26:48:27:5a:01:c0:33:6d:f1:
14:35:01:bd:0d:36:a0:8d:88:67:a6:4f:cf:da:de:8f:ee:7e:
c0:e9:c0:f0
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAZ1XWan5ZUOpynvJjbHUHi8bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDA0MDcxNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2M3MWQ1Mjg1MjgwOGE3ZjI4ZmVhMWI1NGEyNTc1MDdjYTJjYjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvW/xTmu0Vbzha3GWwecx8DFTwH96
H33dzdFFPcwfHlY1FRN0Yh+bUfjdfXCWyRukSHgx2m1lU+yX/42xvnuSUaY33FRW
br8suLH7LC29Zyoqfo4LUCElSsxBLxs9b05xUW3t6n/9KKCHrZskP2ho9ezyhMDH
/esXSWvbQxF1sNMXNzAftmNa7U3BDDXYibynncfKguYPhyAytl/XqDkG8j5qT0L5
9FCmd82T+TzUa6TKVDACfUpdO4vy8g2eZgEPHmWxrLWbogtLKmOEs5jzaHLS1dIx
XT1qE2NZZP5vOZmr6fEeF3qIRaem+b6HHa7hQScRk5+RWmxnj8I7M8OvRwIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFMzHHVKFKAin8o/qG1SiV1B8ost+MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvek1jZFVvVW9DS2Z5ai1vYlZLSlhVSHlpeTM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbADBASX
8IADBACX8JEDBACX8KswDAMEAJfxaQMEApfxaAMEApfxhAMEAJfyOAMEAZfyRgME
AJfyhwMEAZfzCAMEAZfzzAMEAJf0OAMEAJf1AgMEAJf1FgMEApf1OAMEAJf1uTAM
AwQAl/W7AwQAl/W8AwQDl/YIMAwDBACX9y8DBACX9zADBAGX90wDBACX91sDBACX
94MwDAMEAJf3hQMEA5f3gAMEAJf38gMEAJf3+DANBgkqhkiG9w0BAQsFAAOCAQEA
jJ1QXr2qxgKXsgwJB2etmMZ0J5mLNAoW09liIuiDaFMrXyM40wVrB6voxN6CTFK9
oo/+qQwoCRGzt6wfZneZW6sbaOfY6MYiWWcdX82UALSz0559psyIJYsaMw9i/DU3
W6KLxrThFFBRdX4NGJstzwiNtJS6h7OJFfng2Y0dB2NGMMjcf1fS215U9YKvb6gL
lMBfLj7vBfYl8BtEtg2nckcWA7VawK9eYIiGR1pWQTzDEi3KJVkRiZgTtyrSOqDN
5VK5WLXUbqEIgHAyemjIEbEqJ4b5iNzyjq9oSTBPpFANJkgnWgHAM23xFDUBvQ02
oI2IZ6ZPz9rej+5+wOnA8A==
-----END CERTIFICATE-----
Generated at Tue Apr 7 10:31:19 2026 by rpki-client