Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1AJgJzm-DbLUN-aLLgCMH5j1rEM.roa
File: 1AJgJzm-DbLUN-aLLgCMH5j1rEM.roa (raw, json)
Hash identifier: zxd1uaJbrcOb/NKEJXdVgr/Dx4mCycFWPnOKrIcQ2WY=
Subject key identifier: D4:02:60:27:39:BE:0D:B2:D4:37:E6:8B:2E:00:8C:1F:98:F5:AC:43
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 01990E9A4D08C7C5922CBAACCA4CF2DE1853
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1AJgJzm-DbLUN-aLLgCMH5j1rEM.roa
Signing time: Wed 03 Sep 2025 08:03:37 +0000
ROA not before: Wed 03 Sep 2025 08:03:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 174
IP address blocks: 151.240.205.0/24 maxlen: 24
151.241.119.0/24 maxlen: 24
151.241.122.0/24 maxlen: 24
151.241.123.0/24 maxlen: 24
151.241.125.0/24 maxlen: 24
151.243.176.0/21 maxlen: 24
151.243.192.0/21 maxlen: 24
151.243.225.0/24 maxlen: 24
151.243.227.0/24 maxlen: 24
151.243.235.0/24 maxlen: 24
151.243.241.0/24 maxlen: 24
151.246.16.0/21 maxlen: 21
151.246.32.0/21 maxlen: 21
151.247.223.0/24 maxlen: 24
151.247.225.0/24 maxlen: 24
151.247.229.0/24 maxlen: 24
151.247.231.0/24 maxlen: 24
151.247.234.0/24 maxlen: 24
151.247.236.0/24 maxlen: 24
151.247.238.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 04 Sep 2025 13:03:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0e:9a:4d:08:c7:c5:92:2c:ba:ac:ca:4c:f2:de:18:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Sep 3 08:03:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d402602739be0db2d437e68b2e008c1f98f5ac43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:34:e3:80:b0:85:30:a9:05:e7:58:9f:47:4e:
f2:ee:0c:17:4f:5a:47:2e:f9:54:d1:c2:2d:c7:d9:
0f:79:44:cd:a2:67:da:5b:6b:50:40:b3:1e:8f:a2:
47:44:d2:9f:97:6f:fa:77:b2:c7:e3:fe:39:0a:30:
c6:d4:f4:6f:74:e3:29:a6:6b:cc:e9:4c:cf:6a:34:
c6:39:9c:ab:37:61:2a:59:3f:16:57:da:8e:9f:54:
3f:ed:bb:b6:13:a7:79:2b:ae:84:f6:57:5d:5f:44:
0e:99:6f:38:bf:7c:f7:5a:99:0e:7d:d8:be:5b:8d:
54:74:59:b5:66:61:30:c4:74:d2:9c:ca:72:9c:47:
6b:16:f5:6b:8d:50:b8:a2:7e:66:90:c2:f6:f1:fd:
3f:43:90:e5:9f:2e:27:c3:91:18:07:5c:03:78:3a:
8c:d1:d6:5a:92:25:48:bd:64:c6:bc:a5:e3:7c:80:
82:fb:a8:a3:2e:1c:ea:ec:23:6c:7c:ec:ff:55:6f:
38:49:c8:47:08:91:34:56:e8:93:a7:55:ef:3a:cd:
33:44:94:98:34:6f:99:8d:f7:14:aa:ea:4f:ba:a8:
c1:7c:20:fb:6d:27:b1:4b:6e:31:f3:98:5f:83:32:
78:05:1f:8a:a5:50:28:dd:90:16:c0:93:86:cc:55:
23:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:02:60:27:39:BE:0D:B2:D4:37:E6:8B:2E:00:8C:1F:98:F5:AC:43
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1AJgJzm-DbLUN-aLLgCMH5j1rEM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.205.0/24
151.241.119.0/24
151.241.122.0/23
151.241.125.0/24
151.243.176.0/21
151.243.192.0/21
151.243.225.0/24
151.243.227.0/24
151.243.235.0/24
151.243.241.0/24
151.246.16.0/21
151.246.32.0/21
151.247.223.0/24
151.247.225.0/24
151.247.229.0/24
151.247.231.0/24
151.247.234.0/24
151.247.236.0/24
151.247.238.0/24
Signature Algorithm: sha256WithRSAEncryption
28:d9:e5:83:52:62:2c:1f:eb:60:93:94:d5:50:14:54:32:af:
b9:b5:a6:e0:73:8d:d3:df:e4:f0:a5:ce:95:4a:b9:a5:f1:7f:
7d:e3:cf:1d:ae:b8:dc:c2:a8:da:ac:d7:37:c2:ab:84:cb:ef:
cd:f4:57:72:57:3d:63:84:ee:e8:7b:71:ee:33:a4:80:29:90:
94:be:5b:f0:08:56:bd:69:34:25:57:31:be:08:a6:71:87:41:
a8:7e:c4:32:4d:e2:dc:e1:35:0b:19:f8:df:a5:4d:db:29:7a:
28:d7:fd:8e:06:f9:f1:cd:62:aa:cf:1e:db:80:22:4f:ee:46:
ae:c2:03:d8:84:58:34:e2:71:2c:ab:f1:77:1b:d1:77:76:d1:
23:44:97:35:35:df:03:00:ef:13:e9:e4:89:f5:ca:96:4d:08:
59:4e:9a:2e:01:0d:29:21:1b:6a:67:41:18:d4:a1:4a:c8:e6:
e3:5b:1b:fc:c3:1a:cc:6c:f4:3f:ef:fa:50:18:bb:3c:9b:46:
86:a2:ea:17:ea:5b:cc:6c:5c:e7:c4:24:7d:d7:12:ca:21:78:
4f:ed:7f:7e:a9:3d:4b:fb:fb:84:a6:e4:e4:bb:bf:85:d5:37:
18:d6:3c:fb:7a:6f:ae:cd:09:69:51:8e:c6:55:85:54:66:0a:
e2:91:bc:d5
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAZkOmk0Ix8WSLLqsykzy3hhTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTAzMDgwMzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDAyNjAyNzM5YmUwZGIyZDQzN2U2OGIyZTAwOGMxZjk4ZjVhYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjTjgLCFMKkF51ifR07y7gwXT1pH
LvlU0cItx9kPeUTNomfaW2tQQLMej6JHRNKfl2/6d7LH4/45CjDG1PRvdOMppmvM
6UzPajTGOZyrN2EqWT8WV9qOn1Q/7bu2E6d5K66E9lddX0QOmW84v3z3WpkOfdi+
W41UdFm1ZmEwxHTSnMpynEdrFvVrjVC4on5mkML28f0/Q5Dlny4nw5EYB1wDeDqM
0dZakiVIvWTGvKXjfICC+6ijLhzq7CNsfOz/VW84SchHCJE0VuiTp1XvOs0zRJSY
NG+ZjfcUqupPuqjBfCD7bSexS24x85hfgzJ4BR+KpVAo3ZAWwJOGzFUjYQIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFNQCYCc5vg2y1Dfmiy4AjB+Y9axDMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMUFKZ0p6bS1EYkxVTi1hTExnQ01INWoxckVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHoweAQCAAEwcgMEAJfwzQME
AJfxdwMEAZfxegMEAJfxfQMEA5fzsAMEA5fzwAMEAJfz4QMEAJfz4wMEAJfz6wME
AJfz8QMEA5f2EAMEA5f2IAMEAJf33wMEAJf34QMEAJf35QMEAJf35wMEAJf36gME
AJf37AMEAJf37jANBgkqhkiG9w0BAQsFAAOCAQEAKNnlg1JiLB/rYJOU1VAUVDKv
ubWm4HON09/k8KXOlUq5pfF/fePPHa643MKo2qzXN8KrhMvvzfRXclc9Y4Tu6Htx
7jOkgCmQlL5b8AhWvWk0JVcxvgimcYdBqH7EMk3i3OE1Cxn436VN2yl6KNf9jgb5
8c1iqs8e24AiT+5GrsID2IRYNOJxLKvxdxvRd3bRI0SXNTXfAwDvE+nkifXKlk0I
WU6aLgENKSEbamdBGNShSsjm41sb/MMazGz0P+/6UBi7PJtGhqLqF+pbzGxc58Qk
fdcSyiF4T+1/fqk9S/v7hKbk5Lu/hdU3GNY8+3pvrs0JaVGOxlWFVGYK4pG81Q==
-----END CERTIFICATE-----
Generated at Wed Sep 3 18:42:34 2025 by rpki-client