Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/20CDdAcfGgj-G7j-vart3LLEwFc.roa
File: 20CDdAcfGgj-G7j-vart3LLEwFc.roa (raw, json)
Hash identifier: Y3QRIjECV+y/HtJBbACl96lg6Cir/V/qIzlWpep3GKE=
Subject key identifier: DB:40:83:74:07:1F:1A:08:FE:1B:B8:FE:BD:AA:ED:DC:B2:C4:C0:57
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019A1666BFFE08A5681628BAB57D10E3B4AA
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/20CDdAcfGgj-G7j-vart3LLEwFc.roa
Signing time: Fri 24 Oct 2025 13:27:03 +0000
ROA not before: Fri 24 Oct 2025 13:27:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 54252
IP address blocks: 151.240.2.0/24 maxlen: 24
151.240.169.0/24 maxlen: 24
151.241.33.0/24 maxlen: 24
151.241.43.0/24 maxlen: 24
151.241.48.0/24 maxlen: 24
151.241.51.0/24 maxlen: 24
151.241.164.0/24 maxlen: 24
151.242.26.0/24 maxlen: 24
151.243.26.0/24 maxlen: 24
151.244.42.0/24 maxlen: 24
151.245.69.0/24 maxlen: 24
151.247.246.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 07 Nov 2025 20:27:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:16:66:bf:fe:08:a5:68:16:28:ba:b5:7d:10:e3:b4:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Oct 24 13:27:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=db408374071f1a08fe1bb8febdaaeddcb2c4c057
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:7f:23:51:c8:73:e8:fa:b6:1f:0b:82:8e:7c:
d9:9c:dd:75:6d:48:a8:3e:60:09:11:41:7b:7c:21:
fa:79:32:dc:ff:72:98:ae:94:63:37:7b:83:63:f3:
11:3a:f2:56:08:7c:97:cc:2a:0b:f2:c4:7d:74:67:
b5:45:1b:6c:6d:28:0d:ef:4c:53:d2:16:ea:cd:dc:
4a:ce:23:1d:cb:3e:91:08:e9:db:87:4c:c1:b6:5a:
9d:5a:53:2e:01:97:7e:33:00:8c:b5:d6:40:57:23:
e7:52:6f:d7:99:08:cd:fa:36:7f:45:6e:4a:b4:39:
49:e8:3e:65:f6:a4:74:22:6a:99:56:c7:3a:c4:75:
65:38:fe:bb:11:e1:5c:ff:8f:34:f1:42:9d:64:1c:
02:1e:2a:c9:1d:7b:c2:b5:20:a6:eb:69:21:8a:5a:
c5:fa:33:7e:1f:88:29:da:5b:29:92:b9:ce:4f:27:
57:59:6b:6c:55:91:47:a7:1b:0e:fb:eb:d6:ab:6f:
d7:11:6d:f7:ae:5d:01:6d:77:91:51:b6:7e:19:7d:
83:73:44:ce:22:2c:a7:4f:d0:be:9f:70:d3:03:55:
ca:63:e0:02:bc:96:6e:18:ae:98:55:25:96:aa:3e:
5e:1e:2d:26:d8:49:b4:43:87:61:73:9d:36:b8:80:
3e:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:40:83:74:07:1F:1A:08:FE:1B:B8:FE:BD:AA:ED:DC:B2:C4:C0:57
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/20CDdAcfGgj-G7j-vart3LLEwFc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.2.0/24
151.240.169.0/24
151.241.33.0/24
151.241.43.0/24
151.241.48.0/24
151.241.51.0/24
151.241.164.0/24
151.242.26.0/24
151.243.26.0/24
151.244.42.0/24
151.245.69.0/24
151.247.246.0/24
Signature Algorithm: sha256WithRSAEncryption
08:ae:fa:74:19:42:45:a6:cc:40:ed:0f:ea:c2:54:a4:78:df:
f2:c2:c1:db:d8:01:e3:8e:89:87:8a:9d:32:9d:5d:ed:43:cc:
d0:f5:38:cd:11:83:17:2e:58:59:fd:3f:09:f8:24:4a:c8:20:
12:68:06:32:b1:46:c0:d1:04:3f:9b:08:be:eb:d2:79:83:9a:
bb:0a:4e:d9:5c:11:78:48:da:96:ba:b7:48:f2:32:44:82:30:
41:b9:92:9e:5a:85:6c:5f:b0:8c:76:30:fd:c2:e8:0e:a6:42:
1e:c6:98:31:75:a2:b0:0a:96:2f:b5:71:c2:11:c6:d4:0c:e8:
54:df:aa:9d:9a:8c:e9:e7:8c:be:74:6c:31:9c:ac:90:c6:f8:
f2:6a:50:88:55:be:02:3c:2f:ca:77:7a:21:57:b8:3f:8c:9b:
4e:4a:66:49:f9:c1:05:1a:80:5a:b3:c0:61:fe:2b:dc:93:2c:
0a:2f:9a:d5:38:be:21:84:b1:98:07:1c:f6:a2:08:2e:f6:74:
8e:b1:6f:83:f2:63:d9:03:bd:0b:99:9c:37:5f:16:7e:c1:ed:
1d:7c:88:5e:6f:a2:c4:af:c6:f0:7d:5c:14:aa:ab:08:6c:1b:
d4:db:8a:29:97:60:c4:3a:7a:8c:39:11:da:69:44:97:af:d6:
24:d3:ab:83
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZoWZr/+CKVoFii6tX0Q47SqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDI0MTMyNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjQwODM3NDA3MWYxYTA4ZmUxYmI4ZmViZGFhZWRkY2IyYzRjMDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyn8jUchz6Pq2HwuCjnzZnN11bUio
PmAJEUF7fCH6eTLc/3KYrpRjN3uDY/MROvJWCHyXzCoL8sR9dGe1RRtsbSgN70xT
0hbqzdxKziMdyz6RCOnbh0zBtlqdWlMuAZd+MwCMtdZAVyPnUm/XmQjN+jZ/RW5K
tDlJ6D5l9qR0ImqZVsc6xHVlOP67EeFc/4808UKdZBwCHirJHXvCtSCm62khilrF
+jN+H4gp2lspkrnOTydXWWtsVZFHpxsO++vWq2/XEW33rl0BbXeRUbZ+GX2Dc0TO
IiynT9C+n3DTA1XKY+ACvJZuGK6YVSWWqj5eHi0m2Em0Q4dhc502uIA+9QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFNtAg3QHHxoI/hu4/r2q7dyyxMBXMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMjBDRGRBY2ZHZ2otRzdqLXZhcnQzTExFd0ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAl/ACAwQA
l/CpAwQAl/EhAwQAl/ErAwQAl/EwAwQAl/EzAwQAl/GkAwQAl/IaAwQAl/MaAwQA
l/QqAwQAl/VFAwQAl/f2MA0GCSqGSIb3DQEBCwUAA4IBAQAIrvp0GUJFpsxA7Q/q
wlSkeN/ywsHb2AHjjomHip0ynV3tQ8zQ9TjNEYMXLlhZ/T8J+CRKyCASaAYysUbA
0QQ/mwi+69J5g5q7Ck7ZXBF4SNqWurdI8jJEgjBBuZKeWoVsX7CMdjD9wugOpkIe
xpgxdaKwCpYvtXHCEcbUDOhU36qdmozp54y+dGwxnKyQxvjyalCIVb4CPC/Kd3oh
V7g/jJtOSmZJ+cEFGoBas8Bh/ivckywKL5rVOL4hhLGYBxz2oggu9nSOsW+D8mPZ
A70LmZw3XxZ+we0dfIheb6LEr8bwfVwUqqsIbBvU24opl2DEOnqMORHaaUSXr9Yk
06uD
-----END CERTIFICATE-----
Generated at Fri Nov 7 00:07:50 2025 by rpki-client