Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9x8o5J1qEYggvHsWURFspV2_ygA.roa
File: 9x8o5J1qEYggvHsWURFspV2_ygA.roa (raw, json)
Hash identifier: 2PDPclZp0tF3fgo7OXd/kjw2GOWhNWj0Uk1MGkXZoiM=
Subject key identifier: F7:1F:28:E4:9D:6A:11:88:20:BC:7B:16:51:11:6C:A5:5D:BF:CA:00
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0198E4E408229F43C572740FE713BE05FC9B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9x8o5J1qEYggvHsWURFspV2_ygA.roa
Signing time: Tue 26 Aug 2025 05:40:06 +0000
ROA not before: Tue 26 Aug 2025 05:40:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20326
IP address blocks: 151.243.21.0/24 maxlen: 24
151.243.52.0/23 maxlen: 24
151.243.164.0/22 maxlen: 24
151.243.244.0/24 maxlen: 24
151.244.2.0/24 maxlen: 24
151.244.136.0/22 maxlen: 24
151.244.160.0/22 maxlen: 24
151.244.171.0/24 maxlen: 24
151.244.172.0/22 maxlen: 24
151.244.176.0/22 maxlen: 24
151.245.8.0/21 maxlen: 24
151.245.168.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 04 Sep 2025 13:03:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:e4:e4:08:22:9f:43:c5:72:74:0f:e7:13:be:05:fc:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Aug 26 05:40:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f71f28e49d6a118820bc7b1651116ca55dbfca00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:91:85:1b:21:8e:33:56:0b:11:03:f3:d5:e6:
a8:de:78:5c:42:7f:56:d0:a6:76:ee:c9:7e:d8:16:
9b:76:42:79:e3:8f:69:cd:8f:6c:c9:5b:68:da:15:
56:e4:89:5d:8a:4c:9a:8e:02:d5:d7:d3:df:87:6a:
b5:4b:8e:81:5a:83:08:43:01:03:27:65:5e:60:4e:
93:bf:d6:b1:8d:59:0f:e1:e2:81:8d:f6:20:2d:87:
bf:99:5a:11:90:17:df:54:12:e8:e9:f2:25:33:93:
5c:d3:6b:8f:a0:ce:fe:b8:e2:e4:19:a7:93:e1:a1:
a7:7b:4e:b7:41:0c:33:8f:00:d8:7a:b6:ee:dc:f6:
3d:55:b4:46:6c:18:bb:65:db:bd:88:3a:fe:5c:cc:
c2:a0:3c:9e:40:3c:9a:e9:ec:67:39:18:d5:13:c9:
f8:56:2e:11:5a:75:18:7f:2d:a5:c4:e4:11:4f:1d:
3e:d2:0d:bb:36:47:16:6b:0d:50:54:1f:e6:74:64:
89:59:a3:0a:ac:aa:88:79:64:0a:28:f6:63:48:11:
78:72:fa:d7:a7:5f:b0:d5:54:9f:08:96:b0:fc:d4:
74:ce:c3:8e:ac:f5:d6:ca:e5:13:bd:1e:d2:a4:fc:
33:8a:3e:65:e1:f6:33:fa:86:af:fa:2f:c7:5b:fe:
14:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:1F:28:E4:9D:6A:11:88:20:BC:7B:16:51:11:6C:A5:5D:BF:CA:00
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9x8o5J1qEYggvHsWURFspV2_ygA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.243.21.0/24
151.243.52.0/23
151.243.164.0/22
151.243.244.0/24
151.244.2.0/24
151.244.136.0/22
151.244.160.0/22
151.244.171.0-151.244.179.255
151.245.8.0/21
151.245.168.0/21
Signature Algorithm: sha256WithRSAEncryption
41:35:a9:ef:df:14:af:79:7f:03:e0:0f:07:3e:a9:5d:d0:5f:
2b:c1:61:9f:76:62:b1:65:ca:69:cc:b5:12:e2:2a:5d:cc:70:
37:60:a6:c4:d1:6f:58:a4:ff:1d:cb:45:a3:51:76:3d:6c:0b:
e3:29:78:61:08:c4:d1:2b:b4:b4:d9:ba:10:f6:ae:8b:02:49:
b7:d9:75:d5:4a:5a:e5:9b:53:4f:36:f0:58:7e:1a:d8:2c:dd:
b6:b0:66:bb:63:d3:9d:08:13:9e:ee:67:fc:cb:da:c1:e1:2b:
09:88:b7:6e:af:3c:41:95:fd:93:70:11:8c:04:73:ef:ab:e0:
06:81:db:f5:79:4e:04:fd:60:7a:94:50:9c:49:c2:dc:79:f6:
1c:59:48:f2:a9:52:44:c7:d6:c6:2f:54:af:4a:7e:6a:d5:bf:
e2:c6:5b:ff:a6:14:e8:36:81:d6:e2:19:f6:ad:c6:5c:d9:6b:
e8:87:41:d9:47:3c:e1:0a:f2:01:66:c9:cc:3b:b8:0a:44:10:
38:4d:b5:a2:24:5d:6a:fb:9c:af:ac:36:09:a1:a2:dc:c1:35:
e3:67:cf:a0:73:79:8e:49:0a:16:8b:4d:68:0d:1c:62:be:0e:
1d:57:1e:fd:ce:12:6e:4a:1b:7a:12:cb:75:e1:85:df:39:9f:
17:06:10:8f
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZjk5Agin0PFcnQP5xO+BfybMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODI2MDU0MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzFmMjhlNDlkNmExMTg4MjBiYzdiMTY1MTExNmNhNTVkYmZjYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9JGFGyGOM1YLEQPz1eao3nhcQn9W
0KZ27sl+2BabdkJ5449pzY9syVto2hVW5IldikyajgLV19Pfh2q1S46BWoMIQwED
J2VeYE6Tv9axjVkP4eKBjfYgLYe/mVoRkBffVBLo6fIlM5Nc02uPoM7+uOLkGaeT
4aGne063QQwzjwDYerbu3PY9VbRGbBi7Zdu9iDr+XMzCoDyeQDya6exnORjVE8n4
Vi4RWnUYfy2lxOQRTx0+0g27NkcWaw1QVB/mdGSJWaMKrKqIeWQKKPZjSBF4cvrX
p1+w1VSfCJaw/NR0zsOOrPXWyuUTvR7SpPwzij5l4fYz+oav+i/HW/4UBwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFPcfKOSdahGIILx7FlERbKVdv8oAMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvOXg4bzVKMXFFWWdndkhzV1VSRnNwVjJfeWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAl/MVAwQB
l/M0AwQCl/OkAwQAl/P0AwQAl/QCAwQCl/SIAwQCl/SgMAwDBACX9KsDBAKX9LAD
BAOX9QgDBAOX9agwDQYJKoZIhvcNAQELBQADggEBAEE1qe/fFK95fwPgDwc+qV3Q
XyvBYZ92YrFlymnMtRLiKl3McDdgpsTRb1ik/x3LRaNRdj1sC+MpeGEIxNErtLTZ
uhD2rosCSbfZddVKWuWbU0828Fh+Gtgs3bawZrtj050IE57uZ/zL2sHhKwmIt26v
PEGV/ZNwEYwEc++r4AaB2/V5TgT9YHqUUJxJwtx59hxZSPKpUkTH1sYvVK9KfmrV
v+LGW/+mFOg2gdbiGfatxlzZa+iHQdlHPOEK8gFmycw7uApEEDhNtaIkXWr7nK+s
NgmhotzBNeNnz6BzeY5JChaLTWgNHGK+Dh1XHv3OEm5KG3oSy3Xhhd85nxcGEI8=
-----END CERTIFICATE-----
Generated at Wed Sep 3 18:37:22 2025 by rpki-client