Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Gfh84D_SJWqnzI8eUHDe0g4FsoE.roa
File: Gfh84D_SJWqnzI8eUHDe0g4FsoE.roa (raw, json)
Hash identifier: zxOxwT+1Sluu0umxx8BcTE/jWtjPcy9VlVbs2WRyplo=
Subject key identifier: 19:F8:7C:E0:3F:D2:25:6A:A7:CC:8F:1E:50:70:DE:D2:0E:05:B2:81
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019CAE1E23B3A1CE5C0627105F9CA081006D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Gfh84D_SJWqnzI8eUHDe0g4FsoE.roa
Signing time: Mon 02 Mar 2026 10:35:36 +0000
ROA not before: Mon 02 Mar 2026 10:35:36 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 212238
IP address blocks: 37.202.201.0/24 maxlen: 24
151.240.45.0/24 maxlen: 24
151.241.30.0/24 maxlen: 24
151.241.39.0/24 maxlen: 24
151.241.50.0/24 maxlen: 24
151.241.64.0/24 maxlen: 24
151.241.67.0/24 maxlen: 24
151.241.70.0/24 maxlen: 24
151.241.71.0/24 maxlen: 24
151.241.73.0/24 maxlen: 24
151.241.77.0/24 maxlen: 24
151.241.95.0/24 maxlen: 24
151.241.115.0/24 maxlen: 24
151.241.160.0/24 maxlen: 24
151.241.176.0/24 maxlen: 24
151.241.204.0/24 maxlen: 24
151.242.45.0/24 maxlen: 24
151.242.158.0/24 maxlen: 24
151.243.2.0/24 maxlen: 24
151.243.105.0/24 maxlen: 24
151.243.137.0/24 maxlen: 24
151.244.5.0/24 maxlen: 24
151.244.57.0/24 maxlen: 24
151.244.111.0/24 maxlen: 24
151.244.114.0/24 maxlen: 24
151.244.115.0/24 maxlen: 24
151.244.131.0/24 maxlen: 24
151.244.191.0/24 maxlen: 24
151.244.193.0/24 maxlen: 24
151.244.212.0/24 maxlen: 24
151.245.3.0/24 maxlen: 24
151.245.28.0/24 maxlen: 24
151.245.76.0/24 maxlen: 24
151.245.78.0/24 maxlen: 24
151.245.104.0/24 maxlen: 24
151.245.195.0/24 maxlen: 24
151.245.212.0/24 maxlen: 24
151.247.120.0/23 maxlen: 24
151.247.122.0/23 maxlen: 24
151.247.124.0/23 maxlen: 24
151.247.126.0/23 maxlen: 24
151.247.188.0/24 maxlen: 24
151.247.221.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 05 Mar 2026 07:18:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:ae:1e:23:b3:a1:ce:5c:06:27:10:5f:9c:a0:81:00:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Mar 2 10:35:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=19f87ce03fd2256aa7cc8f1e5070ded20e05b281
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:dc:32:6b:5d:bc:da:2d:63:09:13:12:c4:a4:
e7:a4:09:3f:43:7b:48:fd:b2:e7:af:eb:2b:cb:ec:
f2:15:ec:a5:72:2d:40:da:87:fc:eb:b5:d2:a6:aa:
77:b5:47:80:18:ce:14:a2:ec:7d:cd:ee:96:23:44:
38:54:86:d3:2c:13:ef:80:32:61:ff:51:81:51:f0:
15:c6:02:eb:26:a5:6b:4c:68:0d:ee:d9:0b:d3:fc:
25:ed:40:b8:a7:25:e1:f0:a4:a5:6a:20:bd:dd:0a:
22:9f:27:04:41:ea:58:45:cd:88:d4:9c:75:6c:42:
da:cb:a3:66:28:bb:80:68:30:d5:cb:b7:b3:9d:02:
53:55:b4:53:4b:b2:73:e5:19:5a:fe:05:2a:a0:4e:
6e:ba:ca:01:23:0a:3b:33:2f:00:02:f1:21:04:e5:
a6:ad:26:dc:a6:9a:cd:27:d1:e0:10:c9:46:c5:5a:
2d:28:fe:6f:c7:9b:14:1b:95:d1:58:3d:58:9f:80:
dd:28:81:4d:75:dc:52:69:c4:fa:94:56:27:d1:f1:
0b:ca:1d:b8:51:aa:0e:5f:a7:00:ef:9b:34:b6:b1:
1e:27:68:04:9a:f4:a9:4e:c6:25:08:3b:5e:fb:f3:
f8:1c:78:c8:94:94:c1:8c:73:34:a2:e0:ff:26:8e:
c9:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:F8:7C:E0:3F:D2:25:6A:A7:CC:8F:1E:50:70:DE:D2:0E:05:B2:81
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Gfh84D_SJWqnzI8eUHDe0g4FsoE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.201.0/24
151.240.45.0/24
151.241.30.0/24
151.241.39.0/24
151.241.50.0/24
151.241.64.0/24
151.241.67.0/24
151.241.70.0/23
151.241.73.0/24
151.241.77.0/24
151.241.95.0/24
151.241.115.0/24
151.241.160.0/24
151.241.176.0/24
151.241.204.0/24
151.242.45.0/24
151.242.158.0/24
151.243.2.0/24
151.243.105.0/24
151.243.137.0/24
151.244.5.0/24
151.244.57.0/24
151.244.111.0/24
151.244.114.0/23
151.244.131.0/24
151.244.191.0/24
151.244.193.0/24
151.244.212.0/24
151.245.3.0/24
151.245.28.0/24
151.245.76.0/24
151.245.78.0/24
151.245.104.0/24
151.245.195.0/24
151.245.212.0/24
151.247.120.0/21
151.247.188.0/24
151.247.221.0/24
Signature Algorithm: sha256WithRSAEncryption
29:f2:d7:33:0a:9e:36:ce:4d:47:27:89:46:a3:12:bc:0f:7e:
8a:e6:a3:6a:04:10:dc:eb:34:a6:86:6f:7f:de:29:2b:13:2b:
ec:d6:34:f6:fe:23:83:56:db:46:56:d5:c1:97:39:60:9a:3f:
07:44:70:33:b7:4d:4d:ab:b9:78:9c:16:cf:38:2a:a3:9e:81:
bb:75:01:5c:d3:3e:41:76:33:65:88:9a:ab:0a:3d:3d:22:75:
90:1f:be:81:cf:ad:7e:23:ba:bc:c8:a7:10:61:43:e8:b9:bd:
38:d1:aa:f7:6d:b5:11:68:7d:15:65:f2:a4:26:56:8f:1b:4d:
ab:e1:40:85:5b:24:4f:5c:3b:a6:47:dc:f7:39:3a:e7:98:ef:
36:48:34:f7:e7:37:53:89:42:39:87:f5:1c:58:5e:26:e7:7a:
f2:0b:cd:5a:08:30:23:4e:58:1a:9e:be:87:73:7f:8c:df:4c:
2b:e3:61:53:30:85:3d:f3:0c:66:a8:ff:c8:06:8c:bd:3c:32:
76:a0:c7:5d:38:4a:c0:f5:21:04:65:e9:a5:ee:0d:b2:45:46:
a9:0a:6c:0f:e7:39:8a:fe:c9:e3:64:d2:53:dc:8f:3b:ff:a1:
aa:b6:c1:4c:7a:0a:52:ba:e9:39:92:05:6d:a9:90:fa:c3:75:
a9:02:c6:c6
-----BEGIN CERTIFICATE-----
MIIF4TCCBMmgAwIBAgISAZyuHiOzoc5cBicQX5yggQBtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzAyMTAzNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWY4N2NlMDNmZDIyNTZhYTdjYzhmMWU1MDcwZGVkMjBlMDViMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdwya1282i1jCRMSxKTnpAk/Q3tI
/bLnr+sry+zyFeylci1A2of867XSpqp3tUeAGM4Uoux9ze6WI0Q4VIbTLBPvgDJh
/1GBUfAVxgLrJqVrTGgN7tkL0/wl7UC4pyXh8KSlaiC93QoinycEQepYRc2I1Jx1
bELay6NmKLuAaDDVy7eznQJTVbRTS7Jz5Rla/gUqoE5uusoBIwo7My8AAvEhBOWm
rSbcpprNJ9HgEMlGxVotKP5vx5sUG5XRWD1Yn4DdKIFNddxSacT6lFYn0fELyh24
UaoOX6cA75s0trEeJ2gEmvSpTsYlCDte+/P4HHjIlJTBjHM0ouD/Jo7JywIDAQAB
o4IC7TCCAukwHQYDVR0OBBYEFBn4fOA/0iVqp8yPHlBw3tIOBbKBMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvR2ZoODREX1NKV3Fuekk4ZVVIRGUwZzRGc29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAQYIKwYBBQUHAQcBAf8EgfEwge4wgesEAgABMIHkAwQA
JcrJAwQAl/AtAwQAl/EeAwQAl/EnAwQAl/EyAwQAl/FAAwQAl/FDAwQBl/FGAwQA
l/FJAwQAl/FNAwQAl/FfAwQAl/FzAwQAl/GgAwQAl/GwAwQAl/HMAwQAl/ItAwQA
l/KeAwQAl/MCAwQAl/NpAwQAl/OJAwQAl/QFAwQAl/Q5AwQAl/RvAwQBl/RyAwQA
l/SDAwQAl/S/AwQAl/TBAwQAl/TUAwQAl/UDAwQAl/UcAwQAl/VMAwQAl/VOAwQA
l/VoAwQAl/XDAwQAl/XUAwQDl/d4AwQAl/e8AwQAl/fdMA0GCSqGSIb3DQEBCwUA
A4IBAQAp8tczCp42zk1HJ4lGoxK8D36K5qNqBBDc6zSmhm9/3ikrEyvs1jT2/iOD
VttGVtXBlzlgmj8HRHAzt01Nq7l4nBbPOCqjnoG7dQFc0z5BdjNliJqrCj09InWQ
H76Bz61+I7q8yKcQYUPoub040ar3bbURaH0VZfKkJlaPG02r4UCFWyRPXDumR9z3
OTrnmO82SDT35zdTiUI5h/UcWF4m53ryC81aCDAjTlganr6Hc3+M30wr42FTMIU9
8wxmqP/IBoy9PDJ2oMddOErA9SEEZeml7g2yRUapCmwP5zmK/snjZNJT3I87/6Gq
tsFMegpSuuk5kgVtqZD6w3WpAsbG
-----END CERTIFICATE-----
Generated at Wed Mar 4 16:01:33 2026 by rpki-client