Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/K1xIGpXDylHpLUTcsMTNj5mM4ys.roa
File: K1xIGpXDylHpLUTcsMTNj5mM4ys.roa (raw, json)
Hash identifier: vm+983s4iqzD+3QBPtqedMyLhwDErRaz8oIF++ByfZ8=
Subject key identifier: 2B:5C:48:1A:95:C3:CA:51:E9:2D:44:DC:B0:C4:CD:8F:99:8C:E3:2B
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0198E685B6018E28BFA2C75619C588A46A64
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/K1xIGpXDylHpLUTcsMTNj5mM4ys.roa
Signing time: Tue 26 Aug 2025 13:16:19 +0000
ROA not before: Tue 26 Aug 2025 13:16:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207252
IP address blocks: 151.240.157.0/24 maxlen: 24
151.242.160.0/22 maxlen: 24
151.242.176.0/22 maxlen: 24
151.243.208.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 04 Sep 2025 13:03:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:e6:85:b6:01:8e:28:bf:a2:c7:56:19:c5:88:a4:6a:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Aug 26 13:16:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2b5c481a95c3ca51e92d44dcb0c4cd8f998ce32b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:6a:15:f7:36:61:35:69:0c:c1:5e:8b:3b:9f:
87:76:07:6c:dc:13:18:16:48:2b:af:ab:f4:6a:31:
b5:12:70:ad:40:a3:ab:ae:3d:aa:93:28:15:4f:df:
26:3f:57:f1:71:48:c2:6f:2b:c3:2e:b7:4c:33:d4:
62:af:8f:d5:3f:c8:4e:ac:b5:03:e6:65:0b:c0:74:
c1:23:87:8f:0a:49:5b:de:54:ed:b8:9c:4c:2c:8d:
c6:b2:b5:62:df:9b:e9:01:d9:f1:60:91:2c:0b:9c:
a0:08:0b:f3:47:fc:cf:e8:ff:ac:13:80:a4:75:e4:
26:87:ea:8e:aa:d2:53:8f:e8:16:25:ba:70:61:8d:
f6:aa:73:94:e7:b4:76:43:e9:e6:75:be:f7:9a:2e:
7b:13:2e:05:6a:4f:20:12:60:d3:3f:2c:c6:88:a7:
92:e9:0b:ea:82:4d:a7:87:74:e7:3c:71:3c:01:17:
fa:2f:c3:88:b4:00:81:d4:61:03:bb:73:f3:03:82:
9c:6b:9d:87:ed:cd:d3:78:bc:7c:29:5b:e2:11:fd:
1c:37:e3:88:d6:8d:c7:52:93:72:b7:2e:2b:67:da:
5b:d3:8f:78:7f:f4:4a:81:ba:02:45:e9:74:df:fb:
a2:f3:d4:da:f2:f3:65:52:dd:87:84:e0:60:bc:e3:
b7:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:5C:48:1A:95:C3:CA:51:E9:2D:44:DC:B0:C4:CD:8F:99:8C:E3:2B
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/K1xIGpXDylHpLUTcsMTNj5mM4ys.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.157.0/24
151.242.160.0/22
151.242.176.0/22
151.243.208.0/22
Signature Algorithm: sha256WithRSAEncryption
a6:de:22:9f:6f:d1:e0:9a:da:96:78:29:c9:a1:ae:ab:ce:8f:
02:87:95:2a:d6:6c:bc:76:61:bb:8a:f7:14:94:bc:14:ea:c1:
ec:dd:40:61:2e:5e:68:6f:87:01:69:69:d4:8a:bb:99:d9:39:
63:17:73:63:ae:f2:18:dc:1e:e5:e0:08:73:41:36:2a:4c:d5:
ee:b0:d8:fa:39:82:9b:9a:ff:70:74:2e:cc:23:7d:ce:ce:23:
92:e2:89:83:2f:67:78:a8:03:c1:b4:52:3a:96:eb:cd:18:5d:
78:fe:b1:a7:64:75:66:87:79:85:45:55:04:99:30:20:d9:44:
f6:ae:62:b8:05:f7:91:0b:be:ff:c4:53:aa:d5:22:8b:d3:75:
08:60:22:46:ed:26:15:1d:aa:14:23:c7:35:67:fd:79:e5:be:
cb:06:fa:0b:46:f4:fe:af:09:30:2e:ef:e2:06:98:20:3b:df:
f5:90:b3:51:b7:f3:dd:89:ac:4b:49:2c:c6:54:fe:7b:7b:54:
b7:dc:58:cf:a7:e7:46:e8:32:7b:d4:50:f8:29:e1:d9:89:fc:
0b:c2:30:2c:e2:36:1f:7b:ac:a7:c0:4d:e3:83:ab:22:01:f2:
42:47:9e:f0:ed:cc:8b:da:68:9e:0d:e8:70:6e:ff:a2:67:c0:
b3:9b:4c:21
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZjmhbYBjii/osdWGcWIpGpkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODI2MTMxNjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjVjNDgxYTk1YzNjYTUxZTkyZDQ0ZGNiMGM0Y2Q4Zjk5OGNlMzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6GoV9zZhNWkMwV6LO5+Hdgds3BMY
Fkgrr6v0ajG1EnCtQKOrrj2qkygVT98mP1fxcUjCbyvDLrdMM9Rir4/VP8hOrLUD
5mULwHTBI4ePCklb3lTtuJxMLI3GsrVi35vpAdnxYJEsC5ygCAvzR/zP6P+sE4Ck
deQmh+qOqtJTj+gWJbpwYY32qnOU57R2Q+nmdb73mi57Ey4Fak8gEmDTPyzGiKeS
6Qvqgk2nh3TnPHE8ARf6L8OItACB1GEDu3PzA4Kca52H7c3TeLx8KVviEf0cN+OI
1o3HUpNyty4rZ9pb0494f/RKgboCRel03/ui89Ta8vNlUt2HhOBgvOO3BQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCtcSBqVw8pR6S1E3LDEzY+ZjOMrMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSzF4SUdwWER5bEhwTFVUY3NNVE5qNW1NNHlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAl/CdAwQC
l/KgAwQCl/KwAwQCl/PQMA0GCSqGSIb3DQEBCwUAA4IBAQCm3iKfb9HgmtqWeCnJ
oa6rzo8Ch5Uq1my8dmG7ivcUlLwU6sHs3UBhLl5ob4cBaWnUiruZ2TljF3NjrvIY
3B7l4AhzQTYqTNXusNj6OYKbmv9wdC7MI33OziOS4omDL2d4qAPBtFI6luvNGF14
/rGnZHVmh3mFRVUEmTAg2UT2rmK4BfeRC77/xFOq1SKL03UIYCJG7SYVHaoUI8c1
Z/155b7LBvoLRvT+rwkwLu/iBpggO9/1kLNRt/PdiaxLSSzGVP57e1S33FjPp+dG
6DJ71FD4KeHZifwLwjAs4jYfe6ynwE3jg6siAfJCR57w7cyL2mieDehwbv+iZ8Cz
m0wh
-----END CERTIFICATE-----
Generated at Wed Sep 3 18:42:34 2025 by rpki-client