Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/KyQTkXiFP-D96oCOFfhQgD19KTM.roa
File: KyQTkXiFP-D96oCOFfhQgD19KTM.roa (raw, json)
Hash identifier: OpwRTV6VzKm1M46l+QyLAjHcj33rJ5HrwTCn1+m6Ra0=
Subject key identifier: 2B:24:13:91:78:85:3F:E0:FD:EA:80:8E:15:F8:50:80:3D:7D:29:33
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 01990E9A5053FD04EA06B5E16E576C5CF622
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/KyQTkXiFP-D96oCOFfhQgD19KTM.roa
Signing time: Wed 03 Sep 2025 08:03:38 +0000
ROA not before: Wed 03 Sep 2025 08:03:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214432
IP address blocks: 151.240.73.0/24 maxlen: 24
151.240.78.0/24 maxlen: 24
151.240.144.0/24 maxlen: 24
151.240.150.0/24 maxlen: 24
151.240.151.0/24 maxlen: 24
151.241.177.0/24 maxlen: 24
151.244.38.0/24 maxlen: 24
151.244.52.0/24 maxlen: 24
151.244.62.0/24 maxlen: 24
151.244.75.0/24 maxlen: 24
151.244.87.0/24 maxlen: 24
151.245.102.0/24 maxlen: 24
151.245.189.0/24 maxlen: 24
151.245.191.0/24 maxlen: 24
151.245.192.0/24 maxlen: 24
151.245.241.0/24 maxlen: 24
151.245.247.0/24 maxlen: 24
151.246.248.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 04 Sep 2025 13:03:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:0e:9a:50:53:fd:04:ea:06:b5:e1:6e:57:6c:5c:f6:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Sep 3 08:03:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2b24139178853fe0fdea808e15f850803d7d2933
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:0d:61:98:39:80:d5:6c:b5:3c:7d:b0:bc:9e:
d5:0a:75:00:d0:12:56:ea:3e:8d:ec:be:1e:1d:cd:
58:0d:da:96:78:10:c8:82:ad:38:f8:46:24:78:ba:
f0:e6:cf:ee:88:47:3d:81:8d:1a:1f:99:fe:3e:bb:
e2:66:c6:ab:7d:64:dd:37:5d:75:3b:93:99:c6:2c:
20:64:64:e1:a1:63:e3:f2:c2:81:4d:a7:81:12:d8:
0d:5e:9d:f4:d6:e1:2e:e3:db:29:e6:f7:83:f1:54:
90:6b:8a:32:2a:5d:3d:cd:30:13:63:08:00:6f:2d:
f5:f8:f9:26:3a:01:d7:02:6e:d8:02:43:4b:18:22:
9e:ef:01:da:3d:fc:65:df:fc:53:94:ac:f3:09:36:
14:bd:b5:a7:c1:20:57:83:6b:4d:57:48:45:89:61:
25:be:96:6c:59:ec:ad:98:8c:b4:23:75:f6:45:95:
3a:c8:19:9c:f7:0b:4c:20:29:13:0d:58:c5:e2:69:
ed:48:e8:9e:64:9d:67:b2:25:b6:24:6c:ed:12:04:
00:ca:77:1b:2e:54:ec:9f:c2:c3:49:10:90:48:92:
df:81:f4:27:de:d5:73:e8:91:02:59:f7:a2:1b:2c:
68:61:b7:9d:4b:2f:1c:0d:89:2f:bf:6a:fd:af:2f:
8e:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:24:13:91:78:85:3F:E0:FD:EA:80:8E:15:F8:50:80:3D:7D:29:33
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/KyQTkXiFP-D96oCOFfhQgD19KTM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.73.0/24
151.240.78.0/24
151.240.144.0/24
151.240.150.0/23
151.241.177.0/24
151.244.38.0/24
151.244.52.0/24
151.244.62.0/24
151.244.75.0/24
151.244.87.0/24
151.245.102.0/24
151.245.189.0/24
151.245.191.0-151.245.192.255
151.245.241.0/24
151.245.247.0/24
151.246.248.0/24
Signature Algorithm: sha256WithRSAEncryption
36:a1:49:67:db:ed:f4:d8:c4:0a:f1:ca:bb:90:ec:4e:b7:7f:
89:1e:52:8b:51:43:71:65:35:9a:6f:1d:5a:b8:57:d7:88:60:
de:fe:34:e3:d5:8c:e6:30:54:10:3c:1a:a2:4f:c3:0e:03:9a:
41:70:56:d9:66:b6:0f:b3:08:4a:b2:4c:ca:f2:bc:c5:fd:a5:
84:83:35:73:eb:f9:69:14:8f:61:37:80:0f:ac:9e:6f:0a:e0:
f2:c4:99:ce:d4:54:5e:d4:f2:e6:cc:7b:2d:d1:61:e5:f2:30:
8d:f6:f5:37:ee:c3:b0:9f:34:80:30:dc:40:1c:47:22:d8:59:
9e:2e:48:e0:fd:cc:30:78:da:8c:9a:45:2e:2c:92:03:fc:d4:
28:34:4a:f3:4a:7e:67:8b:b0:29:61:de:6d:02:4c:5a:9f:bf:
bf:c6:11:12:b5:43:bf:5f:3d:ca:8c:ea:07:9a:ab:7e:21:2b:
ab:1b:e2:e5:99:2f:7b:b4:20:c1:0b:12:5b:1e:8e:4e:ed:3f:
9b:bf:74:52:32:80:6c:f8:07:5e:43:95:64:65:4a:e8:75:51:
75:17:ae:23:8f:99:e2:ed:18:71:11:f1:d1:49:6a:e9:45:33:
46:14:70:46:8a:01:2d:36:1d:48:68:e7:c0:b5:da:19:78:d8:
84:8d:9b:a6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAZkOmlBT/QTqBrXhbldsXPYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTAzMDgwMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjI0MTM5MTc4ODUzZmUwZmRlYTgwOGUxNWY4NTA4MDNkN2QyOTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmg1hmDmA1Wy1PH2wvJ7VCnUA0BJW
6j6N7L4eHc1YDdqWeBDIgq04+EYkeLrw5s/uiEc9gY0aH5n+PrviZsarfWTdN111
O5OZxiwgZGThoWPj8sKBTaeBEtgNXp301uEu49sp5veD8VSQa4oyKl09zTATYwgA
by31+PkmOgHXAm7YAkNLGCKe7wHaPfxl3/xTlKzzCTYUvbWnwSBXg2tNV0hFiWEl
vpZsWeytmIy0I3X2RZU6yBmc9wtMICkTDVjF4mntSOieZJ1nsiW2JGztEgQAyncb
LlTsn8LDSRCQSJLfgfQn3tVz6JECWfeiGyxoYbedSy8cDYkvv2r9ry+O/QIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFCskE5F4hT/g/eqAjhX4UIA9fSkzMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvS3lRVGtYaUZQLUQ5Nm9DT0ZmaFFnRDE5S1RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAJfwSQME
AJfwTgMEAJfwkAMEAZfwlgMEAJfxsQMEAJf0JgMEAJf0NAMEAJf0PgMEAJf0SwME
AJf0VwMEAJf1ZgMEAJf1vTAMAwQAl/W/AwQAl/XAAwQAl/XxAwQAl/X3AwQAl/b4
MA0GCSqGSIb3DQEBCwUAA4IBAQA2oUln2+302MQK8cq7kOxOt3+JHlKLUUNxZTWa
bx1auFfXiGDe/jTj1YzmMFQQPBqiT8MOA5pBcFbZZrYPswhKskzK8rzF/aWEgzVz
6/lpFI9hN4APrJ5vCuDyxJnO1FRe1PLmzHst0WHl8jCN9vU37sOwnzSAMNxAHEci
2FmeLkjg/cwweNqMmkUuLJID/NQoNErzSn5ni7ApYd5tAkxan7+/xhEStUO/Xz3K
jOoHmqt+ISurG+LlmS97tCDBCxJbHo5O7T+bv3RSMoBs+AdeQ5VkZUrodVF1F64j
j5ni7RhxEfHRSWrpRTNGFHBGigEtNh1IaOfAtdoZeNiEjZum
-----END CERTIFICATE-----
Generated at Wed Sep 3 18:40:21 2025 by rpki-client