Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/LM3CpeIGyRF6w8LG1r6GV9icK80.roa
File: LM3CpeIGyRF6w8LG1r6GV9icK80.roa (raw, json)
Hash identifier: 0vH+2P7YAtfftCI6DkhU046yYuYgG/RXgd8Fi0QMZMc=
Subject key identifier: 2C:CD:C2:A5:E2:06:C9:11:7A:C3:C2:C6:D6:BE:86:57:D8:9C:2B:CD
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0198E4E7AF278F5163007EBEC6A5E9D427A6
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/LM3CpeIGyRF6w8LG1r6GV9icK80.roa
Signing time: Tue 26 Aug 2025 05:44:05 +0000
ROA not before: Tue 26 Aug 2025 05:44:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 22427
IP address blocks: 151.240.82.0/24 maxlen: 24
151.242.154.0/24 maxlen: 24
151.242.253.0/24 maxlen: 24
151.244.245.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 04 Sep 2025 13:03:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:e4:e7:af:27:8f:51:63:00:7e:be:c6:a5:e9:d4:27:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Aug 26 05:44:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2ccdc2a5e206c9117ac3c2c6d6be8657d89c2bcd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:1e:ce:99:b5:39:cc:6a:3a:fa:d7:ed:db:d1:
24:1d:9c:a1:c0:15:a2:95:85:4a:31:4e:56:52:e0:
b0:25:ca:84:ce:57:fb:92:f0:82:f7:2f:7a:13:ef:
92:50:92:c3:12:5e:15:d7:fa:d8:f5:10:85:4c:a2:
01:0c:81:f7:f0:48:dd:c6:a3:ee:ce:02:cf:da:30:
3f:0d:54:e0:19:a0:1b:4c:1d:82:da:e5:49:81:00:
1b:f5:98:af:40:c9:a6:53:1a:80:bd:6f:f3:c6:70:
ca:10:53:fb:1c:3a:f8:7b:eb:d5:5d:a5:6c:44:0e:
7f:52:54:da:e4:6c:13:7a:d3:c9:2d:16:86:4a:82:
d2:a6:e6:2b:2e:dc:ff:98:13:61:61:ea:f3:9b:c1:
fc:10:88:3c:b6:8e:32:01:e3:77:0b:3c:78:5a:eb:
b9:05:63:ac:15:f1:a8:68:98:98:f3:ab:90:1d:cc:
87:ac:df:b0:e1:75:f5:40:9b:55:65:5b:0c:68:12:
6b:7d:89:7e:39:d3:f6:32:6b:38:8c:e0:0c:c8:66:
f7:16:a4:c9:80:ff:f1:fe:4e:da:37:10:77:ff:b9:
ce:02:85:8d:a3:9a:10:ba:31:85:cd:06:c9:09:ae:
7f:cd:11:90:1b:97:bc:bf:a1:3c:d7:2f:98:77:61:
03:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:CD:C2:A5:E2:06:C9:11:7A:C3:C2:C6:D6:BE:86:57:D8:9C:2B:CD
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/LM3CpeIGyRF6w8LG1r6GV9icK80.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.82.0/24
151.242.154.0/24
151.242.253.0/24
151.244.245.0/24
Signature Algorithm: sha256WithRSAEncryption
5a:84:d3:df:ba:7c:4e:5d:24:78:4f:b7:29:8c:e8:9a:eb:dc:
82:1f:45:6e:31:46:56:83:82:e2:01:e3:43:06:ec:a7:8c:aa:
c4:63:4d:76:4e:32:36:50:60:d8:c4:07:e7:5d:a1:a9:53:16:
df:25:f8:61:8c:39:2a:8d:10:ce:dd:8f:48:9f:0e:bb:91:57:
83:a3:cb:cf:83:87:91:18:3a:40:0e:dd:75:7a:ae:b5:58:5e:
15:e1:c8:11:f8:5c:55:cf:81:e8:46:98:64:8e:d4:cf:d2:24:
99:26:3f:96:0e:0c:60:88:e6:dd:bd:d7:7d:89:ce:a6:f0:ab:
a1:8e:74:c1:c1:02:1c:69:39:34:a3:51:ee:cb:9c:c5:e5:d3:
f7:da:db:f1:ff:cb:bf:ac:14:24:ef:5d:8a:2b:bb:e7:3b:72:
0b:24:be:1f:94:cc:65:83:0a:b6:32:a6:28:c8:20:d7:3a:8d:
7c:32:c6:c7:1d:67:ce:6d:2c:d7:07:69:ee:ad:ff:26:a9:c5:
86:11:1f:d0:a9:25:11:c5:74:d6:16:bd:49:6e:26:b8:38:4e:
c4:d8:70:a6:4d:91:7c:44:12:aa:38:2a:95:01:50:94:11:fa:
e8:f9:03:65:05:52:31:b5:28:dc:88:e2:d8:55:6f:8a:04:24:
25:e1:39:c7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZjk568nj1FjAH6+xqXp1CemMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODI2MDU0NDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2NkYzJhNWUyMDZjOTExN2FjM2MyYzZkNmJlODY1N2Q4OWMyYmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmR7OmbU5zGo6+tft29EkHZyhwBWi
lYVKMU5WUuCwJcqEzlf7kvCC9y96E++SUJLDEl4V1/rY9RCFTKIBDIH38EjdxqPu
zgLP2jA/DVTgGaAbTB2C2uVJgQAb9ZivQMmmUxqAvW/zxnDKEFP7HDr4e+vVXaVs
RA5/UlTa5GwTetPJLRaGSoLSpuYrLtz/mBNhYerzm8H8EIg8to4yAeN3Czx4Wuu5
BWOsFfGoaJiY86uQHcyHrN+w4XX1QJtVZVsMaBJrfYl+OdP2Mms4jOAMyGb3FqTJ
gP/x/k7aNxB3/7nOAoWNo5oQujGFzQbJCa5/zRGQG5e8v6E81y+Yd2EDAQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCzNwqXiBskResPCxta+hlfYnCvNMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTE0zQ3BlSUd5UkY2dzhMRzFyNkdWOWljSzgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAl/BSAwQA
l/KaAwQAl/L9AwQAl/T1MA0GCSqGSIb3DQEBCwUAA4IBAQBahNPfunxOXSR4T7cp
jOia69yCH0VuMUZWg4LiAeNDBuynjKrEY012TjI2UGDYxAfnXaGpUxbfJfhhjDkq
jRDO3Y9Inw67kVeDo8vPg4eRGDpADt11eq61WF4V4cgR+FxVz4HoRphkjtTP0iSZ
Jj+WDgxgiObdvdd9ic6m8KuhjnTBwQIcaTk0o1Huy5zF5dP32tvx/8u/rBQk712K
K7vnO3ILJL4flMxlgwq2MqYoyCDXOo18MsbHHWfObSzXB2nurf8mqcWGER/QqSUR
xXTWFr1Jbia4OE7E2HCmTZF8RBKqOCqVAVCUEfro+QNlBVIxtSjciOLYVW+KBCQl
4TnH
-----END CERTIFICATE-----
Generated at Wed Sep 3 18:40:20 2025 by rpki-client