Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XA6nQa9witr6Xr6A7MLu8e-aYPw.roa
File: XA6nQa9witr6Xr6A7MLu8e-aYPw.roa (raw, json)
Hash identifier: s3R9ntXccg0Rd+gz+Za9Gwlk35/uh9mKN31C3X319OU=
Subject key identifier: 5C:0E:A7:41:AF:70:8A:DA:FA:5E:BE:80:EC:C2:EE:F1:EF:9A:60:FC
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 01996565F4BB2F09B8DD494389178FBFD6F3
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XA6nQa9witr6Xr6A7MLu8e-aYPw.roa
Signing time: Sat 20 Sep 2025 04:33:24 +0000
ROA not before: Sat 20 Sep 2025 04:33:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49608
IP address blocks: 151.240.145.0/24 maxlen: 24
151.240.153.0/24 maxlen: 24
151.241.22.0/24 maxlen: 24
151.244.254.0/24 maxlen: 24
151.245.1.0/24 maxlen: 24
151.245.16.0/24 maxlen: 24
151.245.20.0/24 maxlen: 24
151.245.25.0/24 maxlen: 24
151.245.30.0/24 maxlen: 24
151.245.40.0/24 maxlen: 24
151.245.46.0/24 maxlen: 24
151.245.52.0/24 maxlen: 24
151.247.128.0/24 maxlen: 24
151.247.136.0/24 maxlen: 24
151.247.144.0/24 maxlen: 24
151.247.152.0/24 maxlen: 24
151.247.193.0/24 maxlen: 24
151.247.206.0/24 maxlen: 24
151.247.214.0/24 maxlen: 24
151.247.222.0/24 maxlen: 24
151.247.240.0/24 maxlen: 24
151.247.247.0/24 maxlen: 24
151.247.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 19 Oct 2025 13:01:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:65:65:f4:bb:2f:09:b8:dd:49:43:89:17:8f:bf:d6:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Sep 20 04:33:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5c0ea741af708adafa5ebe80ecc2eef1ef9a60fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:f1:e2:93:bc:47:8e:bf:75:fd:8b:94:dc:0e:
8b:cd:ab:75:d7:2c:7f:87:c5:dc:92:95:84:1a:e2:
8b:15:48:9f:ca:4d:0d:9e:13:31:a4:a7:18:2b:46:
15:4b:0d:19:f7:65:30:c5:e9:ae:70:49:43:a6:a2:
fa:f2:e1:8f:93:e6:09:f4:ae:82:2e:74:df:1f:34:
bc:31:c6:65:bb:6f:27:93:23:6d:da:26:b8:5b:41:
3e:1b:85:5b:26:7c:75:f6:fb:26:7d:ff:32:4b:17:
51:50:5d:79:d6:98:fd:17:fb:48:2c:cd:df:db:7d:
b7:22:14:01:ed:7b:19:d3:e9:93:5f:b8:3f:b5:f8:
fa:14:34:d2:e6:7e:6f:a0:99:3b:05:53:97:4d:de:
99:43:a1:f9:a6:5b:78:1c:6d:76:aa:e1:15:08:ea:
21:63:1f:c8:c4:3c:1e:42:f1:8e:35:0b:87:ce:1c:
30:cd:46:c1:79:9d:a7:0a:fb:19:27:f7:56:3a:de:
ce:e7:02:7c:c0:3b:4b:de:07:f0:6a:7d:be:72:b9:
13:a0:bd:ce:0c:f0:9d:f0:b5:4a:dc:c8:86:d8:38:
59:7b:00:74:d2:d6:7c:3b:23:19:d8:36:2b:f7:76:
0c:00:6c:55:70:5a:01:93:11:12:29:fb:2e:06:16:
31:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:0E:A7:41:AF:70:8A:DA:FA:5E:BE:80:EC:C2:EE:F1:EF:9A:60:FC
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XA6nQa9witr6Xr6A7MLu8e-aYPw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.145.0/24
151.240.153.0/24
151.241.22.0/24
151.244.254.0/24
151.245.1.0/24
151.245.16.0/24
151.245.20.0/24
151.245.25.0/24
151.245.30.0/24
151.245.40.0/24
151.245.46.0/24
151.245.52.0/24
151.247.128.0/24
151.247.136.0/24
151.247.144.0/24
151.247.152.0/24
151.247.193.0/24
151.247.206.0/24
151.247.214.0/24
151.247.222.0/24
151.247.240.0/24
151.247.247.0/24
151.247.255.0/24
Signature Algorithm: sha256WithRSAEncryption
78:28:1c:11:3c:5a:41:57:1c:86:4a:11:ce:7f:5a:7f:d5:02:
b5:ae:9f:fe:36:f2:0f:26:d7:6a:60:1b:68:be:e0:5a:c5:20:
ab:f6:2f:3b:c9:40:d8:25:db:2d:17:ab:a3:4c:b9:d9:94:94:
5a:dc:f6:49:3b:69:1b:a0:b0:5a:83:26:63:53:2b:07:9f:04:
7f:40:03:f3:d7:33:b5:c6:b7:b0:8d:68:f8:bd:2b:e5:49:3e:
36:b6:6b:d0:e4:62:d6:16:ce:1c:56:c8:fd:e7:fa:05:f9:51:
5c:fa:1f:07:16:53:ff:2f:cb:4e:0e:02:21:1c:ef:61:98:d6:
e0:67:e8:27:41:15:d0:b0:fc:85:76:f5:ef:df:f5:b0:04:ec:
32:8b:ab:24:a7:3e:b1:99:a1:e1:8e:7f:d9:7c:37:29:41:1d:
07:b7:3b:ed:97:35:76:df:3d:3b:a1:01:74:48:e1:12:9d:90:
85:2c:55:39:56:d8:39:38:fb:d9:50:f5:bf:4c:9f:24:7b:87:
e3:88:d5:6d:bd:56:ca:04:5a:22:24:fa:08:e3:9a:27:f0:57:
6b:6a:1c:04:75:3e:3d:9b:2d:da:c0:94:15:e2:13:fd:f1:1d:
62:88:f4:46:7e:7d:c2:48:ec:e3:b6:19:29:5f:49:70:5f:2c:
aa:b6:05:76
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAZllZfS7Lwm43UlDiRePv9bzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTIwMDQzMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzBlYTc0MWFmNzA4YWRhZmE1ZWJlODBlY2MyZWVmMWVmOWE2MGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfHik7xHjr91/YuU3A6Lzat11yx/
h8XckpWEGuKLFUifyk0NnhMxpKcYK0YVSw0Z92UwxemucElDpqL68uGPk+YJ9K6C
LnTfHzS8McZlu28nkyNt2ia4W0E+G4VbJnx19vsmff8ySxdRUF151pj9F/tILM3f
2323IhQB7XsZ0+mTX7g/tfj6FDTS5n5voJk7BVOXTd6ZQ6H5plt4HG12quEVCOoh
Yx/IxDweQvGONQuHzhwwzUbBeZ2nCvsZJ/dWOt7O5wJ8wDtL3gfwan2+crkToL3O
DPCd8LVK3MiG2DhZewB00tZ8OyMZ2DYr93YMAGxVcFoBkxESKfsuBhYx8QIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFFwOp0GvcIra+l6+gOzC7vHvmmD8MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWEE2blFhOXdpdHI2WHI2QTdNTHU4ZS1hWVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDCBkQQCAAEwgYoDBACX
8JEDBACX8JkDBACX8RYDBACX9P4DBACX9QEDBACX9RADBACX9RQDBACX9RkDBACX
9R4DBACX9SgDBACX9S4DBACX9TQDBACX94ADBACX94gDBACX95ADBACX95gDBACX
98EDBACX984DBACX99YDBACX994DBACX9/ADBACX9/cDBACX9/8wDQYJKoZIhvcN
AQELBQADggEBAHgoHBE8WkFXHIZKEc5/Wn/VArWun/428g8m12pgG2i+4FrFIKv2
LzvJQNgl2y0Xq6NMudmUlFrc9kk7aRugsFqDJmNTKwefBH9AA/PXM7XGt7CNaPi9
K+VJPja2a9DkYtYWzhxWyP3n+gX5UVz6HwcWU/8vy04OAiEc72GY1uBn6CdBFdCw
/IV29e/f9bAE7DKLqySnPrGZoeGOf9l8NylBHQe3O+2XNXbfPTuhAXRI4RKdkIUs
VTlW2Dk4+9lQ9b9MnyR7h+OI1W29VsoEWiIk+gjjmifwV2tqHAR1Pj2bLdrAlBXi
E/3xHWKI9EZ+fcJI7OO2GSlfSXBfLKq2BXY=
-----END CERTIFICATE-----
Generated at Sat Oct 18 22:40:37 2025 by rpki-client