Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XFh-NPMMUrnYsOX6nPOxhYhloac.roa
File: XFh-NPMMUrnYsOX6nPOxhYhloac.roa (raw, json)
Hash identifier: twVbyZpv3Aqns7DOuqwVOR903pR2QzJOgwwDD80pCPA=
Subject key identifier: 5C:58:7E:34:F3:0C:52:B9:D8:B0:E5:FA:9C:F3:B1:85:88:65:A1:A7
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019CD759CC69B3AE73E7DEFE43E8E46F48EB
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XFh-NPMMUrnYsOX6nPOxhYhloac.roa
Signing time: Tue 10 Mar 2026 10:45:12 +0000
ROA not before: Tue 10 Mar 2026 10:45:12 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 7488
IP address blocks: 151.243.156.0/24 maxlen: 24
151.243.157.0/24 maxlen: 24
151.243.184.0/22 maxlen: 24
151.243.192.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Mar 2026 11:15:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:d7:59:cc:69:b3:ae:73:e7:de:fe:43:e8:e4:6f:48:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Mar 10 10:45:12 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5c587e34f30c52b9d8b0e5fa9cf3b1858865a1a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:d4:26:d5:a8:87:24:a7:52:20:de:28:a3:f6:
eb:5e:b6:d7:ae:38:d4:2d:c9:3f:2f:6d:fb:4d:cc:
94:71:30:33:e5:37:23:5c:24:c7:d6:63:83:50:57:
a2:c8:76:17:5b:f7:1c:10:48:c7:26:bc:a5:b2:83:
ad:09:fa:a1:ac:3b:34:a4:02:40:6e:e6:86:60:1b:
ed:29:ba:eb:df:b1:5d:f3:80:28:b1:eb:b6:af:ff:
7d:2b:84:ad:fa:13:85:6b:54:f2:14:b6:34:6d:f1:
63:cb:fa:cb:30:fd:5d:a8:85:2e:0e:ba:f3:02:05:
74:0e:3c:e2:84:7a:0b:dc:26:87:1c:0a:3c:88:98:
68:ec:e6:8a:d4:a3:82:7c:ca:b8:64:25:6a:a9:cf:
ca:61:c3:27:90:3f:8d:47:11:d0:42:f1:a8:35:31:
11:55:dc:57:cd:73:6e:4c:4f:15:20:e5:d2:f1:ca:
3f:bf:8a:65:86:11:03:a0:a2:94:e1:b4:f4:41:2e:
b8:ab:57:f6:73:e0:7b:68:d6:a1:e3:1d:13:c2:97:
0c:92:17:d3:2c:27:33:74:40:1c:df:06:53:29:4b:
1f:f7:d8:bf:1c:78:62:84:ca:37:40:16:dc:dc:e2:
ad:f6:a5:ee:82:2e:6f:e7:a5:29:c5:35:0a:ce:ac:
e4:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:58:7E:34:F3:0C:52:B9:D8:B0:E5:FA:9C:F3:B1:85:88:65:A1:A7
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XFh-NPMMUrnYsOX6nPOxhYhloac.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.243.156.0/23
151.243.184.0/22
151.243.192.0/22
Signature Algorithm: sha256WithRSAEncryption
7f:39:36:24:65:b6:cc:5d:2c:0b:51:64:10:a4:b3:4e:b9:3c:
ae:be:87:7b:08:f7:7a:22:3a:2a:cd:f7:93:f6:e8:7a:83:49:
74:ae:e0:49:9b:65:d1:b4:51:66:57:28:9d:a9:28:64:59:55:
26:d0:75:88:a0:40:e4:4f:24:28:df:59:5a:f6:d1:93:b9:d5:
5d:2b:ec:27:58:a1:0b:9d:9a:f8:67:52:94:6a:a6:e2:fd:dd:
2c:ab:2c:48:35:6b:7d:b9:40:32:ab:17:a9:aa:90:75:40:73:
1d:5b:f8:fd:c5:bd:76:4a:22:d7:9a:ec:5f:12:dd:e6:ba:38:
34:8f:52:db:3c:2c:d8:27:8c:11:4b:f5:b7:5e:39:cc:7c:de:
9d:ac:24:fa:9d:dd:ea:73:b7:81:e6:e1:20:d7:bd:55:1b:58:
78:e8:db:9c:f7:5e:4e:9b:af:e4:ab:0b:de:76:6a:11:8c:ae:
23:65:6f:0e:56:86:08:1f:0c:0e:e9:26:dd:00:e6:b3:78:08:
f8:aa:a7:94:90:a3:38:1d:d6:ed:b5:2c:5f:f0:47:56:d7:9a:
78:ad:56:18:03:60:b0:0b:03:91:35:e5:ea:1a:42:b8:18:96:
b9:ae:b7:32:6f:5b:59:dc:0b:f7:62:88:fd:c7:01:84:1e:6a:
25:53:e2:2e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZzXWcxps65z597+Q+jkb0jrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzEwMTA0NTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzU4N2UzNGYzMGM1MmI5ZDhiMGU1ZmE5Y2YzYjE4NTg4NjVhMWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8dQm1aiHJKdSIN4oo/brXrbXrjjU
Lck/L237TcyUcTAz5TcjXCTH1mODUFeiyHYXW/ccEEjHJrylsoOtCfqhrDs0pAJA
buaGYBvtKbrr37Fd84Aoseu2r/99K4St+hOFa1TyFLY0bfFjy/rLMP1dqIUuDrrz
AgV0DjzihHoL3CaHHAo8iJho7OaK1KOCfMq4ZCVqqc/KYcMnkD+NRxHQQvGoNTER
VdxXzXNuTE8VIOXS8co/v4plhhEDoKKU4bT0QS64q1f2c+B7aNah4x0TwpcMkhfT
LCczdEAc3wZTKUsf99i/HHhihMo3QBbc3OKt9qXugi5v56UpxTUKzqzkwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFxYfjTzDFK52LDl+pzzsYWIZaGnMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWEZoLU5QTU1Vcm5Zc09YNm5QT3hoWWhsb2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBl/OcAwQC
l/O4AwQCl/PAMA0GCSqGSIb3DQEBCwUAA4IBAQB/OTYkZbbMXSwLUWQQpLNOuTyu
vod7CPd6IjoqzfeT9uh6g0l0ruBJm2XRtFFmVyidqShkWVUm0HWIoEDkTyQo31la
9tGTudVdK+wnWKELnZr4Z1KUaqbi/d0sqyxINWt9uUAyqxepqpB1QHMdW/j9xb12
SiLXmuxfEt3mujg0j1LbPCzYJ4wRS/W3XjnMfN6drCT6nd3qc7eB5uEg171VG1h4
6Nuc915Om6/kqwvedmoRjK4jZW8OVoYIHwwO6SbdAOazeAj4qqeUkKM4HdbttSxf
8EdW15p4rVYYA2CwCwORNeXqGkK4GJa5rrcyb1tZ3Av3Yoj9xwGEHmolU+Iu
-----END CERTIFICATE-----
Generated at Sat Mar 21 17:17:23 2026 by rpki-client