Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XnjVUz94EUd5MWH1At0oUCwtjfU.roa
File: XnjVUz94EUd5MWH1At0oUCwtjfU.roa (raw, json)
Hash identifier: CRHomWdM/NdM63Z2WyRI6TG9PjdDpPKV54hmW5JH9g8=
Subject key identifier: 5E:78:D5:53:3F:78:11:47:79:31:61:F5:02:DD:28:50:2C:2D:8D:F5
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0198E4CD2182526FB30C83C86C87D0E4274B
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XnjVUz94EUd5MWH1At0oUCwtjfU.roa
Signing time: Tue 26 Aug 2025 05:15:05 +0000
ROA not before: Tue 26 Aug 2025 05:15:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 395374
IP address blocks: 151.242.146.0/24 maxlen: 24
151.242.173.0/24 maxlen: 24
151.243.5.0/24 maxlen: 24
151.243.169.0/24 maxlen: 24
151.244.215.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 04 Sep 2025 13:03:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:e4:cd:21:82:52:6f:b3:0c:83:c8:6c:87:d0:e4:27:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Aug 26 05:15:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5e78d5533f781147793161f502dd28502c2d8df5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:f9:da:e0:22:8b:22:6e:7e:f3:5f:fb:55:51:
86:4b:9e:3c:8b:74:94:85:5d:6c:e7:7c:ca:b2:8f:
51:5e:8e:38:d3:27:11:b7:de:e2:aa:a0:ab:bc:be:
40:98:82:5f:01:d5:80:1e:8e:0e:a8:54:1b:84:f1:
0a:07:ee:1b:18:df:49:0f:c8:1f:89:48:18:89:f5:
31:16:ca:55:56:c3:68:30:39:16:22:9d:3d:9f:52:
b6:c8:fe:b3:1f:c4:c5:7d:85:98:10:38:fb:0a:7e:
eb:6c:23:8d:d8:49:9f:e2:23:e1:2f:36:eb:4b:95:
a4:e2:93:c4:b5:c7:bc:64:3a:19:2c:1a:7c:50:aa:
37:5e:7f:27:65:43:e3:52:f7:37:c4:3e:9f:dd:f5:
ef:ef:74:66:35:c6:34:28:0f:bf:46:9e:38:9a:7e:
86:d8:26:51:44:60:bb:f6:1f:d7:99:83:cc:db:37:
e9:22:b1:0b:d1:30:eb:49:35:eb:51:b9:3c:e8:02:
36:48:ce:8d:b4:84:a4:b5:d9:82:1c:1d:4c:0e:6b:
fe:34:51:d3:6e:12:eb:a1:3b:8a:f2:c8:74:3e:9c:
b9:24:c5:a4:b4:7b:b5:45:fc:76:50:03:2d:65:05:
e4:a1:c5:dc:8e:74:ae:0a:ef:ca:c2:3e:f2:0b:5d:
68:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:78:D5:53:3F:78:11:47:79:31:61:F5:02:DD:28:50:2C:2D:8D:F5
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/XnjVUz94EUd5MWH1At0oUCwtjfU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.242.146.0/24
151.242.173.0/24
151.243.5.0/24
151.243.169.0/24
151.244.215.0/24
Signature Algorithm: sha256WithRSAEncryption
04:7a:f5:9c:78:b6:a7:ee:75:dd:ef:2f:db:5d:89:75:f4:3c:
2b:f3:06:4a:06:a7:65:fd:6b:9f:57:6f:c5:37:2d:06:7e:17:
f7:7e:a5:52:1e:35:7e:0c:90:12:1a:d8:76:ff:b9:62:16:11:
74:13:ca:90:f1:88:a9:c1:5c:3c:6b:9d:05:44:e6:9b:df:d6:
e2:32:ea:13:10:c1:4f:05:ea:07:28:2c:00:61:b6:6d:69:95:
d9:29:34:07:9e:5f:17:5d:c6:a4:50:cc:71:8d:00:0d:31:f1:
97:83:76:c7:9c:dd:b0:2b:82:6e:8d:c1:e7:6f:aa:6f:d9:6e:
f8:88:c3:5b:e5:3c:64:fd:7a:08:de:48:86:0b:1f:24:39:fc:
72:12:21:9e:86:eb:96:c6:fb:66:a0:61:7b:e6:c8:4a:57:30:
a5:d2:28:32:7c:86:fc:61:e3:29:f7:c9:4a:11:51:15:b3:3a:
22:07:bb:6c:ac:26:f8:2d:fa:d1:be:fb:60:26:35:62:c8:2d:
b7:25:f1:54:a9:a3:2d:71:55:c3:a1:c7:0f:b5:4a:be:86:14:
a9:3e:d8:09:05:60:00:02:07:6d:b9:1d:e0:da:19:a9:1a:ef:
d1:15:95:8b:ed:ef:cd:91:7c:27:b4:45:b6:96:48:cc:36:c1:
e2:9f:75:76
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZjkzSGCUm+zDIPIbIfQ5CdLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODI2MDUxNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTc4ZDU1MzNmNzgxMTQ3NzkzMTYxZjUwMmRkMjg1MDJjMmQ4ZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofna4CKLIm5+81/7VVGGS548i3SU
hV1s53zKso9RXo440ycRt97iqqCrvL5AmIJfAdWAHo4OqFQbhPEKB+4bGN9JD8gf
iUgYifUxFspVVsNoMDkWIp09n1K2yP6zH8TFfYWYEDj7Cn7rbCON2Emf4iPhLzbr
S5Wk4pPEtce8ZDoZLBp8UKo3Xn8nZUPjUvc3xD6f3fXv73RmNcY0KA+/Rp44mn6G
2CZRRGC79h/XmYPM2zfpIrEL0TDrSTXrUbk86AI2SM6NtISktdmCHB1MDmv+NFHT
bhLroTuK8sh0Ppy5JMWktHu1Rfx2UAMtZQXkocXcjnSuCu/Kwj7yC11oLwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFF541VM/eBFHeTFh9QLdKFAsLY31MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWG5qVlV6OTRFVWQ1TVdIMUF0MG9VQ3d0amZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAl/KSAwQA
l/KtAwQAl/MFAwQAl/OpAwQAl/TXMA0GCSqGSIb3DQEBCwUAA4IBAQAEevWceLan
7nXd7y/bXYl19Dwr8wZKBqdl/WufV2/FNy0Gfhf3fqVSHjV+DJASGth2/7liFhF0
E8qQ8YipwVw8a50FROab39biMuoTEMFPBeoHKCwAYbZtaZXZKTQHnl8XXcakUMxx
jQANMfGXg3bHnN2wK4JujcHnb6pv2W74iMNb5Txk/XoI3kiGCx8kOfxyEiGehuuW
xvtmoGF75shKVzCl0igyfIb8YeMp98lKEVEVszoiB7tsrCb4LfrRvvtgJjViyC23
JfFUqaMtcVXDoccPtUq+hhSpPtgJBWAAAgdtuR3g2hmpGu/RFZWL7e/NkXwntEW2
lkjMNsHin3V2
-----END CERTIFICATE-----
Generated at Wed Sep 3 18:44:26 2025 by rpki-client