Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/n98zNuZWIab3nQ5BxSxTKe812gA.roa
File: n98zNuZWIab3nQ5BxSxTKe812gA.roa (raw, json)
Hash identifier: cwzCzI36DjU6mGO0+XG+0eceJU9oPNGb+Kadz6ULrO0=
Subject key identifier: 9F:DF:33:36:E6:56:21:A6:F7:9D:0E:41:C5:2C:53:29:EF:35:DA:00
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0199E2D042B3FCDEED1AAF1B64EC17859C04
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/n98zNuZWIab3nQ5BxSxTKe812gA.roa
Signing time: Tue 14 Oct 2025 13:02:03 +0000
ROA not before: Tue 14 Oct 2025 13:02:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 151.240.45.0/24 maxlen: 24
151.240.163.0/24 maxlen: 24
151.240.173.0/24 maxlen: 24
151.241.30.0/24 maxlen: 24
151.241.39.0/24 maxlen: 24
151.241.50.0/24 maxlen: 24
151.241.64.0/24 maxlen: 24
151.241.67.0/24 maxlen: 24
151.241.70.0/24 maxlen: 24
151.241.71.0/24 maxlen: 24
151.241.73.0/24 maxlen: 24
151.241.77.0/24 maxlen: 24
151.241.95.0/24 maxlen: 24
151.241.115.0/24 maxlen: 24
151.241.160.0/24 maxlen: 24
151.241.176.0/24 maxlen: 24
151.241.204.0/24 maxlen: 24
151.242.45.0/24 maxlen: 24
151.242.57.0/24 maxlen: 24
151.242.158.0/24 maxlen: 24
151.243.2.0/24 maxlen: 24
151.243.105.0/24 maxlen: 24
151.243.137.0/24 maxlen: 24
151.243.159.0/24 maxlen: 24
151.244.5.0/24 maxlen: 24
151.244.57.0/24 maxlen: 24
151.244.111.0/24 maxlen: 24
151.244.114.0/24 maxlen: 24
151.244.115.0/24 maxlen: 24
151.244.131.0/24 maxlen: 24
151.244.132.0/24 maxlen: 24
151.244.133.0/24 maxlen: 24
151.244.191.0/24 maxlen: 24
151.244.193.0/24 maxlen: 24
151.244.198.0/24 maxlen: 24
151.244.201.0/24 maxlen: 24
151.244.212.0/24 maxlen: 24
151.244.243.0/24 maxlen: 24
151.245.28.0/24 maxlen: 24
151.245.70.0/24 maxlen: 24
151.245.76.0/24 maxlen: 24
151.245.78.0/24 maxlen: 24
151.245.195.0/24 maxlen: 24
151.245.201.0/24 maxlen: 24
151.245.212.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 01:22:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e2:d0:42:b3:fc:de:ed:1a:af:1b:64:ec:17:85:9c:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Oct 14 13:02:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9fdf3336e65621a6f79d0e41c52c5329ef35da00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:0a:0f:58:97:e2:4b:a2:f5:73:26:a6:f4:d7:
14:c8:5b:86:ae:7a:7f:bd:46:86:94:ea:9b:48:49:
c6:a5:66:32:2d:92:63:63:62:db:03:fc:a8:cf:91:
9f:f6:ec:d8:0e:52:76:2e:3f:1b:7f:3f:92:f8:23:
f1:ea:ae:82:cc:99:99:d8:f1:79:37:6a:98:57:da:
f3:6e:4a:81:7d:fe:f7:f7:e8:a9:31:43:4f:19:10:
97:e6:2a:07:bb:92:8d:4d:d2:90:61:b6:4c:d2:05:
b8:31:69:7e:02:90:76:69:88:f2:8f:92:81:a9:ad:
dc:ef:18:34:e6:68:cb:6f:f4:ca:30:de:c3:c6:c9:
42:5b:9f:fa:40:2b:13:da:c0:b4:c8:79:07:d1:00:
09:56:80:9a:9a:16:4a:70:a2:1c:f9:24:5d:15:fe:
29:f3:54:ba:ff:74:75:ad:9b:e1:a2:5e:e5:a2:33:
e8:57:da:65:ef:e8:11:45:0d:91:e0:60:f9:b6:95:
a5:20:54:ca:89:69:c9:2d:81:49:8c:6f:06:a0:2c:
ca:bf:86:a7:2e:ce:4b:ee:68:07:e8:6b:90:13:3a:
ff:b7:5a:44:d3:1d:97:f8:be:23:74:95:60:92:bf:
32:5a:a7:e2:5d:9e:61:12:b0:8e:61:ce:8f:c3:bc:
15:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:DF:33:36:E6:56:21:A6:F7:9D:0E:41:C5:2C:53:29:EF:35:DA:00
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/n98zNuZWIab3nQ5BxSxTKe812gA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.45.0/24
151.240.163.0/24
151.240.173.0/24
151.241.30.0/24
151.241.39.0/24
151.241.50.0/24
151.241.64.0/24
151.241.67.0/24
151.241.70.0/23
151.241.73.0/24
151.241.77.0/24
151.241.95.0/24
151.241.115.0/24
151.241.160.0/24
151.241.176.0/24
151.241.204.0/24
151.242.45.0/24
151.242.57.0/24
151.242.158.0/24
151.243.2.0/24
151.243.105.0/24
151.243.137.0/24
151.243.159.0/24
151.244.5.0/24
151.244.57.0/24
151.244.111.0/24
151.244.114.0/23
151.244.131.0-151.244.133.255
151.244.191.0/24
151.244.193.0/24
151.244.198.0/24
151.244.201.0/24
151.244.212.0/24
151.244.243.0/24
151.245.28.0/24
151.245.70.0/24
151.245.76.0/24
151.245.78.0/24
151.245.195.0/24
151.245.201.0/24
151.245.212.0/24
Signature Algorithm: sha256WithRSAEncryption
67:4e:bf:3c:fa:65:92:51:dd:ed:a1:74:7d:24:8a:63:5a:db:
21:af:d7:ca:34:20:e0:bb:06:24:11:a7:2c:36:31:a7:93:25:
12:d8:7f:8c:03:be:d2:b3:9e:2a:f6:fd:ce:18:07:09:55:fb:
47:e0:d1:c1:8b:2f:de:d1:26:fa:e4:2d:24:32:33:94:c4:5f:
7b:9e:66:30:c9:71:3c:df:ba:50:37:d3:8a:1e:43:a7:f5:a9:
65:b9:c3:2c:dd:50:96:61:99:96:aa:72:f6:53:fc:de:bd:c7:
6f:39:54:ed:42:be:72:e6:11:7c:00:76:e3:5b:80:18:15:d0:
53:cb:da:1d:c9:37:91:d0:48:f8:23:a3:26:f0:dc:e8:3c:4e:
b7:6e:92:ff:4f:fb:c9:72:da:84:e8:be:42:bd:05:f7:01:66:
76:58:5e:2d:46:38:ef:a3:d2:a7:5f:9f:34:09:0e:fe:70:27:
b1:07:21:5a:0c:1e:db:ca:91:10:96:b9:af:e1:86:a7:ee:dd:
52:0a:8d:15:0f:4a:c2:13:2c:39:bc:79:e4:b7:f6:eb:08:58:
49:60:20:09:8b:60:fa:fe:05:b9:1e:2b:0c:d2:f8:fb:ba:9f:
5a:e1:c3:56:af:43:8a:fe:03:f5:31:ae:09:33:65:89:22:74:
0d:aa:4f:ce
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgISAZni0EKz/N7tGq8bZOwXhZwEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDE0MTMwMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmRmMzMzNmU2NTYyMWE2Zjc5ZDBlNDFjNTJjNTMyOWVmMzVkYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAoPWJfiS6L1cyam9NcUyFuGrnp/
vUaGlOqbSEnGpWYyLZJjY2LbA/yoz5Gf9uzYDlJ2Lj8bfz+S+CPx6q6CzJmZ2PF5
N2qYV9rzbkqBff739+ipMUNPGRCX5ioHu5KNTdKQYbZM0gW4MWl+ApB2aYjyj5KB
qa3c7xg05mjLb/TKMN7DxslCW5/6QCsT2sC0yHkH0QAJVoCamhZKcKIc+SRdFf4p
81S6/3R1rZvhol7lojPoV9pl7+gRRQ2R4GD5tpWlIFTKiWnJLYFJjG8GoCzKv4an
Ls5L7mgH6GuQEzr/t1pE0x2X+L4jdJVgkr8yWqfiXZ5hErCOYc6Pw7wVhQIDAQAB
o4IDCjCCAwYwHQYDVR0OBBYEFJ/fMzbmViGm950OQcUsUynvNdoAMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbjk4ek51WldJYWIzblE1QnhTeFRLZTgxMmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHgYIKwYBBQUHAQcBAf8EggENMIIBCTCCAQUEAgABMIH+
AwQAl/AtAwQAl/CjAwQAl/CtAwQAl/EeAwQAl/EnAwQAl/EyAwQAl/FAAwQAl/FD
AwQBl/FGAwQAl/FJAwQAl/FNAwQAl/FfAwQAl/FzAwQAl/GgAwQAl/GwAwQAl/HM
AwQAl/ItAwQAl/I5AwQAl/KeAwQAl/MCAwQAl/NpAwQAl/OJAwQAl/OfAwQAl/QF
AwQAl/Q5AwQAl/RvAwQBl/RyMAwDBACX9IMDBAGX9IQDBACX9L8DBACX9MEDBACX
9MYDBACX9MkDBACX9NQDBACX9PMDBACX9RwDBACX9UYDBACX9UwDBACX9U4DBACX
9cMDBACX9ckDBACX9dQwDQYJKoZIhvcNAQELBQADggEBAGdOvzz6ZZJR3e2hdH0k
imNa2yGv18o0IOC7BiQRpyw2MaeTJRLYf4wDvtKznir2/c4YBwlV+0fg0cGLL97R
JvrkLSQyM5TEX3ueZjDJcTzfulA304oeQ6f1qWW5wyzdUJZhmZaqcvZT/N69x285
VO1CvnLmEXwAduNbgBgV0FPL2h3JN5HQSPgjoybw3Og8Trdukv9P+8ly2oTovkK9
BfcBZnZYXi1GOO+j0qdfnzQJDv5wJ7EHIVoMHtvKkRCWua/hhqfu3VIKjRUPSsIT
LDm8eeS39usIWElgIAmLYPr+BbkeKwzS+Pu6n1rhw1avQ4r+A/UxrgkzZYkidA2q
T84=
-----END CERTIFICATE-----
Generated at Sun Oct 19 08:29:47 2025 by rpki-client