Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zkXAmjm9djNDrJFSTqVqm8ghSm0.roa
File: zkXAmjm9djNDrJFSTqVqm8ghSm0.roa (raw, json)
Hash identifier: K5JxtYvZrJbGvaE+pZfgXs8SFWg7Dexz2xeQWiGjPOI=
Subject key identifier: CE:45:C0:9A:39:BD:76:33:43:AC:91:52:4E:A5:6A:9B:C8:21:4A:6D
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019DDA4B2423F4FC3A99DBF61BEAFE46A035
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zkXAmjm9djNDrJFSTqVqm8ghSm0.roa
Signing time: Wed 29 Apr 2026 17:30:50 +0000
ROA not before: Wed 29 Apr 2026 17:30:50 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 402298
IP address blocks: 151.241.140.0/24 maxlen: 24
151.241.142.0/24 maxlen: 24
151.242.179.0/24 maxlen: 24
151.244.121.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 01 May 2026 13:53:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:da:4b:24:23:f4:fc:3a:99:db:f6:1b:ea:fe:46:a0:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Apr 29 17:30:50 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=ce45c09a39bd763343ac91524ea56a9bc8214a6d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:ae:47:9d:62:0a:b2:09:43:ff:21:e5:3e:41:
d2:c9:d0:0b:f2:19:92:e2:f9:82:c1:df:dc:f6:05:
9b:ce:2e:5d:0c:1d:c7:8a:c5:f1:a0:04:1f:7e:b7:
5b:04:24:82:b2:66:59:a9:55:03:3d:9b:ab:8b:9c:
95:fd:55:39:b2:6e:d7:0f:c5:29:4f:a8:7a:4e:53:
ae:1d:ba:25:4f:a3:f2:c2:47:d3:98:31:12:d7:cc:
7d:79:5c:c2:fa:a9:71:23:7e:e8:68:dc:1f:88:fc:
1c:ec:04:16:ab:28:70:6c:56:f7:fb:ec:16:5f:44:
1c:88:cb:ec:04:e9:cb:78:2f:f6:ff:34:e6:78:b3:
1b:01:db:18:33:d2:d8:37:c5:63:11:66:d9:79:bc:
f4:68:94:cd:4b:2a:5b:10:cf:bc:6b:ce:91:12:a0:
9d:51:f7:12:ae:d3:30:b6:09:d5:83:00:97:2b:9b:
0b:48:d8:a9:1c:a6:ae:71:5a:e8:24:60:47:4c:a7:
cf:b8:2f:5c:ce:aa:e8:2d:aa:63:eb:b9:8c:f4:89:
53:d6:e9:3d:e1:b3:a7:ab:f1:a9:18:6c:98:18:98:
c6:84:a9:b2:73:d8:2f:de:99:e1:c2:1b:23:e4:f6:
93:ff:77:1a:b6:10:ef:a6:93:69:37:7a:d0:ee:71:
6c:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:45:C0:9A:39:BD:76:33:43:AC:91:52:4E:A5:6A:9B:C8:21:4A:6D
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/zkXAmjm9djNDrJFSTqVqm8ghSm0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.241.140.0/24
151.241.142.0/24
151.242.179.0/24
151.244.121.0/24
Signature Algorithm: sha256WithRSAEncryption
33:87:81:0d:a5:a4:78:7e:03:bc:0b:5a:24:fc:17:a2:16:60:
8f:22:8f:d5:e3:03:cd:66:13:70:24:d3:b3:46:c3:ea:87:35:
4b:98:16:89:99:a3:93:3f:44:4f:0d:58:8a:95:a9:5d:ce:3c:
a1:1b:65:4b:a9:cd:a1:1a:31:6d:0e:0a:e6:f6:67:27:22:c8:
ff:cb:61:3a:03:6c:78:fd:db:e5:d3:b5:f6:bd:56:45:0d:f3:
fd:e3:07:39:a9:30:3a:f5:04:fc:13:ab:54:4d:50:7b:44:15:
36:02:f9:1c:0b:46:7d:d3:cc:a0:ec:83:3e:5d:f9:9a:31:c8:
09:e3:04:d7:bb:f2:d9:51:e3:c7:7e:2e:df:5e:5a:0d:db:ec:
ad:a9:27:c6:e0:ee:c0:28:74:e7:0a:d2:f7:ea:ef:2b:6e:82:
5a:71:a3:53:a2:ef:d2:82:93:69:80:7f:55:12:e3:b8:7e:e5:
73:12:0b:f9:c3:9d:a0:77:cf:0a:b8:c3:d7:9d:5d:6c:92:f1:
7e:3e:98:6e:95:bf:1b:14:66:4d:3d:74:b1:1f:f8:b5:d3:fc:
96:b6:8b:3f:33:f3:32:1e:ca:d2:1e:59:0a:c1:d4:61:08:a5:
6a:2d:a2:ee:2a:06:db:ee:16:8f:01:26:42:ce:64:d0:b4:b8:
2b:27:27:22
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ3aSyQj9Pw6mdv2G+r+RqA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDI5MTczMDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTQ1YzA5YTM5YmQ3NjMzNDNhYzkxNTI0ZWE1NmE5YmM4MjE0YTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua5HnWIKsglD/yHlPkHSydAL8hmS
4vmCwd/c9gWbzi5dDB3HisXxoAQffrdbBCSCsmZZqVUDPZuri5yV/VU5sm7XD8Up
T6h6TlOuHbolT6PywkfTmDES18x9eVzC+qlxI37oaNwfiPwc7AQWqyhwbFb3++wW
X0QciMvsBOnLeC/2/zTmeLMbAdsYM9LYN8VjEWbZebz0aJTNSypbEM+8a86REqCd
UfcSrtMwtgnVgwCXK5sLSNipHKaucVroJGBHTKfPuC9czqroLapj67mM9IlT1uk9
4bOnq/GpGGyYGJjGhKmyc9gv3pnhwhsj5PaT/3cathDvppNpN3rQ7nFs0wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFM5FwJo5vXYzQ6yRUk6lapvIIUptMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvemtYQW1qbTlkak5EckpGU1RxVnFtOGdoU20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAl/GMAwQA
l/GOAwQAl/KzAwQAl/R5MA0GCSqGSIb3DQEBCwUAA4IBAQAzh4ENpaR4fgO8C1ok
/BeiFmCPIo/V4wPNZhNwJNOzRsPqhzVLmBaJmaOTP0RPDViKlaldzjyhG2VLqc2h
GjFtDgrm9mcnIsj/y2E6A2x4/dvl07X2vVZFDfP94wc5qTA69QT8E6tUTVB7RBU2
AvkcC0Z908yg7IM+XfmaMcgJ4wTXu/LZUePHfi7fXloN2+ytqSfG4O7AKHTnCtL3
6u8rboJacaNTou/SgpNpgH9VEuO4fuVzEgv5w52gd88KuMPXnV1skvF+Pphulb8b
FGZNPXSxH/i10/yWtos/M/MyHsrSHlkKwdRhCKVqLaLuKgbb7haPASZCzmTQtLgr
Jyci
-----END CERTIFICATE-----
Generated at Thu Apr 30 17:26:12 2026 by rpki-client