
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/3aKIdlHQ6qhVIAV3CkURrQcbuLY.roa
File: 3aKIdlHQ6qhVIAV3CkURrQcbuLY.roa (raw, json)
Hash identifier: l9vYVCbAowUo1RXUoZr91I3zUdAM+jwoyO9WvWWAXeI=
Subject key identifier: DD:A2:88:76:51:D0:EA:A8:55:20:05:77:0A:45:11:AD:07:1B:B8:B6
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0199DD2A445F6ED22004C611E103AD0D031C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/3aKIdlHQ6qhVIAV3CkURrQcbuLY.roa
Signing time: Mon 13 Oct 2025 10:42:38 +0000
ROA not before: Mon 13 Oct 2025 10:42:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 135391
IP address blocks: 151.240.122.0/24 maxlen: 24
151.241.109.0/24 maxlen: 24
151.242.29.0/24 maxlen: 24
151.242.66.0/24 maxlen: 24
151.242.88.0/24 maxlen: 24
151.243.3.0/24 maxlen: 24
151.244.251.0/24 maxlen: 24
151.245.34.0/24 maxlen: 24
151.245.92.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:dd:2a:44:5f:6e:d2:20:04:c6:11:e1:03:ad:0d:03:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Oct 13 10:42:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dda2887651d0eaa8552005770a4511ad071bb8b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:d1:c3:53:f5:23:bb:b1:04:c7:63:0b:92:12:
2b:f7:a9:0a:54:4d:3b:1c:c4:00:15:8e:cb:af:b9:
ec:33:2d:3c:b1:dd:5f:3f:d9:d2:d6:46:79:4a:30:
08:fd:30:e2:6c:55:6b:8d:79:dd:a3:84:c8:45:1d:
55:11:0f:7c:f2:3a:c0:0c:3b:1b:0f:84:07:51:e4:
8c:47:ff:69:96:8b:f9:d3:fa:70:3d:c1:7f:2f:46:
78:14:b9:2e:71:3c:c3:9a:1b:78:54:b8:ec:f2:78:
7b:8d:54:24:5f:f6:3e:5e:b8:2b:40:90:79:e6:53:
68:24:d4:51:0e:2a:e0:2f:d9:d4:72:7c:84:c2:ae:
7c:95:f4:f2:ee:1b:f3:a0:78:3d:2a:ad:ee:a6:dc:
ed:66:8b:69:45:94:7b:4c:7c:fa:01:5d:7f:8e:ce:
e2:f4:73:df:8c:ea:44:fd:54:4b:61:f7:44:b3:b2:
e8:2b:fa:d1:05:d7:13:e1:3e:d5:96:a4:b6:2f:44:
a9:07:08:2b:8e:34:2e:e0:d1:87:c9:7c:1f:a6:b9:
0d:16:9d:2f:72:01:8a:cb:4c:9d:e9:df:fe:30:84:
9d:0e:e9:44:88:02:08:b0:59:72:a2:e5:76:c9:1b:
8f:2e:af:61:7e:f4:43:f6:ac:91:e7:d0:2a:5a:ff:
aa:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:A2:88:76:51:D0:EA:A8:55:20:05:77:0A:45:11:AD:07:1B:B8:B6
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/3aKIdlHQ6qhVIAV3CkURrQcbuLY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.122.0/24
151.241.109.0/24
151.242.29.0/24
151.242.66.0/24
151.242.88.0/24
151.243.3.0/24
151.244.251.0/24
151.245.34.0/24
151.245.92.0/24
Signature Algorithm: sha256WithRSAEncryption
b8:54:98:e6:e5:ab:2f:6e:07:c8:6d:45:4b:58:11:83:2c:cc:
f7:39:8f:46:0f:a4:19:2a:77:a4:10:14:77:bb:a0:ba:64:6c:
58:8b:b9:02:c6:db:e9:80:df:5d:d3:24:f9:b6:82:76:8c:70:
f3:ff:d5:e0:67:47:7d:a7:de:b9:75:a6:8d:cb:81:c3:81:e1:
c2:e3:64:14:cb:96:5c:9c:9b:5b:1d:5e:9d:93:76:09:46:76:
1a:77:50:e1:ae:86:13:f2:90:13:b8:28:9e:47:2b:00:b9:6d:
a4:9c:91:de:01:5b:74:59:e6:3d:dc:da:a2:44:a1:fe:5e:c8:
95:38:83:78:80:7c:4f:12:a5:83:ab:fc:81:f5:af:f6:ca:35:
3b:01:ed:69:22:df:bb:37:e1:50:b1:d8:76:48:bd:50:69:17:
39:58:4a:85:58:33:86:fc:91:55:27:7c:77:95:b8:23:e2:7c:
32:b1:c4:a7:2e:cd:e1:16:28:e8:98:0b:f8:4f:96:4f:71:21:
49:14:7f:1f:09:f0:ff:86:84:2b:1e:6c:35:4c:a5:29:42:88:
a3:5a:9e:de:de:7e:14:d8:ed:2f:21:93:12:1f:00:c2:95:a0:
e2:62:e7:bd:ca:0b:66:a9:30:c7:36:0e:60:b5:65:f3:56:dd:
4e:aa:77:da
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZndKkRfbtIgBMYR4QOtDQMcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDEzMTA0MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGEyODg3NjUxZDBlYWE4NTUyMDA1NzcwYTQ1MTFhZDA3MWJiOGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdHDU/Uju7EEx2MLkhIr96kKVE07
HMQAFY7Lr7nsMy08sd1fP9nS1kZ5SjAI/TDibFVrjXndo4TIRR1VEQ988jrADDsb
D4QHUeSMR/9plov50/pwPcF/L0Z4FLkucTzDmht4VLjs8nh7jVQkX/Y+XrgrQJB5
5lNoJNRRDirgL9nUcnyEwq58lfTy7hvzoHg9Kq3uptztZotpRZR7THz6AV1/js7i
9HPfjOpE/VRLYfdEs7LoK/rRBdcT4T7VlqS2L0SpBwgrjjQu4NGHyXwfprkNFp0v
cgGKy0yd6d/+MISdDulEiAIIsFlyouV2yRuPLq9hfvRD9qyR59AqWv+qwQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFN2iiHZR0OqoVSAFdwpFEa0HG7i2MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvM2FLSWRsSFE2cWhWSUFWM0NrVVJyUWNidUxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAl/B6AwQA
l/FtAwQAl/IdAwQAl/JCAwQAl/JYAwQAl/MDAwQAl/T7AwQAl/UiAwQAl/VcMA0G
CSqGSIb3DQEBCwUAA4IBAQC4VJjm5asvbgfIbUVLWBGDLMz3OY9GD6QZKnekEBR3
u6C6ZGxYi7kCxtvpgN9d0yT5toJ2jHDz/9XgZ0d9p965daaNy4HDgeHC42QUy5Zc
nJtbHV6dk3YJRnYad1DhroYT8pATuCieRysAuW2knJHeAVt0WeY93NqiRKH+XsiV
OIN4gHxPEqWDq/yB9a/2yjU7Ae1pIt+7N+FQsdh2SL1QaRc5WEqFWDOG/JFVJ3x3
lbgj4nwyscSnLs3hFijomAv4T5ZPcSFJFH8fCfD/hoQrHmw1TKUpQoijWp7e3n4U
2O0vIZMSHwDClaDiYue9ygtmqTDHNg5gtWXzVt1Oqnfa
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:16 2025 by rpki-client