Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8SM1nXZRs3QpIkPb51IGELWjWFY.roa
File: 8SM1nXZRs3QpIkPb51IGELWjWFY.roa (raw, json)
Hash identifier: yE3s/0glGaHrH3HRBvIeW+omO5lGsf2oSxyMm1u7M88=
Subject key identifier: F1:23:35:9D:76:51:B3:74:29:22:43:DB:E7:52:06:10:B5:A3:58:56
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0199C240EBA73B756A7854D79FA4254C2C6C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8SM1nXZRs3QpIkPb51IGELWjWFY.roa
Signing time: Wed 08 Oct 2025 05:17:38 +0000
ROA not before: Wed 08 Oct 2025 05:17:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13335
IP address blocks: 151.240.3.0/24 maxlen: 24
151.241.161.0/24 maxlen: 24
151.242.227.0/24 maxlen: 24
151.243.113.0/24 maxlen: 24
151.243.133.0/24 maxlen: 24
151.246.216.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:c2:40:eb:a7:3b:75:6a:78:54:d7:9f:a4:25:4c:2c:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Oct 8 05:17:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f123359d7651b374292243dbe7520610b5a35856
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:d8:d1:d2:04:8b:14:21:b0:cc:f6:8c:d5:b5:
be:1b:34:af:ae:6f:66:54:cf:ad:3f:ef:d6:d2:61:
99:6d:c7:19:d4:38:39:7d:51:e0:cf:88:cf:25:2b:
96:86:bf:6d:d1:63:ed:d5:30:84:6a:a6:40:f5:d0:
b3:b8:7a:b2:0a:7c:3c:a4:a1:54:26:e0:69:ca:1c:
01:0f:3a:2e:a3:98:d1:91:79:ec:d5:d9:57:e3:fc:
3d:02:22:20:bc:b5:77:59:09:1b:21:d2:51:00:82:
7e:1e:b0:b5:83:68:fb:6c:11:65:f7:43:6e:4e:fd:
c6:92:54:4f:9c:e8:06:10:77:09:b6:30:5d:45:7e:
cf:da:10:d8:4f:5d:bf:13:08:e0:00:21:f4:37:95:
75:b5:64:66:9c:44:4a:07:14:a3:20:06:eb:ee:05:
b5:2a:f1:4e:d1:12:0a:4a:43:0b:8c:ce:ce:48:5b:
26:f1:54:ef:0a:7d:55:4f:75:06:69:22:b2:0d:49:
7c:dc:db:f0:33:eb:ca:e3:0b:ee:f3:8d:9b:09:8f:
b4:a5:6f:7c:53:72:4f:a6:fd:86:db:94:28:9f:14:
8e:c5:8b:01:00:e0:00:d2:46:ae:72:e1:ac:dc:72:
79:36:76:cd:1d:2b:2e:52:70:24:7a:e1:58:65:a1:
de:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:23:35:9D:76:51:B3:74:29:22:43:DB:E7:52:06:10:B5:A3:58:56
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/8SM1nXZRs3QpIkPb51IGELWjWFY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.3.0/24
151.241.161.0/24
151.242.227.0/24
151.243.113.0/24
151.243.133.0/24
151.246.216.0/23
Signature Algorithm: sha256WithRSAEncryption
6e:b4:ed:d7:72:a5:46:4a:f8:9e:2f:8e:cc:db:31:e9:da:cf:
36:ff:eb:6b:1c:47:04:91:09:a9:64:a1:88:76:cd:fd:a8:95:
e3:99:7c:c4:ed:32:8e:2d:f9:0e:28:60:0d:ea:4a:ea:8d:ea:
51:f0:85:ab:69:7a:c0:f2:a6:75:4b:da:c3:0c:3b:c1:f7:1c:
aa:e1:a7:04:d8:b8:84:27:d7:f5:81:92:48:b8:03:4e:cc:4a:
b2:00:b0:f6:f1:84:c9:43:fd:ff:c6:e5:c5:37:7d:01:57:27:
27:e6:65:5d:8a:39:ba:ee:2d:1d:1f:df:0e:98:90:9c:7c:9b:
7d:ad:70:94:09:78:1a:1f:f2:c4:17:d0:fd:cd:43:3a:97:38:
2d:0f:e9:bf:58:66:86:76:12:f8:d7:a8:47:2a:19:bb:25:43:
75:18:7d:7e:8d:c3:28:d5:f7:cb:c0:6b:47:50:77:62:42:0b:
3a:90:ac:2b:db:51:da:71:e5:d8:4a:9f:56:72:78:aa:c1:64:
ee:ed:38:c6:0b:77:31:f7:bb:ed:76:6b:af:46:28:ed:b6:fb:
bd:1c:ad:e4:f7:54:a4:e8:97:b2:e5:ca:de:8c:0d:c3:1e:78:
b4:b0:aa:d7:ee:3a:a9:4d:cb:6e:0b:67:82:c1:95:57:3b:24:
2e:6e:f8:6f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZnCQOunO3VqeFTXn6QlTCxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDA4MDUxNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTIzMzU5ZDc2NTFiMzc0MjkyMjQzZGJlNzUyMDYxMGI1YTM1ODU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9jR0gSLFCGwzPaM1bW+GzSvrm9m
VM+tP+/W0mGZbccZ1Dg5fVHgz4jPJSuWhr9t0WPt1TCEaqZA9dCzuHqyCnw8pKFU
JuBpyhwBDzouo5jRkXns1dlX4/w9AiIgvLV3WQkbIdJRAIJ+HrC1g2j7bBFl90Nu
Tv3GklRPnOgGEHcJtjBdRX7P2hDYT12/EwjgACH0N5V1tWRmnERKBxSjIAbr7gW1
KvFO0RIKSkMLjM7OSFsm8VTvCn1VT3UGaSKyDUl83NvwM+vK4wvu842bCY+0pW98
U3JPpv2G25QonxSOxYsBAOAA0kaucuGs3HJ5NnbNHSsuUnAkeuFYZaHelwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPEjNZ12UbN0KSJD2+dSBhC1o1hWMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvOFNNMW5YWlJzM1FwSWtQYjUxSUdFTFdqV0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAl/ADAwQA
l/GhAwQAl/LjAwQAl/NxAwQAl/OFAwQBl/bYMA0GCSqGSIb3DQEBCwUAA4IBAQBu
tO3XcqVGSvieL47M2zHp2s82/+trHEcEkQmpZKGIds39qJXjmXzE7TKOLfkOKGAN
6krqjepR8IWraXrA8qZ1S9rDDDvB9xyq4acE2LiEJ9f1gZJIuANOzEqyALD28YTJ
Q/3/xuXFN30BVycn5mVdijm67i0dH98OmJCcfJt9rXCUCXgaH/LEF9D9zUM6lzgt
D+m/WGaGdhL416hHKhm7JUN1GH1+jcMo1ffLwGtHUHdiQgs6kKwr21HaceXYSp9W
cniqwWTu7TjGC3cx97vtdmuvRijttvu9HK3k91Sk6Jey5crejA3DHni0sKrX7jqp
TctuC2eCwZVXOyQubvhv
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:03:55 2025 by rpki-client