Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HBBkmm8QO_GEg171BV28SGDp2nU.roa
File: HBBkmm8QO_GEg171BV28SGDp2nU.roa (raw, json)
Hash identifier: 2xRTO3CexWxt+gs54Gd1qZ+v+YKq34TeWEXXF/+1JXs=
Subject key identifier: 1C:10:64:9A:6F:10:3B:F1:84:83:5E:F5:05:5D:BC:48:60:E9:DA:75
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019DB082B1FD23B455BE68CC17DC07E5B5C0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HBBkmm8QO_GEg171BV28SGDp2nU.roa
Signing time: Tue 21 Apr 2026 14:47:28 +0000
ROA not before: Tue 21 Apr 2026 14:47:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 137235
IP address blocks: 151.243.15.0/24 maxlen: 24
151.243.165.0/24 maxlen: 24
151.243.255.0/24 maxlen: 24
151.244.247.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 14 May 2026 02:01:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b0:82:b1:fd:23:b4:55:be:68:cc:17:dc:07:e5:b5:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Apr 21 14:47:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1c10649a6f103bf184835ef5055dbc4860e9da75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:05:a8:72:a1:ab:09:d5:d3:e5:d1:8a:60:8b:
51:06:f4:2a:19:cc:a3:8b:5f:46:4f:4c:dc:26:50:
f6:61:36:e2:1e:db:75:db:e1:6a:75:f7:10:ab:41:
9d:f0:ea:99:c5:7d:b6:3a:51:3a:93:74:76:59:5e:
f8:6e:8b:95:27:9b:12:f5:c7:0b:fb:34:1f:1e:a6:
78:52:98:96:60:bb:d7:c1:e6:9a:ff:42:e2:57:2c:
19:99:05:08:c2:33:2c:99:56:d5:06:80:ee:e6:d0:
9b:fa:02:e8:a9:3b:8c:ce:53:6a:15:1e:ea:58:df:
42:91:14:19:d4:d1:d1:e8:3b:ec:9a:9d:fe:8c:fb:
75:46:b1:c8:9f:52:cd:b3:9d:7e:b9:a8:e0:3e:08:
77:be:fa:d0:f6:a9:13:b0:90:0c:9b:3d:18:26:1e:
13:d8:07:aa:77:51:e3:6e:58:b4:74:2c:38:cd:18:
2c:50:30:eb:fd:97:17:a3:33:f7:60:3a:2c:71:eb:
12:91:fb:1b:fb:66:9e:fa:ff:e7:8b:56:a9:be:d2:
53:c1:49:1a:ea:75:97:bc:4a:ec:f5:96:78:ab:67:
2f:0c:97:c5:df:b3:41:ab:26:55:e9:b5:cb:a7:dc:
5e:00:75:cd:17:24:1e:aa:c0:d2:ce:00:f8:40:1e:
c6:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:10:64:9A:6F:10:3B:F1:84:83:5E:F5:05:5D:BC:48:60:E9:DA:75
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HBBkmm8QO_GEg171BV28SGDp2nU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.243.15.0/24
151.243.165.0/24
151.243.255.0/24
151.244.247.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:7e:91:75:7b:a0:e0:0a:1f:60:b6:9c:69:cf:94:18:ec:4e:
c7:34:69:3b:cf:4f:fc:ad:4e:8d:29:a3:d6:38:87:8b:39:58:
5e:39:47:3a:7f:82:01:6b:cc:57:9e:fa:c7:a7:81:31:7d:7a:
2b:c6:82:b1:e1:ed:d5:0b:b7:96:18:a4:63:fe:7a:80:a8:eb:
97:83:0c:1f:55:41:60:25:3b:9c:3f:4a:44:59:75:a3:4b:27:
a9:0d:a4:9e:b1:d0:e7:0a:31:c4:85:f4:94:a0:6c:15:ce:d1:
7f:e0:fc:b8:92:1f:44:fe:7f:47:01:41:a9:0c:a8:3a:5c:cb:
ee:21:1f:ab:ff:3c:fc:ef:5c:0a:6b:21:a0:bd:23:6c:2c:b3:
e8:25:4c:37:1e:e7:a1:f6:ca:d0:40:34:bf:16:8c:e0:7a:76:
55:e5:ca:68:96:ea:da:2c:8b:94:d9:18:9b:90:cd:22:75:01:
24:f7:e5:44:1f:e6:7c:cb:73:1a:a2:27:f7:93:2f:67:73:84:
55:b9:68:c2:a3:dd:6e:d7:e0:90:87:4d:cf:65:58:ae:56:36:
fc:1b:8f:90:3c:14:7e:f5:31:65:f9:aa:f7:aa:48:63:b3:1e:
8e:4b:3c:59:a4:c1:e8:14:ba:7b:79:ac:a8:f7:f1:7f:f1:98:
04:2f:8d:23
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ2wgrH9I7RVvmjMF9wH5bXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDIxMTQ0NzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzEwNjQ5YTZmMTAzYmYxODQ4MzVlZjUwNTVkYmM0ODYwZTlkYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgWocqGrCdXT5dGKYItRBvQqGcyj
i19GT0zcJlD2YTbiHtt12+FqdfcQq0Gd8OqZxX22OlE6k3R2WV74bouVJ5sS9ccL
+zQfHqZ4UpiWYLvXweaa/0LiVywZmQUIwjMsmVbVBoDu5tCb+gLoqTuMzlNqFR7q
WN9CkRQZ1NHR6Dvsmp3+jPt1RrHIn1LNs51+uajgPgh3vvrQ9qkTsJAMmz0YJh4T
2Aeqd1Hjbli0dCw4zRgsUDDr/ZcXozP3YDoscesSkfsb+2ae+v/ni1apvtJTwUka
6nWXvErs9ZZ4q2cvDJfF37NBqyZV6bXLp9xeAHXNFyQeqsDSzgD4QB7GyQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBwQZJpvEDvxhINe9QVdvEhg6dp1MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSEJCa21tOFFPX0dFZzE3MUJWMjhTR0RwMm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAl/MPAwQA
l/OlAwQAl/P/AwQAl/T3MA0GCSqGSIb3DQEBCwUAA4IBAQAqfpF1e6DgCh9gtpxp
z5QY7E7HNGk7z0/8rU6NKaPWOIeLOVheOUc6f4IBa8xXnvrHp4ExfXorxoKx4e3V
C7eWGKRj/nqAqOuXgwwfVUFgJTucP0pEWXWjSyepDaSesdDnCjHEhfSUoGwVztF/
4Py4kh9E/n9HAUGpDKg6XMvuIR+r/zz871wKayGgvSNsLLPoJUw3Hueh9srQQDS/
FozgenZV5cpoluraLIuU2RibkM0idQEk9+VEH+Z8y3Maoif3ky9nc4RVuWjCo91u
1+CQh03PZViuVjb8G4+QPBR+9TFl+ar3qkhjsx6OSzxZpMHoFLp7eayo9/F/8ZgE
L40j
-----END CERTIFICATE-----
Generated at Wed May 13 13:00:34 2026 by rpki-client