Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JDW1K4Mr9lUUQeRwhCC6uGYXSRs.roa
File: JDW1K4Mr9lUUQeRwhCC6uGYXSRs.roa (raw, json)
Hash identifier: Ul7MehJ6MN/7wvwmqmDVROXgPoHkNGCrN+Za2/N3SL4=
Subject key identifier: 24:35:B5:2B:83:2B:F6:55:14:41:E4:70:84:20:BA:B8:66:17:49:1B
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019D0B3BA3665EF0E19AFA32534969DAEEA0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JDW1K4Mr9lUUQeRwhCC6uGYXSRs.roa
Signing time: Fri 20 Mar 2026 12:32:31 +0000
ROA not before: Fri 20 Mar 2026 12:32:31 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 14618
IP address blocks: 151.240.128.0/21 maxlen: 24
151.240.136.0/21 maxlen: 24
151.240.145.0/24 maxlen: 24
151.240.171.0/24 maxlen: 24
151.241.105.0/24 maxlen: 24
151.241.106.0/24 maxlen: 24
151.241.107.0/24 maxlen: 24
151.241.132.0/22 maxlen: 22
151.242.56.0/24 maxlen: 24
151.242.70.0/24 maxlen: 24
151.242.71.0/24 maxlen: 24
151.242.135.0/24 maxlen: 24
151.243.8.0/23 maxlen: 23
151.243.204.0/23 maxlen: 23
151.244.56.0/24 maxlen: 24
151.245.2.0/24 maxlen: 24
151.245.22.0/24 maxlen: 24
151.245.56.0/22 maxlen: 22
151.245.185.0/24 maxlen: 24
151.245.187.0/24 maxlen: 24
151.245.188.0/24 maxlen: 24
151.246.8.0/21 maxlen: 24
151.247.41.0/24 maxlen: 24
151.247.44.0/24 maxlen: 24
151.247.45.0/24 maxlen: 24
151.247.47.0/24 maxlen: 24
151.247.48.0/24 maxlen: 24
151.247.75.0/24 maxlen: 24
151.247.76.0/24 maxlen: 24
151.247.77.0/24 maxlen: 24
151.247.78.0/24 maxlen: 24
151.247.91.0/24 maxlen: 24
151.247.102.0/24 maxlen: 24
151.247.131.0/24 maxlen: 24
151.247.133.0/24 maxlen: 24
151.247.134.0/24 maxlen: 24
151.247.135.0/24 maxlen: 24
151.247.242.0/24 maxlen: 24
151.247.248.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:0b:3b:a3:66:5e:f0:e1:9a:fa:32:53:49:69:da:ee:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Mar 20 12:32:31 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2435b52b832bf6551441e4708420bab86617491b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:7b:39:2b:4d:5f:a6:b0:c2:73:51:36:c1:df:
b1:48:5a:5c:8f:14:39:6e:a7:01:84:83:ce:0f:3a:
9a:50:3c:6d:df:6a:78:81:25:f0:59:fc:9e:57:99:
3b:fc:2c:d5:25:58:22:c5:5f:1a:ca:ef:d9:2c:93:
9e:38:45:97:bf:bf:96:5d:fa:8b:ae:93:93:07:b7:
e8:a9:a2:21:e3:83:75:45:6e:7d:ee:32:2b:58:6d:
03:00:dd:9e:d3:99:9c:48:95:47:a4:86:c8:56:80:
dd:92:6b:17:94:95:bd:94:69:b2:15:43:66:11:20:
71:f3:86:5e:c2:73:f6:e7:39:61:bb:b1:81:31:93:
3a:8c:84:52:81:cc:40:ab:e0:6f:f0:04:8b:f6:a8:
83:c4:9f:bf:2f:d4:b0:44:62:d9:b4:42:ba:df:29:
89:53:4e:ee:27:3a:80:20:69:f8:31:8f:2c:b2:7e:
49:b9:93:43:1a:92:52:83:c1:14:3d:10:71:9e:b8:
60:eb:8b:95:94:d8:c8:34:c2:ab:e8:48:c4:57:e2:
92:fb:33:d2:82:42:b5:3d:ad:b3:53:07:fd:0a:f5:
71:52:f7:59:54:54:4a:fc:da:b3:4f:f3:02:37:0c:
ec:81:77:83:a5:f9:01:7e:b1:6e:45:25:4f:94:15:
38:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:35:B5:2B:83:2B:F6:55:14:41:E4:70:84:20:BA:B8:66:17:49:1B
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JDW1K4Mr9lUUQeRwhCC6uGYXSRs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.128.0/20
151.240.145.0/24
151.240.171.0/24
151.241.105.0-151.241.107.255
151.241.132.0/22
151.242.56.0/24
151.242.70.0/23
151.242.135.0/24
151.243.8.0/23
151.243.204.0/23
151.244.56.0/24
151.245.2.0/24
151.245.22.0/24
151.245.56.0/22
151.245.185.0/24
151.245.187.0-151.245.188.255
151.246.8.0/21
151.247.41.0/24
151.247.44.0/23
151.247.47.0-151.247.48.255
151.247.75.0-151.247.78.255
151.247.91.0/24
151.247.102.0/24
151.247.131.0/24
151.247.133.0-151.247.135.255
151.247.242.0/24
151.247.248.0/24
Signature Algorithm: sha256WithRSAEncryption
41:8d:4e:09:cf:96:6f:30:a1:73:f6:03:4f:73:cd:62:7a:2e:
79:21:5e:da:d6:2b:d8:b4:99:53:ac:b7:f0:3d:1c:7a:5d:4e:
8b:f9:31:4c:4f:85:48:93:d9:3f:cd:c7:d1:f0:d3:93:ed:04:
03:8b:95:1d:c1:5f:20:da:60:f5:e8:a9:3c:c9:86:98:7e:17:
3a:ba:57:5d:ec:41:41:50:b5:a6:42:95:05:2c:95:d4:f3:98:
43:65:08:e1:b7:c8:11:5e:77:ff:42:de:51:92:13:61:23:91:
51:73:e8:62:cf:2a:06:81:05:be:e4:cc:67:c4:d1:3d:2a:4f:
7c:e1:ba:dc:72:45:f9:a8:de:1b:2e:14:43:c7:95:15:02:68:
fc:6c:99:b9:32:cd:6d:f6:77:d3:47:4b:c5:0f:4e:39:2b:79:
94:e9:4f:12:eb:18:0d:0e:dc:1a:1f:b7:3d:40:ef:51:6a:b8:
ff:de:eb:98:f5:bb:fb:1b:18:c4:78:c4:9e:9a:0e:0b:f4:c2:
60:1e:4b:d4:3b:11:db:37:16:9f:cf:4b:70:35:8d:45:6d:27:
41:49:f3:bb:40:23:08:2c:11:52:fa:de:75:ab:8b:92:c9:0e:
4d:a8:5d:81:40:dc:b9:37:ad:4c:f0:0a:d9:97:bf:49:ab:ae:
89:39:d7:16
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgISAZ0LO6NmXvDhmvoyU0lp2u6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzIwMTIzMjMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDM1YjUyYjgzMmJmNjU1MTQ0MWU0NzA4NDIwYmFiODY2MTc0OTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3s5K01fprDCc1E2wd+xSFpcjxQ5
bqcBhIPODzqaUDxt32p4gSXwWfyeV5k7/CzVJVgixV8ayu/ZLJOeOEWXv7+WXfqL
rpOTB7foqaIh44N1RW597jIrWG0DAN2e05mcSJVHpIbIVoDdkmsXlJW9lGmyFUNm
ESBx84ZewnP25zlhu7GBMZM6jIRSgcxAq+Bv8ASL9qiDxJ+/L9SwRGLZtEK63ymJ
U07uJzqAIGn4MY8ssn5JuZNDGpJSg8EUPRBxnrhg64uVlNjINMKr6EjEV+KS+zPS
gkK1Pa2zUwf9CvVxUvdZVFRK/NqzT/MCNwzsgXeDpfkBfrFuRSVPlBU4SQIDAQAB
o4IC0jCCAs4wHQYDVR0OBBYEFCQ1tSuDK/ZVFEHkcIQgurhmF0kbMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSkRXMUs0TXI5bFVVUWVSd2hDQzZ1R1lYU1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHnBggrBgEFBQcBBwEB/wSB1zCB1DCB0QQCAAEwgcoDBASX
8IADBACX8JEDBACX8KswDAMEAJfxaQMEApfxaAMEApfxhAMEAJfyOAMEAZfyRgME
AJfyhwMEAZfzCAMEAZfzzAMEAJf0OAMEAJf1AgMEAJf1FgMEApf1OAMEAJf1uTAM
AwQAl/W7AwQAl/W8AwQDl/YIAwQAl/cpAwQBl/csMAwDBACX9y8DBACX9zAwDAME
AJf3SwMEAJf3TgMEAJf3WwMEAJf3ZgMEAJf3gzAMAwQAl/eFAwQDl/eAAwQAl/fy
AwQAl/f4MA0GCSqGSIb3DQEBCwUAA4IBAQBBjU4Jz5ZvMKFz9gNPc81iei55IV7a
1ivYtJlTrLfwPRx6XU6L+TFMT4VIk9k/zcfR8NOT7QQDi5UdwV8g2mD16Kk8yYaY
fhc6uldd7EFBULWmQpUFLJXU85hDZQjht8gRXnf/Qt5RkhNhI5FRc+hizyoGgQW+
5MxnxNE9Kk984brcckX5qN4bLhRDx5UVAmj8bJm5Ms1t9nfTR0vFD045K3mU6U8S
6xgNDtwaH7c9QO9Rarj/3uuY9bv7GxjEeMSemg4L9MJgHkvUOxHbNxafz0twNY1F
bSdBSfO7QCMILBFS+t51q4uSyQ5NqF2BQNy5N61M8ArZl79Jq66JOdcW
-----END CERTIFICATE-----
Generated at Thu Mar 26 01:47:40 2026 by rpki-client