Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JKo_5ejnshE1ockR9UtYGBC55BM.roa
File: JKo_5ejnshE1ockR9UtYGBC55BM.roa (raw, json)
Hash identifier: srekBKaHPgVXS9SJAVKN1iT6v7lQ6aykntkzI2dpK9U=
Subject key identifier: 24:AA:3F:E5:E8:E7:B2:11:35:A1:C9:11:F5:4B:58:18:10:B9:E4:13
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0198D177CA476BDBDDFD8351614D91DC4688
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JKo_5ejnshE1ockR9UtYGBC55BM.roa
Signing time: Fri 22 Aug 2025 11:09:05 +0000
ROA not before: Fri 22 Aug 2025 11:09:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 151.240.128.0/21 maxlen: 24
151.240.136.0/21 maxlen: 24
151.240.171.0/24 maxlen: 24
151.241.132.0/22 maxlen: 22
151.242.56.0/24 maxlen: 24
151.243.8.0/23 maxlen: 23
151.243.204.0/23 maxlen: 23
151.244.56.0/24 maxlen: 24
151.245.56.0/22 maxlen: 22
151.245.185.0/24 maxlen: 24
151.245.187.0/24 maxlen: 24
151.245.188.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 00:37:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:d1:77:ca:47:6b:db:dd:fd:83:51:61:4d:91:dc:46:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Aug 22 11:09:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=24aa3fe5e8e7b21135a1c911f54b581810b9e413
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:16:04:9b:41:5a:09:43:3a:43:a7:b0:a1:31:
fa:7c:c1:6a:7f:c8:fc:17:36:b3:bc:bc:7b:3c:bb:
9e:e9:42:46:10:b6:00:44:8f:5b:96:b6:68:59:f5:
fc:82:a7:bd:f9:74:bd:12:db:1a:e9:99:e8:f6:33:
40:c0:f8:6a:c8:fd:de:de:8c:66:d3:20:5d:aa:5f:
d9:d5:64:61:ef:66:03:0c:3e:18:34:6c:1f:3b:79:
6d:d5:5d:44:83:bb:61:0b:e9:3a:0c:af:d3:f9:c3:
3c:16:c9:9b:e7:36:96:7e:87:9f:34:0d:af:bf:bb:
fd:19:b1:b2:9e:63:e4:4b:2c:e7:c0:f8:34:de:bc:
4a:ca:19:9e:90:27:5a:ca:46:66:97:84:4d:4f:1c:
7e:72:2f:fe:29:3d:e2:63:a1:1b:83:1f:f1:38:08:
84:b3:a6:94:3d:ac:09:5f:8a:20:df:b3:10:94:fc:
fe:c1:0a:15:3e:90:dc:54:0a:ed:f9:ae:3e:bf:c2:
10:47:12:6c:e0:6a:8c:0c:2a:fa:c9:5e:63:44:ca:
9b:ed:bf:52:93:7e:ff:0d:de:a1:20:99:45:6d:21:
4d:80:2f:08:0e:88:33:7e:79:4c:18:af:6b:dc:e1:
43:cb:5b:ed:59:cc:fa:93:45:4a:47:51:0c:94:e9:
1c:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:AA:3F:E5:E8:E7:B2:11:35:A1:C9:11:F5:4B:58:18:10:B9:E4:13
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JKo_5ejnshE1ockR9UtYGBC55BM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.128.0/20
151.240.171.0/24
151.241.132.0/22
151.242.56.0/24
151.243.8.0/23
151.243.204.0/23
151.244.56.0/24
151.245.56.0/22
151.245.185.0/24
151.245.187.0-151.245.188.255
Signature Algorithm: sha256WithRSAEncryption
26:ac:47:2d:e3:e9:6c:18:1f:5c:09:b6:6d:23:cf:51:ca:47:
df:4a:8b:8d:af:b3:23:19:1d:17:a0:ce:92:57:9b:a1:0f:bc:
83:3f:b8:54:7e:f4:f3:1a:64:fd:1d:a0:26:e1:10:3d:c6:a2:
78:4c:97:f9:43:60:de:94:00:ff:1c:42:33:c6:64:66:46:e9:
4b:6d:b5:d1:25:9c:9f:e4:72:27:fe:fd:37:82:67:37:4e:b0:
b5:ea:e0:aa:25:eb:f3:90:49:8f:f8:e5:e0:6f:6f:01:d1:0a:
92:e0:1b:de:bc:ad:16:dc:ae:0c:f8:bf:d5:93:6e:c1:24:18:
99:6c:f5:2e:59:66:a0:4a:06:8e:86:24:88:a0:9d:dc:36:79:
44:96:17:46:a4:05:f0:ca:09:65:97:48:f5:4a:c4:4d:b6:c7:
60:17:3e:e4:e1:25:00:34:90:e9:78:3a:ac:f7:a7:bd:62:6b:
37:f0:f9:1b:99:83:17:03:af:ad:2b:cd:4f:8d:1d:7a:f7:c4:
c7:4e:c3:12:66:80:97:94:a1:e0:e5:4c:9f:87:2c:de:05:b9:
e7:56:6e:c3:bf:fa:f9:19:31:e4:d3:8d:d8:70:05:70:93:8b:
3d:b1:e7:43:3a:93:7d:12:dd:78:00:6e:91:3b:07:8a:93:6c:
f5:e5:59:60
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZjRd8pHa9vd/YNRYU2R3EaIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODIyMTEwOTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGFhM2ZlNWU4ZTdiMjExMzVhMWM5MTFmNTRiNTgxODEwYjllNDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRYEm0FaCUM6Q6ewoTH6fMFqf8j8
FzazvLx7PLue6UJGELYARI9blrZoWfX8gqe9+XS9Etsa6Zno9jNAwPhqyP3e3oxm
0yBdql/Z1WRh72YDDD4YNGwfO3lt1V1Eg7thC+k6DK/T+cM8Fsmb5zaWfoefNA2v
v7v9GbGynmPkSyznwPg03rxKyhmekCdaykZml4RNTxx+ci/+KT3iY6Ebgx/xOAiE
s6aUPawJX4og37MQlPz+wQoVPpDcVArt+a4+v8IQRxJs4GqMDCr6yV5jRMqb7b9S
k37/Dd6hIJlFbSFNgC8IDogzfnlMGK9r3OFDy1vtWcz6k0VKR1EMlOkcPwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFCSqP+Xo57IRNaHJEfVLWBgQueQTMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSktvXzVlam5zaEUxb2NrUjlVdFlHQkM1NUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQEl/CAAwQA
l/CrAwQCl/GEAwQAl/I4AwQBl/MIAwQBl/PMAwQAl/Q4AwQCl/U4AwQAl/W5MAwD
BACX9bsDBACX9bwwDQYJKoZIhvcNAQELBQADggEBACasRy3j6WwYH1wJtm0jz1HK
R99Ki42vsyMZHRegzpJXm6EPvIM/uFR+9PMaZP0doCbhED3GonhMl/lDYN6UAP8c
QjPGZGZG6UtttdElnJ/kcif+/TeCZzdOsLXq4Kol6/OQSY/45eBvbwHRCpLgG968
rRbcrgz4v9WTbsEkGJls9S5ZZqBKBo6GJIigndw2eUSWF0akBfDKCWWXSPVKxE22
x2AXPuThJQA0kOl4Oqz3p71iazfw+RuZgxcDr60rzU+NHXr3xMdOwxJmgJeUoeDl
TJ+HLN4FuedWbsO/+vkZMeTTjdhwBXCTiz2x50M6k30S3XgAbpE7B4qTbPXlWWA=
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:18:18 2025 by rpki-client