Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JP1cwxl_FCrEpkSQ5yw2scfgWnM.roa
File: JP1cwxl_FCrEpkSQ5yw2scfgWnM.roa (raw, json)
Hash identifier: Ok/gRihYeV25CysXGntlKTrXYSTQfAnyXHdkKZ+8JFA=
Subject key identifier: 24:FD:5C:C3:19:7F:14:2A:C4:A6:44:90:E7:2C:36:B1:C7:E0:5A:73
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 01994168E6D68F785AC10E53E2C73E6B68F3
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JP1cwxl_FCrEpkSQ5yw2scfgWnM.roa
Signing time: Sat 13 Sep 2025 04:50:17 +0000
ROA not before: Sat 13 Sep 2025 04:50:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 151.240.128.0/21 maxlen: 24
151.240.136.0/21 maxlen: 24
151.240.171.0/24 maxlen: 24
151.241.105.0/24 maxlen: 24
151.241.106.0/24 maxlen: 24
151.241.107.0/24 maxlen: 24
151.241.132.0/22 maxlen: 22
151.242.56.0/24 maxlen: 24
151.242.70.0/24 maxlen: 24
151.242.71.0/24 maxlen: 24
151.242.135.0/24 maxlen: 24
151.243.8.0/23 maxlen: 23
151.243.204.0/23 maxlen: 23
151.244.56.0/24 maxlen: 24
151.245.2.0/24 maxlen: 24
151.245.22.0/24 maxlen: 24
151.245.56.0/22 maxlen: 22
151.245.185.0/24 maxlen: 24
151.245.187.0/24 maxlen: 24
151.245.188.0/24 maxlen: 24
151.247.133.0/24 maxlen: 24
151.247.134.0/24 maxlen: 24
151.247.135.0/24 maxlen: 24
151.247.188.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:41:68:e6:d6:8f:78:5a:c1:0e:53:e2:c7:3e:6b:68:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Sep 13 04:50:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=24fd5cc3197f142ac4a64490e72c36b1c7e05a73
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:4a:27:c2:af:36:f6:e1:99:93:4d:bf:e2:0b:
e9:2f:41:16:61:fc:83:9d:69:98:56:40:77:7d:ca:
37:27:8c:78:19:1f:7c:00:72:9e:26:d6:27:86:7d:
46:a2:4a:58:f0:68:67:1c:06:6e:1d:b7:49:82:00:
9a:30:d7:63:b0:d9:a9:e8:72:98:5d:63:a1:d9:49:
8c:b0:ac:22:d0:3b:94:4b:76:ca:15:07:ca:b6:ae:
0b:8f:b1:e4:fb:21:71:11:b5:50:01:ac:74:89:8a:
99:ac:04:77:ab:62:07:f9:e4:f2:02:ed:70:26:a5:
1b:2a:61:04:58:97:9c:a7:e5:ab:ce:7c:de:a3:f8:
66:52:1e:65:f9:95:09:71:db:e1:85:3a:6e:d2:45:
85:c8:e4:4b:b7:b8:04:b6:94:20:ad:76:ce:4f:c1:
db:fe:13:1b:7b:55:be:c7:8b:e7:f1:7a:84:9a:24:
d5:de:08:e9:e1:40:c5:21:c8:d6:1d:d9:b7:89:a1:
88:2a:fd:46:f2:94:02:df:1d:c7:db:ab:f3:8e:02:
46:6f:68:9e:fe:8f:93:be:10:03:cb:fb:22:7f:67:
7f:25:9e:c0:80:b9:df:27:ef:1d:ff:bb:01:a8:68:
4b:a3:5f:af:7c:8f:47:ba:e8:36:f0:b5:3e:0d:cd:
a5:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:FD:5C:C3:19:7F:14:2A:C4:A6:44:90:E7:2C:36:B1:C7:E0:5A:73
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/JP1cwxl_FCrEpkSQ5yw2scfgWnM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.128.0/20
151.240.171.0/24
151.241.105.0-151.241.107.255
151.241.132.0/22
151.242.56.0/24
151.242.70.0/23
151.242.135.0/24
151.243.8.0/23
151.243.204.0/23
151.244.56.0/24
151.245.2.0/24
151.245.22.0/24
151.245.56.0/22
151.245.185.0/24
151.245.187.0-151.245.188.255
151.247.133.0-151.247.135.255
151.247.188.0/22
Signature Algorithm: sha256WithRSAEncryption
05:ad:67:7e:18:11:56:e2:48:60:2f:61:3c:9c:7d:6f:1f:7f:
b1:27:60:02:9e:73:df:69:58:ac:92:fe:9c:7c:e3:ad:f6:28:
cb:13:c3:15:2b:5e:65:4f:48:e0:fc:a4:88:88:f8:a4:36:54:
14:f1:77:bd:11:3e:f1:2e:ec:ac:70:cf:af:f4:ec:f7:43:ed:
44:e7:10:07:d7:bf:58:d6:59:95:e0:2b:12:c3:f8:6f:c0:af:
20:61:88:a8:da:0f:68:81:e5:f7:73:9e:3f:67:ee:4b:ed:44:
36:84:b8:fe:6a:33:8b:f4:39:7d:05:84:ac:36:4e:c3:8f:f7:
62:71:17:e9:f3:e0:a5:6b:ba:7c:0d:bf:0a:46:12:d3:7c:16:
c9:72:a7:df:a3:e9:6e:c6:b6:62:01:1c:dd:7f:f4:f5:72:a4:
34:12:24:55:9f:e1:90:53:eb:35:d7:4e:4c:35:81:d6:d4:d5:
8f:d7:55:01:3c:b0:a8:a3:ca:04:7e:41:77:27:09:14:37:20:
53:c3:22:83:0d:10:12:23:d2:70:31:4b:60:32:8b:1f:6a:29:
eb:6e:36:a7:16:0d:ac:1d:f2:6f:47:f5:49:c1:ec:a8:22:93:
a0:73:49:f7:9b:83:0c:a0:41:2a:d1:4e:fb:1c:d1:72:f3:32:
e3:d3:47:bd
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZlBaObWj3hawQ5T4sc+a2jzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTEzMDQ1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGZkNWNjMzE5N2YxNDJhYzRhNjQ0OTBlNzJjMzZiMWM3ZTA1YTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Eonwq829uGZk02/4gvpL0EWYfyD
nWmYVkB3fco3J4x4GR98AHKeJtYnhn1GokpY8GhnHAZuHbdJggCaMNdjsNmp6HKY
XWOh2UmMsKwi0DuUS3bKFQfKtq4Lj7Hk+yFxEbVQAax0iYqZrAR3q2IH+eTyAu1w
JqUbKmEEWJecp+Wrznzeo/hmUh5l+ZUJcdvhhTpu0kWFyORLt7gEtpQgrXbOT8Hb
/hMbe1W+x4vn8XqEmiTV3gjp4UDFIcjWHdm3iaGIKv1G8pQC3x3H26vzjgJGb2ie
/o+TvhADy/sif2d/JZ7AgLnfJ+8d/7sBqGhLo1+vfI9Huug28LU+Dc2l7QIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFCT9XMMZfxQqxKZEkOcsNrHH4FpzMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSlAxY3d4bF9GQ3JFcGtTUTV5dzJzY2ZnV25NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEBJfw
gAMEAJfwqzAMAwQAl/FpAwQCl/FoAwQCl/GEAwQAl/I4AwQBl/JGAwQAl/KHAwQB
l/MIAwQBl/PMAwQAl/Q4AwQAl/UCAwQAl/UWAwQCl/U4AwQAl/W5MAwDBACX9bsD
BACX9bwwDAMEAJf3hQMEA5f3gAMEApf3vDANBgkqhkiG9w0BAQsFAAOCAQEABa1n
fhgRVuJIYC9hPJx9bx9/sSdgAp5z32lYrJL+nHzjrfYoyxPDFSteZU9I4PykiIj4
pDZUFPF3vRE+8S7srHDPr/Ts90PtROcQB9e/WNZZleArEsP4b8CvIGGIqNoPaIHl
93OeP2fuS+1ENoS4/mozi/Q5fQWErDZOw4/3YnEX6fPgpWu6fA2/CkYS03wWyXKn
36Ppbsa2YgEc3X/09XKkNBIkVZ/hkFPrNddOTDWB1tTVj9dVATywqKPKBH5BdycJ
FDcgU8Migw0QEiPScDFLYDKLH2op6242pxYNrB3yb0f1ScHsqCKToHNJ95uDDKBB
KtFO+xzRcvMy49NHvQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:08:16 2025 by rpki-client