Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/T4oXWPQLntKboNz6RB1xZqmL1qc.roa
File: T4oXWPQLntKboNz6RB1xZqmL1qc.roa (raw, json)
Hash identifier: MujB4VKf2WFQN0H51PJu8XHzeISHb1J8oqNeV81i+zQ=
Subject key identifier: 4F:8A:17:58:F4:0B:9E:D2:9B:A0:DC:FA:44:1D:71:66:A9:8B:D6:A7
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0199E2000F49DA6E8B9900528AAEF10AEB67
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/T4oXWPQLntKboNz6RB1xZqmL1qc.roa
Signing time: Tue 14 Oct 2025 09:14:38 +0000
ROA not before: Tue 14 Oct 2025 09:14:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 19318
IP address blocks: 151.241.108.0/24 maxlen: 24
151.242.41.0/24 maxlen: 24
151.242.58.0/24 maxlen: 24
151.242.122.0/24 maxlen: 24
151.243.52.0/23 maxlen: 24
151.243.164.0/22 maxlen: 24
151.243.254.0/24 maxlen: 24
151.244.136.0/22 maxlen: 22
151.244.160.0/22 maxlen: 22
151.244.170.0/24 maxlen: 24
151.244.172.0/22 maxlen: 22
151.244.176.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 20:00:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:e2:00:0f:49:da:6e:8b:99:00:52:8a:ae:f1:0a:eb:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Oct 14 09:14:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4f8a1758f40b9ed29ba0dcfa441d7166a98bd6a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:ed:60:c4:60:f8:de:b5:5b:c7:2f:25:74:96:
94:e4:d0:00:05:ae:e3:72:d2:6b:a8:38:c4:ba:d7:
58:55:07:3f:c8:88:28:70:ff:a2:57:77:4f:5c:d2:
fc:93:a6:1f:2f:3e:e2:c0:43:be:70:37:64:f1:a9:
a7:d5:e7:a4:ff:33:02:9d:88:7c:67:c1:a2:2f:55:
61:24:7c:ad:fc:b2:98:e6:f7:ba:67:eb:d5:15:a8:
f3:cd:16:06:d8:17:6a:fa:f1:c6:ef:fe:ee:b5:f7:
7a:b2:bb:b0:22:a9:f0:32:31:2a:04:46:19:5d:68:
ea:c8:58:2b:09:11:c1:bd:01:1b:d8:93:18:a3:b2:
3d:7e:77:d9:4b:a4:ff:8a:f2:e7:9c:e2:10:20:dc:
cd:4a:96:6d:01:74:6e:65:00:7b:74:65:a0:5d:13:
3b:df:b7:bf:13:6d:a8:6b:bd:82:ca:5d:00:4a:9e:
bf:d6:94:9a:1c:f1:7e:67:5c:5b:50:70:1a:dd:fb:
14:e6:99:3c:8d:d8:ac:a8:ab:01:02:99:0d:1f:66:
17:48:18:8e:f3:c6:29:56:b8:a3:49:eb:86:4e:2f:
9a:dd:f7:a4:eb:12:25:db:8a:cd:bc:98:0d:44:19:
35:9e:8c:39:82:60:65:af:5b:49:38:f9:12:fc:a2:
2e:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:8A:17:58:F4:0B:9E:D2:9B:A0:DC:FA:44:1D:71:66:A9:8B:D6:A7
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/T4oXWPQLntKboNz6RB1xZqmL1qc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.241.108.0/24
151.242.41.0/24
151.242.58.0/24
151.242.122.0/24
151.243.52.0/23
151.243.164.0/22
151.243.254.0/24
151.244.136.0/22
151.244.160.0/22
151.244.170.0/24
151.244.172.0-151.244.179.255
Signature Algorithm: sha256WithRSAEncryption
77:d1:73:1c:07:be:20:a4:6d:07:cf:b9:5d:a6:b6:19:99:a3:
45:a9:da:af:9e:73:2f:07:33:4e:ba:9d:28:1a:84:a0:64:3c:
6f:8c:71:2e:84:5c:67:90:e6:be:33:bd:ca:65:ba:8a:ed:ed:
c6:e6:ca:f7:cd:74:1e:70:c3:7e:46:c7:e8:65:4a:86:ec:bc:
3d:dd:ae:43:a9:b8:0f:9d:95:7e:07:5e:ed:14:8f:c0:bf:11:
2a:83:33:68:98:69:b3:b1:dd:cf:c2:c8:18:6a:6b:56:e2:02:
6c:31:f6:39:09:03:1d:ef:93:03:ec:bb:e5:38:02:b7:1f:ab:
69:48:a6:b3:9a:d3:82:7c:34:1c:ad:a9:92:64:6d:a1:3b:68:
89:2f:fb:fc:65:ed:26:84:4b:c3:ed:41:70:94:14:66:5a:a0:
3a:8d:c2:60:c1:e1:ec:ac:18:0f:7c:a0:39:98:14:41:50:e4:
be:55:21:0a:7d:0c:8f:64:54:2e:c9:64:b7:bc:04:31:24:0c:
c1:33:69:bf:bc:db:81:1b:a3:e5:f5:98:41:f4:49:5b:cf:1d:
d6:b7:87:2f:27:d6:69:d1:aa:1b:77:98:19:71:c6:99:8f:00:
dd:80:ad:72:4a:c2:f2:a1:18:38:08:f2:7d:e1:cf:41:49:77:
d1:f1:ec:a1
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZniAA9J2m6LmQBSiq7xCutnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDE0MDkxNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjhhMTc1OGY0MGI5ZWQyOWJhMGRjZmE0NDFkNzE2NmE5OGJkNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAle1gxGD43rVbxy8ldJaU5NAABa7j
ctJrqDjEutdYVQc/yIgocP+iV3dPXNL8k6YfLz7iwEO+cDdk8amn1eek/zMCnYh8
Z8GiL1VhJHyt/LKY5ve6Z+vVFajzzRYG2Bdq+vHG7/7utfd6sruwIqnwMjEqBEYZ
XWjqyFgrCRHBvQEb2JMYo7I9fnfZS6T/ivLnnOIQINzNSpZtAXRuZQB7dGWgXRM7
37e/E22oa72Cyl0ASp6/1pSaHPF+Z1xbUHAa3fsU5pk8jdisqKsBApkNH2YXSBiO
88YpVrijSeuGTi+a3fek6xIl24rNvJgNRBk1now5gmBlr1tJOPkS/KIu9wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFE+KF1j0C57Sm6Dc+kQdcWapi9anMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVDRvWFdQUUxudEtib056NlJCMXhacW1MMXFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAl/FsAwQA
l/IpAwQAl/I6AwQAl/J6AwQBl/M0AwQCl/OkAwQAl/P+AwQCl/SIAwQCl/SgAwQA
l/SqMAwDBAKX9KwDBAKX9LAwDQYJKoZIhvcNAQELBQADggEBAHfRcxwHviCkbQfP
uV2mthmZo0Wp2q+ecy8HM066nSgahKBkPG+McS6EXGeQ5r4zvcpluort7cbmyvfN
dB5ww35Gx+hlSobsvD3drkOpuA+dlX4HXu0Uj8C/ESqDM2iYabOx3c/CyBhqa1bi
Amwx9jkJAx3vkwPsu+U4Arcfq2lIprOa04J8NBytqZJkbaE7aIkv+/xl7SaES8Pt
QXCUFGZaoDqNwmDB4eysGA98oDmYFEFQ5L5VIQp9DI9kVC7JZLe8BDEkDMEzab+8
24Ebo+X1mEH0SVvPHda3hy8n1mnRqht3mBlxxpmPAN2ArXJKwvKhGDgI8n3hz0FJ
d9Hx7KE=
-----END CERTIFICATE-----
Generated at Mon Oct 20 03:40:09 2025 by rpki-client