Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_dk8iiwKiGi-aT0njTCQTcyaQBA.roa
File: _dk8iiwKiGi-aT0njTCQTcyaQBA.roa (raw, json)
Hash identifier: DkVU2QyJ3VdZ7P3/IKI7fFLadvsvZu3/ZrE6Gj7KpdI=
Subject key identifier: FD:D9:3C:8A:2C:0A:88:68:BE:69:3D:27:8D:30:90:4D:CC:9A:40:10
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0199752A84F530417348D674E3DCAB6A2F6A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_dk8iiwKiGi-aT0njTCQTcyaQBA.roa
Signing time: Tue 23 Sep 2025 06:02:24 +0000
ROA not before: Tue 23 Sep 2025 06:02:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215304
IP address blocks: 151.241.128.0/22 maxlen: 24
151.242.4.0/24 maxlen: 24
151.242.14.0/24 maxlen: 24
151.242.17.0/24 maxlen: 24
151.242.27.0/24 maxlen: 24
151.242.32.0/24 maxlen: 24
151.242.139.0/24 maxlen: 24
151.243.44.0/24 maxlen: 24
151.243.115.0/24 maxlen: 24
151.244.3.0/24 maxlen: 24
151.244.128.0/24 maxlen: 24
151.244.129.0/24 maxlen: 24
151.244.130.0/24 maxlen: 24
151.244.236.0/24 maxlen: 24
151.245.120.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:75:2a:84:f5:30:41:73:48:d6:74:e3:dc:ab:6a:2f:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Sep 23 06:02:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fdd93c8a2c0a8868be693d278d30904dcc9a4010
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:0c:b1:cd:fd:15:1d:39:7d:62:61:67:34:79:
ca:d6:87:f9:34:59:b2:cd:21:fe:c8:4c:0f:63:22:
1e:57:55:86:d3:6b:1f:19:ce:6e:9a:d0:a8:96:ef:
a6:aa:5e:b0:68:25:67:da:69:a1:c6:3c:cb:21:af:
f0:56:f3:9f:08:23:7c:51:0f:59:ba:d2:46:d4:84:
01:1f:34:0f:61:b5:49:a1:54:5f:2e:c4:83:73:3b:
54:26:41:b5:e0:f8:88:07:18:0a:77:95:42:8e:00:
69:c8:ef:7c:d0:f8:e8:23:d3:d9:6f:87:ea:7c:53:
07:75:41:fb:87:07:b9:1c:fd:ca:25:a5:2f:24:8a:
6b:c1:00:81:03:16:2d:f5:8f:5e:a3:4d:90:93:cd:
52:e3:2e:62:27:39:ff:46:0c:ca:01:f7:ce:69:39:
02:44:ff:47:cb:d0:7a:dd:93:0f:2e:c2:57:25:22:
47:12:d8:df:89:6c:da:47:d6:4d:43:6d:fa:5c:b4:
2c:7f:e7:7c:64:20:08:de:70:89:4c:9b:0f:5a:1c:
46:12:e8:5b:2b:d8:e5:52:7b:a4:12:7e:81:9f:e8:
63:48:a7:89:a3:fd:06:a9:1f:ab:48:e1:ad:a9:81:
0a:cd:19:9f:eb:fb:11:10:22:38:8e:0d:86:c3:5d:
3a:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:D9:3C:8A:2C:0A:88:68:BE:69:3D:27:8D:30:90:4D:CC:9A:40:10
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_dk8iiwKiGi-aT0njTCQTcyaQBA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.241.128.0/22
151.242.4.0/24
151.242.14.0/24
151.242.17.0/24
151.242.27.0/24
151.242.32.0/24
151.242.139.0/24
151.243.44.0/24
151.243.115.0/24
151.244.3.0/24
151.244.128.0-151.244.130.255
151.244.236.0/24
151.245.120.0/21
Signature Algorithm: sha256WithRSAEncryption
a4:5f:66:52:ff:5f:81:35:db:74:c4:fb:e4:de:b5:a5:eb:d1:
1f:74:40:e9:6a:94:c5:47:94:ca:17:4f:81:6f:05:36:b8:46:
eb:3a:91:fc:89:ec:02:c1:59:6e:e2:76:14:28:af:90:6e:d8:
74:c2:86:c1:1e:22:ce:f2:18:d8:f4:f2:1a:e3:b7:82:54:01:
b3:93:0f:98:22:55:78:ee:f3:1d:87:49:26:95:0a:a8:96:5a:
52:a0:43:74:0b:a3:1c:27:a4:11:62:d6:bb:f7:fb:2a:9a:3b:
e6:ee:d0:22:e8:69:99:33:95:ed:0f:c0:1b:e0:54:09:79:1b:
75:aa:a4:74:f5:bf:a8:22:90:59:30:b2:b5:12:46:81:c3:ec:
b1:b9:b2:5d:5c:70:08:c3:cc:ff:7f:75:89:0f:21:47:65:d4:
a7:e3:12:5d:ed:c0:3c:89:08:0d:fe:9d:03:6e:08:f3:99:54:
a4:20:af:2d:52:9f:e9:9d:27:f0:ce:5c:fd:8c:66:27:c3:0f:
2f:21:c6:ce:02:9a:08:39:61:cd:68:33:52:72:e0:c2:e8:37:
d2:8b:88:21:70:ef:22:79:50:f6:2f:23:16:4d:a5:d3:f2:81:
bf:78:a3:b1:e7:bc:22:95:a7:a1:79:17:28:7f:23:b8:35:7a:
44:c5:f2:53
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAZl1KoT1MEFzSNZ049yrai9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTIzMDYwMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQ5M2M4YTJjMGE4ODY4YmU2OTNkMjc4ZDMwOTA0ZGNjOWE0MDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8wyxzf0VHTl9YmFnNHnK1of5NFmy
zSH+yEwPYyIeV1WG02sfGc5umtColu+mql6waCVn2mmhxjzLIa/wVvOfCCN8UQ9Z
utJG1IQBHzQPYbVJoVRfLsSDcztUJkG14PiIBxgKd5VCjgBpyO980PjoI9PZb4fq
fFMHdUH7hwe5HP3KJaUvJIprwQCBAxYt9Y9eo02Qk81S4y5iJzn/RgzKAffOaTkC
RP9Hy9B63ZMPLsJXJSJHEtjfiWzaR9ZNQ236XLQsf+d8ZCAI3nCJTJsPWhxGEuhb
K9jlUnukEn6Bn+hjSKeJo/0GqR+rSOGtqYEKzRmf6/sRECI4jg2Gw106cwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFP3ZPIosCohovmk9J40wkE3MmkAQMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvX2RrOGlpd0tpR2ktYVQwbmpUQ1FUY3lhUUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQCl/GAAwQA
l/IEAwQAl/IOAwQAl/IRAwQAl/IbAwQAl/IgAwQAl/KLAwQAl/MsAwQAl/NzAwQA
l/QDMAwDBAeX9IADBACX9IIDBACX9OwDBAOX9XgwDQYJKoZIhvcNAQELBQADggEB
AKRfZlL/X4E123TE++TetaXr0R90QOlqlMVHlMoXT4FvBTa4Rus6kfyJ7ALBWW7i
dhQor5Bu2HTChsEeIs7yGNj08hrjt4JUAbOTD5giVXju8x2HSSaVCqiWWlKgQ3QL
oxwnpBFi1rv3+yqaO+bu0CLoaZkzle0PwBvgVAl5G3WqpHT1v6gikFkwsrUSRoHD
7LG5sl1ccAjDzP9/dYkPIUdl1KfjEl3twDyJCA3+nQNuCPOZVKQgry1Sn+mdJ/DO
XP2MZifDDy8hxs4Cmgg5Yc1oM1Jy4MLoN9KLiCFw7yJ5UPYvIxZNpdPygb94o7Hn
vCKVp6F5Fyh/I7g1ekTF8lM=
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:06:19 2025 by rpki-client