Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jtXzu12z-tqrv3GHgPGLNE484Jk.roa
File: jtXzu12z-tqrv3GHgPGLNE484Jk.roa (raw, json)
Hash identifier: PeLL1ZHa1ALgi/ahTA3mQAoBqNHgoNmwcscS1ZTtkL4=
Subject key identifier: 8E:D5:F3:BB:5D:B3:FA:DA:AB:BF:71:87:80:F1:8B:34:4E:3C:E0:99
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0199CE25F94AB184FA3CF345092FC3A87CE0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jtXzu12z-tqrv3GHgPGLNE484Jk.roa
Signing time: Fri 10 Oct 2025 12:43:39 +0000
ROA not before: Fri 10 Oct 2025 12:43:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57043
IP address blocks: 151.240.97.0/24 maxlen: 24
151.241.146.0/24 maxlen: 24
151.241.155.0/24 maxlen: 24
151.241.226.0/24 maxlen: 24
151.241.227.0/24 maxlen: 24
151.241.228.0/24 maxlen: 24
151.241.229.0/24 maxlen: 24
151.245.218.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 14:01:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ce:25:f9:4a:b1:84:fa:3c:f3:45:09:2f:c3:a8:7c:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Oct 10 12:43:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8ed5f3bb5db3fadaabbf718780f18b344e3ce099
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:63:d0:51:17:fa:3c:15:d5:49:80:0c:7f:30:
23:eb:19:5c:eb:db:63:67:8f:ae:cb:db:9d:e2:eb:
bf:df:5b:78:5a:8c:57:f9:2b:8c:62:13:74:c5:40:
5b:5b:7f:a4:1a:44:10:b8:8b:4d:8a:f7:24:12:8c:
40:37:4e:d1:b0:4a:db:5c:af:56:b7:a2:93:8e:b2:
2d:55:27:25:dc:9f:af:a6:8e:09:0f:27:7b:08:93:
18:75:0b:37:ef:db:d5:75:6e:2d:59:35:50:e3:aa:
4a:d5:18:3e:fd:56:12:29:bc:45:62:62:8f:06:45:
d3:a5:65:2f:95:27:d3:a4:d1:75:66:c6:10:f8:51:
ca:3a:c8:78:35:31:27:9a:4f:02:ad:39:a8:dd:e5:
25:9f:be:43:ff:90:6f:8c:41:d0:31:28:3e:37:ca:
f7:fe:f1:ac:f5:9a:b0:c2:da:81:30:a4:ad:0b:d2:
1f:01:7c:b7:88:cc:d1:c2:6e:73:03:f0:2e:3c:7c:
e1:ea:27:cf:0b:34:74:80:06:01:6f:16:70:3a:87:
fa:f9:d5:f0:15:43:f4:28:17:0a:84:5d:40:b5:7b:
4f:89:9f:07:50:16:de:b7:6f:35:a9:4e:44:e4:2c:
cf:d9:1f:bd:a1:8e:7c:23:77:93:2f:5c:c7:fb:70:
2f:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:D5:F3:BB:5D:B3:FA:DA:AB:BF:71:87:80:F1:8B:34:4E:3C:E0:99
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/jtXzu12z-tqrv3GHgPGLNE484Jk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.97.0/24
151.241.146.0/24
151.241.155.0/24
151.241.226.0-151.241.229.255
151.245.218.0/23
Signature Algorithm: sha256WithRSAEncryption
32:9e:ef:df:e9:11:fd:d5:c8:24:10:4e:e6:6b:c8:bc:64:8c:
34:f5:a6:3c:e0:39:aa:a2:ab:d1:ea:c6:59:28:78:d8:6a:bf:
92:14:16:b6:98:08:8a:5a:ae:bd:24:09:b2:24:7d:72:f9:c7:
cb:62:a8:aa:8e:d8:c5:cb:46:b4:4a:d5:94:70:3f:4e:4d:f0:
08:73:08:00:ba:d1:ee:73:a3:c3:10:57:ff:89:b7:37:71:4d:
f0:ab:b6:89:e4:d5:d5:c3:6a:7c:ce:2a:f5:47:0a:97:58:ab:
6d:65:e2:07:ce:e2:31:3b:dc:23:3f:06:03:12:be:33:25:dc:
50:70:7b:7b:ad:0b:ae:c7:77:c2:93:2a:92:ee:c9:1c:37:a6:
f3:1f:3d:70:99:f0:f2:cb:19:51:b6:80:18:51:d8:25:f1:ab:
71:1b:b7:d8:3e:bf:2e:05:f4:07:78:c4:6d:bf:8c:99:85:30:
d0:b5:60:ab:ee:45:fb:a4:49:7c:97:d1:aa:d9:a2:09:9f:6e:
66:e9:99:a7:69:1a:1c:e2:d8:d2:f1:3d:fe:c7:88:16:62:65:
85:f9:4e:e0:9e:1e:03:ef:1a:21:c2:df:46:cd:98:0a:f9:23:
b4:bb:a5:45:ec:eb:f8:28:a8:10:d4:63:00:2f:d6:07:b1:ed:
f1:3b:30:88
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZnOJflKsYT6PPNFCS/DqHzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDEwMTI0MzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWQ1ZjNiYjVkYjNmYWRhYWJiZjcxODc4MGYxOGIzNDRlM2NlMDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2PQURf6PBXVSYAMfzAj6xlc69tj
Z4+uy9ud4uu/31t4WoxX+SuMYhN0xUBbW3+kGkQQuItNivckEoxAN07RsErbXK9W
t6KTjrItVScl3J+vpo4JDyd7CJMYdQs379vVdW4tWTVQ46pK1Rg+/VYSKbxFYmKP
BkXTpWUvlSfTpNF1ZsYQ+FHKOsh4NTEnmk8CrTmo3eUln75D/5BvjEHQMSg+N8r3
/vGs9ZqwwtqBMKStC9IfAXy3iMzRwm5zA/AuPHzh6ifPCzR0gAYBbxZwOof6+dXw
FUP0KBcKhF1AtXtPiZ8HUBbet281qU5E5CzP2R+9oY58I3eTL1zH+3AvTQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFI7V87tds/raq79xh4DxizROPOCZMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvanRYenUxMnotdHFydjNHSGdQR0xORTQ4NEprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAl/BhAwQA
l/GSAwQAl/GbMAwDBAGX8eIDBAGX8eQDBAGX9dowDQYJKoZIhvcNAQELBQADggEB
ADKe79/pEf3VyCQQTuZryLxkjDT1pjzgOaqiq9HqxlkoeNhqv5IUFraYCIparr0k
CbIkfXL5x8tiqKqO2MXLRrRK1ZRwP05N8AhzCAC60e5zo8MQV/+JtzdxTfCrtonk
1dXDanzOKvVHCpdYq21l4gfO4jE73CM/BgMSvjMl3FBwe3utC67Hd8KTKpLuyRw3
pvMfPXCZ8PLLGVG2gBhR2CXxq3Ebt9g+vy4F9Ad4xG2/jJmFMNC1YKvuRfukSXyX
0arZogmfbmbpmadpGhzi2NLxPf7HiBZiZYX5TuCeHgPvGiHC30bNmAr5I7S7pUXs
6/goqBDUYwAv1gex7fE7MIg=
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:25:40 2025 by rpki-client