Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/nn-Mh_VLgKzM9RsmmMLprkETQO8.roa
File: nn-Mh_VLgKzM9RsmmMLprkETQO8.roa (raw, json)
Hash identifier: +4s4oIfIRjcc2JLs9qYlsaA/JpdlArQRp2w0DEzeRoM=
Subject key identifier: 9E:7F:8C:87:F5:4B:80:AC:CC:F5:1B:26:98:C2:E9:AE:41:13:40:EF
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019D1E920970A268873DAC499E3855EB8F0E
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/nn-Mh_VLgKzM9RsmmMLprkETQO8.roa
Signing time: Tue 24 Mar 2026 06:39:40 +0000
ROA not before: Tue 24 Mar 2026 06:39:40 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16509
IP address blocks: 151.240.128.0/21 maxlen: 24
151.240.136.0/21 maxlen: 24
151.240.145.0/24 maxlen: 24
151.240.171.0/24 maxlen: 24
151.241.105.0/24 maxlen: 24
151.241.106.0/24 maxlen: 24
151.241.107.0/24 maxlen: 24
151.241.132.0/22 maxlen: 22
151.242.56.0/24 maxlen: 24
151.242.70.0/24 maxlen: 24
151.242.71.0/24 maxlen: 24
151.242.135.0/24 maxlen: 24
151.243.8.0/23 maxlen: 23
151.243.204.0/23 maxlen: 23
151.244.56.0/24 maxlen: 24
151.245.2.0/24 maxlen: 24
151.245.22.0/24 maxlen: 24
151.245.56.0/22 maxlen: 22
151.245.185.0/24 maxlen: 24
151.245.187.0/24 maxlen: 24
151.245.188.0/24 maxlen: 24
151.246.8.0/21 maxlen: 24
151.247.41.0/24 maxlen: 24
151.247.44.0/24 maxlen: 24
151.247.45.0/24 maxlen: 24
151.247.47.0/24 maxlen: 24
151.247.48.0/24 maxlen: 24
151.247.75.0/24 maxlen: 24
151.247.76.0/24 maxlen: 24
151.247.77.0/24 maxlen: 24
151.247.78.0/24 maxlen: 24
151.247.91.0/24 maxlen: 24
151.247.102.0/24 maxlen: 24
151.247.131.0/24 maxlen: 24
151.247.133.0/24 maxlen: 24
151.247.134.0/24 maxlen: 24
151.247.135.0/24 maxlen: 24
151.247.242.0/24 maxlen: 24
151.247.248.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:1e:92:09:70:a2:68:87:3d:ac:49:9e:38:55:eb:8f:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Mar 24 06:39:40 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=9e7f8c87f54b80acccf51b2698c2e9ae411340ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:23:e3:99:b4:9a:92:e5:00:dc:ba:9b:89:9f:
a0:e3:84:5e:8d:81:fb:16:82:15:36:73:18:7a:23:
96:4b:e6:41:7a:89:d3:36:5f:cb:50:20:4a:30:c8:
c5:4d:09:10:ac:da:27:18:cb:4b:8f:32:62:c1:68:
56:fb:04:9c:9e:b0:25:53:97:33:03:a6:26:be:7f:
04:44:73:b1:58:3f:b3:d5:08:80:79:5c:e8:22:8b:
3b:0f:2a:d4:db:df:73:d3:b9:3c:e5:da:5d:a6:b1:
46:4c:81:53:b9:f5:9e:78:f0:d9:d7:81:4a:f7:0a:
dd:0f:c6:45:73:81:a0:8f:b5:e3:2f:ce:93:8c:d3:
b3:47:0b:18:f3:b6:2d:2c:d8:d8:32:62:0a:73:05:
48:c2:23:d3:1f:9f:7e:d9:6e:05:d3:c2:17:30:09:
4d:68:19:4f:e0:c0:2b:ea:f7:5b:b4:70:1e:46:2a:
ee:3b:3d:d8:2d:68:9b:85:b6:2d:20:6d:35:e3:3b:
8c:f0:37:c0:1e:32:80:98:45:c6:4c:b3:1c:f8:98:
54:c8:92:bf:61:03:68:a1:ab:f4:f6:5f:0e:95:41:
d9:28:a8:99:73:a0:17:80:92:ab:24:7d:f2:a4:79:
74:91:25:65:f5:58:21:fe:2b:1a:67:9c:da:03:7d:
27:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:7F:8C:87:F5:4B:80:AC:CC:F5:1B:26:98:C2:E9:AE:41:13:40:EF
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/nn-Mh_VLgKzM9RsmmMLprkETQO8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.128.0/20
151.240.145.0/24
151.240.171.0/24
151.241.105.0-151.241.107.255
151.241.132.0/22
151.242.56.0/24
151.242.70.0/23
151.242.135.0/24
151.243.8.0/23
151.243.204.0/23
151.244.56.0/24
151.245.2.0/24
151.245.22.0/24
151.245.56.0/22
151.245.185.0/24
151.245.187.0-151.245.188.255
151.246.8.0/21
151.247.41.0/24
151.247.44.0/23
151.247.47.0-151.247.48.255
151.247.75.0-151.247.78.255
151.247.91.0/24
151.247.102.0/24
151.247.131.0/24
151.247.133.0-151.247.135.255
151.247.242.0/24
151.247.248.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:ed:f3:fd:f3:02:6a:69:8e:3e:3d:f4:b8:1c:8c:05:1e:e0:
47:b2:d4:6b:43:6f:3f:94:aa:5b:48:bf:db:eb:d0:c8:d0:78:
38:33:c5:c8:27:84:66:fd:ed:70:c6:d4:4d:10:9b:1b:93:98:
0b:81:74:74:39:73:00:f1:a6:7e:86:3c:30:3d:3a:4b:d4:4f:
89:44:3d:bd:b5:27:68:d0:9e:25:bc:99:8a:3e:60:7b:aa:4a:
e4:2a:75:07:73:0a:2b:c7:db:8a:5b:2c:c7:fb:7f:49:9c:77:
a2:44:61:cc:2b:cd:1c:67:ca:f3:0b:cb:69:c8:99:01:04:60:
ef:15:81:27:75:b0:2b:c0:1e:e2:44:7e:cb:41:6b:8a:8e:2f:
bc:7d:4d:8f:36:85:08:8c:b6:43:32:95:f8:bb:e0:0f:6e:a3:
0d:a5:12:70:0b:8c:6e:8b:94:ed:c1:15:35:76:3f:aa:a9:d1:
53:77:2f:43:44:63:4e:33:c0:a6:99:ba:ba:e4:36:cd:46:ef:
d3:1d:83:62:8b:0a:fd:65:0d:c6:13:30:41:d5:be:8e:d9:49:
cd:86:51:24:dc:f4:1e:4d:e8:a7:c2:f7:48:ec:ae:69:6c:a0:
55:cb:d2:e7:7c:0f:fc:b4:4f:ac:bb:78:16:1a:cb:f0:41:bf:
0c:eb:bf:fc
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgISAZ0ekglwomiHPaxJnjhV648OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzI0MDYzOTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTdmOGM4N2Y1NGI4MGFjY2NmNTFiMjY5OGMyZTlhZTQxMTM0MGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCPjmbSakuUA3LqbiZ+g44RejYH7
FoIVNnMYeiOWS+ZBeonTNl/LUCBKMMjFTQkQrNonGMtLjzJiwWhW+wScnrAlU5cz
A6Ymvn8ERHOxWD+z1QiAeVzoIos7DyrU299z07k85dpdprFGTIFTufWeePDZ14FK
9wrdD8ZFc4Ggj7XjL86TjNOzRwsY87YtLNjYMmIKcwVIwiPTH59+2W4F08IXMAlN
aBlP4MAr6vdbtHAeRiruOz3YLWibhbYtIG014zuM8DfAHjKAmEXGTLMc+JhUyJK/
YQNooav09l8OlUHZKKiZc6AXgJKrJH3ypHl0kSVl9Vgh/isaZ5zaA30ndQIDAQAB
o4IC0jCCAs4wHQYDVR0OBBYEFJ5/jIf1S4CszPUbJpjC6a5BE0DvMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbm4tTWhfVkxnS3pNOVJzbW1NTHBya0VUUU84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHnBggrBgEFBQcBBwEB/wSB1zCB1DCB0QQCAAEwgcoDBASX
8IADBACX8JEDBACX8KswDAMEAJfxaQMEApfxaAMEApfxhAMEAJfyOAMEAZfyRgME
AJfyhwMEAZfzCAMEAZfzzAMEAJf0OAMEAJf1AgMEAJf1FgMEApf1OAMEAJf1uTAM
AwQAl/W7AwQAl/W8AwQDl/YIAwQAl/cpAwQBl/csMAwDBACX9y8DBACX9zAwDAME
AJf3SwMEAJf3TgMEAJf3WwMEAJf3ZgMEAJf3gzAMAwQAl/eFAwQDl/eAAwQAl/fy
AwQAl/f4MA0GCSqGSIb3DQEBCwUAA4IBAQB67fP98wJqaY4+PfS4HIwFHuBHstRr
Q28/lKpbSL/b69DI0Hg4M8XIJ4Rm/e1wxtRNEJsbk5gLgXR0OXMA8aZ+hjwwPTpL
1E+JRD29tSdo0J4lvJmKPmB7qkrkKnUHcworx9uKWyzH+39JnHeiRGHMK80cZ8rz
C8tpyJkBBGDvFYEndbArwB7iRH7LQWuKji+8fU2PNoUIjLZDMpX4u+APbqMNpRJw
C4xui5TtwRU1dj+qqdFTdy9DRGNOM8Cmmbq65DbNRu/THYNiiwr9ZQ3GEzBB1b6O
2UnNhlEk3PQeTeinwvdI7K5pbKBVy9LnfA/8tE+su3gWGsvwQb8M67/8
-----END CERTIFICATE-----
Generated at Thu Mar 26 01:48:00 2026 by rpki-client