Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pNSbBx_rE_r2iqx2keXro-Aw5YA.roa
File: pNSbBx_rE_r2iqx2keXro-Aw5YA.roa (raw, json)
Hash identifier: ycd2S5HBbg2HQQa/3ByEVoTdEr7yaHqfpPctqDNcRvo=
Subject key identifier: A4:D4:9B:07:1F:EB:13:FA:F6:8A:AC:76:91:E5:EB:A3:E0:30:E5:80
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 01994168ED144887A768483E10230C622D82
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pNSbBx_rE_r2iqx2keXro-Aw5YA.roa
Signing time: Sat 13 Sep 2025 04:50:19 +0000
ROA not before: Sat 13 Sep 2025 04:50:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 137517
IP address blocks: 151.240.120.0/24 maxlen: 24
151.241.20.0/24 maxlen: 24
151.242.90.0/24 maxlen: 24
151.243.136.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:41:68:ed:14:48:87:a7:68:48:3e:10:23:0c:62:2d:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Sep 13 04:50:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a4d49b071feb13faf68aac7691e5eba3e030e580
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:a0:a9:f2:e8:e3:3a:b2:f4:97:9e:fa:4b:7b:
c8:ff:08:38:7d:11:f1:66:4f:10:c0:c5:b5:3c:a1:
ef:2c:23:fe:67:5d:a7:34:04:20:a9:d6:69:bb:13:
8b:88:96:20:ee:0e:2a:3c:f9:6d:51:09:13:16:c7:
39:a2:7a:d6:4f:84:44:40:0c:83:08:6a:e2:b1:93:
e5:08:4e:1f:5f:53:74:1b:10:78:87:a5:9a:b8:07:
62:4f:21:12:ea:dc:a9:7d:db:47:c5:19:55:6f:0b:
b0:d0:f9:34:b6:69:30:43:69:8e:43:c8:a4:42:74:
d7:b6:a9:3d:95:e1:4b:b5:9a:cf:c6:e8:16:60:9b:
8c:81:07:43:2f:2a:a4:c0:0e:1c:ef:c8:f9:76:d3:
92:8f:6a:f3:68:b9:5f:0a:0b:8c:83:69:a7:a7:bd:
b7:50:ad:62:90:2d:ef:f8:75:71:40:f8:d6:cb:3d:
d3:7c:01:a6:ed:a1:ad:f5:27:d9:78:17:98:cd:c2:
12:0a:23:01:64:ec:94:bb:28:8b:03:34:d6:6b:3d:
e7:71:9d:dc:a5:6d:2f:95:25:4b:a3:bf:10:06:5d:
7e:5f:fb:69:2a:ca:da:6f:40:dd:48:8c:27:2e:3e:
6b:2f:35:90:3f:ab:df:b6:a1:c1:6b:15:07:85:6f:
1c:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:D4:9B:07:1F:EB:13:FA:F6:8A:AC:76:91:E5:EB:A3:E0:30:E5:80
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pNSbBx_rE_r2iqx2keXro-Aw5YA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.120.0/24
151.241.20.0/24
151.242.90.0/24
151.243.136.0/24
Signature Algorithm: sha256WithRSAEncryption
4b:e8:6d:b4:39:88:d8:a7:28:af:fb:d4:e1:65:36:e9:25:ae:
0d:dd:aa:50:6d:b3:46:ab:45:19:2f:a8:08:00:84:be:d3:cf:
13:7a:79:31:c6:6c:1d:d4:1a:06:57:42:8f:15:71:65:97:ab:
27:14:61:52:54:08:ba:69:73:ad:36:eb:0f:c3:88:ee:c1:bf:
0e:b0:42:b0:83:b9:d2:84:67:ab:12:98:48:13:38:32:04:ed:
f7:30:45:9d:69:1b:bd:df:e3:be:4a:fe:a6:7e:01:eb:ca:a3:
f7:33:a8:17:7f:e8:c5:66:ae:3e:56:bc:3c:24:dd:58:54:27:
54:8e:e2:04:60:7f:a2:6c:5a:ae:2e:9a:ba:3f:d9:4b:81:b4:
39:de:a2:db:0c:5a:15:f4:eb:b2:5a:c2:8c:99:1c:82:f3:d1:
95:1a:e1:cf:fd:1e:0a:ab:e1:54:0b:87:84:28:63:36:82:ff:
cd:46:0e:2f:04:a8:b0:f2:b4:b8:ae:7c:f0:61:7d:5a:fb:7f:
72:86:4d:c4:d4:1a:12:13:cb:39:11:f4:9e:06:ec:78:ca:a2:
9d:8a:63:65:49:3e:ed:1f:15:a0:24:0e:18:92:8f:8a:ad:fc:
16:68:db:e2:80:ab:58:fb:e1:8c:75:31:02:ab:59:b7:1f:c7:
35:ab:4d:1c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZlBaO0USIenaEg+ECMMYi2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTEzMDQ1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGQ0OWIwNzFmZWIxM2ZhZjY4YWFjNzY5MWU1ZWJhM2UwMzBlNTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKCp8ujjOrL0l576S3vI/wg4fRHx
Zk8QwMW1PKHvLCP+Z12nNAQgqdZpuxOLiJYg7g4qPPltUQkTFsc5onrWT4REQAyD
CGrisZPlCE4fX1N0GxB4h6WauAdiTyES6typfdtHxRlVbwuw0Pk0tmkwQ2mOQ8ik
QnTXtqk9leFLtZrPxugWYJuMgQdDLyqkwA4c78j5dtOSj2rzaLlfCguMg2mnp723
UK1ikC3v+HVxQPjWyz3TfAGm7aGt9SfZeBeYzcISCiMBZOyUuyiLAzTWaz3ncZ3c
pW0vlSVLo78QBl1+X/tpKsrab0DdSIwnLj5rLzWQP6vftqHBaxUHhW8cjQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKTUmwcf6xP69oqsdpHl66PgMOWAMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcE5TYkJ4X3JFX3IyaXF4MmtlWHJvLUF3NVlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAl/B4AwQA
l/EUAwQAl/JaAwQAl/OIMA0GCSqGSIb3DQEBCwUAA4IBAQBL6G20OYjYpyiv+9Th
ZTbpJa4N3apQbbNGq0UZL6gIAIS+088Tenkxxmwd1BoGV0KPFXFll6snFGFSVAi6
aXOtNusPw4juwb8OsEKwg7nShGerEphIEzgyBO33MEWdaRu93+O+Sv6mfgHryqP3
M6gXf+jFZq4+Vrw8JN1YVCdUjuIEYH+ibFquLpq6P9lLgbQ53qLbDFoV9OuyWsKM
mRyC89GVGuHP/R4Kq+FUC4eEKGM2gv/NRg4vBKiw8rS4rnzwYX1a+39yhk3E1BoS
E8s5EfSeBux4yqKdimNlST7tHxWgJA4Yko+KrfwWaNvigKtY++GMdTECq1m3H8c1
q00c
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:03:18 2025 by rpki-client