Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qgQ281M0GYeUQSxcVsa3KsQYyNw.roa
File: qgQ281M0GYeUQSxcVsa3KsQYyNw.roa (raw, json)
Hash identifier: LOoTUFYCrpwDbPrED/Jr31ECPuEPH/34Opic4LttXQU=
Subject key identifier: AA:04:36:F3:53:34:19:87:94:41:2C:5C:56:C6:B7:2A:C4:18:C8:DC
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0199CE25F869FDC10AB3D21ED938B381F6E5
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qgQ281M0GYeUQSxcVsa3KsQYyNw.roa
Signing time: Fri 10 Oct 2025 12:43:38 +0000
ROA not before: Fri 10 Oct 2025 12:43:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 23470
IP address blocks: 151.243.162.0/24 maxlen: 24
151.243.168.0/24 maxlen: 24
151.243.254.0/24 maxlen: 24
151.245.32.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 11:18:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ce:25:f8:69:fd:c1:0a:b3:d2:1e:d9:38:b3:81:f6:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Oct 10 12:43:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aa0436f35334198794412c5c56c6b72ac418c8dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:30:d0:de:93:41:f7:0f:a2:0b:0f:d9:97:40:
ae:cd:5a:10:08:f6:40:1d:20:63:8f:af:e2:1d:49:
c2:91:26:81:48:5e:05:60:f6:52:48:20:06:38:0d:
01:2b:e4:b1:04:24:7d:25:fa:f5:cd:ed:ce:bf:da:
54:e4:87:63:79:56:70:18:19:88:ad:97:2f:d6:0d:
59:5f:bb:5b:f2:23:35:4a:b7:78:96:03:86:0e:d2:
63:17:5a:9b:a3:3c:b5:71:c5:0a:27:9c:42:c6:71:
b6:c1:72:44:e6:01:a5:6d:df:72:fc:89:55:7c:95:
ec:b9:de:56:b8:06:6e:36:eb:2a:bb:31:6e:d1:b4:
54:11:24:31:65:b5:74:49:80:40:51:26:fb:5f:1c:
fb:d6:6d:49:4a:7e:45:43:6f:2e:ac:8c:0b:00:14:
52:45:30:5f:04:2b:15:51:91:bd:7a:6e:05:5d:4f:
d3:fd:ce:12:a6:d0:86:83:2d:d3:51:a4:ca:d3:e4:
a2:c7:f4:61:e5:7c:7c:10:0e:a8:0f:89:3c:45:59:
79:26:9d:67:eb:f4:42:7a:88:19:21:88:bb:89:af:
09:e6:20:c0:42:3e:be:84:83:f8:05:78:ec:1d:cd:
73:66:18:0c:c1:e4:3b:89:d9:b7:3d:46:d3:21:05:
e2:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:04:36:F3:53:34:19:87:94:41:2C:5C:56:C6:B7:2A:C4:18:C8:DC
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qgQ281M0GYeUQSxcVsa3KsQYyNw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.243.162.0/24
151.243.168.0/24
151.243.254.0/24
151.245.32.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:72:61:02:c6:da:bb:af:d3:db:c3:67:2e:be:fa:76:ce:bb:
d4:18:71:1b:6d:04:85:2a:0a:21:28:ea:d7:2f:39:04:8f:1d:
63:58:59:a8:d6:40:3c:75:a0:3c:71:98:59:02:a2:16:0a:b2:
38:81:5b:0a:74:78:ad:01:f0:c2:54:26:76:6e:51:01:db:2a:
a0:3d:e2:a3:c6:ca:f1:61:73:13:9c:c6:59:38:33:91:71:42:
bb:fe:7c:08:56:29:67:e6:bd:94:f8:0d:2c:72:10:a4:cc:9b:
a4:95:34:a3:16:0a:1c:3f:80:37:08:6d:c5:76:bd:99:bf:9e:
fc:9b:27:ce:72:05:70:9e:e2:a9:7e:61:5e:ca:b0:4b:64:bc:
59:43:d2:01:1e:42:8b:44:eb:35:fe:b6:4c:61:b5:80:ec:c2:
b4:af:d2:90:28:7a:04:db:e1:ac:df:91:f5:2c:ca:f5:73:c2:
2c:8d:77:21:51:e7:6f:c0:ae:c3:42:40:76:92:a1:2f:c8:fa:
0e:20:cc:4b:b3:a3:d8:60:57:95:b5:2a:52:20:ed:97:db:56:
69:39:a9:8f:48:23:91:8e:a9:fb:e9:4d:4c:25:21:af:1a:d9:
df:cb:6c:f3:42:37:8d:75:42:bb:57:f4:bb:97:6d:a1:3d:ef:
d6:38:32:66
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZnOJfhp/cEKs9Ie2TizgfblMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMDEwMTI0MzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTA0MzZmMzUzMzQxOTg3OTQ0MTJjNWM1NmM2YjcyYWM0MThjOGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjDQ3pNB9w+iCw/Zl0CuzVoQCPZA
HSBjj6/iHUnCkSaBSF4FYPZSSCAGOA0BK+SxBCR9Jfr1ze3Ov9pU5IdjeVZwGBmI
rZcv1g1ZX7tb8iM1Srd4lgOGDtJjF1qbozy1ccUKJ5xCxnG2wXJE5gGlbd9y/IlV
fJXsud5WuAZuNusquzFu0bRUESQxZbV0SYBAUSb7Xxz71m1JSn5FQ28urIwLABRS
RTBfBCsVUZG9em4FXU/T/c4SptCGgy3TUaTK0+Six/Rh5Xx8EA6oD4k8RVl5Jp1n
6/RCeogZIYi7ia8J5iDAQj6+hIP4BXjsHc1zZhgMweQ7idm3PUbTIQXi2wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKoENvNTNBmHlEEsXFbGtyrEGMjcMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcWdRMjgxTTBHWWVVUVN4Y1ZzYTNLc1FZeU53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAl/OiAwQA
l/OoAwQAl/P+AwQAl/UgMA0GCSqGSIb3DQEBCwUAA4IBAQALcmECxtq7r9Pbw2cu
vvp2zrvUGHEbbQSFKgohKOrXLzkEjx1jWFmo1kA8daA8cZhZAqIWCrI4gVsKdHit
AfDCVCZ2blEB2yqgPeKjxsrxYXMTnMZZODORcUK7/nwIViln5r2U+A0schCkzJuk
lTSjFgocP4A3CG3Fdr2Zv578myfOcgVwnuKpfmFeyrBLZLxZQ9IBHkKLROs1/rZM
YbWA7MK0r9KQKHoE2+Gs35H1LMr1c8IsjXchUedvwK7DQkB2kqEvyPoOIMxLs6PY
YFeVtSpSIO2X21ZpOamPSCORjqn76U1MJSGvGtnfy2zzQjeNdUK7V/S7l22hPe/W
ODJm
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:06:22 2025 by rpki-client