Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9U4oKh0fnZHZlXH25JRdDolvs4o.roa
File: 9U4oKh0fnZHZlXH25JRdDolvs4o.roa (raw, json)
Hash identifier: pMmHEBR4UYtJ1gM/jstsl2q/cPqZnSEp/pquqgGCJ2U=
Subject key identifier: F5:4E:28:2A:1D:1F:9D:91:D9:95:71:F6:E4:94:5D:0E:89:6F:B3:8A
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019D4CC589C2BF875E8417E4DA70D6754B1F
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9U4oKh0fnZHZlXH25JRdDolvs4o.roa
Signing time: Thu 02 Apr 2026 05:58:27 +0000
ROA not before: Thu 02 Apr 2026 05:58:27 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 57043
IP address blocks: 151.241.109.0/24 maxlen: 24
151.241.155.0/24 maxlen: 24
151.241.215.0/24 maxlen: 24
151.241.216.0/24 maxlen: 24
151.241.217.0/24 maxlen: 24
151.241.221.0/24 maxlen: 24
151.241.226.0/24 maxlen: 24
151.241.227.0/24 maxlen: 24
151.241.228.0/24 maxlen: 24
151.241.229.0/24 maxlen: 24
151.241.234.0/24 maxlen: 24
151.242.88.0/24 maxlen: 24
151.243.3.0/24 maxlen: 24
151.243.145.0/24 maxlen: 24
151.243.169.0/24 maxlen: 24
151.243.171.0/24 maxlen: 24
151.243.173.0/24 maxlen: 24
151.243.176.0/24 maxlen: 24
151.243.177.0/24 maxlen: 24
151.243.180.0/24 maxlen: 24
151.243.181.0/24 maxlen: 24
151.243.182.0/24 maxlen: 24
151.243.190.0/24 maxlen: 24
151.243.191.0/24 maxlen: 24
151.243.196.0/24 maxlen: 24
151.243.198.0/23 maxlen: 24
151.243.198.0/24 maxlen: 24
151.243.199.0/24 maxlen: 24
151.243.208.0/24 maxlen: 24
151.243.209.0/24 maxlen: 24
151.243.212.0/24 maxlen: 24
151.243.217.0/24 maxlen: 24
151.243.224.0/24 maxlen: 24
151.243.225.0/24 maxlen: 24
151.243.232.0/24 maxlen: 24
151.243.245.0/24 maxlen: 24
151.243.247.0/24 maxlen: 24
151.245.92.0/24 maxlen: 24
151.245.136.0/24 maxlen: 24
151.245.137.0/24 maxlen: 24
151.245.139.0/24 maxlen: 24
151.245.140.0/24 maxlen: 24
151.245.216.0/24 maxlen: 24
151.245.217.0/24 maxlen: 24
151.245.218.0/23 maxlen: 24
151.247.196.0/24 maxlen: 24
151.247.197.0/24 maxlen: 24
151.247.208.0/24 maxlen: 24
151.247.209.0/24 maxlen: 24
151.247.219.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 18:24:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:4c:c5:89:c2:bf:87:5e:84:17:e4:da:70:d6:75:4b:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Apr 2 05:58:27 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=f54e282a1d1f9d91d99571f6e4945d0e896fb38a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:5a:e8:74:ad:37:af:48:6a:35:9d:a8:08:fb:
0f:7e:fc:05:00:32:96:05:ea:03:97:17:3c:57:cd:
1d:d7:26:f6:71:da:22:cd:0b:cf:5a:2d:ea:dd:b5:
3d:76:fd:67:cd:09:a0:11:7c:f5:b6:6f:b5:30:ce:
99:03:b1:3b:bb:7b:c8:e5:cf:c1:89:d5:c0:d0:dd:
8a:ea:2c:99:de:a7:9f:4d:7c:3d:cd:d7:e7:72:ac:
0e:23:7e:d4:f6:64:e4:b4:98:41:a2:e9:30:35:3a:
76:bc:a4:10:d5:fb:4a:f3:36:f8:92:cd:01:2e:a8:
54:69:c0:5d:a1:2a:8c:71:48:fd:8e:be:6a:0d:9b:
fc:dd:8a:02:0e:e8:c9:c6:64:de:f4:c4:7a:9a:b7:
b2:1b:2c:04:55:cb:f9:f3:5a:18:1a:8f:83:0c:c1:
fc:e1:fa:5e:c7:8c:c4:22:0c:c5:cc:82:05:cb:a7:
55:9d:43:35:69:17:f4:ff:36:98:c2:56:b7:c7:a6:
58:2f:1c:90:39:e7:fc:13:0e:02:c3:0d:14:6e:0d:
f6:f1:25:cd:e1:e0:ab:51:8c:ad:08:fe:84:bb:95:
37:07:ed:53:6e:b8:fd:77:77:a4:88:15:47:98:de:
f4:7d:85:c4:f3:27:26:49:3e:b8:80:ef:6a:3b:c7:
e4:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:4E:28:2A:1D:1F:9D:91:D9:95:71:F6:E4:94:5D:0E:89:6F:B3:8A
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/9U4oKh0fnZHZlXH25JRdDolvs4o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.241.109.0/24
151.241.155.0/24
151.241.215.0-151.241.217.255
151.241.221.0/24
151.241.226.0-151.241.229.255
151.241.234.0/24
151.242.88.0/24
151.243.3.0/24
151.243.145.0/24
151.243.169.0/24
151.243.171.0/24
151.243.173.0/24
151.243.176.0/23
151.243.180.0-151.243.182.255
151.243.190.0/23
151.243.196.0/24
151.243.198.0/23
151.243.208.0/23
151.243.212.0/24
151.243.217.0/24
151.243.224.0/23
151.243.232.0/24
151.243.245.0/24
151.243.247.0/24
151.245.92.0/24
151.245.136.0/23
151.245.139.0-151.245.140.255
151.245.216.0/22
151.247.196.0/23
151.247.208.0/23
151.247.219.0/24
Signature Algorithm: sha256WithRSAEncryption
72:13:10:8f:45:7d:83:dc:95:3a:5c:ef:68:cc:d4:4c:75:c5:
28:f8:0a:84:44:33:b2:5b:ff:7d:0b:bd:e5:6c:a8:95:77:4f:
f9:45:e7:40:d2:8b:b7:2c:5e:7f:55:26:1d:b6:20:7d:4f:70:
b4:37:bf:41:7b:25:6c:bc:22:fd:bc:8a:50:3b:c9:a0:4c:6c:
a0:8f:f2:a7:a8:49:c2:5f:4b:8b:79:f8:fc:9e:1e:fc:36:e9:
c1:9b:19:46:b5:61:cc:68:98:c2:20:1f:f1:8f:c9:6c:d9:e9:
f4:ba:d2:f6:dd:09:d4:15:e5:b3:e8:0c:d4:d0:37:08:48:80:
5f:8c:6c:33:70:2b:70:0c:f8:df:ab:61:0a:40:86:a3:11:2a:
1b:9c:84:5f:6c:54:9b:ae:7d:73:18:0b:49:d8:81:aa:58:e5:
ad:54:e0:5e:23:e6:ff:57:da:a8:3e:b4:e5:29:b6:da:1e:a2:
c2:80:a0:95:ac:66:9b:a5:92:7b:82:dc:f7:fe:d6:70:c3:54:
38:ac:41:0e:e0:6c:b7:b3:54:a7:ab:fe:76:94:65:c6:5a:be:
f4:61:4b:c9:05:e5:77:9b:39:30:0c:83:f8:3b:93:7a:cd:d4:
88:63:38:71:c6:83:06:55:df:40:42:d7:4c:69:b7:24:d4:ca:
7e:ec:37:83
-----BEGIN CERTIFICATE-----
MIIF1jCCBL6gAwIBAgISAZ1MxYnCv4dehBfk2nDWdUsfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDAyMDU1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTRlMjgyYTFkMWY5ZDkxZDk5NTcxZjZlNDk0NWQwZTg5NmZiMzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlrodK03r0hqNZ2oCPsPfvwFADKW
BeoDlxc8V80d1yb2cdoizQvPWi3q3bU9dv1nzQmgEXz1tm+1MM6ZA7E7u3vI5c/B
idXA0N2K6iyZ3qefTXw9zdfncqwOI37U9mTktJhBoukwNTp2vKQQ1ftK8zb4ks0B
LqhUacBdoSqMcUj9jr5qDZv83YoCDujJxmTe9MR6mreyGywEVcv581oYGo+DDMH8
4fpex4zEIgzFzIIFy6dVnUM1aRf0/zaYwla3x6ZYLxyQOef8Ew4Cww0Ubg328SXN
4eCrUYytCP6Eu5U3B+1Tbrj9d3ekiBVHmN70fYXE8ycmST64gO9qO8fkwQIDAQAB
o4IC4jCCAt4wHQYDVR0OBBYEFPVOKCodH52R2ZVx9uSUXQ6Jb7OKMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvOVU0b0toMGZuWkhabFhIMjVKUmREb2x2czRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH3BggrBgEFBQcBBwEB/wSB5zCB5DCB4QQCAAEwgdoDBACX
8W0DBACX8ZswDAMEAJfx1wMEAZfx2AMEAJfx3TAMAwQBl/HiAwQBl/HkAwQAl/Hq
AwQAl/JYAwQAl/MDAwQAl/ORAwQAl/OpAwQAl/OrAwQAl/OtAwQBl/OwMAwDBAKX
87QDBACX87YDBAGX874DBACX88QDBAGX88YDBAGX89ADBACX89QDBACX89kDBAGX
8+ADBACX8+gDBACX8/UDBACX8/cDBACX9VwDBAGX9YgwDAMEAJf1iwMEAJf1jAME
Apf12AMEAZf3xAMEAZf30AMEAJf32zANBgkqhkiG9w0BAQsFAAOCAQEAchMQj0V9
g9yVOlzvaMzUTHXFKPgKhEQzslv/fQu95WyolXdP+UXnQNKLtyxef1UmHbYgfU9w
tDe/QXslbLwi/byKUDvJoExsoI/yp6hJwl9Li3n4/J4e/DbpwZsZRrVhzGiYwiAf
8Y/JbNnp9LrS9t0J1BXls+gM1NA3CEiAX4xsM3ArcAz436thCkCGoxEqG5yEX2xU
m659cxgLSdiBqljlrVTgXiPm/1faqD605Sm22h6iwoCglaxmm6WSe4Lc9/7WcMNU
OKxBDuBst7NUp6v+dpRlxlq+9GFLyQXld5s5MAyD+DuTes3UiGM4ccaDBlXfQELX
TGm3JNTKfuw3gw==
-----END CERTIFICATE-----
Generated at Fri Apr 17 03:37:56 2026 by rpki-client