Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/DQ8zu1joNc1rRMj2c76mejKgZYc.roa
File: DQ8zu1joNc1rRMj2c76mejKgZYc.roa (raw, json)
Hash identifier: Ndj5lA9FJ2tKLHY7rSBybsx8DWWJ75IEz/maMjW3pks=
Subject key identifier: 0D:0F:33:BB:58:E8:35:CD:6B:44:C8:F6:73:BE:A6:7A:32:A0:65:87
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019C8EB6C43A450648A44727A1D3A21B3DAC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/DQ8zu1joNc1rRMj2c76mejKgZYc.roa
Signing time: Tue 24 Feb 2026 08:14:28 +0000
ROA not before: Tue 24 Feb 2026 08:14:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 16509
IP address blocks: 151.240.128.0/21 maxlen: 24
151.240.136.0/21 maxlen: 24
151.240.145.0/24 maxlen: 24
151.240.171.0/24 maxlen: 24
151.241.105.0/24 maxlen: 24
151.241.106.0/24 maxlen: 24
151.241.107.0/24 maxlen: 24
151.241.132.0/22 maxlen: 22
151.242.56.0/24 maxlen: 24
151.242.70.0/24 maxlen: 24
151.242.71.0/24 maxlen: 24
151.242.135.0/24 maxlen: 24
151.243.8.0/23 maxlen: 23
151.243.204.0/23 maxlen: 23
151.244.56.0/24 maxlen: 24
151.245.2.0/24 maxlen: 24
151.245.22.0/24 maxlen: 24
151.245.56.0/22 maxlen: 22
151.245.185.0/24 maxlen: 24
151.245.187.0/24 maxlen: 24
151.245.188.0/24 maxlen: 24
151.246.8.0/21 maxlen: 24
151.247.41.0/24 maxlen: 24
151.247.44.0/24 maxlen: 24
151.247.45.0/24 maxlen: 24
151.247.75.0/24 maxlen: 24
151.247.77.0/24 maxlen: 24
151.247.78.0/24 maxlen: 24
151.247.102.0/24 maxlen: 24
151.247.133.0/24 maxlen: 24
151.247.134.0/24 maxlen: 24
151.247.135.0/24 maxlen: 24
151.247.231.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:8e:b6:c4:3a:45:06:48:a4:47:27:a1:d3:a2:1b:3d:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Feb 24 08:14:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=0d0f33bb58e835cd6b44c8f673bea67a32a06587
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:8b:dc:46:ec:2b:ce:c8:fd:66:fd:83:d3:18:
0f:90:c2:5e:e9:0b:e4:d4:6b:6b:23:45:73:73:9b:
9e:9b:22:98:62:e8:29:bf:eb:d7:f5:08:15:e0:ca:
d4:a9:44:d9:85:30:56:17:9d:eb:19:b9:01:1a:d3:
ed:72:83:05:ea:0b:96:64:30:75:fa:90:1b:ae:15:
58:56:69:d2:b0:3f:91:64:71:32:15:05:28:a7:12:
29:8d:cb:f8:56:50:e9:70:33:e2:6b:02:5b:7c:85:
1e:af:08:97:27:3b:61:dd:a9:ca:98:9c:7a:59:f8:
0a:28:77:b7:c1:c0:cf:6b:ea:00:b4:58:79:5e:79:
00:e9:13:c2:f1:7f:7a:cd:36:82:db:eb:d3:34:7b:
1e:5f:11:0b:04:8b:75:15:77:c5:c4:fc:95:9e:05:
e7:fe:a2:f8:41:ac:12:6c:15:61:96:c9:e9:a3:38:
27:12:5a:fd:12:c7:89:3f:5c:ea:d6:cf:e4:44:57:
87:c4:dc:55:c8:48:54:02:ea:a2:2c:f9:4f:36:dc:
8f:53:11:60:f2:92:6f:6e:3d:4b:01:83:87:a7:e2:
07:45:28:bb:27:5e:84:ff:ad:9d:30:2a:b7:fb:97:
23:bb:46:52:2d:e2:1f:e2:31:ae:16:5e:42:c2:ac:
29:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:0F:33:BB:58:E8:35:CD:6B:44:C8:F6:73:BE:A6:7A:32:A0:65:87
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/DQ8zu1joNc1rRMj2c76mejKgZYc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.128.0/20
151.240.145.0/24
151.240.171.0/24
151.241.105.0-151.241.107.255
151.241.132.0/22
151.242.56.0/24
151.242.70.0/23
151.242.135.0/24
151.243.8.0/23
151.243.204.0/23
151.244.56.0/24
151.245.2.0/24
151.245.22.0/24
151.245.56.0/22
151.245.185.0/24
151.245.187.0-151.245.188.255
151.246.8.0/21
151.247.41.0/24
151.247.44.0/23
151.247.75.0/24
151.247.77.0-151.247.78.255
151.247.102.0/24
151.247.133.0-151.247.135.255
151.247.231.0/24
Signature Algorithm: sha256WithRSAEncryption
97:c6:9c:31:3f:b7:4c:58:77:0d:f0:ac:c3:c0:99:c7:db:a2:
b9:5f:05:a2:13:73:7c:04:10:71:e7:a2:fb:04:b7:56:74:62:
d4:b9:f3:66:4e:c8:be:8f:a7:52:4b:56:a5:85:a5:86:5c:c5:
58:04:af:47:4e:0a:6a:91:a2:36:39:ae:4b:fe:47:4e:c9:d7:
81:c2:8e:06:6e:a2:f3:a9:75:37:03:54:ac:a2:f2:3a:cb:a0:
f8:25:ca:c7:17:2c:cb:5d:a1:0c:37:72:0b:bf:18:0a:a5:aa:
62:29:4b:91:87:3c:54:55:d0:f9:72:43:bc:4d:dd:8c:84:14:
76:7d:11:92:a0:57:c3:29:9f:3b:dd:a6:22:8a:d2:11:77:87:
c8:38:c4:e5:8a:9f:17:84:59:c5:7f:73:a8:09:62:66:e7:80:
c6:b3:79:c3:0e:4b:44:38:87:44:6c:9b:d4:a0:af:2e:11:29:
99:01:6e:1f:e2:04:f7:8a:1d:30:cd:71:85:3c:76:fc:8d:aa:
9b:6d:0c:ab:6a:06:32:54:ae:e2:5d:10:a5:59:67:49:4a:e0:
27:af:1d:87:4f:64:97:dc:06:d0:56:14:21:65:c2:8b:58:7e:
4d:c4:46:13:8c:5c:3b:0f:ba:cf:b1:ce:76:4a:23:01:75:a9:
b7:99:29:e9
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAZyOtsQ6RQZIpEcnodOiGz2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMjI0MDgxNDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDBmMzNiYjU4ZTgzNWNkNmI0NGM4ZjY3M2JlYTY3YTMyYTA2NTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24vcRuwrzsj9Zv2D0xgPkMJe6Qvk
1GtrI0Vzc5uemyKYYugpv+vX9QgV4MrUqUTZhTBWF53rGbkBGtPtcoMF6guWZDB1
+pAbrhVYVmnSsD+RZHEyFQUopxIpjcv4VlDpcDPiawJbfIUerwiXJzth3anKmJx6
WfgKKHe3wcDPa+oAtFh5XnkA6RPC8X96zTaC2+vTNHseXxELBIt1FXfFxPyVngXn
/qL4QawSbBVhlsnpozgnElr9EseJP1zq1s/kRFeHxNxVyEhUAuqiLPlPNtyPUxFg
8pJvbj1LAYOHp+IHRSi7J16E/62dMCq3+5cju0ZSLeIf4jGuFl5CwqwpoQIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFA0PM7tY6DXNa0TI9nO+pnoyoGWHMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRFE4enUxam9OYzFyUk1qMmM3Nm1laktnWlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbADBASX
8IADBACX8JEDBACX8KswDAMEAJfxaQMEApfxaAMEApfxhAMEAJfyOAMEAZfyRgME
AJfyhwMEAZfzCAMEAZfzzAMEAJf0OAMEAJf1AgMEAJf1FgMEApf1OAMEAJf1uTAM
AwQAl/W7AwQAl/W8AwQDl/YIAwQAl/cpAwQBl/csAwQAl/dLMAwDBACX900DBACX
904DBACX92YwDAMEAJf3hQMEA5f3gAMEAJf35zANBgkqhkiG9w0BAQsFAAOCAQEA
l8acMT+3TFh3DfCsw8CZx9uiuV8FohNzfAQQceei+wS3VnRi1LnzZk7Ivo+nUktW
pYWlhlzFWASvR04KapGiNjmuS/5HTsnXgcKOBm6i86l1NwNUrKLyOsug+CXKxxcs
y12hDDdyC78YCqWqYilLkYc8VFXQ+XJDvE3djIQUdn0RkqBXwymfO92mIorSEXeH
yDjE5YqfF4RZxX9zqAliZueAxrN5ww5LRDiHRGyb1KCvLhEpmQFuH+IE94odMM1x
hTx2/I2qm20Mq2oGMlSu4l0QpVlnSUrgJ68dh09kl9wG0FYUIWXCi1h+TcRGE4xc
Ow+6z7HOdkojAXWpt5kp6Q==
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:05:10 2026 by rpki-client