Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Dp1blokWsLmHDLfv89rOjvXGCg0.roa
File: Dp1blokWsLmHDLfv89rOjvXGCg0.roa (raw, json)
Hash identifier: RsIGOj5aRFMrsREh5xSc4lebUvMdwJelHGNsQnnWiZg=
Subject key identifier: 0E:9D:5B:96:89:16:B0:B9:87:0C:B7:EF:F3:DA:CE:8E:F5:C6:0A:0D
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019A3F2F6CD36DA0AAEF9AD02ACD7BC7316C
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Dp1blokWsLmHDLfv89rOjvXGCg0.roa
Signing time: Sat 01 Nov 2025 11:31:03 +0000
ROA not before: Sat 01 Nov 2025 11:31:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 36530
IP address blocks: 151.240.14.0/24 maxlen: 24
151.241.128.0/22 maxlen: 24
151.241.218.0/24 maxlen: 24
151.242.4.0/24 maxlen: 24
151.242.14.0/24 maxlen: 24
151.242.17.0/24 maxlen: 24
151.242.27.0/24 maxlen: 24
151.242.32.0/24 maxlen: 24
151.242.139.0/24 maxlen: 24
151.243.44.0/24 maxlen: 24
151.243.115.0/24 maxlen: 24
151.243.181.0/24 maxlen: 24
151.244.3.0/24 maxlen: 24
151.244.128.0/24 maxlen: 24
151.244.130.0/24 maxlen: 24
151.244.236.0/24 maxlen: 24
151.245.86.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 10:39:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:3f:2f:6c:d3:6d:a0:aa:ef:9a:d0:2a:cd:7b:c7:31:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Nov 1 11:31:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0e9d5b968916b0b9870cb7eff3dace8ef5c60a0d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:01:aa:7c:8c:73:bc:9a:a5:a3:a8:ad:74:1a:
ca:50:6d:fc:8b:45:20:39:f1:9f:f7:66:80:1f:89:
52:67:ed:fe:9e:5f:e3:f0:45:1c:97:6c:da:26:fd:
43:b7:06:b9:f8:5d:b4:60:5c:3a:2f:10:f0:11:89:
cf:f4:e8:db:b7:a2:ba:d3:86:b8:e8:1b:70:60:39:
01:57:05:33:1c:cb:bf:99:76:1e:3b:b8:e6:a9:43:
37:63:7b:24:9e:ef:a7:20:94:c2:02:97:00:0b:ee:
db:4a:eb:8c:9a:65:73:de:52:4d:19:74:f2:6a:84:
54:dd:23:b0:01:46:03:70:2a:43:a6:5a:d0:66:f6:
35:44:6e:b3:c2:31:ec:33:77:54:aa:f2:f8:05:30:
a6:42:6e:94:de:eb:1f:e3:30:82:16:30:ed:68:b8:
ec:9b:5f:c3:e9:a1:6c:5d:86:22:61:7e:f8:4f:0a:
7e:fd:21:e8:02:cc:9f:62:12:23:eb:ae:92:ca:14:
9c:35:3f:cb:1b:e3:1a:b5:aa:0e:38:8b:14:1e:a0:
65:39:96:9f:bd:2a:75:bf:f5:c5:3c:3c:72:de:bc:
1b:4a:dd:ad:c1:f9:69:fd:b0:c7:6a:e4:1a:af:ca:
ae:e5:a6:3f:ff:b1:75:27:11:f5:f6:e7:26:d7:82:
ea:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:9D:5B:96:89:16:B0:B9:87:0C:B7:EF:F3:DA:CE:8E:F5:C6:0A:0D
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Dp1blokWsLmHDLfv89rOjvXGCg0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.14.0/24
151.241.128.0/22
151.241.218.0/24
151.242.4.0/24
151.242.14.0/24
151.242.17.0/24
151.242.27.0/24
151.242.32.0/24
151.242.139.0/24
151.243.44.0/24
151.243.115.0/24
151.243.181.0/24
151.244.3.0/24
151.244.128.0/24
151.244.130.0/24
151.244.236.0/24
151.245.86.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:ae:f8:49:a6:c8:cf:8f:16:1e:e8:5d:d8:41:1a:6f:10:ce:
1c:ed:da:bf:b0:6b:30:55:56:ad:bd:fa:31:5a:08:4d:f4:db:
e6:6c:f8:85:62:87:5b:9b:1f:fc:3e:92:5e:dd:42:66:fb:fb:
2a:a1:06:15:f9:80:b7:af:84:c0:03:a8:95:b5:e9:5e:30:ba:
79:e6:b8:85:9c:6c:1b:ef:59:d6:db:74:51:54:69:ab:f7:d1:
70:06:36:bf:0a:22:b7:ac:d3:6e:97:db:11:e4:42:37:b2:37:
fa:b5:5a:80:15:aa:16:b0:6e:df:9d:79:dd:7e:8b:f1:49:1a:
60:5e:2a:6d:df:0d:56:b2:38:c1:28:57:71:88:78:65:84:aa:
96:fb:e8:fa:ba:7c:c2:a1:64:6e:87:a1:9a:79:49:0a:62:c0:
aa:11:81:dd:88:bc:f3:cd:29:0f:54:bc:ab:0e:b7:ad:3e:c7:
0a:55:86:13:0d:1e:ce:3b:b3:3b:da:eb:5b:ea:fd:e8:fd:db:
ef:9c:ff:bd:0f:3a:78:fd:80:64:7d:c6:f0:20:f8:87:5c:0f:
7a:f9:8b:07:fb:d6:6e:8b:9c:5b:e9:9a:b0:1d:1e:16:2d:ac:
58:cf:96:20:a3:e7:c4:40:a9:e6:6c:5a:b6:a5:42:7c:bd:d0:
4b:e8:2c:4e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAZo/L2zTbaCq75rQKs17xzFsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMTAxMTEzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTlkNWI5Njg5MTZiMGI5ODcwY2I3ZWZmM2RhY2U4ZWY1YzYwYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAGqfIxzvJqlo6itdBrKUG38i0Ug
OfGf92aAH4lSZ+3+nl/j8EUcl2zaJv1Dtwa5+F20YFw6LxDwEYnP9Ojbt6K604a4
6BtwYDkBVwUzHMu/mXYeO7jmqUM3Y3sknu+nIJTCApcAC+7bSuuMmmVz3lJNGXTy
aoRU3SOwAUYDcCpDplrQZvY1RG6zwjHsM3dUqvL4BTCmQm6U3usf4zCCFjDtaLjs
m1/D6aFsXYYiYX74Twp+/SHoAsyfYhIj666SyhScNT/LG+MataoOOIsUHqBlOZaf
vSp1v/XFPDxy3rwbSt2twflp/bDHauQar8qu5aY//7F1JxH19ucm14LqXwIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFA6dW5aJFrC5hwy37/Pazo71xgoNMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRHAxYmxva1dzTG1IRExmdjg5ck9qdlhHQ2cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQAl/AOAwQC
l/GAAwQAl/HaAwQAl/IEAwQAl/IOAwQAl/IRAwQAl/IbAwQAl/IgAwQAl/KLAwQA
l/MsAwQAl/NzAwQAl/O1AwQAl/QDAwQAl/SAAwQAl/SCAwQAl/TsAwQAl/VWMA0G
CSqGSIb3DQEBCwUAA4IBAQCKrvhJpsjPjxYe6F3YQRpvEM4c7dq/sGswVVatvfox
WghN9NvmbPiFYodbmx/8PpJe3UJm+/sqoQYV+YC3r4TAA6iVteleMLp55riFnGwb
71nW23RRVGmr99FwBja/CiK3rNNul9sR5EI3sjf6tVqAFaoWsG7fnXndfovxSRpg
Xipt3w1WsjjBKFdxiHhlhKqW++j6unzCoWRuh6GaeUkKYsCqEYHdiLzzzSkPVLyr
DretPscKVYYTDR7OO7M72utb6v3o/dvvnP+9Dzp4/YBkfcbwIPiHXA96+YsH+9Zu
i5xb6ZqwHR4WLaxYz5Ygo+fEQKnmbFq2pUJ8vdBL6CxO
-----END CERTIFICATE-----
Generated at Wed Nov 5 15:28:32 2025 by rpki-client