Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/G7macZAEUtOJfzV5CchiKclxzlQ.roa
File: G7macZAEUtOJfzV5CchiKclxzlQ.roa (raw, json)
Hash identifier: su9EjN6FJVBZ2S6v003BM00E+6cZbjgDIT8TSDyHNU0=
Subject key identifier: 1B:B9:9A:71:90:04:52:D3:89:7F:35:79:09:C8:62:29:C9:71:CE:54
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019768BBDB7ACFE9E0F0D30DEB3FB17879B6
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/G7macZAEUtOJfzV5CchiKclxzlQ.roa
Signing time: Fri 13 Jun 2025 10:00:31 +0000
ROA not before: Fri 13 Jun 2025 10:00:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 151.240.128.0/21 maxlen: 24
151.240.136.0/21 maxlen: 24
151.241.132.0/22 maxlen: 22
151.242.56.0/24 maxlen: 24
151.243.8.0/23 maxlen: 23
151.243.204.0/23 maxlen: 23
151.244.16.0/21 maxlen: 21
151.245.56.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Jun 2025 10:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:68:bb:db:7a:cf:e9:e0:f0:d3:0d:eb:3f:b1:78:79:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Jun 13 10:00:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1bb99a71900452d3897f357909c86229c971ce54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:e2:da:2a:99:54:da:68:c6:c8:e8:f6:35:16:
9d:71:f1:88:47:bf:9b:7b:a2:14:03:dc:2f:ac:24:
99:f9:3c:e8:c2:da:3d:7b:f7:16:a8:e9:b6:16:8c:
4d:e0:47:03:2e:58:6b:89:17:07:9a:17:2a:c4:6b:
1b:a3:d0:a3:6d:9f:03:28:5d:45:8b:33:47:26:6e:
49:9b:77:12:e8:66:5b:a8:80:48:5c:75:f0:a4:32:
14:28:2b:fc:49:68:66:97:7e:7d:2e:b2:aa:1a:77:
50:66:19:91:1c:4a:3d:25:ac:b7:51:73:8e:b1:80:
62:06:e2:bb:b9:23:69:a5:d5:74:00:fd:9e:bd:ea:
4b:07:76:6e:da:87:ea:2a:10:f5:da:10:52:6c:75:
79:69:ff:f1:48:39:8d:ce:df:92:2e:80:db:c3:67:
dd:ac:c6:dd:3d:cc:51:8f:32:8f:d9:76:a1:94:ea:
e5:c5:0e:90:66:c6:59:f4:15:39:dc:05:6e:25:00:
4e:b9:0c:ec:67:ac:aa:48:80:85:b5:8f:b4:87:74:
31:f0:39:53:12:e7:af:37:4f:ba:52:ea:de:0b:79:
9e:60:48:18:fc:c0:20:fd:60:35:f9:8e:fb:b6:a0:
90:39:3e:39:e7:e1:09:32:2e:ee:7f:7e:09:4a:46:
78:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:B9:9A:71:90:04:52:D3:89:7F:35:79:09:C8:62:29:C9:71:CE:54
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/G7macZAEUtOJfzV5CchiKclxzlQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.128.0/20
151.241.132.0/22
151.242.56.0/24
151.243.8.0/23
151.243.204.0/23
151.244.16.0/21
151.245.56.0/22
Signature Algorithm: sha256WithRSAEncryption
43:f7:c2:2e:79:1e:2f:b2:f0:88:32:a8:49:af:e9:08:cf:3c:
7d:43:7a:8a:b3:0e:70:1a:3a:c2:1f:f2:a2:09:a1:be:1d:ff:
37:3d:42:6f:d9:bf:ee:3b:f3:85:02:7c:ca:53:e7:0f:b1:ce:
c0:ae:e2:5f:bb:7c:4b:51:38:cf:d9:c7:cc:53:32:14:e8:54:
1a:86:bf:55:f2:80:0b:67:38:26:0f:87:02:5a:7a:e6:60:2b:
7f:94:13:07:b4:b7:ee:7e:f1:00:3e:83:61:90:b0:86:f5:1b:
c6:44:a3:85:d3:90:bb:dc:08:46:29:74:cd:c0:fc:f5:76:63:
2c:4d:22:5a:d8:56:e2:70:1a:47:e7:33:44:4e:0e:42:b4:18:
8f:27:12:2d:b3:05:24:db:a9:c3:f7:37:69:4f:e5:6b:ca:2f:
01:c8:cb:76:72:69:9d:10:70:b3:1f:ec:5d:7b:6b:ac:58:b8:
97:60:9f:8d:96:8a:82:a1:30:fb:bd:23:d2:ec:62:23:65:ba:
ab:4d:06:db:2a:b4:a5:34:b0:8f:00:84:81:5e:65:5f:c5:13:
05:f4:9f:e4:9c:5e:70:d7:3e:a4:8a:26:fd:5e:7b:ae:bd:40:
00:4a:26:e5:ce:cc:d9:8f:94:89:f4:2b:17:3c:f2:de:81:16:
e3:a7:b8:e0
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZdou9t6z+ng8NMN6z+xeHm2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjEzMTAwMDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmI5OWE3MTkwMDQ1MmQzODk3ZjM1NzkwOWM4NjIyOWM5NzFjZTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOLaKplU2mjGyOj2NRadcfGIR7+b
e6IUA9wvrCSZ+Tzowto9e/cWqOm2FoxN4EcDLlhriRcHmhcqxGsbo9CjbZ8DKF1F
izNHJm5Jm3cS6GZbqIBIXHXwpDIUKCv8SWhml359LrKqGndQZhmRHEo9Jay3UXOO
sYBiBuK7uSNppdV0AP2evepLB3Zu2ofqKhD12hBSbHV5af/xSDmNzt+SLoDbw2fd
rMbdPcxRjzKP2XahlOrlxQ6QZsZZ9BU53AVuJQBOuQzsZ6yqSICFtY+0h3Qx8DlT
EuevN0+6UureC3meYEgY/MAg/WA1+Y77tqCQOT455+EJMi7uf34JSkZ4qwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFBu5mnGQBFLTiX81eQnIYinJcc5UMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRzdtYWNaQUVVdE9KZnpWNUNjaGlLY2x4emxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQEl/CAAwQC
l/GEAwQAl/I4AwQBl/MIAwQBl/PMAwQDl/QQAwQCl/U4MA0GCSqGSIb3DQEBCwUA
A4IBAQBD98IueR4vsvCIMqhJr+kIzzx9Q3qKsw5wGjrCH/KiCaG+Hf83PUJv2b/u
O/OFAnzKU+cPsc7AruJfu3xLUTjP2cfMUzIU6FQahr9V8oALZzgmD4cCWnrmYCt/
lBMHtLfufvEAPoNhkLCG9RvGRKOF05C73AhGKXTNwPz1dmMsTSJa2FbicBpH5zNE
Tg5CtBiPJxItswUk26nD9zdpT+Vryi8ByMt2cmmdEHCzH+xde2usWLiXYJ+NloqC
oTD7vSPS7GIjZbqrTQbbKrSlNLCPAISBXmVfxRMF9J/knF5w1z6kiib9XnuuvUAA
SiblzszZj5SJ9CsXPPLegRbjp7jg
-----END CERTIFICATE-----
Generated at Sat Jun 14 19:09:32 2025 by rpki-client