Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/VXUi1gB0LcM99QxlQ1EIb5FpLGU.roa
File: VXUi1gB0LcM99QxlQ1EIb5FpLGU.roa (raw, json)
Hash identifier: uuqo9lo8y6N/9wg4+D3+bo/8c+gfr5pUkhFAb0C6Of0=
Subject key identifier: 55:75:22:D6:00:74:2D:C3:3D:F5:0C:65:43:51:08:6F:91:69:2C:65
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019D3E556D062AAD4BDF11A83C175CC0C86D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/VXUi1gB0LcM99QxlQ1EIb5FpLGU.roa
Signing time: Mon 30 Mar 2026 10:41:18 +0000
ROA not before: Mon 30 Mar 2026 10:41:18 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 137409
IP address blocks: 151.240.43.0/24 maxlen: 24
151.240.44.0/24 maxlen: 24
151.240.46.0/24 maxlen: 24
151.240.47.0/24 maxlen: 24
151.240.48.0/24 maxlen: 24
151.240.49.0/24 maxlen: 24
151.240.50.0/24 maxlen: 24
151.240.51.0/24 maxlen: 24
151.240.52.0/24 maxlen: 24
151.240.53.0/24 maxlen: 24
151.240.54.0/24 maxlen: 24
151.240.55.0/24 maxlen: 24
151.240.56.0/24 maxlen: 24
151.240.57.0/24 maxlen: 24
151.240.58.0/24 maxlen: 24
151.240.59.0/24 maxlen: 24
151.240.62.0/24 maxlen: 24
151.240.63.0/24 maxlen: 24
151.240.64.0/24 maxlen: 24
151.240.65.0/24 maxlen: 24
151.240.66.0/24 maxlen: 24
151.240.67.0/24 maxlen: 24
151.240.91.0/24 maxlen: 24
151.240.92.0/24 maxlen: 24
151.240.93.0/24 maxlen: 24
151.240.94.0/24 maxlen: 24
151.240.95.0/24 maxlen: 24
151.240.101.0/24 maxlen: 24
151.240.102.0/24 maxlen: 24
151.240.103.0/24 maxlen: 24
151.240.104.0/24 maxlen: 24
151.240.105.0/24 maxlen: 24
151.240.106.0/24 maxlen: 24
151.240.107.0/24 maxlen: 24
151.240.108.0/24 maxlen: 24
151.240.109.0/24 maxlen: 24
151.240.111.0/24 maxlen: 24
151.244.58.0/24 maxlen: 24
151.247.167.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 18:24:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:3e:55:6d:06:2a:ad:4b:df:11:a8:3c:17:5c:c0:c8:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Mar 30 10:41:18 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=557522d600742dc33df50c654351086f91692c65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:4b:e8:39:d8:78:48:cf:20:ba:20:59:d7:37:
38:e8:c4:2e:c5:33:84:27:5d:09:d2:10:67:3b:bb:
30:87:98:62:3a:c8:f3:8d:fa:ec:50:3c:58:e8:1e:
cc:da:32:34:95:67:dd:7b:07:71:7b:25:1e:5d:99:
28:39:77:34:f3:90:4d:d1:08:0b:ce:84:a9:a0:f9:
fc:50:5e:e6:be:c5:db:fb:28:6e:ac:07:5a:37:ca:
62:23:98:59:5a:a8:e8:2f:8d:79:24:10:59:1b:f6:
0e:31:fb:86:18:2e:d0:fe:c2:28:51:95:5d:83:59:
b0:11:a3:4f:5f:9f:d8:28:76:69:a6:ae:c0:bf:58:
e6:a0:fb:80:f7:0e:27:9d:72:f0:ba:1e:f8:db:9f:
2a:03:8b:27:e4:d2:8f:3b:9c:58:38:37:4d:c0:c1:
ce:8d:c3:fe:00:3a:f1:46:91:28:16:bd:83:d0:89:
75:a9:09:05:b8:cf:cf:ac:b9:bb:04:96:db:23:6f:
fe:ba:10:f2:90:7a:5d:2f:6d:bc:d5:6d:7f:94:5a:
21:19:1e:11:43:0d:c8:88:b6:a0:5e:04:92:e6:18:
ef:cf:b8:32:49:d8:c9:52:35:7b:b2:9a:a4:3f:30:
69:bc:1b:3a:51:da:b7:86:6c:81:77:aa:4f:af:4a:
0c:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:75:22:D6:00:74:2D:C3:3D:F5:0C:65:43:51:08:6F:91:69:2C:65
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/VXUi1gB0LcM99QxlQ1EIb5FpLGU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.43.0-151.240.44.255
151.240.46.0-151.240.59.255
151.240.62.0-151.240.67.255
151.240.91.0-151.240.95.255
151.240.101.0-151.240.109.255
151.240.111.0/24
151.244.58.0/24
151.247.167.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:66:19:31:36:6e:d4:6f:3a:f3:2b:6f:dc:64:15:9d:71:1a:
1b:e2:e2:cc:20:22:42:86:26:56:80:e1:80:a8:f8:ab:4c:84:
94:22:5e:d9:ff:7b:00:40:f7:60:81:4f:0e:1c:d7:5b:09:a5:
3a:68:28:48:0c:f1:03:26:43:df:91:2f:64:93:16:1f:06:34:
c5:e8:43:2a:79:31:35:7a:c6:ca:87:90:a9:f9:5e:55:a0:a5:
d9:32:44:f7:d5:0e:81:dd:25:78:93:dd:32:3b:e1:c9:65:b7:
ec:ee:2a:39:ce:e4:ca:29:8d:53:3f:61:7c:2a:f6:18:e6:31:
63:c3:c5:52:52:da:1d:84:16:46:3b:b8:c7:fe:76:97:c5:ca:
7d:71:e2:c8:9d:f5:b8:a2:6f:e9:b2:26:c5:99:de:68:0d:68:
4f:61:94:87:0d:7e:b5:1b:26:58:37:94:df:f7:75:07:40:b1:
78:07:64:2d:f3:bc:d0:40:05:74:00:b6:1e:f2:79:ca:e5:70:
16:e3:05:77:dc:f7:97:66:78:dd:b1:d7:18:92:04:05:30:a3:
33:5b:9c:a6:28:03:50:f2:96:b9:56:c7:e9:a0:ca:8a:a5:5d:
59:24:07:5d:cb:f7:11:80:86:9b:0e:7e:0a:44:e4:c3:65:2f:
b7:8e:5b:c8
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZ0+VW0GKq1L3xGoPBdcwMhtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzMwMTA0MTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTc1MjJkNjAwNzQyZGMzM2RmNTBjNjU0MzUxMDg2ZjkxNjkyYzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0voOdh4SM8guiBZ1zc46MQuxTOE
J10J0hBnO7swh5hiOsjzjfrsUDxY6B7M2jI0lWfdewdxeyUeXZkoOXc085BN0QgL
zoSpoPn8UF7mvsXb+yhurAdaN8piI5hZWqjoL415JBBZG/YOMfuGGC7Q/sIoUZVd
g1mwEaNPX5/YKHZppq7Av1jmoPuA9w4nnXLwuh74258qA4sn5NKPO5xYODdNwMHO
jcP+ADrxRpEoFr2D0Il1qQkFuM/PrLm7BJbbI2/+uhDykHpdL2281W1/lFohGR4R
Qw3IiLagXgSS5hjvz7gySdjJUjV7spqkPzBpvBs6Udq3hmyBd6pPr0oM1wIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFFV1ItYAdC3DPfUMZUNRCG+RaSxlMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvVlhVaTFnQjBMY005OVF4bFExRUliNUZwTEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYMAwDBACX8CsD
BACX8CwwDAMEAZfwLgMEApfwODAMAwQBl/A+AwQCl/BAMAwDBACX8FsDBAWX8EAw
DAMEAJfwZQMEAZfwbAMEAJfwbwMEAJf0OgMEAJf3pzANBgkqhkiG9w0BAQsFAAOC
AQEAoWYZMTZu1G868ytv3GQVnXEaG+LizCAiQoYmVoDhgKj4q0yElCJe2f97AED3
YIFPDhzXWwmlOmgoSAzxAyZD35EvZJMWHwY0xehDKnkxNXrGyoeQqfleVaCl2TJE
99UOgd0leJPdMjvhyWW37O4qOc7kyimNUz9hfCr2GOYxY8PFUlLaHYQWRju4x/52
l8XKfXHiyJ31uKJv6bImxZneaA1oT2GUhw1+tRsmWDeU3/d1B0CxeAdkLfO80EAF
dAC2HvJ5yuVwFuMFd9z3l2Z43bHXGJIEBTCjM1ucpigDUPKWuVbH6aDKiqVdWSQH
Xcv3EYCGmw5+CkTkw2Uvt45byA==
-----END CERTIFICATE-----
Generated at Fri Apr 17 04:00:25 2026 by rpki-client