Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ZW3SS7w_Fki77qwS2alYQccZ-5A.roa
File: ZW3SS7w_Fki77qwS2alYQccZ-5A.roa (raw, json)
Hash identifier: GUwaK+x72REdpUXuhrPJbiMzJPU0qQRuxf8pDA9G1/g=
Subject key identifier: 65:6D:D2:4B:BC:3F:16:48:BB:EE:AC:12:D9:A9:58:41:C7:19:FB:90
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019A3DB7239A11529264970FDA4AEEFE23CF
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ZW3SS7w_Fki77qwS2alYQccZ-5A.roa
Signing time: Sat 01 Nov 2025 04:40:03 +0000
ROA not before: Sat 01 Nov 2025 04:40:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 984
IP address blocks: 151.240.146.0/24 maxlen: 24
151.241.153.0/24 maxlen: 24
151.242.54.0/24 maxlen: 24
151.243.17.0/24 maxlen: 24
151.243.107.0/24 maxlen: 24
151.243.108.0/24 maxlen: 24
151.244.16.0/21 maxlen: 24
151.244.34.0/24 maxlen: 24
151.244.168.0/23 maxlen: 24
151.244.216.0/23 maxlen: 24
151.244.218.0/24 maxlen: 24
151.245.183.0/24 maxlen: 24
151.246.48.0/21 maxlen: 24
151.246.56.0/21 maxlen: 24
151.246.80.0/21 maxlen: 24
151.246.88.0/21 maxlen: 24
151.246.96.0/21 maxlen: 24
151.246.112.0/21 maxlen: 24
151.247.171.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 16:49:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:3d:b7:23:9a:11:52:92:64:97:0f:da:4a:ee:fe:23:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Nov 1 04:40:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=656dd24bbc3f1648bbeeac12d9a95841c719fb90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:d5:88:0c:4c:88:53:9f:fb:cc:b2:e6:e3:50:
45:6f:5e:65:5d:8c:05:5b:44:34:eb:b3:6e:be:b4:
c2:30:ef:42:12:5f:55:cf:92:4c:f4:f8:42:13:0d:
18:99:3c:a4:5f:10:53:1a:2d:ab:24:34:62:ec:81:
e9:a4:80:56:3a:ea:3f:8a:41:13:50:2b:ce:be:4c:
89:01:b5:5c:7a:7b:08:7e:6c:70:5a:36:e4:04:a5:
dc:66:ba:a9:b4:f7:a8:72:56:56:0a:37:26:ed:cf:
17:48:fe:80:3d:50:39:72:54:2e:08:87:d7:c7:ae:
4d:2a:b8:cb:94:20:64:8f:2b:c0:3f:63:ae:d8:08:
25:74:5b:76:1c:d7:d1:e8:b5:6d:19:3b:f8:72:30:
71:4a:d8:10:07:ce:63:82:8f:9e:86:91:0e:f3:1b:
0b:bc:81:13:d0:73:0d:b7:ab:f1:a2:3b:6b:22:cf:
f7:7d:1b:74:2c:ac:96:5c:da:dd:76:58:8b:df:b4:
91:27:32:0c:53:08:64:48:77:5d:97:31:2e:12:28:
71:58:b2:5e:ae:65:a8:b4:1b:ee:d2:8b:ea:c7:76:
ea:52:87:ee:16:0a:1c:09:94:3d:ab:40:c4:3e:de:
45:60:95:49:48:f5:d8:ba:10:4a:ee:a4:cc:5a:f0:
8a:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:6D:D2:4B:BC:3F:16:48:BB:EE:AC:12:D9:A9:58:41:C7:19:FB:90
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ZW3SS7w_Fki77qwS2alYQccZ-5A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.240.146.0/24
151.241.153.0/24
151.242.54.0/24
151.243.17.0/24
151.243.107.0-151.243.108.255
151.244.16.0/21
151.244.34.0/24
151.244.168.0/23
151.244.216.0-151.244.218.255
151.245.183.0/24
151.246.48.0/20
151.246.80.0-151.246.103.255
151.246.112.0/21
151.247.171.0/24
Signature Algorithm: sha256WithRSAEncryption
5d:d8:00:62:2c:d3:e5:9f:25:0b:98:76:36:11:25:3b:d1:b1:
9b:44:d1:c0:a2:83:ce:35:68:49:90:e9:ce:ae:a3:06:38:63:
f4:dd:c2:98:ec:03:79:b0:44:41:3e:00:c9:d5:ab:6e:f2:41:
34:2d:e7:8f:ac:a8:1f:27:5d:da:13:d6:97:d8:bf:08:d6:5c:
56:61:d3:02:18:c7:3c:5d:b2:b0:6c:64:bf:cd:51:fb:3d:39:
96:4e:c8:e7:f3:ce:e8:23:3b:67:3b:44:39:a7:e0:27:16:56:
b4:8f:17:0e:6f:f7:ae:25:14:ab:df:a9:95:b5:b3:6b:c5:d6:
a3:81:24:4e:8d:59:49:75:fa:49:7d:55:fa:46:8f:ae:7d:00:
b0:f5:44:b7:07:fd:be:a9:d5:07:6d:77:f9:d3:bd:da:a4:1b:
09:40:64:3a:fe:73:9a:25:b3:3c:e1:c4:3c:ba:fa:c2:0e:ed:
7f:8d:97:1c:68:95:b0:33:36:af:81:53:0a:3e:99:f5:72:7d:
91:e7:55:7d:76:2e:04:11:da:8d:54:31:99:0e:8e:8c:1a:0c:
7c:60:63:97:2b:2e:4a:6b:e3:d5:11:80:2d:49:25:0b:2e:82:
ec:44:1a:50:bb:0f:26:f9:33:67:42:11:4b:71:f8:18:b0:71:
c3:cb:d4:71
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAZo9tyOaEVKSZJcP2kru/iPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMTAxMDQ0MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTZkZDI0YmJjM2YxNjQ4YmJlZWFjMTJkOWE5NTg0MWM3MTlmYjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNWIDEyIU5/7zLLm41BFb15lXYwF
W0Q067NuvrTCMO9CEl9Vz5JM9PhCEw0YmTykXxBTGi2rJDRi7IHppIBWOuo/ikET
UCvOvkyJAbVcensIfmxwWjbkBKXcZrqptPeoclZWCjcm7c8XSP6APVA5clQuCIfX
x65NKrjLlCBkjyvAP2Ou2AgldFt2HNfR6LVtGTv4cjBxStgQB85jgo+ehpEO8xsL
vIET0HMNt6vxojtrIs/3fRt0LKyWXNrddliL37SRJzIMUwhkSHddlzEuEihxWLJe
rmWotBvu0ovqx3bqUofuFgocCZQ9q0DEPt5FYJVJSPXYuhBK7qTMWvCKyQIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFGVt0ku8PxZIu+6sEtmpWEHHGfuQMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvWlczU1M3d19Ga2k3N3F3UzJhbFlRY2NaLTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwcgQCAAEwbAMEAJfwkgME
AJfxmQMEAJfyNgMEAJfzETAMAwQAl/NrAwQAl/NsAwQDl/QQAwQAl/QiAwQBl/So
MAwDBAOX9NgDBACX9NoDBACX9bcDBASX9jAwDAMEBJf2UAMEA5f2YAMEA5f2cAME
AJf3qzANBgkqhkiG9w0BAQsFAAOCAQEAXdgAYizT5Z8lC5h2NhElO9Gxm0TRwKKD
zjVoSZDpzq6jBjhj9N3CmOwDebBEQT4AydWrbvJBNC3nj6yoHydd2hPWl9i/CNZc
VmHTAhjHPF2ysGxkv81R+z05lk7I5/PO6CM7ZztEOafgJxZWtI8XDm/3riUUq9+p
lbWza8XWo4EkTo1ZSXX6SX1V+kaPrn0AsPVEtwf9vqnVB213+dO92qQbCUBkOv5z
miWzPOHEPLr6wg7tf42XHGiVsDM2r4FTCj6Z9XJ9kedVfXYuBBHajVQxmQ6OjBoM
fGBjlysuSmvj1RGALUklCy6C7EQaULsPJvkzZ0IRS3H4GLBxw8vUcQ==
-----END CERTIFICATE-----
Generated at Tue Nov 4 21:02:38 2025 by rpki-client