Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ksJRK1A2f0rMge8LgwUWTylLJFc.roa
File: ksJRK1A2f0rMge8LgwUWTylLJFc.roa (raw, json)
Hash identifier: 2io2NPhDvezFOwYVvfCpvG3ZA1Jl/r+VKiKgADJtd+A=
Subject key identifier: 92:C2:51:2B:50:36:7F:4A:CC:81:EF:0B:83:05:16:4F:29:4B:24:57
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019C947B8354EE5DA0D31B1325C17EDC07B2
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ksJRK1A2f0rMge8LgwUWTylLJFc.roa
Signing time: Wed 25 Feb 2026 11:07:28 +0000
ROA not before: Wed 25 Feb 2026 11:07:28 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 49608
IP address blocks: 151.245.25.0/24 maxlen: 24
151.245.30.0/24 maxlen: 24
151.247.206.0/24 maxlen: 24
151.247.214.0/24 maxlen: 24
151.247.222.0/24 maxlen: 24
151.247.240.0/24 maxlen: 24
151.247.247.0/24 maxlen: 24
151.247.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 13:00:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:94:7b:83:54:ee:5d:a0:d3:1b:13:25:c1:7e:dc:07:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Feb 25 11:07:28 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=92c2512b50367f4acc81ef0b8305164f294b2457
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:b4:b7:0c:99:f8:96:dc:7e:1c:b0:73:72:a2:
c2:d2:78:01:22:6b:c9:43:ff:d3:a1:1b:36:20:8a:
61:ea:41:22:9e:82:e5:47:ff:a3:5b:8b:62:3e:31:
08:eb:a4:e9:52:60:08:b1:bc:49:33:82:00:d9:9a:
41:11:98:b5:01:18:86:9e:bf:97:5f:56:87:f0:a8:
72:fb:86:ca:cb:e8:ed:f5:b6:64:b3:53:0c:d2:c1:
ca:47:2b:75:ee:7b:e1:29:33:ed:30:64:a2:45:82:
55:6f:28:a0:84:6d:45:97:5d:60:a1:5a:fa:cd:8c:
c7:5d:76:3e:e3:bd:88:aa:5f:06:0f:f9:61:5e:ac:
c3:ad:10:fc:72:e3:f8:46:d3:6b:7d:f7:12:ca:26:
d8:63:d3:d7:bf:5f:52:42:0b:38:b7:d7:a6:3e:46:
7a:9a:4e:e3:e7:9e:26:c4:23:88:1a:66:94:98:bf:
c5:f2:7e:49:f4:8d:39:af:09:63:48:80:49:78:a1:
99:4a:42:3e:01:8c:f3:b5:b5:b7:b1:60:2b:13:8b:
ec:bf:b9:f0:b9:89:c2:71:2d:10:90:fe:8f:1a:c1:
5a:d5:84:ca:c3:f3:39:f7:fa:5c:24:69:76:b3:a9:
26:59:18:c4:95:4e:a4:cf:30:ee:37:d3:51:83:62:
a9:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:C2:51:2B:50:36:7F:4A:CC:81:EF:0B:83:05:16:4F:29:4B:24:57
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ksJRK1A2f0rMge8LgwUWTylLJFc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.245.25.0/24
151.245.30.0/24
151.247.206.0/24
151.247.214.0/24
151.247.222.0/24
151.247.240.0/24
151.247.247.0/24
151.247.255.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:b3:64:43:44:83:49:43:ab:6e:2a:e6:5e:80:a6:41:3e:26:
f4:8d:b1:3a:cc:b9:c3:9a:63:c0:2d:e2:aa:08:68:d4:0d:d5:
b5:a7:96:16:14:25:48:f5:7d:17:09:ae:8f:42:ab:05:24:72:
ce:08:9d:d0:51:70:c4:5a:24:9b:b0:3e:77:ec:4f:7f:6c:b3:
f7:01:80:51:00:c3:88:47:2b:17:27:0f:74:42:e8:58:a0:95:
cb:14:24:30:8b:37:b2:03:37:48:28:3f:30:b0:2a:eb:7f:6d:
3a:e8:08:0f:35:c5:be:ab:26:cb:81:72:f0:a9:88:7b:01:8c:
d4:f6:60:7c:1e:a1:e9:17:39:47:6e:45:20:14:32:fd:ea:27:
13:4a:15:33:dd:30:2a:ad:d4:3c:80:34:51:9b:86:57:fb:4f:
4a:32:de:eb:f6:ed:c9:eb:0c:d2:86:54:97:c2:f4:97:e8:24:
27:ac:b9:b0:e3:57:62:e6:de:5a:75:41:ee:24:f4:da:e5:21:
a2:64:b5:dd:2f:2e:0d:6e:1f:81:a8:47:01:bd:9b:0a:28:b3:
0a:78:c8:03:c7:79:83:9f:9a:11:72:23:3f:10:a7:8d:f6:8a:
68:b7:4e:a7:93:47:17:22:3e:22:f4:fe:da:a8:3d:de:b8:9f:
e6:f7:91:2c
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZyUe4NU7l2g0xsTJcF+3AeyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMjI1MTEwNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmMyNTEyYjUwMzY3ZjRhY2M4MWVmMGI4MzA1MTY0ZjI5NGIyNDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLS3DJn4ltx+HLBzcqLC0ngBImvJ
Q//ToRs2IIph6kEinoLlR/+jW4tiPjEI66TpUmAIsbxJM4IA2ZpBEZi1ARiGnr+X
X1aH8Khy+4bKy+jt9bZks1MM0sHKRyt17nvhKTPtMGSiRYJVbyighG1Fl11goVr6
zYzHXXY+472Iql8GD/lhXqzDrRD8cuP4RtNrffcSyibYY9PXv19SQgs4t9emPkZ6
mk7j554mxCOIGmaUmL/F8n5J9I05rwljSIBJeKGZSkI+AYzztbW3sWArE4vsv7nw
uYnCcS0QkP6PGsFa1YTKw/M59/pcJGl2s6kmWRjElU6kzzDuN9NRg2KpCQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJLCUStQNn9KzIHvC4MFFk8pSyRXMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEva3NKUksxQTJmMHJNZ2U4TGd3VVdUeWxMSkZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAl/UZAwQA
l/UeAwQAl/fOAwQAl/fWAwQAl/feAwQAl/fwAwQAl/f3AwQAl/f/MA0GCSqGSIb3
DQEBCwUAA4IBAQBPs2RDRINJQ6tuKuZegKZBPib0jbE6zLnDmmPALeKqCGjUDdW1
p5YWFCVI9X0XCa6PQqsFJHLOCJ3QUXDEWiSbsD537E9/bLP3AYBRAMOIRysXJw90
QuhYoJXLFCQwizeyAzdIKD8wsCrrf2066AgPNcW+qybLgXLwqYh7AYzU9mB8HqHp
FzlHbkUgFDL96icTShUz3TAqrdQ8gDRRm4ZX+09KMt7r9u3J6wzShlSXwvSX6CQn
rLmw41di5t5adUHuJPTa5SGiZLXdLy4Nbh+BqEcBvZsKKLMKeMgDx3mDn5oRciM/
EKeN9opot06nk0cXIj4i9P7aqD3euJ/m95Es
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:26:59 2026 by rpki-client