Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/m_BZvut3taNa3Ty-7fIdm49POPc.roa
File: m_BZvut3taNa3Ty-7fIdm49POPc.roa (raw, json)
Hash identifier: L4Jcj6Drs1e5Lq08o1c+r/sfhpGMWeewKR4zTqKFfOM=
Subject key identifier: 9B:F0:59:BE:EB:77:B5:A3:5A:DD:3C:BE:ED:F2:1D:9B:8F:4F:38:F7
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019A4EA196CA2A08D06D985DC0BB5A545FCE
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/m_BZvut3taNa3Ty-7fIdm49POPc.roa
Signing time: Tue 04 Nov 2025 11:30:03 +0000
ROA not before: Tue 04 Nov 2025 11:30:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9304
IP address blocks: 37.202.220.0/24 maxlen: 24
151.240.28.0/24 maxlen: 24
151.240.72.0/24 maxlen: 24
151.240.80.0/23 maxlen: 24
151.240.118.0/23 maxlen: 24
151.240.148.0/23 maxlen: 24
151.240.165.0/24 maxlen: 24
151.240.226.0/23 maxlen: 24
151.240.247.0/24 maxlen: 24
151.240.249.0/24 maxlen: 24
151.240.250.0/24 maxlen: 24
151.240.251.0/24 maxlen: 24
151.240.253.0/24 maxlen: 24
151.241.26.0/24 maxlen: 24
151.241.174.0/24 maxlen: 24
151.242.76.0/23 maxlen: 24
151.242.143.0/24 maxlen: 24
151.242.156.0/23 maxlen: 24
151.242.236.0/22 maxlen: 24
151.243.138.0/23 maxlen: 24
151.243.144.0/23 maxlen: 24
151.243.148.0/23 maxlen: 24
151.243.158.0/24 maxlen: 24
151.243.170.0/24 maxlen: 24
151.243.172.0/24 maxlen: 24
151.243.224.0/24 maxlen: 24
151.243.247.0/24 maxlen: 24
151.244.48.0/24 maxlen: 24
151.244.64.0/24 maxlen: 24
151.244.102.0/24 maxlen: 24
151.244.196.0/24 maxlen: 24
151.244.226.0/23 maxlen: 24
151.245.42.0/24 maxlen: 24
151.245.44.0/24 maxlen: 24
151.245.48.0/24 maxlen: 24
151.245.60.0/24 maxlen: 24
151.245.61.0/24 maxlen: 24
151.245.63.0/24 maxlen: 24
151.245.64.0/22 maxlen: 24
151.245.88.0/24 maxlen: 24
151.245.91.0/24 maxlen: 24
151.245.224.0/23 maxlen: 24
151.245.226.0/23 maxlen: 24
151.246.164.0/23 maxlen: 24
151.246.176.0/24 maxlen: 24
151.246.180.0/24 maxlen: 24
151.246.181.0/24 maxlen: 24
151.246.184.0/24 maxlen: 24
151.246.185.0/24 maxlen: 24
151.246.186.0/24 maxlen: 24
151.246.187.0/24 maxlen: 24
151.246.189.0/24 maxlen: 24
151.246.246.0/23 maxlen: 24
151.246.249.0/24 maxlen: 24
151.246.250.0/23 maxlen: 24
151.246.255.0/24 maxlen: 24
151.247.137.0/24 maxlen: 24
151.247.161.0/24 maxlen: 24
151.247.162.0/24 maxlen: 24
151.247.163.0/24 maxlen: 24
151.247.164.0/24 maxlen: 24
151.247.165.0/24 maxlen: 24
151.247.167.0/24 maxlen: 24
151.247.169.0/24 maxlen: 24
151.247.170.0/24 maxlen: 24
151.247.177.0/24 maxlen: 24
151.247.248.0/24 maxlen: 24
151.247.249.0/24 maxlen: 24
151.247.250.0/24 maxlen: 24
151.247.253.0/24 maxlen: 24
151.247.254.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 18:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4e:a1:96:ca:2a:08:d0:6d:98:5d:c0:bb:5a:54:5f:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Nov 4 11:30:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9bf059beeb77b5a35add3cbeedf21d9b8f4f38f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:a4:65:0b:de:c5:38:cb:d9:60:ab:c6:3d:cb:
ad:d7:70:7e:dc:c9:9a:5d:31:96:d8:3b:8f:16:39:
c2:8d:0e:47:19:ba:cb:32:92:76:62:ff:0c:a5:cd:
52:5f:26:45:dd:67:89:d0:05:74:fd:fa:e8:81:2c:
3b:be:cc:52:bf:d1:82:7c:88:e8:4c:39:36:07:a9:
2c:b9:32:f0:71:75:0a:2f:7e:a0:b4:b3:76:84:11:
7f:4f:6e:67:8b:d3:6c:98:a3:57:67:a6:5f:d9:72:
11:c9:33:88:01:65:64:43:4e:1e:da:ab:c2:e7:f1:
4f:cb:00:8e:d8:df:19:96:11:c4:ec:32:3f:a5:f6:
bb:6f:56:ce:4b:12:52:ee:90:52:e0:8d:0d:db:3a:
f2:79:24:89:1e:66:a3:0f:97:e8:22:78:83:d4:96:
c3:cc:e4:e4:c1:81:42:1f:ed:fd:d5:49:80:df:30:
56:b5:e4:ed:2f:49:52:ea:81:60:14:28:ac:50:bc:
a1:31:83:8a:ac:65:c5:5f:45:cc:fe:dd:fe:a6:3b:
88:63:cc:3d:01:d9:4e:c2:14:0b:56:43:cb:f7:38:
25:66:05:bb:e1:b7:bb:5c:65:ea:ab:ce:b4:cd:33:
5b:e7:ee:f1:30:80:8d:2c:c3:ec:06:54:3f:1d:01:
ff:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:F0:59:BE:EB:77:B5:A3:5A:DD:3C:BE:ED:F2:1D:9B:8F:4F:38:F7
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/m_BZvut3taNa3Ty-7fIdm49POPc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.220.0/24
151.240.28.0/24
151.240.72.0/24
151.240.80.0/23
151.240.118.0/23
151.240.148.0/23
151.240.165.0/24
151.240.226.0/23
151.240.247.0/24
151.240.249.0-151.240.251.255
151.240.253.0/24
151.241.26.0/24
151.241.174.0/24
151.242.76.0/23
151.242.143.0/24
151.242.156.0/23
151.242.236.0/22
151.243.138.0/23
151.243.144.0/23
151.243.148.0/23
151.243.158.0/24
151.243.170.0/24
151.243.172.0/24
151.243.224.0/24
151.243.247.0/24
151.244.48.0/24
151.244.64.0/24
151.244.102.0/24
151.244.196.0/24
151.244.226.0/23
151.245.42.0/24
151.245.44.0/24
151.245.48.0/24
151.245.60.0/23
151.245.63.0-151.245.67.255
151.245.88.0/24
151.245.91.0/24
151.245.224.0/22
151.246.164.0/23
151.246.176.0/24
151.246.180.0/23
151.246.184.0/22
151.246.189.0/24
151.246.246.0/23
151.246.249.0-151.246.251.255
151.246.255.0/24
151.247.137.0/24
151.247.161.0-151.247.165.255
151.247.167.0/24
151.247.169.0-151.247.170.255
151.247.177.0/24
151.247.248.0-151.247.250.255
151.247.253.0-151.247.254.255
Signature Algorithm: sha256WithRSAEncryption
3b:bb:4e:f0:54:c8:c8:0c:fb:c0:a3:af:fc:c0:44:79:47:a8:
21:7d:1d:bf:c2:c0:be:5b:7e:25:c8:fc:64:c9:9c:f2:7c:c9:
cf:75:19:69:a8:c9:27:1b:2c:42:72:48:23:b6:26:ce:2d:6e:
fe:5b:02:05:35:7a:7a:4a:dc:5b:b8:4d:cc:c7:e2:ea:67:05:
13:28:74:3c:7d:9b:7a:1d:ba:a5:80:b6:41:81:e0:0a:1c:4f:
c6:2c:28:a2:90:aa:63:eb:ee:e8:c0:c1:b7:79:1b:22:a2:21:
7b:37:b3:b9:32:24:82:bc:c1:8b:e1:86:a7:f4:be:83:9a:5d:
7e:31:47:0e:d0:e8:14:83:be:38:91:d2:fd:49:87:c5:d0:a8:
0b:be:2f:f2:4a:2e:bd:6d:93:c9:6a:69:34:e8:61:ac:b6:b9:
84:6e:d8:e6:29:6c:d7:ad:7a:bb:e4:02:2f:42:81:cc:b4:2e:
17:38:09:55:e8:02:64:10:2f:47:ae:64:38:df:3b:71:cc:c6:
12:2c:73:11:62:0f:f4:1a:da:34:bb:e4:b0:95:f1:89:4f:55:
bd:1f:47:3d:cf:11:c2:6f:8b:96:cf:da:28:93:28:44:14:ac:
31:78:d2:28:88:26:f2:36:60:0d:e9:2c:01:c6:7f:1d:63:1e:
65:ab:54:f8
-----BEGIN CERTIFICATE-----
MIIGdzCCBV+gAwIBAgISAZpOoZbKKgjQbZhdwLtaVF/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMTA0MTEzMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmYwNTliZWViNzdiNWEzNWFkZDNjYmVlZGYyMWQ5YjhmNGYzOGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26RlC97FOMvZYKvGPcut13B+3Mma
XTGW2DuPFjnCjQ5HGbrLMpJ2Yv8Mpc1SXyZF3WeJ0AV0/frogSw7vsxSv9GCfIjo
TDk2B6ksuTLwcXUKL36gtLN2hBF/T25ni9NsmKNXZ6Zf2XIRyTOIAWVkQ04e2qvC
5/FPywCO2N8ZlhHE7DI/pfa7b1bOSxJS7pBS4I0N2zryeSSJHmajD5foIniD1JbD
zOTkwYFCH+391UmA3zBWteTtL0lS6oFgFCisULyhMYOKrGXFX0XM/t3+pjuIY8w9
AdlOwhQLVkPL9zglZgW74be7XGXqq860zTNb5+7xMICNLMPsBlQ/HQH/WQIDAQAB
o4IDgzCCA38wHQYDVR0OBBYEFJvwWb7rd7WjWt08vu3yHZuPTzj3MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbV9CWnZ1dDN0YU5hM1R5LTdmSWRtNDlQT1BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBlwYIKwYBBQUHAQcBAf8EggGGMIIBgjCCAX4EAgABMIIB
dgMEACXK3AMEAJfwHAMEAJfwSAMEAZfwUAMEAZfwdgMEAZfwlAMEAJfwpQMEAZfw
4gMEAJfw9zAMAwQAl/D5AwQCl/D4AwQAl/D9AwQAl/EaAwQAl/GuAwQBl/JMAwQA
l/KPAwQBl/KcAwQCl/LsAwQBl/OKAwQBl/OQAwQBl/OUAwQAl/OeAwQAl/OqAwQA
l/OsAwQAl/PgAwQAl/P3AwQAl/QwAwQAl/RAAwQAl/RmAwQAl/TEAwQBl/TiAwQA
l/UqAwQAl/UsAwQAl/UwAwQBl/U8MAwDBACX9T8DBAKX9UADBACX9VgDBACX9VsD
BAKX9eADBAGX9qQDBACX9rADBAGX9rQDBAKX9rgDBACX9r0DBAGX9vYwDAMEAJf2
+QMEApf2+AMEAJf2/wMEAJf3iTAMAwQAl/ehAwQBl/ekAwQAl/enMAwDBACX96kD
BACX96oDBACX97EwDAMEA5f3+AMEAJf3+jAMAwQAl/f9AwQAl/f+MA0GCSqGSIb3
DQEBCwUAA4IBAQA7u07wVMjIDPvAo6/8wER5R6ghfR2/wsC+W34lyPxkyZzyfMnP
dRlpqMknGyxCckgjtibOLW7+WwIFNXp6StxbuE3Mx+LqZwUTKHQ8fZt6HbqlgLZB
geAKHE/GLCiikKpj6+7owMG3eRsioiF7N7O5MiSCvMGL4Yan9L6Dml1+MUcO0OgU
g744kdL9SYfF0KgLvi/ySi69bZPJamk06GGstrmEbtjmKWzXrXq75AIvQoHMtC4X
OAlV6AJkEC9HrmQ43ztxzMYSLHMRYg/0Gto0u+SwlfGJT1W9H0c9zxHCb4uWz9oo
kyhEFKwxeNIoiCbyNmAN6SwBxn8dYx5lq1T4
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:24:28 2025 by rpki-client