Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vi0XeMn0KbKfvKy1-PBWOHtn8po.roa
File: vi0XeMn0KbKfvKy1-PBWOHtn8po.roa (raw, json)
Hash identifier: lBrqJxTRVFUPFpGy8UhcUUuCyp+hblMNfXllgjmByUE=
Subject key identifier: BE:2D:17:78:C9:F4:29:B2:9F:BC:AC:B5:F8:F0:56:38:7B:67:F2:9A
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019D8F8EEBADD0439031E4ACF0E416A22BBB
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vi0XeMn0KbKfvKy1-PBWOHtn8po.roa
Signing time: Wed 15 Apr 2026 05:13:21 +0000
ROA not before: Wed 15 Apr 2026 05:13:21 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 402187
IP address blocks: 151.242.7.0/24 maxlen: 24
151.242.12.0/24 maxlen: 24
151.245.226.0/24 maxlen: 24
151.246.165.0/24 maxlen: 24
151.246.215.0/24 maxlen: 24
151.246.223.0/24 maxlen: 24
151.246.229.0/24 maxlen: 24
151.247.13.0/24 maxlen: 24
151.247.17.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 18 Apr 2026 07:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:8f:8e:eb:ad:d0:43:90:31:e4:ac:f0:e4:16:a2:2b:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Apr 15 05:13:21 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=be2d1778c9f429b29fbcacb5f8f056387b67f29a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:9f:96:e3:07:d2:f4:50:fc:aa:4c:1f:a8:4c:
c5:04:ec:96:5e:27:d4:f3:b0:79:8a:8b:83:d7:f6:
9f:7d:64:77:6d:c2:c3:3c:f3:7c:33:d5:10:50:c9:
c5:1b:ce:16:11:b1:f5:e9:71:c0:41:99:91:72:8d:
ed:ce:d7:f4:8f:d3:3d:24:16:f1:38:10:d2:6f:5c:
e4:f6:d1:6d:66:30:d8:b9:f0:cc:85:d9:e1:cc:21:
5b:9b:ec:e3:b9:3f:0f:4e:23:76:54:2c:e9:65:f2:
0f:22:84:0f:7d:eb:17:15:91:6c:47:6e:0b:e3:4a:
69:3e:d4:ae:c3:02:78:2a:80:19:c8:b0:ee:18:4d:
92:c2:09:db:8e:18:83:4d:5c:9e:10:14:da:38:f6:
c1:8b:f8:ef:81:de:c0:ea:73:bd:00:70:b0:3b:5e:
aa:96:e7:44:78:0c:67:ec:c1:96:3d:ae:f1:0c:fd:
cb:26:39:89:08:a0:6c:85:74:1b:55:bb:f1:ae:52:
d1:3c:32:e2:85:b9:fc:32:79:60:68:a4:74:7a:41:
d2:a5:f1:5b:36:65:87:d0:b5:e2:e3:ac:17:24:64:
39:ab:d1:c0:3c:1b:1c:e5:cf:ec:9e:8d:0f:e5:b0:
de:ca:17:64:82:f2:62:90:66:f4:1c:54:a4:0c:49:
11:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:2D:17:78:C9:F4:29:B2:9F:BC:AC:B5:F8:F0:56:38:7B:67:F2:9A
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/vi0XeMn0KbKfvKy1-PBWOHtn8po.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.242.7.0/24
151.242.12.0/24
151.245.226.0/24
151.246.165.0/24
151.246.215.0/24
151.246.223.0/24
151.246.229.0/24
151.247.13.0/24
151.247.17.0/24
Signature Algorithm: sha256WithRSAEncryption
ac:85:db:8b:51:a4:77:f2:72:88:0f:d4:68:37:69:56:ca:6d:
f0:67:1b:46:07:7a:06:1a:2d:b0:e2:47:3d:15:57:28:52:14:
78:fb:b4:a5:ac:3a:e0:4c:38:81:2c:6c:4c:cc:82:f1:84:99:
ac:7e:cb:bb:49:50:64:a0:b8:85:12:78:93:e2:3e:e7:9d:19:
9d:18:dd:86:de:54:d1:b5:82:44:f4:75:69:6f:2d:92:5d:30:
73:c1:23:35:cf:c0:cb:e2:a1:cc:e3:98:7e:53:66:72:87:31:
03:0f:ee:03:4b:bd:f7:11:4d:7b:93:c0:f8:63:97:6a:91:5d:
fe:80:41:45:98:1b:ca:ed:64:1c:c1:62:7b:95:77:f3:d6:32:
4e:d5:ba:f6:81:45:cf:11:e1:0d:fa:bf:b4:48:77:85:23:33:
f8:d4:8e:74:4f:65:4f:c7:b9:fd:d7:5e:dd:80:9b:92:2f:b9:
bc:58:bb:ca:1e:16:e8:e3:ba:ce:a8:33:b2:e7:de:06:07:ff:
3c:fe:00:81:94:6c:55:43:fe:9c:2b:84:63:14:9e:8f:7c:ab:
3d:7e:b9:e8:0c:01:b1:f4:ad:0b:01:00:f6:21:fc:fb:0f:b4:
05:f9:6d:2d:4e:d5:f1:bf:7f:8c:42:7a:33:93:46:6d:86:6a:
a7:b4:a5:18
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZ2Pjuut0EOQMeSs8OQWoiu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDE1MDUxMzIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTJkMTc3OGM5ZjQyOWIyOWZiY2FjYjVmOGYwNTYzODdiNjdmMjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZ+W4wfS9FD8qkwfqEzFBOyWXifU
87B5iouD1/affWR3bcLDPPN8M9UQUMnFG84WEbH16XHAQZmRco3tztf0j9M9JBbx
OBDSb1zk9tFtZjDYufDMhdnhzCFbm+zjuT8PTiN2VCzpZfIPIoQPfesXFZFsR24L
40ppPtSuwwJ4KoAZyLDuGE2SwgnbjhiDTVyeEBTaOPbBi/jvgd7A6nO9AHCwO16q
ludEeAxn7MGWPa7xDP3LJjmJCKBshXQbVbvxrlLRPDLihbn8MnlgaKR0ekHSpfFb
NmWH0LXi46wXJGQ5q9HAPBsc5c/sno0P5bDeyhdkgvJikGb0HFSkDEkRrQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFL4tF3jJ9Cmyn7ystfjwVjh7Z/KaMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvdmkwWGVNbjBLYktmdkt5MS1QQldPSHRuOHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAl/IHAwQA
l/IMAwQAl/XiAwQAl/alAwQAl/bXAwQAl/bfAwQAl/blAwQAl/cNAwQAl/cRMA0G
CSqGSIb3DQEBCwUAA4IBAQCshduLUaR38nKID9RoN2lWym3wZxtGB3oGGi2w4kc9
FVcoUhR4+7SlrDrgTDiBLGxMzILxhJmsfsu7SVBkoLiFEniT4j7nnRmdGN2G3lTR
tYJE9HVpby2SXTBzwSM1z8DL4qHM45h+U2ZyhzEDD+4DS733EU17k8D4Y5dqkV3+
gEFFmBvK7WQcwWJ7lXfz1jJO1br2gUXPEeEN+r+0SHeFIzP41I50T2VPx7n9117d
gJuSL7m8WLvKHhbo47rOqDOy594GB/88/gCBlGxVQ/6cK4RjFJ6PfKs9frnoDAGx
9K0LAQD2Ifz7D7QF+W0tTtXxv3+MQnozk0ZthmqntKUY
-----END CERTIFICATE-----
Generated at Fri Apr 17 14:38:45 2026 by rpki-client