Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/wDHk1l426zuq4i2Poxp7swO6rBE.roa
File: wDHk1l426zuq4i2Poxp7swO6rBE.roa (raw, json)
Hash identifier: u9vI5Q/vJuc4z5Ca5b20j6NSGWzxpP4MZjbENAXE1To=
Subject key identifier: C0:31:E4:D6:5E:36:EB:3B:AA:E2:2D:8F:A3:1A:7B:B3:03:BA:AC:11
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 019A4948DF3AF0D416A97B7EBC1134B214FF
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/wDHk1l426zuq4i2Poxp7swO6rBE.roa
Signing time: Mon 03 Nov 2025 10:35:03 +0000
ROA not before: Mon 03 Nov 2025 10:35:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20473
IP address blocks: 37.202.223.0/24 maxlen: 24
151.240.4.0/24 maxlen: 24
151.240.5.0/24 maxlen: 24
151.240.6.0/24 maxlen: 24
151.240.7.0/24 maxlen: 24
151.240.11.0/24 maxlen: 24
151.240.12.0/24 maxlen: 24
151.240.13.0/24 maxlen: 24
151.240.15.0/24 maxlen: 24
151.240.16.0/24 maxlen: 24
151.240.17.0/24 maxlen: 24
151.240.18.0/24 maxlen: 24
151.240.19.0/24 maxlen: 24
151.240.20.0/24 maxlen: 24
151.240.21.0/24 maxlen: 24
151.240.22.0/24 maxlen: 24
151.240.23.0/24 maxlen: 24
151.240.25.0/24 maxlen: 24
151.240.31.0/24 maxlen: 24
151.240.32.0/24 maxlen: 24
151.240.33.0/24 maxlen: 24
151.240.34.0/24 maxlen: 24
151.240.35.0/24 maxlen: 24
151.240.36.0/24 maxlen: 24
151.240.37.0/24 maxlen: 24
151.240.38.0/24 maxlen: 24
151.240.39.0/24 maxlen: 24
151.240.40.0/24 maxlen: 24
151.240.41.0/24 maxlen: 24
151.240.42.0/24 maxlen: 24
151.240.68.0/24 maxlen: 24
151.240.69.0/24 maxlen: 24
151.240.70.0/24 maxlen: 24
151.240.71.0/24 maxlen: 24
151.240.72.0/24 maxlen: 24
151.240.73.0/24 maxlen: 24
151.240.74.0/24 maxlen: 24
151.240.78.0/24 maxlen: 24
151.240.80.0/24 maxlen: 24
151.240.81.0/24 maxlen: 24
151.240.83.0/24 maxlen: 24
151.240.84.0/24 maxlen: 24
151.240.85.0/24 maxlen: 24
151.240.86.0/24 maxlen: 24
151.240.87.0/24 maxlen: 24
151.240.88.0/24 maxlen: 24
151.240.89.0/24 maxlen: 24
151.240.90.0/24 maxlen: 24
151.240.126.0/24 maxlen: 24
151.240.127.0/24 maxlen: 24
151.240.128.0/24 maxlen: 24
151.240.129.0/24 maxlen: 24
151.240.130.0/24 maxlen: 24
151.240.131.0/24 maxlen: 24
151.240.132.0/24 maxlen: 24
151.240.133.0/24 maxlen: 24
151.240.134.0/24 maxlen: 24
151.240.135.0/24 maxlen: 24
151.240.136.0/24 maxlen: 24
151.240.137.0/24 maxlen: 24
151.240.138.0/24 maxlen: 24
151.240.139.0/24 maxlen: 24
151.240.140.0/24 maxlen: 24
151.240.141.0/24 maxlen: 24
151.240.142.0/24 maxlen: 24
151.240.143.0/24 maxlen: 24
151.240.148.0/24 maxlen: 24
151.240.149.0/24 maxlen: 24
151.240.152.0/24 maxlen: 24
151.240.156.0/24 maxlen: 24
151.240.157.0/24 maxlen: 24
151.240.159.0/24 maxlen: 24
151.240.160.0/24 maxlen: 24
151.240.162.0/24 maxlen: 24
151.240.163.0/24 maxlen: 24
151.240.164.0/24 maxlen: 24
151.240.166.0/24 maxlen: 24
151.240.167.0/24 maxlen: 24
151.240.168.0/24 maxlen: 24
151.240.169.0/24 maxlen: 24
151.240.170.0/24 maxlen: 24
151.240.171.0/24 maxlen: 24
151.240.172.0/24 maxlen: 24
151.240.173.0/24 maxlen: 24
151.240.174.0/24 maxlen: 24
151.240.175.0/24 maxlen: 24
151.240.176.0/24 maxlen: 24
151.240.178.0/24 maxlen: 24
151.240.180.0/24 maxlen: 24
151.240.181.0/24 maxlen: 24
151.240.182.0/24 maxlen: 24
151.240.183.0/24 maxlen: 24
151.240.184.0/24 maxlen: 24
151.240.185.0/24 maxlen: 24
151.240.186.0/24 maxlen: 24
151.240.187.0/24 maxlen: 24
151.240.188.0/24 maxlen: 24
151.240.189.0/24 maxlen: 24
151.240.190.0/24 maxlen: 24
151.240.191.0/24 maxlen: 24
151.240.192.0/24 maxlen: 24
151.240.193.0/24 maxlen: 24
151.240.194.0/24 maxlen: 24
151.240.195.0/24 maxlen: 24
151.240.196.0/24 maxlen: 24
151.240.197.0/24 maxlen: 24
151.240.198.0/24 maxlen: 24
151.240.199.0/24 maxlen: 24
151.240.200.0/24 maxlen: 24
151.240.201.0/24 maxlen: 24
151.240.202.0/24 maxlen: 24
151.240.203.0/24 maxlen: 24
151.240.204.0/24 maxlen: 24
151.240.206.0/24 maxlen: 24
151.240.207.0/24 maxlen: 24
151.240.208.0/24 maxlen: 24
151.240.209.0/24 maxlen: 24
151.240.210.0/24 maxlen: 24
151.240.211.0/24 maxlen: 24
151.240.212.0/24 maxlen: 24
151.240.213.0/24 maxlen: 24
151.240.214.0/24 maxlen: 24
151.240.215.0/24 maxlen: 24
151.240.216.0/24 maxlen: 24
151.240.217.0/24 maxlen: 24
151.240.218.0/24 maxlen: 24
151.240.219.0/24 maxlen: 24
151.240.220.0/24 maxlen: 24
151.240.221.0/24 maxlen: 24
151.240.222.0/24 maxlen: 24
151.240.223.0/24 maxlen: 24
151.240.224.0/24 maxlen: 24
151.240.225.0/24 maxlen: 24
151.240.229.0/24 maxlen: 24
151.240.233.0/24 maxlen: 24
151.240.234.0/24 maxlen: 24
151.240.235.0/24 maxlen: 24
151.240.236.0/24 maxlen: 24
151.240.237.0/24 maxlen: 24
151.240.238.0/24 maxlen: 24
151.240.240.0/24 maxlen: 24
151.240.248.0/24 maxlen: 24
151.240.254.0/24 maxlen: 24
151.241.32.0/24 maxlen: 24
151.242.18.0/24 maxlen: 24
151.242.145.0/24 maxlen: 24
151.243.45.0/24 maxlen: 24
151.243.88.0/24 maxlen: 24
151.243.89.0/24 maxlen: 24
151.244.4.0/24 maxlen: 24
151.244.141.0/24 maxlen: 24
151.244.187.0/24 maxlen: 24
151.244.238.0/24 maxlen: 24
151.244.239.0/24 maxlen: 24
151.245.68.0/24 maxlen: 24
151.245.89.0/24 maxlen: 24
151.245.90.0/24 maxlen: 24
151.245.132.0/24 maxlen: 24
151.245.203.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:49:48:df:3a:f0:d4:16:a9:7b:7e:bc:11:34:b2:14:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Nov 3 10:35:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c031e4d65e36eb3baae22d8fa31a7bb303baac11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:d3:05:d2:87:e9:a5:17:bb:fe:5b:87:5d:3b:
50:e2:92:d7:a6:ae:ab:cf:ec:ff:aa:0f:ea:13:18:
38:1a:b7:a9:99:a4:9e:c0:ca:78:e7:e4:cc:09:4a:
0f:40:ac:01:ec:f2:72:ab:40:bc:9d:3f:d0:cb:eb:
0e:e9:9b:0e:b2:a2:e2:99:72:9b:b2:8e:a2:3d:7f:
96:2a:b3:65:f2:3f:6e:00:b9:9f:f1:ef:ed:c8:91:
83:a2:b6:5c:07:75:f9:38:f1:7c:27:b1:36:98:7b:
9a:88:57:de:10:12:20:af:57:31:bf:f0:41:e7:de:
a4:f8:5b:40:54:80:cb:77:83:06:34:2e:7e:53:03:
c8:03:f9:fb:13:5e:b9:7f:a7:6d:80:99:21:f8:e4:
6b:7b:54:95:38:71:bb:9a:07:a1:08:2e:f6:15:09:
c4:b2:e1:24:45:a2:ee:8d:8b:2b:4a:77:30:00:f5:
b8:cb:2b:e4:ba:69:bf:e6:6e:5a:83:74:1f:e5:b5:
04:fa:7a:0b:bf:0f:f2:82:8b:bb:6c:7f:7a:30:92:
e6:26:f9:c0:aa:f1:de:70:0e:78:9d:fa:af:5f:75:
93:51:eb:e8:28:bb:0f:4b:a2:14:2d:b4:66:41:3b:
a8:c9:47:61:fc:22:15:22:17:5b:12:26:36:2f:27:
d8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:31:E4:D6:5E:36:EB:3B:AA:E2:2D:8F:A3:1A:7B:B3:03:BA:AC:11
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/wDHk1l426zuq4i2Poxp7swO6rBE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.223.0/24
151.240.4.0/22
151.240.11.0-151.240.13.255
151.240.15.0-151.240.23.255
151.240.25.0/24
151.240.31.0-151.240.42.255
151.240.68.0-151.240.74.255
151.240.78.0/24
151.240.80.0/23
151.240.83.0-151.240.90.255
151.240.126.0-151.240.143.255
151.240.148.0/23
151.240.152.0/24
151.240.156.0/23
151.240.159.0-151.240.160.255
151.240.162.0-151.240.164.255
151.240.166.0-151.240.176.255
151.240.178.0/24
151.240.180.0-151.240.204.255
151.240.206.0-151.240.225.255
151.240.229.0/24
151.240.233.0-151.240.238.255
151.240.240.0/24
151.240.248.0/24
151.240.254.0/24
151.241.32.0/24
151.242.18.0/24
151.242.145.0/24
151.243.45.0/24
151.243.88.0/23
151.244.4.0/24
151.244.141.0/24
151.244.187.0/24
151.244.238.0/23
151.245.68.0/24
151.245.89.0-151.245.90.255
151.245.132.0/24
151.245.203.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:bf:42:e3:15:f3:8c:76:66:18:d2:e7:44:c9:f9:40:9d:66:
80:0f:de:61:9d:21:be:97:a1:05:0d:f7:a8:bd:53:3e:86:9d:
4b:95:bd:f4:39:57:78:f3:1a:94:03:24:01:37:42:97:12:78:
60:21:f4:3a:23:b6:ca:f5:18:cb:2a:cb:85:e7:a8:c9:fe:f5:
64:e6:63:51:79:41:a5:31:67:72:dd:b7:b9:e6:08:7a:3c:fc:
00:54:15:6b:d4:4d:dc:3d:d5:73:fa:d4:ad:f7:e1:28:80:40:
97:ab:6d:7f:10:ae:cf:43:33:26:87:95:b4:2a:26:76:da:8e:
a0:b7:16:70:73:56:63:d8:3e:14:40:1e:50:de:cb:3e:5e:fa:
29:44:bd:70:fc:da:37:bf:dc:44:ca:cc:e8:98:e6:57:df:0d:
2f:a2:24:e3:3b:d8:48:4f:42:ca:66:43:20:33:f5:89:0d:8c:
ba:94:6d:60:8b:51:85:ca:f8:ac:a0:80:32:5b:0f:f2:db:79:
99:7a:d3:00:7a:8f:0d:4b:70:9a:4e:7a:41:9f:38:d7:5b:86:
74:38:1e:66:cd:7e:e4:db:19:cd:88:d0:83:89:82:2a:aa:e6:
e9:a8:ab:e2:23:40:c2:94:a0:66:36:92:38:62:41:63:67:3d:
20:58:39:ed
-----BEGIN CERTIFICATE-----
MIIGTTCCBTWgAwIBAgISAZpJSN868NQWqXt+vBE0shT/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMTAzMTAzNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDMxZTRkNjVlMzZlYjNiYWFlMjJkOGZhMzFhN2JiMzAzYmFhYzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttMF0ofppRe7/luHXTtQ4pLXpq6r
z+z/qg/qExg4GrepmaSewMp45+TMCUoPQKwB7PJyq0C8nT/Qy+sO6ZsOsqLimXKb
so6iPX+WKrNl8j9uALmf8e/tyJGDorZcB3X5OPF8J7E2mHuaiFfeEBIgr1cxv/BB
596k+FtAVIDLd4MGNC5+UwPIA/n7E165f6dtgJkh+ORre1SVOHG7mgehCC72FQnE
suEkRaLujYsrSncwAPW4yyvkumm/5m5ag3Qf5bUE+noLvw/ygou7bH96MJLmJvnA
qvHecA54nfqvX3WTUevoKLsPS6IULbRmQTuoyUdh/CIVIhdbEiY2LyfY2wIDAQAB
o4IDWTCCA1UwHQYDVR0OBBYEFMAx5NZeNus7quItj6Mae7MDuqwRMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvd0RIazFsNDI2enVxNGkyUG94cDdzd082ckJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBbQYIKwYBBQUHAQcBAf8EggFcMIIBWDCCAVQEAgABMIIB
TAMEACXK3wMEApfwBDAMAwQAl/ALAwQBl/AMMAwDBACX8A8DBAOX8BADBACX8Bkw
DAMEAJfwHwMEAJfwKjAMAwQCl/BEAwQAl/BKAwQAl/BOAwQBl/BQMAwDBACX8FMD
BACX8FowDAMEAZfwfgMEBJfwgAMEAZfwlAMEAJfwmAMEAZfwnDAMAwQAl/CfAwQA
l/CgMAwDBAGX8KIDBACX8KQwDAMEAZfwpgMEAJfwsAMEAJfwsjAMAwQCl/C0AwQA
l/DMMAwDBAGX8M4DBAGX8OADBACX8OUwDAMEAJfw6QMEAJfw7gMEAJfw8AMEAJfw
+AMEAJfw/gMEAJfxIAMEAJfyEgMEAJfykQMEAJfzLQMEAZfzWAMEAJf0BAMEAJf0
jQMEAJf0uwMEAZf07gMEAJf1RDAMAwQAl/VZAwQAl/VaAwQAl/WEAwQAl/XLMA0G
CSqGSIb3DQEBCwUAA4IBAQCLv0LjFfOMdmYY0udEyflAnWaAD95hnSG+l6EFDfeo
vVM+hp1Llb30OVd48xqUAyQBN0KXEnhgIfQ6I7bK9RjLKsuF56jJ/vVk5mNReUGl
MWdy3be55gh6PPwAVBVr1E3cPdVz+tSt9+EogECXq21/EK7PQzMmh5W0KiZ22o6g
txZwc1Zj2D4UQB5Q3ss+XvopRL1w/No3v9xEyszomOZX3w0voiTjO9hIT0LKZkMg
M/WJDYy6lG1gi1GFyvisoIAyWw/y23mZetMAeo8NS3CaTnpBnzjXW4Z0OB5mzX7k
2xnNiNCDiYIqqubpqKviI0DClKBmNpI4YkFjZz0gWDnt
-----END CERTIFICATE-----
Generated at Tue Nov 4 08:00:55 2025 by rpki-client